diff options
| author | Martin Willi <martin@strongswan.org> | 2009-11-24 14:10:18 +0100 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-11-26 10:31:00 +0100 |
| commit | 5be75c2cb189265d6263c124297b2fa3467694d9 (patch) | |
| tree | 1f4599cad75b8acebc9a4b285ab83ff4a6921c23 /src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c | |
| parent | 387a6e6c326a8a278bd27ac03ae5037b4b5c5602 (diff) | |
| download | strongswan-5be75c2cb189265d6263c124297b2fa3467694d9.tar.bz2 strongswan-5be75c2cb189265d6263c124297b2fa3467694d9.tar.xz | |
Added support for IPv6 source route installation
Diffstat (limited to 'src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c')
| -rw-r--r-- | src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 51a9ea31d..12e20ebec 100644 --- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -260,7 +260,7 @@ static void route_entry_destroy(route_entry_t *this) { free(this->if_name); this->src_ip->destroy(this->src_ip); - this->gateway->destroy(this->gateway); + DESTROY_IF(this->gateway); chunk_free(&this->dst_net); free(this); } @@ -1661,24 +1661,34 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this, * - we are NOT updating a policy * - this is a forward policy (to just get one for each child) * - we are in tunnel mode - * - we are not using IPv6 (does not work correctly yet!) * - routing is not disabled via strongswan.conf */ if (policy->route == NULL && direction == POLICY_FWD && - mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6 && - this->install_routes) + mode != MODE_TRANSPORT && this->install_routes) { route_entry_t *route = malloc_thing(route_entry_t); if (charon->kernel_interface->get_address_by_ts(charon->kernel_interface, dst_ts, &route->src_ip) == SUCCESS) { - /* get the nexthop to src (src as we are in POLICY_FWD).*/ - route->gateway = charon->kernel_interface->get_nexthop( + if (policy->sel.family == AF_INET) + { + /* get the nexthop to src (src as we are in POLICY_FWD).*/ + route->gateway = charon->kernel_interface->get_nexthop( charon->kernel_interface, src); - route->if_name = charon->kernel_interface->get_interface( - charon->kernel_interface, dst); - route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16); + /* for IPv4, the route is installed on the outgoing interface */ + route->if_name = charon->kernel_interface->get_interface( + charon->kernel_interface, dst); + route->dst_net = chunk_alloc(4); + } + else + { + route->gateway = NULL; + /* for IPv6, it is on the interface with our source address */ + route->if_name = charon->kernel_interface->get_interface( + charon->kernel_interface, route->src_ip); + route->dst_net = chunk_alloc(16); + } memcpy(route->dst_net.ptr, &policy->sel.saddr, route->dst_net.len); route->prefixlen = policy->sel.prefixlen_s; |