From e722ee5df82a292c87adfad23359b35793589798 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 27 Feb 2015 10:54:38 +0100
Subject: [PATCH] ha: Always install the CHILD_SAs with the inbound flag set to
 FALSE

The inbound flag is used to determine if we have to install an update or a new
SA in the kernel. As we do not have allocated SPIs and therefore can't update
an existing SA in the HA plugin, always set the flag to FALSE.

Before 698ed656 we had extra logic for that case, but handling it directly in
the HA plugin is simpler.
---
 src/libcharon/plugins/ha/ha_dispatcher.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index 983f9d8fc1..81132b4929 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -792,7 +792,7 @@ static void process_child_add(private_ha_dispatcher_t *this,
 	if (initiator)
 	{
 		if (child_sa->install(child_sa, encr_r, integ_r, inbound_spi,
-							  inbound_cpi, initiator, TRUE, TRUE,
+							  inbound_cpi, initiator, FALSE, TRUE,
 							  local_ts, remote_ts) != SUCCESS ||
 			child_sa->install(child_sa, encr_i, integ_i, outbound_spi,
 							  outbound_cpi, initiator, FALSE, TRUE,
@@ -804,7 +804,7 @@ static void process_child_add(private_ha_dispatcher_t *this,
 	else
 	{
 		if (child_sa->install(child_sa, encr_i, integ_i, inbound_spi,
-							  inbound_cpi, initiator, TRUE, TRUE,
+							  inbound_cpi, initiator, FALSE, TRUE,
 							  local_ts, remote_ts) != SUCCESS ||
 			child_sa->install(child_sa, encr_r, integ_r, outbound_spi,
 							  outbound_cpi, initiator, FALSE, TRUE,
-- 
2.47.2