From 7beea2e99f8bfa4854370eb1570df0fb8e4bbfd5 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Wed, 16 Jul 2008 11:51:37 +0000 Subject: fixed acquire-delay bug by: installing policies before states updating policies if protocol has changed --- src/charon/kernel/kernel_interface.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'src/charon/kernel/kernel_interface.c') diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c index 81d1e8b2e..8e16ba1b3 100644 --- a/src/charon/kernel/kernel_interface.c +++ b/src/charon/kernel/kernel_interface.c @@ -5,9 +5,6 @@ * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil - * Copyright (C) 2003 Herbert Xu. - * - * Based on xfrm code from pluto. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -227,6 +224,9 @@ struct policy_entry_t { /** direction of this policy: in, out, forward */ u_int8_t direction; + /** protocol ID: ESP/AH */ + protocol_id_t proto; + /** reqid of the policy */ u_int32_t reqid; @@ -2612,14 +2612,16 @@ static status_t add_policy(private_kernel_interface_t *this, memset(policy, 0, sizeof(policy_entry_t)); policy->sel = ts2selector(src_ts, dst_ts); policy->direction = direction; + policy->proto = protocol; /* find the policy, which matches EXACTLY */ pthread_mutex_lock(&this->mutex); iterator = this->policies->create_iterator(this->policies, TRUE); while (iterator->iterate(iterator, (void**)¤t)) { - if (memcmp(¤t->sel, &policy->sel, sizeof(struct xfrm_selector)) == 0 && - policy->direction == current->direction) + if (memeq(¤t->sel, &policy->sel, sizeof(struct xfrm_selector)) && + policy->direction == current->direction && + policy->proto == current->proto) { /* use existing policy */ current->refcount++; -- cgit v1.2.3