kernel-pfkey: Prefer policies with reqid over those without

author: Tobias Brunner <tobias@strongswan.org> 2016-04-04 15:06:44 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2016-04-09 16:51:01 +0200
commit: fd8f1194f3f14ff94c02e2218dd01b3aaf14c414 (patch)
tree: fbc05917618eb5265b39946da2485cb665fb9bce /src
parent: 0ff8ce9452be4b1ac77fa9bd697e28f2ffe693e5 (diff)
download: strongswan-fd8f1194f3f14ff94c02e2218dd01b3aaf14c414.tar.bz2
strongswan-fd8f1194f3f14ff94c02e2218dd01b3aaf14c414.tar.xz
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 0e2e7df48..7eb6c5808 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -2598,7 +2598,13 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
 	enumerator = policy->used_by->create_enumerator(policy->used_by);
 	while (enumerator->enumerate(enumerator, (void**)&current_sa))
 	{
-		if (current_sa->priority >= assigned_sa->priority)
+		if (current_sa->priority > assigned_sa->priority)
+		{
+			break;
+		}
+		/* prefer SAs with a reqid over those without */
+		if (current_sa->priority == assigned_sa->priority &&
+			(!current_sa->sa->cfg.reqid || assigned_sa->sa->cfg.reqid))
 		{
 			break;
 		}
author	Tobias Brunner <tobias@strongswan.org>	2016-04-04 15:06:44 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2016-04-09 16:51:01 +0200
commit	fd8f1194f3f14ff94c02e2218dd01b3aaf14c414 (patch)
tree	fbc05917618eb5265b39946da2485cb665fb9bce /src
parent	0ff8ce9452be4b1ac77fa9bd697e28f2ffe693e5 (diff)
download	strongswan-fd8f1194f3f14ff94c02e2218dd01b3aaf14c414.tar.bz2 strongswan-fd8f1194f3f14ff94c02e2218dd01b3aaf14c414.tar.xz