Link ESP-SA and IPcomp-SA using GRPSPIS instead of using a self-built

solution for multi-SA flows. As a result we only need a single
outgoing IPCOMP flow and can get rid of the two extra transport mode flows
for ESP.

ok bluhm@

1 files changed, 8 insertions, 2 deletions

diff --git a/sbin/iked/config.c b/sbin/iked/config.c
index 306af791338..3cabdc3426f 100644
--- a/sbin/iked/config.c
+++ b/sbin/iked/config.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: config.c,v 1.51 2019/12/03 12:38:34 tobhe Exp $	*/
+/*	$OpenBSD: config.c,v 1.52 2020/01/07 15:08:28 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -293,7 +293,7 @@ void
 config_free_childsas(struct iked *env, struct iked_childsas *head,
     struct iked_spi *peerspi, struct iked_spi *localspi)
 {
-	struct iked_childsa	*csa, *nextcsa;
+	struct iked_childsa	*csa, *nextcsa, *ipcomp;
 
 	if (localspi != NULL)
 		bzero(localspi, sizeof(*localspi));
@@ -318,6 +318,12 @@ config_free_childsas(struct iked *env, struct iked_childsas *head,
 			RB_REMOVE(iked_activesas, &env->sc_activesas, csa);
 			(void)pfkey_sa_delete(env->sc_pfkey, csa);
 		}
+		if ((ipcomp = csa->csa_bundled) != NULL) {
+			log_debug("%s: free IPCOMP %p", __func__, ipcomp);
+			if (ipcomp->csa_loaded)
+				(void)pfkey_sa_delete(env->sc_pfkey, ipcomp);
+			childsa_free(ipcomp);
+		}
 		childsa_free(csa);
 	}
 }