Revert "child-sa: Remove the obsolete update logic"
authorMartin Willi <martin@revosec.ch>
Mon, 9 Mar 2015 16:52:33 +0000 (17:52 +0100)
committerMartin Willi <martin@revosec.ch>
Mon, 9 Mar 2015 17:18:20 +0000 (18:18 +0100)
While the the meaning of the "inbound" flag on the kernel_interface->add_sa()
call is not very clear, we still need that update logic to allow installation of
inbound SAs without SPI allocation. This is used in the HA plugin as a passive
node.

This reverts commit 698ed656.

src/libcharon/sa/child_sa.c

index fdeb605..1f37fac 100644 (file)
@@ -655,6 +655,7 @@ METHOD(child_sa_t, install, status_t,
        u_int32_t tfc = 0;
        host_t *src, *dst;
        status_t status;
+       bool update = FALSE;
 
        /* now we have to decide which spi to use. Use self allocated, if "in",
         * or the one in the proposal, if not "in" (others). Additionally,
@@ -663,6 +664,10 @@ METHOD(child_sa_t, install, status_t,
        {
                dst = this->my_addr;
                src = this->other_addr;
+               if (this->my_spi == spi)
+               {       /* alloc_spi has been called, do an SA update */
+                       update = TRUE;
+               }
                this->my_spi = spi;
                this->my_cpi = cpi;
        }
@@ -745,7 +750,7 @@ METHOD(child_sa_t, install, status_t,
                                inbound ? this->mark_in : this->mark_out, tfc,
                                lifetime, enc_alg, encr, int_alg, integ, this->mode,
                                this->ipcomp, cpi, this->config->get_replay_window(this->config),
-                               initiator, this->encap, esn, inbound, src_ts, dst_ts);
+                               initiator, this->encap, esn, update, src_ts, dst_ts);
 
        free(lifetime);