ikev2: Reuse marks and reqid of CHILD_SAs during MBB reauthentication
Since these are installed overlapping (like during a rekeying) we have to use the same (unique) marks (and possibly reqid) that were used previously, otherwise, the policy installation will fail. Fixes #2610.
This commit is contained in:
parent
21553276a3
commit
b2163409cc
|
@ -1794,9 +1794,16 @@ static void trigger_mbb_reauth(private_task_manager_t *this)
|
|||
enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa);
|
||||
while (enumerator->enumerate(enumerator, &child_sa))
|
||||
{
|
||||
child_create_t *child_create;
|
||||
|
||||
cfg = child_sa->get_config(child_sa);
|
||||
new->queue_task(new, &child_create_create(new, cfg->get_ref(cfg),
|
||||
FALSE, NULL, NULL)->task);
|
||||
child_create = child_create_create(new, cfg->get_ref(cfg),
|
||||
FALSE, NULL, NULL);
|
||||
child_create->use_reqid(child_create, child_sa->get_reqid(child_sa));
|
||||
child_create->use_marks(child_create,
|
||||
child_sa->get_mark(child_sa, TRUE).value,
|
||||
child_sa->get_mark(child_sa, FALSE).value);
|
||||
new->queue_task(new, &child_create->task);
|
||||
children = TRUE;
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
|
Loading…
Reference in New Issue