Only modify routes if SA has a valid address lease. On IKE SA rekey

sa_cp_addr and sa_cp_addr6 are moved to the new SA before the old
SA is deleted.
Fixes a bug where host routes were deleted on IKE SA rekey.

ok patrick@

diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c
index 5d9dbb7..0cf3e68 100644 (file)
--- a/sbin/iked/policy.c
+++ b/sbin/iked/policy.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: policy.c,v 1.80 2021/03/15 22:32:44 tobhe Exp $       */
+/*     $OpenBSD: policy.c,v 1.81 2021/04/09 09:15:04 tobhe Exp $       */
 
 /*
  * Copyright (c) 2020-2021 Tobias Heider <tobhe@openbsd.org>
@@ -686,6 +686,9 @@ sa_configure_iface(struct iked *env, struct iked_sa *sa, int add)
        if (sa->sa_policy == NULL || sa->sa_policy->pol_iface == 0)
                return (0);
 
+       if (!sa->sa_cp_addr && !sa->sa_cp_addr6)
+               return (0);
+
        if (sa->sa_cp_addr) {
                iovcnt = 0;
                addr = (struct sockaddr_in *)&sa->sa_cp_addr->addr;