From 33400876d403de2e0e970a875d5af92a18708866 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 16 Sep 2015 17:01:00 +0200 Subject: kernel-netlink: Make absolutely sure we always delete the right policy cache entry --- src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c') diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index db66de2bc..2b965d52a 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2013 Tobias Brunner + * Copyright (C) 2006-2015 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2008 Andreas Steffen * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser @@ -2483,6 +2483,12 @@ METHOD(kernel_ipsec_t, del_policy, status_t, struct xfrm_userpolicy_id *policy_id; bool is_installed = TRUE; u_int32_t priority; + ipsec_sa_t assigned_sa = { + .src = src, + .dst = dst, + .mark = mark, + .cfg = *sa, + }; DBG2(DBG_KNL, "deleting policy %R === %R %N (mark %u/0x%08x)", src_ts, dst_ts, policy_dir_names, direction, @@ -2519,7 +2525,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, enumerator = current->used_by->create_enumerator(current->used_by); while (enumerator->enumerate(enumerator, (void**)&mapping)) { - if (priority == mapping->priority) + if (priority == mapping->priority && type == mapping->type && + ipsec_sa_equals(mapping->sa, &assigned_sa)) { current->used_by->remove_at(current->used_by, enumerator); policy_sa_destroy(mapping, &direction, this); -- cgit v1.2.3