From: Martin Willi <martin@revosec.ch>
Date: Fri, 27 Feb 2015 09:54:38 +0000 (+0100)
Subject: ha: Always install the CHILD_SAs with the inbound flag set to FALSE
X-Git-Tag: 5.3.0dr1~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e722ee5d;p=thirdparty%2Fstrongswan.git

ha: Always install the CHILD_SAs with the inbound flag set to FALSE

The inbound flag is used to determine if we have to install an update or a new
SA in the kernel. As we do not have allocated SPIs and therefore can't update
an existing SA in the HA plugin, always set the flag to FALSE.

Before 698ed656 we had extra logic for that case, but handling it directly in
the HA plugin is simpler.
---

diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index 983f9d8fc1..81132b4929 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -792,7 +792,7 @@ static void process_child_add(private_ha_dispatcher_t *this,
 	if (initiator)
 	{
 		if (child_sa->install(child_sa, encr_r, integ_r, inbound_spi,
-							  inbound_cpi, initiator, TRUE, TRUE,
+							  inbound_cpi, initiator, FALSE, TRUE,
 							  local_ts, remote_ts) != SUCCESS ||
 			child_sa->install(child_sa, encr_i, integ_i, outbound_spi,
 							  outbound_cpi, initiator, FALSE, TRUE,
@@ -804,7 +804,7 @@ static void process_child_add(private_ha_dispatcher_t *this,
 	else
 	{
 		if (child_sa->install(child_sa, encr_i, integ_i, inbound_spi,
-							  inbound_cpi, initiator, TRUE, TRUE,
+							  inbound_cpi, initiator, FALSE, TRUE,
 							  local_ts, remote_ts) != SUCCESS ||
 			child_sa->install(child_sa, encr_r, integ_r, outbound_spi,
 							  outbound_cpi, initiator, FALSE, TRUE,