3 files changed, 24 insertions, 10 deletions

diff --git a/src/charon/plugins/ha_sync/ha_sync_plugin.c b/src/charon/plugins/ha_sync/ha_sync_plugin.c
index d6fa6be1f..ff4341e57 100644
--- a/src/charon/plugins/ha_sync/ha_sync_plugin.c
+++ b/src/charon/plugins/ha_sync/ha_sync_plugin.c
@@ -171,12 +171,12 @@ plugin_t *plugin_create()
 		return NULL;
 	}
 
-	this->segments = ha_sync_segments_create(this->socket, this->kernel,
-											 count, active);
 	if (secret)
 	{
-		this->tunnel = ha_sync_tunnel_create(secret, local, remote);
+		this->tunnel = ha_sync_tunnel_create(local, remote, secret);
 	}
+	this->segments = ha_sync_segments_create(this->socket, this->kernel,
+											 this->tunnel, count, active);
 	if (fifo)
 	{
 		this->ctl = ha_sync_ctl_create(this->segments);
diff --git a/src/charon/plugins/ha_sync/ha_sync_segments.c b/src/charon/plugins/ha_sync/ha_sync_segments.c
index 8929c62d4..4d458038c 100644
--- a/src/charon/plugins/ha_sync/ha_sync_segments.c
+++ b/src/charon/plugins/ha_sync/ha_sync_segments.c
@@ -36,6 +36,11 @@ struct private_ha_sync_segments_t {
 	ha_sync_socket_t *socket;
 
 	/**
+	 * Sync tunnel, if any
+	 */
+	ha_sync_tunnel_t *tunnel;
+
+	/**
 	 * Interface to control segments at kernel level
 	 */
 	ha_sync_kernel_t *kernel;
@@ -110,15 +115,20 @@ static void enable_disable(private_ha_sync_segments_t *this, u_int segment,
 		enumerator = charon->ike_sa_manager->create_enumerator(charon->ike_sa_manager);
 		while (enumerator->enumerate(enumerator, &ike_sa))
 		{
-			if (ike_sa->get_state(ike_sa) == old)
+			if (ike_sa->get_state(ike_sa) != old)
+			{
+				continue;
+			}
+			if (this->tunnel && this->tunnel->is_sync_sa(this->tunnel, ike_sa))
+			{
+				continue;
+			}
+			for (i = segment; i < limit; i++)
 			{
-				for (i = segment; i < limit; i++)
+				if (this->kernel->in_segment(this->kernel,
+										ike_sa->get_other_host(ike_sa), i))
 				{
-					if (this->kernel->in_segment(this->kernel,
-											ike_sa->get_other_host(ike_sa), i))
-					{
-						ike_sa->set_state(ike_sa, new);
-					}
+					ike_sa->set_state(ike_sa, new);
 				}
 			}
 		}
@@ -305,6 +315,7 @@ static void destroy(private_ha_sync_segments_t *this)
  */
 ha_sync_segments_t *ha_sync_segments_create(ha_sync_socket_t *socket,
 											ha_sync_kernel_t *kernel,
+											ha_sync_tunnel_t *tunnel,
 											u_int count, segment_mask_t active)
 {
 	private_ha_sync_segments_t *this = malloc_thing(private_ha_sync_segments_t);
@@ -317,6 +328,7 @@ ha_sync_segments_t *ha_sync_segments_create(ha_sync_socket_t *socket,
 	this->public.destroy = (void(*)(ha_sync_segments_t*))destroy;
 
 	this->socket = socket;
+	this->tunnel = tunnel;
 	this->kernel = kernel;
 	this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
 	this->active = active;
diff --git a/src/charon/plugins/ha_sync/ha_sync_segments.h b/src/charon/plugins/ha_sync/ha_sync_segments.h
index 98332a5f2..cf119a8e0 100644
--- a/src/charon/plugins/ha_sync/ha_sync_segments.h
+++ b/src/charon/plugins/ha_sync/ha_sync_segments.h
@@ -38,6 +38,7 @@ typedef u_int16_t segment_mask_t;
 #define SEGMENTS_BIT(segment) (0x01 << (segment - 1))
 
 #include "ha_sync_socket.h"
+#include "ha_sync_tunnel.h"
 #include "ha_sync_kernel.h"
 
 /**
@@ -95,6 +96,7 @@ struct ha_sync_segments_t {
  */
 ha_sync_segments_t *ha_sync_segments_create(ha_sync_socket_t *socket,
 											ha_sync_kernel_t *kernel,
+											ha_sync_tunnel_t *tunnel,
 											u_int count, segment_mask_t active);
 
 #endif /* HA_SYNC_SEGMENTS_ @}*/