fixed acquire-delay bug by:

  installing policies before states
  updating policies if protocol has changed

1 files changed, 7 insertions, 5 deletions

diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c
index 81d1e8b2e..8e16ba1b3 100644
--- a/src/charon/kernel/kernel_interface.c
+++ b/src/charon/kernel/kernel_interface.c
@@ -5,9 +5,6 @@
  * Copyright (C) 2006 Daniel Roethlisberger
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
- * Copyright (C) 2003 Herbert Xu.
- * 
- * Based on xfrm code from pluto.
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -227,6 +224,9 @@ struct policy_entry_t {
 	/** direction of this policy: in, out, forward */
 	u_int8_t direction;
 	
+	/** protocol ID: ESP/AH */
+	protocol_id_t proto;
+	
 	/** reqid of the policy */
 	u_int32_t reqid;
 	
@@ -2612,14 +2612,16 @@ static status_t add_policy(private_kernel_interface_t *this,
 	memset(policy, 0, sizeof(policy_entry_t));
 	policy->sel = ts2selector(src_ts, dst_ts);
 	policy->direction = direction;
+	policy->proto = protocol;
 	
 	/* find the policy, which matches EXACTLY */
 	pthread_mutex_lock(&this->mutex);
 	iterator = this->policies->create_iterator(this->policies, TRUE);
 	while (iterator->iterate(iterator, (void**)&current))
 	{
-		if (memcmp(&current->sel, &policy->sel, sizeof(struct xfrm_selector)) == 0 &&
-			policy->direction == current->direction)
+		if (memeq(&current->sel, &policy->sel, sizeof(struct xfrm_selector)) &&
+			policy->direction == current->direction &&
+			policy->proto == current->proto)
 		{
 			/* use existing policy */
 			current->refcount++;