child-sa: Handle CHILD_SA unique identifier refcount overflow gracefully

CHILD_SA unique identifier allocation starts at 1. If the counter overflows,
a unique ID of 0 is assigned to an CHILD_SA, which may have unclear
consequences.

Overflowing the unique ID counter is theoretical for most setups, but on
a Gateway terminating 100'000 tunnels and rekeying CHILD_SAs every 60s
overflows the counter after a month uptime. So avoid a 0 unique identifier
by using ref_get_nonzero().

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 494c36b2e8209f3f2679bb9c379778a2ab428d6f..aeb46ed4320e6d6985becd98583a7347543459ea 100644 (file)
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -2096,7 +2096,7 @@ child_sa_t *child_sa_create(host_t *me, host_t *other, child_cfg_t *config,
                .close_action = config->get_close_action(config),
                .dpd_action = config->get_dpd_action(config),
                .reqid = config->get_reqid(config),
-               .unique_id = ref_get(&unique_id),
+               .unique_id = ref_get_nonzero(&unique_id),
                .mark_in = config->get_mark(config, TRUE),
                .mark_out = config->get_mark(config, FALSE),
                .if_id_in = config->get_if_id(config, TRUE) ?: data->if_id_in_def,