From: Adrian-Ken Rueegsegger <ken@codelabs.ch>
Date: Wed, 8 Apr 2015 16:56:23 +0000 (+0200)
Subject: charon-tkm: Select other ESA if any is present upon deletion
X-Git-Tag: 5.3.1rc1~35^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2783bd17a401f961d4cf2e126f28f2ea5dcc41d6;p=thirdparty%2Fstrongswan.git

charon-tkm: Select other ESA if any is present upon deletion

In the case that multiple ESAs exist (e.g. rekey collision) for a
security policy, make sure to select one of the remaining ESAs.
---

diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
index 30c8e10226..e94a3b5c28 100644
--- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
+++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c
@@ -217,11 +217,22 @@ METHOD(kernel_ipsec_t, del_sa, status_t,
 	private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst,
 	u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark)
 {
-	esa_id_type esa_id;
+	esa_id_type esa_id, other_esa_id;
 
 	esa_id = tkm->sad->get_esa_id(tkm->sad, src, dst, spi, protocol);
 	if (esa_id)
 	{
+		other_esa_id = tkm->sad->get_other_esa_id(tkm->sad, esa_id);
+		if (other_esa_id)
+		{
+			DBG1(DBG_KNL, "selecting child SA (esa: %llu)", other_esa_id);
+			if (ike_esa_select(other_esa_id) != TKM_OK)
+			{
+				DBG1(DBG_KNL, "error selecting other child SA (esa: %llu)",
+						other_esa_id);
+			}
+		}
+
 		DBG1(DBG_KNL, "deleting child SA (esa: %llu, spi: %x)", esa_id,
 			 ntohl(spi));
 		if (ike_esa_reset(esa_id) != TKM_OK)