child-sa: Remove policies before states to avoid acquire events for untrapped policies
authorTobias Brunner <tobias@strongswan.org>
Tue, 17 Mar 2015 08:58:00 +0000 (09:58 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 19 Mar 2015 08:54:03 +0000 (09:54 +0100)
src/libcharon/sa/child_sa.c

index 9c74b95..068092d 100644 (file)
@@ -1114,22 +1114,6 @@ METHOD(child_sa_t, destroy, void,
 
        set_state(this, CHILD_DESTROYING);
 
-       /* delete SAs in the kernel, if they are set up */
-       if (this->my_spi)
-       {
-               hydra->kernel_interface->del_sa(hydra->kernel_interface,
-                                       this->other_addr, this->my_addr, this->my_spi,
-                                       proto_ike2ip(this->protocol), this->my_cpi,
-                                       this->mark_in);
-       }
-       if (this->other_spi)
-       {
-               hydra->kernel_interface->del_sa(hydra->kernel_interface,
-                                       this->my_addr, this->other_addr, this->other_spi,
-                                       proto_ike2ip(this->protocol), this->other_cpi,
-                                       this->mark_out);
-       }
-
        if (this->config->install_policy(this->config))
        {
                /* delete all policies in the kernel */
@@ -1146,6 +1130,22 @@ METHOD(child_sa_t, destroy, void,
                enumerator->destroy(enumerator);
        }
 
+       /* delete SAs in the kernel, if they are set up */
+       if (this->my_spi)
+       {
+               hydra->kernel_interface->del_sa(hydra->kernel_interface,
+                                       this->other_addr, this->my_addr, this->my_spi,
+                                       proto_ike2ip(this->protocol), this->my_cpi,
+                                       this->mark_in);
+       }
+       if (this->other_spi)
+       {
+               hydra->kernel_interface->del_sa(hydra->kernel_interface,
+                                       this->my_addr, this->other_addr, this->other_spi,
+                                       proto_ike2ip(this->protocol), this->other_cpi,
+                                       this->mark_out);
+       }
+
        if (this->reqid_allocated)
        {
                if (hydra->kernel_interface->release_reqid(hydra->kernel_interface,