diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2011-07-27 13:41:35 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2011-07-27 13:41:35 +0200 |
| commit | fbedc6a45b9c18f13972c8e1a7ada0ef5fb67210 (patch) | |
| tree | 3e085d662684f302bfc531ff03ef2b73f257ba16 /src/pluto/kernel.c | |
| parent | a2e377fcfdc227e3856b656c8cd5401d67710eff (diff) | |
| download | strongswan-fbedc6a45b9c18f13972c8e1a7ada0ef5fb67210.tar.bz2 strongswan-fbedc6a45b9c18f13972c8e1a7ada0ef5fb67210.tar.xz | |
Remove policies in kernel interfaces based on their priority.
This allows to unroute a connection while the same connection is
currently established. In this case both CHILD_SAs share the same
reqid but the installed policies have different priorities.
Diffstat (limited to 'src/pluto/kernel.c')
| -rw-r--r-- | src/pluto/kernel.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index c458b2dad..13574f1cb 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -780,8 +780,9 @@ static bool raw_eroute(const ip_address *this_host, host_t *host_src, *host_dst; policy_type_t type = POLICY_IPSEC; policy_dir_t dir = POLICY_OUT; + policy_priority_t priority = POLICY_PRIORITY_DEFAULT; char text_said[SATOT_BUF]; - bool ok = TRUE, routed = FALSE, + bool ok = TRUE, deleting = (op & ERO_MASK) == ERO_DELETE, replacing = op & (SADB_X_SAFLAGS_REPLACEFLOW << ERO_FLAG_SHIFT); @@ -819,7 +820,7 @@ static bool raw_eroute(const ip_address *this_host, { return TRUE; } - routed = TRUE; + priority = POLICY_PRIORITY_ROUTED; break; } } @@ -837,14 +838,14 @@ static bool raw_eroute(const ip_address *this_host, if (deleting || replacing) { hydra->kernel_interface->del_policy(hydra->kernel_interface, - ts_src, ts_dst, dir, sa->reqid, mark, routed); + ts_src, ts_dst, dir, sa->reqid, mark, priority); } if (!deleting) { ok = hydra->kernel_interface->add_policy(hydra->kernel_interface, host_src, host_dst, ts_src, ts_dst, dir, type, sa, - mark, routed) == SUCCESS; + mark, priority) == SUCCESS; } if (dir == POLICY_IN) @@ -853,7 +854,7 @@ static bool raw_eroute(const ip_address *this_host, if (deleting || replacing) { hydra->kernel_interface->del_policy(hydra->kernel_interface, - ts_src, ts_dst, dir, sa->reqid, mark, routed); + ts_src, ts_dst, dir, sa->reqid, mark, priority); } if (!deleting && ok && @@ -861,7 +862,7 @@ static bool raw_eroute(const ip_address *this_host, { ok = hydra->kernel_interface->add_policy(hydra->kernel_interface, host_src, host_dst, ts_src, ts_dst, dir, type, sa, - mark, routed) == SUCCESS; + mark, priority) == SUCCESS; } } |