--- embedaddon/strongswan/src/libcharon/sa/ike_sa_manager.h	2020/06/03 09:46:45	1.1
+++ embedaddon/strongswan/src/libcharon/sa/ike_sa_manager.h	2021/03/17 00:20:09	1.1.1.2
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2021 Tobias Brunner
  * Copyright (C) 2005-2008 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * HSR Hochschule fuer Technik Rapperswil
@@ -50,6 +50,32 @@ typedef uint64_t (*spi_cb_t)(void *data);
 struct ike_sa_manager_t {
 
 	/**
+	 * Create a new IKE_SA.
+	 *
+	 * @param version			IKE version of this SA
+	 * @param initiator			TRUE for initiator, FALSE otherwise
+	 * @returns 				created IKE_SA (not registered/checked out)
+	 */
+	ike_sa_t *(*create_new)(ike_sa_manager_t* this, ike_version_t version,
+							bool initiator);
+
+	/**
+	 * Register/checkout an IKE_SA created with create_new().
+	 *
+	 * This may be used shortly before calling checkin() for unregistered SAs
+	 * created via create_new() to avoid race conditions so e.g. jobs may
+	 * find the SA and block on it until checkin() is called.
+	 *
+	 * @note There is no check that verifies that the IKE_SA is not yet
+	 * registered.
+	 *
+	 * @note The IKE_SA on the bus is not changed by this method.
+	 *
+	 * @param ike_sa			IKE_SA to register
+	 */
+	void (*checkout_new)(ike_sa_manager_t* this, ike_sa_t *ike_sa);
+
+	/**
 	 * Checkout an existing IKE_SA.
 	 *
 	 * @param ike_sa_id			the SA identifier, will be updated
@@ -60,16 +86,6 @@ struct ike_sa_manager_t {
 	ike_sa_t* (*checkout) (ike_sa_manager_t* this, ike_sa_id_t *sa_id);
 
 	/**
-	 * Create and check out a new IKE_SA.
-	 *
-	 * @param version			IKE version of this SA
-	 * @param initiator			TRUE for initiator, FALSE otherwise
-	 * @returns 				created and checked out IKE_SA
-	 */
-	ike_sa_t* (*checkout_new) (ike_sa_manager_t* this, ike_version_t version,
-							   bool initiator);
-
-	/**
 	 * Checkout an IKE_SA by a message.
 	 *
 	 * In some situations, it is necessary that the manager knows the
@@ -99,14 +115,16 @@ struct ike_sa_manager_t {
 	 * This call checks for an existing IKE_SA by comparing the configuration.
 	 * If the CHILD_SA can be created in an existing IKE_SA, the matching SA
 	 * is returned.
-	 * If no IKE_SA is found, a new one is created. This is also the case when
-	 * the found IKE_SA is in the DELETING state.
+	 * If no IKE_SA is found, a new one is created and registered in the
+	 * manager. This is also the case when the found IKE_SA is in an unusable
+	 * state (e.g. DELETING).
 	 *
+	 * @note The peer_config is always set on the returned IKE_SA.
+	 *
 	 * @param peer_cfg			configuration used to find an existing IKE_SA
 	 * @return					checked out/created IKE_SA
 	 */
-	ike_sa_t* (*checkout_by_config) (ike_sa_manager_t* this,
-									 peer_cfg_t *peer_cfg);
+	ike_sa_t *(*checkout_by_config)(ike_sa_manager_t* this, peer_cfg_t *peer_cfg);
 
 	/**
 	 * Reset initiator SPI.