If no inbound CHILD_SA is found, try to find an outbound SA.
authorTobias Brunner <tobias@strongswan.org>
Thu, 27 Aug 2009 14:16:23 +0000 (16:16 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 1 Sep 2009 10:53:44 +0000 (12:53 +0200)
Due to the new lifetime limits in- and outbound SAs may expire
individually.

src/charon/sa/tasks/child_delete.c
src/charon/sa/tasks/child_rekey.c

index 7abb07a..8497678 100644 (file)
@@ -269,8 +269,15 @@ static status_t build_i(private_child_delete_t *this, message_t *message)
        child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
                                                                                  this->spi, TRUE);
        if (!child_sa)
-       {       /* child does not exist anymore */
-               return SUCCESS;
+       {       /* check if it is an outbound sa */
+               child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
+                                                                                         this->spi, FALSE);
+               if (!child_sa)
+               {       /* child does not exist anymore */
+                       return SUCCESS;
+               }
+               /* we work only with the inbound SPI */
+               this->spi = child_sa->get_spi(child_sa, TRUE);
        }
        this->child_sas->insert_last(this->child_sas, child_sa);
        if (child_sa->get_state(child_sa) == CHILD_REKEYING)
index 601e054..cbf45b4 100644 (file)
@@ -144,8 +144,15 @@ static status_t build_i(private_child_rekey_t *this, message_t *message)
        this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
                                                                                                this->spi, TRUE);
        if (!this->child_sa)
-       {       /* CHILD_SA is gone, unable to rekey */
-               return SUCCESS;
+       {       /* check if it is an outbound CHILD_SA */
+               this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol,
+                                                                                                       this->spi, FALSE);
+               if (!this->child_sa)
+               {       /* CHILD_SA is gone, unable to rekey */
+                       return SUCCESS;
+               }
+               /* we work only with the inbound SPI */
+               this->spi = this->child_sa->get_spi(this->child_sa, TRUE);
        }
        config = this->child_sa->get_config(this->child_sa);