From b87b3e72ecb8e50ec9245e7437c50af1394d4955 Mon Sep 17 00:00:00 2001
From: Mathieu Sauve-Frankel <msf@cvs.openbsd.org>
Date: Fri, 10 Nov 2006 15:01:32 +0000
Subject: check both rule sourace and destination when grouping sa's

fixes PR5262

ok hshoexer@
---
 sbin/ipsecctl/parse.y | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index 3bad4890e90..b1d444184ca 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.111 2006/11/10 14:42:19 hshoexer Exp $	*/
+/*	$OpenBSD: parse.y,v 1.112 2006/11/10 15:01:31 msf Exp $	*/
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -1957,7 +1957,8 @@ add_sagroup(struct ipsec_rule *r)
 	int			 found = 0;
 
 	TAILQ_FOREACH(rp, &ipsec->group_queue, group_entry) {
-		if (strcmp(rp->dst->name, r->dst->name) == 0) {
+		if ((strcmp(rp->src->name, r->src->name) == 0) &&
+		    (strcmp(rp->dst->name, r->dst->name) == 0)) {
 			found = 1;
 			break;
 		}
-- 
cgit v1.2.3