From: Martin Willi Date: Mon, 9 Mar 2015 16:52:33 +0000 (+0100) Subject: Revert "child-sa: Remove the obsolete update logic" X-Git-Tag: 5.3.0dr1~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=acad5e9f512cca4141e8067789d9b421a36cf191;p=thirdparty%2Fstrongswan.git Revert "child-sa: Remove the obsolete update logic" While the the meaning of the "inbound" flag on the kernel_interface->add_sa() call is not very clear, we still need that update logic to allow installation of inbound SAs without SPI allocation. This is used in the HA plugin as a passive node. This reverts commit 698ed656. --- diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index fdeb605eee..1f37fac657 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -655,6 +655,7 @@ METHOD(child_sa_t, install, status_t, u_int32_t tfc = 0; host_t *src, *dst; status_t status; + bool update = FALSE; /* now we have to decide which spi to use. Use self allocated, if "in", * or the one in the proposal, if not "in" (others). Additionally, @@ -663,6 +664,10 @@ METHOD(child_sa_t, install, status_t, { dst = this->my_addr; src = this->other_addr; + if (this->my_spi == spi) + { /* alloc_spi has been called, do an SA update */ + update = TRUE; + } this->my_spi = spi; this->my_cpi = cpi; } @@ -745,7 +750,7 @@ METHOD(child_sa_t, install, status_t, inbound ? this->mark_in : this->mark_out, tfc, lifetime, enc_alg, encr, int_alg, integ, this->mode, this->ipcomp, cpi, this->config->get_replay_window(this->config), - initiator, this->encap, esn, inbound, src_ts, dst_ts); + initiator, this->encap, esn, update, src_ts, dst_ts); free(lifetime);