Only modify routes if SA has a valid address lease. On IKE SA rekey

sa_cp_addr and sa_cp_addr6 are moved to the new SA before the old SA is deleted. Fixes a bug where host routes were deleted on IKE SA rekey. ok patrick@
openiked · Apr 9, 2021 · 56cf535 · 56cf535
1 parent 9ff0f77
commit 56cf535
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/iked/policy.c b/iked/policy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: policy.c,v 1.80 2021/03/15 22:32:44 tobhe Exp $	*/
+/*	$OpenBSD: policy.c,v 1.81 2021/04/09 09:15:04 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2020-2021 Tobias Heider <[email protected]>
@@ -687,6 +687,9 @@ sa_configure_iface(struct iked *env, struct iked_sa *sa, int add)
 	if (sa->sa_policy == NULL || sa->sa_policy->pol_iface == 0)
 		return (0);
 
+	if (!sa->sa_cp_addr && !sa->sa_cp_addr6)
+		return (0);
+
 	if (sa->sa_cp_addr) {
 		iovcnt = 0;
 		addr = (struct sockaddr_in *)&sa->sa_cp_addr->addr;