From bb87e63ca6e1ad688d30023d40ac72f48059abf9 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 30 Oct 2020 13:06:07 +0100 Subject: [PATCH] child-sa: Delete inbound SAs even if not installed to remove allocated SPIs If we can't establish an SA, this should delete the allocated SPI. --- src/libcharon/sa/child_sa.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index c776c274d..9b06ebc3c 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -1706,8 +1706,9 @@ METHOD(child_sa_t, destroy, void, enumerator->destroy(enumerator); } - /* delete SAs in the kernel, if they are set up */ - if (this->my_spi && this->inbound_installed) + /* delete SAs in the kernel, if they are set up, inbound is always deleted + * to remove allocated SPIs */ + if (this->my_spi) { kernel_ipsec_sa_id_t id = { .src = this->other_addr,