fixed SPI when rekeying and deleting CHILD_SAs

diff --git a/src/charon/sa/child_sa.c b/src/charon/sa/child_sa.c
index 5987f77..7db6ef7 100644 (file)
--- a/src/charon/sa/child_sa.c
+++ b/src/charon/sa/child_sa.c
@@ -108,9 +108,9 @@ struct private_child_sa_t {
        u_int32_t hard_lifetime;
        
        /**
-        * reqid of a CHILD_SA which rekeyed this one
+        * has this CHILD_SA been rekeyed?
         */
-       u_int32_t rekeyed;
+       bool rekeyed;
        
        /**
         * CHILD_SAs own logger
@@ -450,9 +450,9 @@ static status_t add_policies(private_child_sa_t *this, linked_list_t *my_ts_list
 /**
  * Implementation of child_sa_t.set_rekeyed.
  */
-static void set_rekeyed(private_child_sa_t *this, u_int32_t reqid)
+static void set_rekeyed(private_child_sa_t *this)
 {
-       this->rekeyed = reqid;
+       this->rekeyed = TRUE;
 }
 
 /**
@@ -592,7 +592,7 @@ child_sa_t * child_sa_create(u_int32_t rekey, host_t *me, host_t* other,
        this->public.add = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))add;
        this->public.update = (status_t(*)(child_sa_t*,proposal_t*,prf_plus_t*))update;
        this->public.add_policies = (status_t (*)(child_sa_t*, linked_list_t*,linked_list_t*))add_policies;
-       this->public.set_rekeyed = (void (*)(child_sa_t*,u_int32_t))set_rekeyed;
+       this->public.set_rekeyed = (void (*)(child_sa_t*))set_rekeyed;
        this->public.log_status = (void (*)(child_sa_t*, logger_t*, char*))log_status;
        this->public.destroy = (void(*)(child_sa_t*))destroy;
 
@@ -610,7 +610,7 @@ child_sa_t * child_sa_create(u_int32_t rekey, host_t *me, host_t* other,
        this->reqid = rekey ? rekey : ++reqid;
        this->policies = linked_list_create();
        this->protocol = PROTO_NONE;
-       this->rekeyed = 0;
+       this->rekeyed = FALSE;
        
        return (&this->public);
 }

diff --git a/src/charon/sa/child_sa.h b/src/charon/sa/child_sa.h
index 687a7d6..9778942 100644 (file)
--- a/src/charon/sa/child_sa.h
+++ b/src/charon/sa/child_sa.h
@@ -153,9 +153,8 @@ struct child_sa_t {
         * not remove its policy, as the new SA uses it.
         *
         * @param this          calling object
-        * @param reqid         reqid of the SA which replaces this one.
         */     
-       void (*set_rekeyed) (child_sa_t *this, u_int32_t reqid);
+       void (*set_rekeyed) (child_sa_t *this);
        
        /**
         * @brief Log the status of a child_sa to a logger.

diff --git a/src/charon/sa/ike_sa.c b/src/charon/sa/ike_sa.c
index 61dc7b6..fad6989 100644 (file)
--- a/src/charon/sa/ike_sa.c
+++ b/src/charon/sa/ike_sa.c
@@ -940,7 +940,7 @@ static u_int32_t destroy_child_sa(private_ike_sa_t *this, u_int32_t spi)
        while (iterator->has_next(iterator))
        {
                iterator->current(iterator, (void**)&child_sa);
-               if (child_sa->get_spi(child_sa, TRUE) == spi)
+               if (child_sa->get_spi(child_sa, FALSE) == spi)
                {
                        iterator->remove(iterator);
                        break;
@@ -958,7 +958,7 @@ static u_int32_t destroy_child_sa(private_ike_sa_t *this, u_int32_t spi)
                return 0;
        }
        
-       spi = child_sa->get_spi(child_sa, FALSE);
+       spi = child_sa->get_spi(child_sa, TRUE);
        child_sa->destroy(child_sa);
        return spi;
 }
@@ -975,7 +975,7 @@ static child_sa_t* get_child_sa_by_spi(private_ike_sa_t *this, u_int32_t spi)
        while (iterator->has_next(iterator))
        {
                iterator->current(iterator, (void**)&current);
-               if (current->get_spi(current, TRUE) == spi)
+               if (current->get_spi(current, FALSE) == spi)
                {
                        found = current;
                }

diff --git a/src/charon/sa/states/create_child_sa_requested.c b/src/charon/sa/states/create_child_sa_requested.c
index ebd9469..35e3db9 100644 (file)
--- a/src/charon/sa/states/create_child_sa_requested.c
+++ b/src/charon/sa/states/create_child_sa_requested.c
@@ -385,7 +385,7 @@ static status_t process_message(private_create_child_sa_requested_t *this, messa
                old_child_sa = this->ike_sa->public.get_child_sa(&this->ike_sa->public, this->reqid);
                if (old_child_sa)
                {
-                       old_child_sa->set_rekeyed(old_child_sa, this->child_sa->get_reqid(this->child_sa));
+                       old_child_sa->set_rekeyed(old_child_sa);
                }
                this->ike_sa->public.delete_child_sa(&this->ike_sa->public, this->reqid);
        }

diff --git a/src/charon/sa/states/ike_sa_established.c b/src/charon/sa/states/ike_sa_established.c
index 51ac972..df31801 100644 (file)
--- a/src/charon/sa/states/ike_sa_established.c
+++ b/src/charon/sa/states/ike_sa_established.c
@@ -321,7 +321,13 @@ static status_t process_create_child_sa(private_ike_sa_established_t *this, mess
        
        if (notify && notify->get_notify_message_type(notify) == REKEY_SA)
        {
-               this->old_child_sa = this->ike_sa->get_child_sa(this->ike_sa, notify->get_spi(notify));
+               u_int32_t spi = notify->get_spi(notify);
+               this->old_child_sa = this->ike_sa->get_child_sa(this->ike_sa, spi);
+               this->logger->log(this->logger, CONTROL, "Rekeying CHILD_SA with SPI 0x%x", spi);
+       }
+       else
+       {
+               this->logger->log(this->logger, CONTROL, "Create new CHILD_SA");
        }
                
        /* build response */
@@ -382,7 +388,7 @@ static status_t process_create_child_sa(private_ike_sa_established_t *this, mess
                }
                if (this->old_child_sa)
                {       /* mark old child sa as rekeyed */
-                       this->old_child_sa->set_rekeyed(this->old_child_sa, this->child_sa->get_reqid(this->child_sa));
+                       this->old_child_sa->set_rekeyed(this->old_child_sa);
                }
                this->ike_sa->add_child_sa(this->ike_sa, this->child_sa);
        }