diff options
| author | Martin Willi <martin@revosec.ch> | 2013-04-20 12:28:05 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-05-06 17:01:13 +0200 |
| commit | 580b768d03c10f7ce12ebcb4168e58d752b5e0ab (patch) | |
| tree | 34415ebcd4a2772daae881fbf039806da1c2fe1f /src/libhydra/plugins | |
| parent | bd520193a486c6192494f70920702477b843d72e (diff) | |
| download | strongswan-580b768d03c10f7ce12ebcb4168e58d752b5e0ab.tar.bz2 strongswan-580b768d03c10f7ce12ebcb4168e58d752b5e0ab.tar.xz | |
kernel-pfroute: add a feature flag requesting "exclude" routes
If routes installed along with policies covering the peer address affect local
IKE/ESP packets, they won't get routed correctly. To work around this issue,
the kernel interface can install "exclude" routes for the IKE peer. Not all
networking backends require this workaround, hence we export a flag for it
if it is required.
Diffstat (limited to 'src/libhydra/plugins')
| -rw-r--r-- | src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c index b1d3fd88b..8d8d0362a 100644 --- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -770,6 +770,12 @@ METHOD(kernel_net_t, create_address_enumerator, enumerator_t*, (void*)address_enumerator_destroy); } +METHOD(kernel_net_t, get_features, kernel_feature_t, + private_kernel_pfroute_net_t *this) +{ + return KERNEL_REQUIRE_EXCLUDE_ROUTE; +} + METHOD(kernel_net_t, get_interface_name, bool, private_kernel_pfroute_net_t *this, host_t* ip, char **name) { @@ -1276,6 +1282,7 @@ kernel_pfroute_net_t *kernel_pfroute_net_create() INIT(this, .public = { .interface = { + .get_features = _get_features, .get_interface = _get_interface_name, .create_address_enumerator = _create_address_enumerator, .get_source_addr = _get_source_addr, |