* Described in header.
*/
child_sa_t * child_sa_create(host_t *me, host_t* other,
- child_cfg_t *config, uint32_t rekey, bool encap,
+ child_cfg_t *config, uint32_t reqid, bool encap,
u_int mark_in, u_int mark_out)
{
private_child_sa_t *this;
if (!this->reqid)
{
- /* reuse old reqid if we are rekeying an existing CHILD_SA. While the
- * reqid cache would find the same reqid for our selectors, this does
- * not work in a special case: If an SA is triggered by a trap policy,
- * but the negotiated SA gets narrowed, we still must reuse the same
- * reqid to successfully "trigger" the SA on the kernel level. Rekeying
- * such an SA requires an explicit reqid, as the cache currently knows
- * the original selectors only for that reqid. */
- if (rekey)
- {
- this->reqid = rekey;
- }
- else
- {
- this->reqid = charon->traps->find_reqid(charon->traps, config);
- }
+ /* reuse old reqid if we are rekeying an existing CHILD_SA and when
+ * initiating a trap policy. While the reqid cache would find the same
+ * reqid for our selectors, this does not work in a special case: If an
+ * SA is triggered by a trap policy, but the negotiated TS get
+ * narrowed, we still must reuse the same reqid to successfully
+ * replace the temporary SA on the kernel level. Rekeying such an SA
+ * requires an explicit reqid, as the cache currently knows the original
+ * selectors only for that reqid. */
+ this->reqid = reqid;
}
else
{