diff options
| author | Adrian-Ken Rueegsegger <ken@codelabs.ch> | 2015-04-08 18:56:23 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2015-05-04 18:07:51 +0200 |
| commit | 2783bd17a401f961d4cf2e126f28f2ea5dcc41d6 (patch) | |
| tree | d539f17d52ada977e6c7dac0891cbdfa3b356b5b | |
| parent | c7ce0d96cd89b8071637cd59879776b01053f28a (diff) | |
| download | strongswan-2783bd17a401f961d4cf2e126f28f2ea5dcc41d6.tar.bz2 strongswan-2783bd17a401f961d4cf2e126f28f2ea5dcc41d6.tar.xz | |
charon-tkm: Select other ESA if any is present upon deletion
In the case that multiple ESAs exist (e.g. rekey collision) for a
security policy, make sure to select one of the remaining ESAs.
| -rw-r--r-- | src/charon-tkm/src/tkm/tkm_kernel_ipsec.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c index 30c8e1022..e94a3b5c2 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c @@ -217,11 +217,22 @@ METHOD(kernel_ipsec_t, del_sa, status_t, private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) { - esa_id_type esa_id; + esa_id_type esa_id, other_esa_id; esa_id = tkm->sad->get_esa_id(tkm->sad, src, dst, spi, protocol); if (esa_id) { + other_esa_id = tkm->sad->get_other_esa_id(tkm->sad, esa_id); + if (other_esa_id) + { + DBG1(DBG_KNL, "selecting child SA (esa: %llu)", other_esa_id); + if (ike_esa_select(other_esa_id) != TKM_OK) + { + DBG1(DBG_KNL, "error selecting other child SA (esa: %llu)", + other_esa_id); + } + } + DBG1(DBG_KNL, "deleting child SA (esa: %llu, spi: %x)", esa_id, ntohl(spi)); if (ike_esa_reset(esa_id) != TKM_OK) |