ike: reuse the reqid of an installed trap having the same config
authorMartin Willi <martin@revosec.ch>
Tue, 11 Jun 2013 14:11:14 +0000 (16:11 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 19 Jun 2013 14:30:40 +0000 (16:30 +0200)
When we have a trap installed, but a CHILD_SA gets established for the same
config from the peer, we should reuse the same reqid. Otherwise we would have
two identical policies using different reqids, what we can't handle in our
kernel backend.

src/libcharon/sa/child_sa.c

index f50e32f..1069b2d 100644 (file)
@@ -1149,7 +1149,11 @@ child_sa_t * child_sa_create(host_t *me, host_t* other,
                }
                else
                {
-                       this->reqid = ref_get(&reqid);
+                       this->reqid = charon->traps->find_reqid(charon->traps, config);
+                       if (!this->reqid)
+                       {
+                               this->reqid = ref_get(&reqid);
+                       }
                }
        }