From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 4 Feb 2016 09:14:22 +0000 (+0100)
Subject: libipsec: Don't attempt deletion of any non-IPsec policies
X-Git-Tag: 5.4.0dr6~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e1e88d5adde0;p=thirdparty%2Fstrongswan.git

libipsec: Don't attempt deletion of any non-IPsec policies

An example are the fallback drop policies installed when updating SAs.
We ignore such policies in add_policy() so there is no point in attempting
to remove them.  Since they use different priorities than regular policies
this did not result in policies getting deleted unintentionally but there
was an irritating log message on level 2 that indicated otherwise.
---

diff --git a/src/libipsec/ipsec_policy_mgr.c b/src/libipsec/ipsec_policy_mgr.c
index e2eaba014e..1baa894f87 100644
--- a/src/libipsec/ipsec_policy_mgr.c
+++ b/src/libipsec/ipsec_policy_mgr.c
@@ -183,7 +183,7 @@ METHOD(ipsec_policy_mgr_t, del_policy, status_t,
 	ipsec_policy_entry_t *current, *found = NULL;
 	u_int32_t priority;
 
-	if (direction == POLICY_FWD)
+	if (type != POLICY_IPSEC || direction == POLICY_FWD)
 	{	/* we ignore these policies as we currently have no use for them */
 		return SUCCESS;
 	}