shunt-mananger: Make outbound FWD shunt policies optional

author: Tobias Brunner <tobias@strongswan.org> 2017-10-25 13:24:01 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2017-11-02 10:47:53 +0100
commit: 6ebf852c3ff20e2a7873a57cb8f4740d24f09f78 (patch)
tree: ac3465d223e340dffc6f64b137e46931e1900057 /src
parent: 2dad2936471845695b8dc66d5aa7113ee28f0be9 (diff)
download: strongswan-6ebf852c3ff20e2a7873a57cb8f4740d24f09f78.tar.bz2
strongswan-6ebf852c3ff20e2a7873a57cb8f4740d24f09f78.tar.xz
1 files changed, 15 insertions, 6 deletions
diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c
index ad12f0579..3a254cea5 100644
--- a/src/libcharon/sa/shunt_manager.c
+++ b/src/libcharon/sa/shunt_manager.c
@@ -96,6 +96,7 @@ static bool install_shunt_policy(child_cfg_t *child)
 	status_t status = SUCCESS;
 	uint32_t manual_prio;
 	char *interface;
+	bool fwd_out;
 	ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT };
 
 	switch (child->get_mode(child))
@@ -122,6 +123,7 @@ static bool install_shunt_policy(child_cfg_t *child)
 
 	manual_prio = child->get_manual_prio(child);
 	interface = child->get_interface(child);
+	fwd_out = child->has_option(child, OPT_FWD_OUT_POLICIES);
 
 	/* enumerate pairs of traffic selectors */
 	e_my_ts = my_ts_list->create_enumerator(my_ts_list);
@@ -157,9 +159,11 @@ static bool install_shunt_policy(child_cfg_t *child)
 				.sa = &sa,
 			};
 			status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
-			/* install "outbound" forward policy */
-			id.dir = POLICY_FWD;
-			status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
+			if (fwd_out)
+			{	/* install "outbound" forward policy */
+				id.dir = POLICY_FWD;
+				status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
+			}
 			/* install in policy */
 			id = (kernel_ipsec_policy_id_t){
 				.dir = POLICY_IN,
@@ -255,6 +259,7 @@ static void uninstall_shunt_policy(child_cfg_t *child)
 	status_t status = SUCCESS;
 	uint32_t manual_prio;
 	char *interface;
+	bool fwd_out;
 	ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT };
 
 	switch (child->get_mode(child))
@@ -281,6 +286,7 @@ static void uninstall_shunt_policy(child_cfg_t *child)
 
 	manual_prio = child->get_manual_prio(child);
 	interface = child->get_interface(child);
+	fwd_out = child->has_option(child, OPT_FWD_OUT_POLICIES);
 
 	/* enumerate pairs of traffic selectors */
 	e_my_ts = my_ts_list->create_enumerator(my_ts_list);
@@ -316,9 +322,12 @@ static void uninstall_shunt_policy(child_cfg_t *child)
 				.sa = &sa,
 			};
 			status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
-			/* uninstall "outbound" forward policy */
-			id.dir = POLICY_FWD;
-			status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
+			if (fwd_out)
+			{
+				/* uninstall "outbound" forward policy */
+				id.dir = POLICY_FWD;
+				status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
+			}
 			/* uninstall in policy */
 			id = (kernel_ipsec_policy_id_t){
 				.dir = POLICY_IN,
author	Tobias Brunner <tobias@strongswan.org>	2017-10-25 13:24:01 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2017-11-02 10:47:53 +0100
commit	6ebf852c3ff20e2a7873a57cb8f4740d24f09f78 (patch)
tree	ac3465d223e340dffc6f64b137e46931e1900057 /src
parent	2dad2936471845695b8dc66d5aa7113ee28f0be9 (diff)
download	strongswan-6ebf852c3ff20e2a7873a57cb8f4740d24f09f78.tar.bz2 strongswan-6ebf852c3ff20e2a7873a57cb8f4740d24f09f78.tar.xz