From e1e88d5adde099566fee98338026e815dd1e9044 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 4 Feb 2016 10:14:22 +0100 Subject: [PATCH] libipsec: Don't attempt deletion of any non-IPsec policies An example are the fallback drop policies installed when updating SAs. We ignore such policies in add_policy() so there is no point in attempting to remove them. Since they use different priorities than regular policies this did not result in policies getting deleted unintentionally but there was an irritating log message on level 2 that indicated otherwise. --- src/libipsec/ipsec_policy_mgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libipsec/ipsec_policy_mgr.c b/src/libipsec/ipsec_policy_mgr.c index e2eaba014..1baa894f8 100644 --- a/src/libipsec/ipsec_policy_mgr.c +++ b/src/libipsec/ipsec_policy_mgr.c @@ -183,7 +183,7 @@ METHOD(ipsec_policy_mgr_t, del_policy, status_t, ipsec_policy_entry_t *current, *found = NULL; u_int32_t priority; - if (direction == POLICY_FWD) + if (type != POLICY_IPSEC || direction == POLICY_FWD) { /* we ignore these policies as we currently have no use for them */ return SUCCESS; }