From fc2f8a0c91c2b7899bfadab787cba5ea4711e725 Mon Sep 17 00:00:00 2001
From: tobhe <tobhe@openbsd.org>
Date: Fri, 9 Apr 2021 09:15:04 +0000
Subject: [PATCH] Only modify routes if SA has a valid address lease.  On IKE
 SA rekey sa_cp_addr and sa_cp_addr6 are moved to the new SA before the old SA
 is deleted. Fixes a bug where host routes were deleted on IKE SA rekey.

ok patrick@
---
 sbin/iked/policy.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c
index 5d9dbb7295c..0cf3e681a9b 100644
--- a/sbin/iked/policy.c
+++ b/sbin/iked/policy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: policy.c,v 1.80 2021/03/15 22:32:44 tobhe Exp $	*/
+/*	$OpenBSD: policy.c,v 1.81 2021/04/09 09:15:04 tobhe Exp $	*/
 
 /*
  * Copyright (c) 2020-2021 Tobias Heider <tobhe@openbsd.org>
@@ -686,6 +686,9 @@ sa_configure_iface(struct iked *env, struct iked_sa *sa, int add)
 	if (sa->sa_policy == NULL || sa->sa_policy->pol_iface == 0)
 		return (0);
 
+	if (!sa->sa_cp_addr && !sa->sa_cp_addr6)
+		return (0);
+
 	if (sa->sa_cp_addr) {
 		iovcnt = 0;
 		addr = (struct sockaddr_in *)&sa->sa_cp_addr->addr;
-- 
2.20.1