From 46188b0eb0f1d2bc6e44dd1215e0b396dcab3d33 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 17 Mar 2015 09:58:00 +0100
Subject: [PATCH] child-sa: Remove policies before states to avoid acquire
 events for untrapped policies

---
 src/libcharon/sa/child_sa.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 9c74b95170..068092d60b 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -1114,22 +1114,6 @@ METHOD(child_sa_t, destroy, void,
 
 	set_state(this, CHILD_DESTROYING);
 
-	/* delete SAs in the kernel, if they are set up */
-	if (this->my_spi)
-	{
-		hydra->kernel_interface->del_sa(hydra->kernel_interface,
-					this->other_addr, this->my_addr, this->my_spi,
-					proto_ike2ip(this->protocol), this->my_cpi,
-					this->mark_in);
-	}
-	if (this->other_spi)
-	{
-		hydra->kernel_interface->del_sa(hydra->kernel_interface,
-					this->my_addr, this->other_addr, this->other_spi,
-					proto_ike2ip(this->protocol), this->other_cpi,
-					this->mark_out);
-	}
-
 	if (this->config->install_policy(this->config))
 	{
 		/* delete all policies in the kernel */
@@ -1146,6 +1130,22 @@ METHOD(child_sa_t, destroy, void,
 		enumerator->destroy(enumerator);
 	}
 
+	/* delete SAs in the kernel, if they are set up */
+	if (this->my_spi)
+	{
+		hydra->kernel_interface->del_sa(hydra->kernel_interface,
+					this->other_addr, this->my_addr, this->my_spi,
+					proto_ike2ip(this->protocol), this->my_cpi,
+					this->mark_in);
+	}
+	if (this->other_spi)
+	{
+		hydra->kernel_interface->del_sa(hydra->kernel_interface,
+					this->my_addr, this->other_addr, this->other_spi,
+					proto_ike2ip(this->protocol), this->other_cpi,
+					this->mark_out);
+	}
+
 	if (this->reqid_allocated)
 	{
 		if (hydra->kernel_interface->release_reqid(hydra->kernel_interface,
-- 
2.47.2