ikev2: fix removing of expired SAs

[vpp.git] / src / plugins / ikev2 / ikev2.c

diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index d695e2d..068ae7c 100644 (file)
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1566,13 +1566,13 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a)
                               IPSEC_PROTOCOL_ESP, a->encr_type,
                               &a->loc_ckey, a->integ_type, &a->loc_ikey,
                               a->flags, 0, a->salt_local, &a->local_ip,
-                              &a->remote_ip, NULL, a->dst_port);
+                              &a->remote_ip, NULL, a->dst_port, a->dst_port);
   rv |= ipsec_sa_add_and_lock (a->remote_sa_id, a->remote_spi,
                               IPSEC_PROTOCOL_ESP, a->encr_type, &a->rem_ckey,
                               a->integ_type, &a->rem_ikey,
                               (a->flags | IPSEC_SA_FLAG_IS_INBOUND), 0,
                               a->salt_remote, &a->remote_ip,
-                              &a->local_ip, NULL, a->dst_port);
+                              &a->local_ip, NULL, a->dst_port, a->dst_port);
 
   rv |= ipsec_tun_protect_update (sw_if_index, NULL, a->local_sa_id, sas_in);
 }
@@ -4054,7 +4054,6 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
              if (p)
                {
                  ikev2_initiate_sa_init (vm, p->name);
-                 continue;
                }
            }
          vec_foreach (c, sa->childs)
@@ -4062,6 +4061,7 @@ ikev2_mngr_process_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
          hash_unset (tkm->sa_by_rspi, sa->rspi);
          pool_put (tkm->sas, sa);
        }
+       vec_free (to_be_deleted);
       }
 
       /* process ipsec sas */