child-sa: Delete inbound SAs even if not installed to remove allocated SPIs

If we can't establish an SA, this should delete the allocated SPI.

diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index c776c274dc3c0dc8828c003f97f76dc0c0238d56..9b06ebc3c345123d04d92be2e5c2c0aada8ce2d7 100644 (file)
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -1706,8 +1706,9 @@ METHOD(child_sa_t, destroy, void,
                enumerator->destroy(enumerator);
        }
 
-       /* delete SAs in the kernel, if they are set up */
-       if (this->my_spi && this->inbound_installed)
+       /* delete SAs in the kernel, if they are set up, inbound is always deleted
+        * to remove allocated SPIs */
+       if (this->my_spi)
        {
                kernel_ipsec_sa_id_t id = {
                        .src = this->other_addr,