diff options
| author |   markus <markus@openbsd.org> | 2013-11-28 20:30:41 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2013-11-28 20:30:41 +0000 |
| commit | 67a9f8ceb5283f230d11f93159929c1657af9593 (patch) | |
| tree | 655c73f589f6836b35d1d96fa6214f6b9045d0c9 | |
| parent | don't leak duplicate flows; ok mikeb@ (diff) | |
| download | wireguard-openbsd-67a9f8ceb5283f230d11f93159929c1657af9593.tar.xz wireguard-openbsd-67a9f8ceb5283f230d11f93159929c1657af9593.zip | |
mark replaced flows as 'not loaded'; this can happen if both
sides negotiate the same flow, but only one flow is active
in the kernel; ok mikeb@
| -rw-r--r-- | sbin/iked/ikev2.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 2c31d945e58..2089cfb53eb 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.85 2013/11/28 20:27:17 markus Exp $ */ +/* $OpenBSD: ikev2.c,v 1.86 2013/11/28 20:30:41 markus Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> @@ -3736,7 +3736,7 @@ int ikev2_childsa_enable(struct iked *env, struct iked_sa *sa) { struct iked_childsa *csa; - struct iked_flow *flow; + struct iked_flow *flow, *oflow; TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) { if (csa->csa_rekey || csa->csa_loaded) @@ -3764,6 +3764,14 @@ ikev2_childsa_enable(struct iked *env, struct iked_sa *sa) return (-1); } + if ((oflow = RB_FIND(iked_flows, &env->sc_activeflows, flow)) + != NULL) { + log_debug("%s: replaced old flow %p with %p", + __func__, oflow, flow); + oflow->flow_loaded = 0; + RB_REMOVE(iked_flows, &env->sc_activeflows, oflow); + } + RB_INSERT(iked_flows, &env->sc_activeflows, flow); log_debug("%s: loaded flow %p", __func__, flow); |