From ce1f82060c037eebf0da6de164215d9a06b92c5b Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 31 Jul 2015 16:51:35 +0200
Subject: [PATCH] child-sa: Fix refcounting of allocated reqids

During a rekeying we want to reuse the current reqid, but if the new SA
does not allocate it via kernel-interface the state there will disappear
when the old SA is destroyed after the rekeying.  When the IKE_SA is
later reauthenticated with make-before-break reatuhentication the new
CHILD_SAs there will get new reqids as no existing state is found in the
kernel-interface.

Fixes: a49393954f31 ("child-sa: Use any fixed reqid configured on the CHILD_SA config")
---
 src/libcharon/sa/child_sa.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 94cf07c..73f2ec9 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2006-2011 Tobias Brunner
+ * Copyright (C) 2006-2015 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
@@ -106,6 +106,11 @@ struct private_child_sa_t {
 	 */
 	bool reqid_allocated;
 
+	/**
+	 * Is the reqid statically configured
+	 */
+	bool static_reqid;
+
 	/*
 	 * Unique CHILD_SA identifier
 	 */
@@ -698,7 +703,7 @@ METHOD(child_sa_t, install, status_t,
 	this->proposal->get_algorithm(this->proposal, EXTENDED_SEQUENCE_NUMBERS,
 								  &esn, NULL);
 
-	if (!this->reqid_allocated && !this->reqid)
+	if (!this->reqid_allocated && !this->static_reqid)
 	{
 		status = hydra->kernel_interface->alloc_reqid(hydra->kernel_interface,
 							my_ts, other_ts, this->mark_in, this->mark_out,
@@ -826,7 +831,7 @@ METHOD(child_sa_t, add_policies, status_t,
 	traffic_selector_t *my_ts, *other_ts;
 	status_t status = SUCCESS;
 
-	if (!this->reqid_allocated && !this->reqid)
+	if (!this->reqid_allocated && !this->static_reqid)
 	{
 		/* trap policy, get or confirm reqid */
 		status = hydra->kernel_interface->alloc_reqid(
@@ -1305,6 +1310,10 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
 			this->reqid = charon->traps->find_reqid(charon->traps, config);
 		}
 	}
+	else
+	{
+		this->static_reqid = TRUE;
+	}
 
 	/* MIPv6 proxy transport mode sets SA endpoints to TS hosts */
 	if (config->get_mode(config) == MODE_TRANSPORT &&