diff options
author | Tobias Brunner <tobias@strongswan.org> | 2014-06-26 15:44:32 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2014-06-26 18:12:05 +0200 |
commit | b451303a6ca28ec0857165be6bc62dc130a801f7 (patch) | |
tree | 17d3e110683387d05ab61d814c9c8ae2ce9e3ed9 /src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | |
parent | 945e1df7389831fe268f9e14f06e2c5949ad36ca (diff) | |
download | strongswan-b451303a6ca28ec0857165be6bc62dc130a801f7.tar.bz2 strongswan-b451303a6ca28ec0857165be6bc62dc130a801f7.tar.xz |
kernel-pfkey: Install routes for shunt policies
Diffstat (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c')
-rw-r--r-- | src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index aa077d369..4bc2770c1 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -2447,12 +2447,12 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, free(out); /* install a route, if: - * - this is a forward policy (to just get one for each child) - * - we are in tunnel mode + * - this is an inbound policy (to just get one for each child) + * - we are in tunnel mode or install a bypass policy * - routing is not disabled via strongswan.conf */ - if (policy->direction == POLICY_IN && - ipsec->cfg.mode != MODE_TRANSPORT && this->install_routes) + if (policy->direction == POLICY_IN && this->install_routes && + (mapping->type != POLICY_IPSEC || ipsec->cfg.mode != MODE_TRANSPORT)) { install_route(this, policy, (policy_sa_in_t*)mapping); } |