aboutsummaryrefslogtreecommitdiffstats
path: root/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2014-06-26 15:44:32 +0200
committerTobias Brunner <tobias@strongswan.org>2014-06-26 18:12:05 +0200
commitb451303a6ca28ec0857165be6bc62dc130a801f7 (patch)
tree17d3e110683387d05ab61d814c9c8ae2ce9e3ed9 /src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
parent945e1df7389831fe268f9e14f06e2c5949ad36ca (diff)
downloadstrongswan-b451303a6ca28ec0857165be6bc62dc130a801f7.tar.bz2
strongswan-b451303a6ca28ec0857165be6bc62dc130a801f7.tar.xz
kernel-pfkey: Install routes for shunt policies
Diffstat (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c')
-rw-r--r--src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index aa077d369..4bc2770c1 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -2447,12 +2447,12 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this,
free(out);
/* install a route, if:
- * - this is a forward policy (to just get one for each child)
- * - we are in tunnel mode
+ * - this is an inbound policy (to just get one for each child)
+ * - we are in tunnel mode or install a bypass policy
* - routing is not disabled via strongswan.conf
*/
- if (policy->direction == POLICY_IN &&
- ipsec->cfg.mode != MODE_TRANSPORT && this->install_routes)
+ if (policy->direction == POLICY_IN && this->install_routes &&
+ (mapping->type != POLICY_IPSEC || ipsec->cfg.mode != MODE_TRANSPORT))
{
install_route(this, policy, (policy_sa_in_t*)mapping);
}