more ipsec fixes (#104227, <harald@redhat.com>)r7-31-2-EL

2 files changed, 18 insertions, 7 deletions

diff --git a/sysconfig/network-scripts/ifdown-ipsec b/sysconfig/network-scripts/ifdown-ipsec
index 60480cdb..37e5f76f 100755
--- a/sysconfig/network-scripts/ifdown-ipsec
+++ b/sysconfig/network-scripts/ifdown-ipsec
@@ -47,10 +47,21 @@ delete $DST $SRC esp $SPI_ESP_IN;
 EOF
 fi
 
-setkey -c << EOF
-spddelete $SRC $DST any -P out;
-spddelete $DST $SRC any -P in;
+if [ "$MODE" = "host" ]; then
+	setkey -c << EOF
+	spddelete $SRC $DST any -P out;
+	spddelete $DST $SRC any -P in;
 EOF
+else
+      [ -z "$SRCNET" ] && SRCNET="$SRC/32"
+      [ -z "$DSTNET" ] && DSTNET="$DST/32"
+
+      /sbin/setkey -c >/dev/null 2>&1 << EOF
+	spddelete $SRCNET $DSTNET any -P out;
+	spddelete $DSTNET $SRCNET any -P in;
+EOF
+fi
+
 
 if [ "$KEYING" = "automatic" ]; then
    racoontmp=`mktemp /etc/racoon/racoon.XXXXXX`
diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec
index 5de55bc8..3ea68768 100755
--- a/sysconfig/network-scripts/ifup-ipsec
+++ b/sysconfig/network-scripts/ifup-ipsec
@@ -134,8 +134,8 @@ spdadd $DST $SRC any -P in ipsec
 	    ;
 EOF
     else
-      [ -n "$SRCNET" ] && SRCNET="$SRC/32"
-      [ -n "$DSTNET" ] && DSTNET="$DST/32"
+      [ -z "$SRCNET" ] && SRCNET="$SRC/32"
+      [ -z "$DSTNET" ] && DSTNET="$DST/32"
       
       /sbin/setkey -c >/dev/null 2>&1 << EOF
 delete $SRC $DST ah $SPI_AH_OUT;
@@ -186,8 +186,8 @@ spdadd $DST $SRC any -P in ipsec
 	    ;
 EOF
     else
-      [ -n "$SRCNET" ] && SRCNET="$SRC/32"
-      [ -n "$DSTNET" ] && DSTNET="$DST/32"
+      [ -z "$SRCNET" ] && SRCNET="$SRC/32"
+      [ -z "$DSTNET" ] && DSTNET="$DST/32"
       
       /sbin/setkey -c >/dev/null 2>&1 << EOF
 spddelete $SRCNET $DSTNET any -P out;