sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-07 00:01:49 -04:00
Code Issues Projects Releases Wiki Activity

kernel-pfkey: Make absolutely sure we always delete the right policy cache entry

Browse Source
This commit is contained in:
Tobias Brunner 2015-09-16 17:04:21 +02:00
parent 33400876d4
commit baff14d049
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2008-2012 Tobias Brunner
* Copyright (C) 2008-2015 Tobias Brunner
* Copyright (C) 2008 Andreas Steffen
* Hochschule fuer Technik Rapperswil
*
@ -2705,6 +2705,11 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
bool first = TRUE, is_installed = TRUE;
u_int32_t priority;
size_t len;
ipsec_sa_t assigned_sa = {
.src = src,
.dst = dst,
.cfg = *sa,
};
if (dir2kernel(direction) == IPSEC_DIR_INVALID)
{ /* FWD policies are not supported on all platforms */
@ -2738,8 +2743,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
enumerator = policy->used_by->create_enumerator(policy->used_by);
while (enumerator->enumerate(enumerator, (void**)&mapping))
{
if (sa->reqid == mapping->sa->cfg.reqid &&
priority == mapping->priority)
if (priority == mapping->priority &&
ipsec_sa_equals(mapping->sa, &assigned_sa))
{
to_remove = mapping;
is_installed = first;