[Swan-dev] Always delete outbound SA with inbound SA
Herbert Xu
herbert at gondor.apana.org.au
Fri Apr 10 11:44:26 EEST 2015
Ever since install_inbound_ipsec_sa was changed to always install
the outbound SA before the inbound SA, I have been getting outbound
SAs left behind when a phase 2 negotiation fails. This is because
pluto will try to delete only the inbound SA if the negotiation
isn't complete.
Obviously this makes no sense so this patch changes delete_ipsec_sa
to always delete both SAs.
diff --git a/programs/pluto/kernel.c b/programs/pluto/kernel.c
index 0f40248..d58c36b 100644
--- a/programs/pluto/kernel.c
+++ b/programs/pluto/kernel.c
@@ -2952,6 +2952,11 @@ bool install_ipsec_sa(struct state *st, bool inbound_also USED_BY_KLIPS)
void delete_ipsec_sa(struct state *st USED_BY_KLIPS,
bool inbound_only USED_BY_KLIPS)
{
+ /* Because install_inbound_ipsec_sa always sets up the outbound
+ * SA first we always have to delete them both.
+ */
+ inbound_only = FALSE;
+
switch (kern_interface) {
case USE_MASTKLIPS:
case USE_KLIPS:
--
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Swan-dev
mailing list