diff options
| author | Martin Willi <martin@revosec.ch> | 2013-06-03 18:13:27 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-06-19 16:30:40 +0200 |
| commit | 1551d8b13d14028fc26fb1a363c33aa3a1200882 (patch) | |
| tree | b8f255fd0911891009c63561e59ec95a33c50fbe /src/libcharon/plugins/sql/cred.sql | |
| parent | de2debf8e0759c974c734cacab9549451eceb236 (diff) | |
| download | strongswan-1551d8b13d14028fc26fb1a363c33aa3a1200882.tar.bz2 strongswan-1551d8b13d14028fc26fb1a363c33aa3a1200882.tar.xz | |
kernel-netlink: reject policy refcount if the reqid differs
Previously we silently replaced an existing policy with a new one if the
reqid changed for the same selectors. This will break an old policy in the
favour of the new one (for example if two clients behind the same NAT use
transport mode).
With this change any new policy gets rejected if the reqid differs. This will
make sure we break no existing policy. For rekeying and acquires we still can
have overlapping policies (as we use the same reqid), but for unrelated
connections this is not true anymore (it wasn't actually before, we just
silently broke the existing policy).
Diffstat (limited to 'src/libcharon/plugins/sql/cred.sql')
0 files changed, 0 insertions, 0 deletions