diff options
Diffstat (limited to 'main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch')
| -rw-r--r-- | main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch | 69 |
1 files changed, 0 insertions, 69 deletions
diff --git a/main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch b/main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch deleted file mode 100644 index a1b696a50c..0000000000 --- a/main/strongswan/0601-child-sa-fix-refcounting-of-allocated-reqids.patch +++ /dev/null @@ -1,69 +0,0 @@ -From ce1f82060c037eebf0da6de164215d9a06b92c5b Mon Sep 17 00:00:00 2001 -From: Tobias Brunner <tobias@strongswan.org> -Date: Fri, 31 Jul 2015 16:51:35 +0200 -Subject: [PATCH] child-sa: Fix refcounting of allocated reqids - -During a rekeying we want to reuse the current reqid, but if the new SA -does not allocate it via kernel-interface the state there will disappear -when the old SA is destroyed after the rekeying. When the IKE_SA is -later reauthenticated with make-before-break reatuhentication the new -CHILD_SAs there will get new reqids as no existing state is found in the -kernel-interface. - -Fixes: a49393954f31 ("child-sa: Use any fixed reqid configured on the CHILD_SA config") ---- - src/libcharon/sa/child_sa.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c -index 94cf07c..73f2ec9 100644 ---- a/src/libcharon/sa/child_sa.c -+++ b/src/libcharon/sa/child_sa.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (C) 2006-2011 Tobias Brunner -+ * Copyright (C) 2006-2015 Tobias Brunner - * Copyright (C) 2005-2008 Martin Willi - * Copyright (C) 2006 Daniel Roethlisberger - * Copyright (C) 2005 Jan Hutter -@@ -106,6 +106,11 @@ struct private_child_sa_t { - */ - bool reqid_allocated; - -+ /** -+ * Is the reqid statically configured -+ */ -+ bool static_reqid; -+ - /* - * Unique CHILD_SA identifier - */ -@@ -698,7 +703,7 @@ METHOD(child_sa_t, install, status_t, - this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS, - &esn, NULL); - -- if (!this->reqid_allocated && !this->reqid) -+ if (!this->reqid_allocated && !this->static_reqid) - { - status = hydra->kernel_interface->alloc_reqid(hydra->kernel_interface, - my_ts, other_ts, this->mark_in, this->mark_out, -@@ -826,7 +831,7 @@ METHOD(child_sa_t, add_policies, status_t, - traffic_selector_t *my_ts, *other_ts; - status_t status = SUCCESS; - -- if (!this->reqid_allocated && !this->reqid) -+ if (!this->reqid_allocated && !this->static_reqid) - { - /* trap policy, get or confirm reqid */ - status = hydra->kernel_interface->alloc_reqid( -@@ -1305,6 +1310,10 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, - this->reqid = charon->traps->find_reqid(charon->traps, config); - } - } -+ else -+ { -+ this->static_reqid = TRUE; -+ } - - /* MIPv6 proxy transport mode sets SA endpoints to TS hosts */ - if (config->get_mode(config) == MODE_TRANSPORT && |