diff options
| author | Martin Willi <martin@revosec.ch> | 2013-06-20 16:13:35 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-10-11 10:15:21 +0200 |
| commit | 21b096f3b8a013f58d3d9d1691aeb408854c4cb5 (patch) | |
| tree | 9cdd4a73e6bf06261cf5c4f1d989173eda01d544 /src | |
| parent | 908fe1632de31dd705132455199ed1cece073ce5 (diff) | |
| download | strongswan-21b096f3b8a013f58d3d9d1691aeb408854c4cb5.tar.bz2 strongswan-21b096f3b8a013f58d3d9d1691aeb408854c4cb5.tar.xz | |
child-sa: Save protocol during SPI allocation
This allows us to properly delete the incomplete SA with the correct protocol
should negotiation fail.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/sa/child_sa.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 46e4b6f7b..9bd0c05ad 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -594,6 +594,9 @@ METHOD(child_sa_t, alloc_spi, u_int32_t, proto_ike2ip(protocol), this->reqid, &this->my_spi) == SUCCESS) { + /* if we allocate a SPI, but then are unable to establish the SA, we + * need to know the protocol family to delete the partial SA */ + this->protocol = protocol; return this->my_spi; } return 0; @@ -1039,12 +1042,6 @@ METHOD(child_sa_t, destroy, void, /* delete SAs in the kernel, if they are set up */ if (this->my_spi) { - /* if CHILD was not established, use PROTO_ESP used during alloc_spi(). - * TODO: For AH support, we have to store protocol specific SPI.s */ - if (this->protocol == PROTO_NONE) - { - this->protocol = PROTO_ESP; - } hydra->kernel_interface->del_sa(hydra->kernel_interface, this->other_addr, this->my_addr, this->my_spi, proto_ike2ip(this->protocol), this->my_cpi, |