child-sa: Delete inbound SAs even if not installed to remove allocated SPIs

If we can't establish an SA, this should delete the allocated SPI.
2020-10-30 13:06:07 +01:00 · 2020-10-30 13:06:07 +01:00 · bb87e63ca6
parent ef636316d2
commit bb87e63ca6
1 changed files with 3 additions and 2 deletions
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@ -1706,8 +1706,9 @@ METHOD(child_sa_t, destroy, void,
 		enumerator->destroy(enumerator);
 	}

-	/* delete SAs in the kernel, if they are set up */
-	if (this->my_spi && this->inbound_installed)
+	/* delete SAs in the kernel, if they are set up, inbound is always deleted
+	 * to remove allocated SPIs */
+	if (this->my_spi)
 	{
 		kernel_ipsec_sa_id_t id = {
 			.src = this->other_addr,