diff options
author | Tobias Brunner <tobias@strongswan.org> | 2016-04-04 10:49:35 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-04-09 16:51:00 +0200 |
commit | 23f25f96475c9125e4f96e7dacfa5d9b1b4f0780 (patch) | |
tree | ee99e5cf307942d29774d7e6dc430588e099a19e /src/libcharon/sa/shunt_manager.c | |
parent | 83312ee5e4eb8f17d7213206eb4a34df2b75c524 (diff) | |
download | strongswan-23f25f96475c9125e4f96e7dacfa5d9b1b4f0780.tar.bz2 strongswan-23f25f96475c9125e4f96e7dacfa5d9b1b4f0780.tar.xz |
shunt-manager: Install "outbound" FWD policy
If there is a default drop policy forwarded traffic might otherwise not
be allowed by a specific passthrough policy (while local traffic is
allowed).
Diffstat (limited to 'src/libcharon/sa/shunt_manager.c')
-rw-r--r-- | src/libcharon/sa/shunt_manager.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c index 13c8b5e3d..36af86bae 100644 --- a/src/libcharon/sa/shunt_manager.c +++ b/src/libcharon/sa/shunt_manager.c @@ -124,6 +124,9 @@ static bool install_shunt_policy(child_cfg_t *child) .sa = &sa, }; status |= charon->kernel->add_policy(charon->kernel, &id, &policy); + /* install "outbound" forward policy */ + id.dir = POLICY_FWD; + status |= charon->kernel->add_policy(charon->kernel, &id, &policy); /* install in policy */ id = (kernel_ipsec_policy_id_t){ .dir = POLICY_IN, @@ -132,7 +135,7 @@ static bool install_shunt_policy(child_cfg_t *child) .mark = child->get_mark(child, TRUE), }; status |= charon->kernel->add_policy(charon->kernel, &id, &policy); - /* install forward policy */ + /* install "inbound" forward policy */ id.dir = POLICY_FWD; status |= charon->kernel->add_policy(charon->kernel, &id, &policy); } @@ -267,6 +270,9 @@ static void uninstall_shunt_policy(child_cfg_t *child) .sa = &sa, }; status |= charon->kernel->del_policy(charon->kernel, &id, &policy); + /* uninstall "outbound" forward policy */ + id.dir = POLICY_FWD; + status |= charon->kernel->del_policy(charon->kernel, &id, &policy); /* uninstall in policy */ id = (kernel_ipsec_policy_id_t){ .dir = POLICY_IN, @@ -275,7 +281,7 @@ static void uninstall_shunt_policy(child_cfg_t *child) .mark = child->get_mark(child, TRUE), }; status |= charon->kernel->del_policy(charon->kernel, &id, &policy); - /* uninstall forward policy */ + /* uninstall "inbound" forward policy */ id.dir = POLICY_FWD; status |= charon->kernel->del_policy(charon->kernel, &id, &policy); } |