diff options
author | Tobias Brunner <tobias@strongswan.org> | 2015-09-16 17:01:00 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2015-11-10 16:42:53 +0100 |
commit | 33400876d403de2e0e970a875d5af92a18708866 (patch) | |
tree | 773296f3c857ab0adcbd28902baf795d0863c7ee | |
parent | a6e0f14fd2bf8b23fbfd808acc595e97d5e23a49 (diff) | |
download | strongswan-33400876d403de2e0e970a875d5af92a18708866.tar.bz2 strongswan-33400876d403de2e0e970a875d5af92a18708866.tar.xz |
kernel-netlink: Make absolutely sure we always delete the right policy cache entry
-rw-r--r-- | src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index db66de2bc..2b965d52a 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2013 Tobias Brunner + * Copyright (C) 2006-2015 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2008 Andreas Steffen * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser @@ -2483,6 +2483,12 @@ METHOD(kernel_ipsec_t, del_policy, status_t, struct xfrm_userpolicy_id *policy_id; bool is_installed = TRUE; u_int32_t priority; + ipsec_sa_t assigned_sa = { + .src = src, + .dst = dst, + .mark = mark, + .cfg = *sa, + }; DBG2(DBG_KNL, "deleting policy %R === %R %N (mark %u/0x%08x)", src_ts, dst_ts, policy_dir_names, direction, @@ -2519,7 +2525,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, enumerator = current->used_by->create_enumerator(current->used_by); while (enumerator->enumerate(enumerator, (void**)&mapping)) { - if (priority == mapping->priority) + if (priority == mapping->priority && type == mapping->type && + ipsec_sa_equals(mapping->sa, &assigned_sa)) { current->used_by->remove_at(current->used_by, enumerator); policy_sa_destroy(mapping, &direction, this); |