From 20fd3ba8eb911f899c0b4d3831f60346017ed583 Mon Sep 17 00:00:00 2001
From: Masafumi Aramoto <aramoto@localhost.localdomain>
Date: Mon, 20 Aug 2007 19:25:32 +0900
Subject: [PATCH] [BUGFIX] MN: MN update RO state. (WORKAROUND)

In some cases, MN fail to add the RO state because of the state inserted
by Kernel when nofiting aquire. So uptate it. This is workaround.
---
 src/xfrm.c |   20 +++++++++++++++++---
 1 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/xfrm.c b/src/xfrm.c
index 52a73ba..8e92e37 100644
--- a/src/xfrm.c
+++ b/src/xfrm.c
@@ -1472,11 +1472,25 @@ int xfrm_add_bce(const struct in6_addr *
 
 	/* Create policy for outbound RO data traffic */
 	set_selector(peer_addr, our_addr, 0, 0, 0, 0, &sel);
-	if (xfrm_state_add(&sel, IPPROTO_ROUTING, coa, replace, 0))
-		return -1;
+	if (xfrm_state_add(&sel, IPPROTO_ROUTING, coa, replace, 0)){
+		/* 
+		 * WORKAROUND 
+		 * In some cases, MN fail to add it because of the state
+		 * inserted by kernel when notifying aquire. So,update it.
+		 */
+		if (xfrm_state_add(&sel, IPPROTO_ROUTING, coa, 1, 0))
+			return -1;
+	}
 	set_selector(our_addr, peer_addr, 0, 0, 0, 0, &sel);
-	if (xfrm_state_add(&sel, IPPROTO_DSTOPTS, coa, replace, 0))
+	if (xfrm_state_add(&sel, IPPROTO_DSTOPTS, coa, replace, 0)){
+		/* 
+		 * WORKAROUND 
+		 * In some cases, MN fail to add it because of the state
+		 * inserted by kernel when notifying aquire. So,update it.
+		 */
+		if (xfrm_state_add(&sel, IPPROTO_DSTOPTS, coa, 1, 0))
 		return -1;
+	}
 	if (is_mn() && !xfrm_bule_bce_update(our_addr, peer_addr, replace))
 		return 0;
 	if (is_ha() && conf.UseMnHaIPsec) {
-- 
1.4.3.GIT