Handling of unsupported policy directions (FWD) fixed.

1 files changed, 19 insertions, 1 deletions

diff --git a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index e2ad766ad..f4003e4b8 100644
--- a/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/charon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -478,7 +478,7 @@ static u_int8_t dir2kernel(policy_dir_t dir)
 			return IPSEC_DIR_FWD;
 #endif
 		default:
-			return dir;
+			return IPSEC_DIR_INVALID;
 	}
 }
 
@@ -1558,6 +1558,12 @@ static status_t add_policy(private_kernel_pfkey_ipsec_t *this,
 	pfkey_msg_t response;
 	size_t len;
 	
+	if (dir2kernel(direction) == IPSEC_DIR_INVALID)
+	{
+		/* FWD policies are not supported on all platforms */
+		return SUCCESS;
+	}
+	
 	/* create a policy */
 	policy = create_policy_entry(src_ts, dst_ts, direction, reqid);
 	
@@ -1740,6 +1746,12 @@ static status_t query_policy(private_kernel_pfkey_ipsec_t *this,
 	pfkey_msg_t response;
 	size_t len;
 	
+	if (dir2kernel(direction) == IPSEC_DIR_INVALID)
+	{
+		/* FWD policies are not supported on all platforms */
+		return NOT_FOUND;
+	}
+	
 	DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts,
 				   policy_dir_names, direction);
 
@@ -1827,6 +1839,12 @@ static status_t del_policy(private_kernel_pfkey_ipsec_t *this,
 	route_entry_t *route;
 	size_t len;
 	
+	if (dir2kernel(direction) == IPSEC_DIR_INVALID)
+	{
+		/* FWD policies are not supported on all platforms */
+		return SUCCESS;
+	}
+	
 	DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts,
 				   policy_dir_names, direction);