diff options
| author | Patrick Wildt <patrick@cvs.openbsd.org> | 2017-03-13 14:33:34 +0000 |
|---|---|---|
| committer | Patrick Wildt <patrick@cvs.openbsd.org> | 2017-03-13 14:33:34 +0000 |
| commit | c55550f45a4e347e1b20ce842d2a982db0dde7e8 (patch) | |
| tree | 5671fc676d2900347bbc7f1f46d7e2e4ac7d299a /sbin/iked/policy.c | |
| parent | a5458056a448515d2e2e06e3e2170f426f707512 (diff) | |
flow_cmp() must compare the same flow-attributes as the kernel,
otherwise we never can keep the in-daemon and the in-kernel idea
of flows in sync and iked ends up deleting flows that are still
in use. Make use of flow_cmp() and a new flow_equal() instead
of handcrafting the compare in an if.
ok markus@ reyk@
Diffstat (limited to 'sbin/iked/policy.c')
| -rw-r--r-- | sbin/iked/policy.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c index e401f14817c..7747535b70c 100644 --- a/sbin/iked/policy.c +++ b/sbin/iked/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.43 2017/03/13 14:19:08 patrick Exp $ */ +/* $OpenBSD: policy.c,v 1.44 2017/03/13 14:33:33 patrick Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -585,18 +585,26 @@ flow_cmp(struct iked_flow *a, struct iked_flow *b) { int diff = 0; - if (a->flow_peer && b->flow_peer) - diff = addr_cmp(a->flow_peer, b->flow_peer, 0); + if (!diff) + diff = (int)a->flow_ipproto - (int)b->flow_ipproto; + if (!diff) + diff = (int)a->flow_saproto - (int)b->flow_saproto; + if (!diff) + diff = (int)a->flow_dir - (int)b->flow_dir; if (!diff) diff = addr_cmp(&a->flow_dst, &b->flow_dst, 1); if (!diff) diff = addr_cmp(&a->flow_src, &b->flow_src, 1); - if (!diff && a->flow_dir && b->flow_dir) - diff = (int)a->flow_dir - (int)b->flow_dir; return (diff); } +int +flow_equal(struct iked_flow *a, struct iked_flow *b) +{ + return (flow_cmp(a, b) == 0); +} + RB_GENERATE(iked_sas, iked_sa, sa_entry, sa_cmp); RB_GENERATE(iked_addrpool, iked_sa, sa_addrpool_entry, sa_addrpool_cmp); RB_GENERATE(iked_addrpool6, iked_sa, sa_addrpool6_entry, sa_addrpool6_cmp); |