child-sa: Don't update outbound policies if they are not installed
authorTobias Brunner <tobias@strongswan.org>
Wed, 21 Feb 2018 10:04:45 +0000 (11:04 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 22 Feb 2018 10:38:43 +0000 (11:38 +0100)
commit529ffc2fe3fdba7d79c9c5863a4299a7527427e5
tree0a9402079e76bbceb0a0f95a032f33269063a534
parentca79bd54ffe693f4737760bbfb74e94d4c4898a5
child-sa: Don't update outbound policies if they are not installed

After a rekeying we keep the inbound SA and policies installed for a
while, but the outbound SA and policies are already removed.  Attempting
to update them could get the refcount in the kernel interface out of sync
as the additional policy won't be removed when the CHILD_SA object is
eventually destroyed.
src/libcharon/sa/child_sa.c