diff options
author | Tobias Brunner <tobias@strongswan.org> | 2013-06-17 21:51:23 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2013-06-21 17:03:22 +0200 |
commit | 23ea59a95cfa13686c78399029202167639fa307 (patch) | |
tree | 7e2bf08c3bd95d6cf462d9a716823c4b9dcde9fb | |
parent | b0629f7d9b37d98308aefaec3da89b6c427b3f5c (diff) | |
download | strongswan-23ea59a95cfa13686c78399029202167639fa307.tar.bz2 strongswan-23ea59a95cfa13686c78399029202167639fa307.tar.xz |
kernel-libipsec: Ignore failures when installing routes for multicast or broadcast policies
-rw-r--r-- | src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c index e304d955d..3740c7643 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c @@ -398,8 +398,30 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this, if (hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface, src_ts, &src_ip, &is_virtual) != SUCCESS) { + traffic_selector_t *multicast, *broadcast = NULL; + bool ignore = FALSE; + this->mutex->unlock(this->mutex); - return FALSE; + switch (src_ts->get_type(src_ts)) + { + case TS_IPV4_ADDR_RANGE: + multicast = traffic_selector_create_from_cidr("224.0.0.0/4", + 0, 0, 0xffff); + broadcast = traffic_selector_create_from_cidr("255.255.255.255/32", + 0, 0, 0xffff); + break; + case TS_IPV6_ADDR_RANGE: + multicast = traffic_selector_create_from_cidr("ff00::/8", + 0, 0, 0xffff); + break; + default: + return FALSE; + } + ignore = src_ts->is_contained_in(src_ts, multicast); + ignore |= broadcast && src_ts->is_contained_in(src_ts, broadcast); + multicast->destroy(multicast); + DESTROY_IF(broadcast); + return ignore; } INIT(route, |