kernel-pfkey: Read reqid directly from acquire if possible
[strongswan.git] / src / libcharon / plugins / kernel_pfkey / kernel_pfkey_ipsec.c
index dbe409a..37170a3 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
  * Copyright (C) 2008 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -1287,20 +1287,27 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this,
                return;
        }
 
-       index = response.x_policy->sadb_x_policy_id;
-       this->mutex->lock(this->mutex);
-       if (this->policies->find_first(this->policies, policy_entry_match_byindex,
-                                                                 (void**)&policy, index) &&
-               policy->used_by->get_first(policy->used_by, (void**)&sa) == SUCCESS)
+       if (response.x_sa2)
        {
-               reqid = sa->sa->cfg.reqid;
+               reqid = response.x_sa2->sadb_x_sa2_reqid;
        }
        else
        {
-               DBG1(DBG_KNL, "received an SADB_ACQUIRE with policy id %d but no "
-                                         "matching policy found", index);
+               index = response.x_policy->sadb_x_policy_id;
+               this->mutex->lock(this->mutex);
+               if (this->policies->find_first(this->policies, policy_entry_match_byindex,
+                                                                          (void**)&policy, index) &&
+                       policy->used_by->get_first(policy->used_by, (void**)&sa) == SUCCESS)
+               {
+                       reqid = sa->sa->cfg.reqid;
+               }
+               else
+               {
+                       DBG1(DBG_KNL, "received an SADB_ACQUIRE with policy id %d but no "
+                                "matching policy found", index);
+               }
+               this->mutex->unlock(this->mutex);
        }
-       this->mutex->unlock(this->mutex);
 
        src_ts = sadb_address2ts(response.src);
        dst_ts = sadb_address2ts(response.dst);