diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-07-14 13:51:36 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-07-14 13:51:36 +0200 |
| commit | 4742d6501a5fc3ff0e356badce66b27d3ec38b99 (patch) | |
| tree | ef2850a0303a88efadf7b74ec3f8acb28743995b /src | |
| parent | 56bffdc03a976e164de388e3f93943c952bb7c11 (diff) | |
| download | strongswan-4742d6501a5fc3ff0e356badce66b27d3ec38b99.tar.bz2 strongswan-4742d6501a5fc3ff0e356badce66b27d3ec38b99.tar.xz | |
shunt manager installs policies with %any hosts
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/sa/shunt_manager.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c index f18c07c51..accebe652 100644 --- a/src/libcharon/sa/shunt_manager.c +++ b/src/libcharon/sa/shunt_manager.c @@ -47,6 +47,7 @@ static bool install_shunt_policy(child_cfg_t *child) enumerator_t *e_my_ts, *e_other_ts; linked_list_t *my_ts_list, *other_ts_list; traffic_selector_t *my_ts, *other_ts; + host_t *host_any; policy_type_t policy_type; status_t status = SUCCESS; ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT }; @@ -55,6 +56,7 @@ static bool install_shunt_policy(child_cfg_t *child) POLICY_PASS : POLICY_DROP; my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, NULL); other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, NULL); + host_any = host_create_any(AF_INET); /* enumerate pairs of traffic selectors */ e_my_ts = my_ts_list->create_enumerator(my_ts_list); @@ -65,19 +67,19 @@ static bool install_shunt_policy(child_cfg_t *child) { /* install out policy */ status |= hydra->kernel_interface->add_policy( - hydra->kernel_interface, NULL, NULL, + hydra->kernel_interface, host_any, host_any, my_ts, other_ts, POLICY_OUT, policy_type, &sa, child->get_mark(child, FALSE), FALSE); /* install in policy */ status |= hydra->kernel_interface->add_policy( - hydra->kernel_interface, NULL, NULL, + hydra->kernel_interface, host_any, host_any, other_ts, my_ts, POLICY_IN, policy_type, &sa, child->get_mark(child, TRUE), FALSE); /* install forward policy */ status |= hydra->kernel_interface->add_policy( - hydra->kernel_interface, NULL, NULL, + hydra->kernel_interface, host_any, host_any, other_ts, my_ts, POLICY_FWD, policy_type, &sa, child->get_mark(child, TRUE), FALSE); } @@ -89,6 +91,7 @@ static bool install_shunt_policy(child_cfg_t *child) offsetof(traffic_selector_t, destroy)); other_ts_list->destroy_offset(other_ts_list, offsetof(traffic_selector_t, destroy)); + host_any->destroy(host_any); return status == SUCCESS; } |