From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 10 Oct 2013 13:41:29 +0000 (+0200)
Subject: kernel-libipsec: Don't ignore policies of type != POLICY_IPSEC
X-Git-Tag: 5.1.1rc1~38^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cd25d291f7fce92d1fe21f86c798bcb77f84b2f6;p=thirdparty%2Fstrongswan.git

kernel-libipsec: Don't ignore policies of type != POLICY_IPSEC

This actually broke rekeying due to the DROP policies that are
temporarily added, which broke the refcount as the ignored policies
were not ignored in del_policy() (the type is not known there).
---

diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
index 8458cd1cfe..d0744e300a 100644
--- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
+++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c
@@ -523,11 +523,6 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
 	policy_entry_t *policy, *found = NULL;
 	status_t status;
 
-	if (type != POLICY_IPSEC)
-	{
-		return SUCCESS;
-	}
-
 	status = ipsec->policies->add_policy(ipsec->policies, src, dst, src_ts,
 								dst_ts, direction, type, sa, mark, priority);
 	if (status != SUCCESS)