kernel-libipsec: Don't ignore policies of type != POLICY_IPSEC
authorTobias Brunner <tobias@strongswan.org>
Thu, 10 Oct 2013 13:41:29 +0000 (15:41 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 11 Oct 2013 13:32:44 +0000 (15:32 +0200)
This actually broke rekeying due to the DROP policies that are
temporarily added, which broke the refcount as the ignored policies
were not ignored in del_policy() (the type is not known there).

src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c

index 8458cd1..d0744e3 100644 (file)
@@ -523,11 +523,6 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
        policy_entry_t *policy, *found = NULL;
        status_t status;
 
-       if (type != POLICY_IPSEC)
-       {
-               return SUCCESS;
-       }
-
        status = ipsec->policies->add_policy(ipsec->policies, src, dst, src_ts,
                                                                dst_ts, direction, type, sa, mark, priority);
        if (status != SUCCESS)