diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2015-09-16 17:04:21 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2015-11-10 16:42:53 +0100 |
| commit | baff14d049717ffa950e2d46415aa4daf40caa09 (patch) | |
| tree | 4484795c1ac8b560e79fd8f463b702d54558904d | |
| parent | 33400876d403de2e0e970a875d5af92a18708866 (diff) | |
| download | strongswan-baff14d049717ffa950e2d46415aa4daf40caa09.tar.bz2 strongswan-baff14d049717ffa950e2d46415aa4daf40caa09.tar.xz | |
kernel-pfkey: Make absolutely sure we always delete the right policy cache entry
| -rw-r--r-- | src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 107ee6ae2..c67366b86 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2012 Tobias Brunner + * Copyright (C) 2008-2015 Tobias Brunner * Copyright (C) 2008 Andreas Steffen * Hochschule fuer Technik Rapperswil * @@ -2705,6 +2705,11 @@ METHOD(kernel_ipsec_t, del_policy, status_t, bool first = TRUE, is_installed = TRUE; u_int32_t priority; size_t len; + ipsec_sa_t assigned_sa = { + .src = src, + .dst = dst, + .cfg = *sa, + }; if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ @@ -2738,8 +2743,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, enumerator = policy->used_by->create_enumerator(policy->used_by); while (enumerator->enumerate(enumerator, (void**)&mapping)) { - if (sa->reqid == mapping->sa->cfg.reqid && - priority == mapping->priority) + if (priority == mapping->priority && + ipsec_sa_equals(mapping->sa, &assigned_sa)) { to_remove = mapping; is_installed = first; |