From 02e3f748684e0de7afa3df5467480f2951e07993 Mon Sep 17 00:00:00 2001
From: sam <sam@FreeBSD.org>
Date: Thu, 5 Feb 2004 23:19:17 +0000
Subject: must convert protocol to sa type when preparing a DELETE message

Submitted by:	Roselyn Lee <rosel@verniernetworks.com>
MFC after:	1 week
---
 sys/netipsec/key.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'sys/netipsec/key.c')

diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index b8bad88..7a49007 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -917,12 +917,18 @@ key_do_allocsa_policy(struct secashead *sah, u_int state)
 		 */
 		if (d->lft_c->sadb_lifetime_addtime != 0) {
 			struct mbuf *m, *result;
+			u_int8_t satype;
 
 			key_sa_chgstate(d, SADB_SASTATE_DEAD);
 
 			IPSEC_ASSERT(d->refcnt > 0, ("bogus ref count"));
+
+			satype = key_proto2satype(d->sah->saidx.proto);
+			if (satype == 0)
+				goto msgfail;
+
 			m = key_setsadbmsg(SADB_DELETE, 0,
-			    d->sah->saidx.proto, 0, 0, d->refcnt - 1);
+			    satype, 0, 0, d->refcnt - 1);
 			if (!m)
 				goto msgfail;
 			result = m;
-- 
cgit v1.1