kernel-pfkey: Read reqid directly from acquire if possible
authorTobias Brunner <tobias@strongswan.org>
Mon, 22 Oct 2018 08:12:25 +0000 (10:12 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 3 Dec 2018 11:01:43 +0000 (12:01 +0100)
Upcoming versions of FreeBSD will include an SADB_X_EXT_SA2 extension in
acquires that contains the reqid set on the matching policy.  This allows
handling acquires even when no policies are installed (e.g. to work with
FreeBSD's implementation of VTI interfaces, which manage policies
themselves).

src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

index dbe409a..37170a3 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
  * Copyright (C) 2008 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -1287,20 +1287,27 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this,
                return;
        }
 
-       index = response.x_policy->sadb_x_policy_id;
-       this->mutex->lock(this->mutex);
-       if (this->policies->find_first(this->policies, policy_entry_match_byindex,
-                                                                 (void**)&policy, index) &&
-               policy->used_by->get_first(policy->used_by, (void**)&sa) == SUCCESS)
+       if (response.x_sa2)
        {
-               reqid = sa->sa->cfg.reqid;
+               reqid = response.x_sa2->sadb_x_sa2_reqid;
        }
        else
        {
-               DBG1(DBG_KNL, "received an SADB_ACQUIRE with policy id %d but no "
-                                         "matching policy found", index);
+               index = response.x_policy->sadb_x_policy_id;
+               this->mutex->lock(this->mutex);
+               if (this->policies->find_first(this->policies, policy_entry_match_byindex,
+                                                                          (void**)&policy, index) &&
+                       policy->used_by->get_first(policy->used_by, (void**)&sa) == SUCCESS)
+               {
+                       reqid = sa->sa->cfg.reqid;
+               }
+               else
+               {
+                       DBG1(DBG_KNL, "received an SADB_ACQUIRE with policy id %d but no "
+                                "matching policy found", index);
+               }
+               this->mutex->unlock(this->mutex);
        }
-       this->mutex->unlock(this->mutex);
 
        src_ts = sadb_address2ts(response.src);
        dst_ts = sadb_address2ts(response.dst);