diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-08-18 16:11:34 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-09-28 17:56:43 +0200 |
| commit | c98e48cf0ecc9563166f2e7d009462c01fc3fb6e (patch) | |
| tree | 82187e0842cf46d014768cc46f1031da57e6d22e /src | |
| parent | 175d78df607d985de8033893368ac27e5e003883 (diff) | |
| download | strongswan-c98e48cf0ecc9563166f2e7d009462c01fc3fb6e.tar.bz2 strongswan-c98e48cf0ecc9563166f2e7d009462c01fc3fb6e.tar.xz | |
child-cfg: Add setting that controls whether outbound FWD policies are installed
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/config/child_cfg.c | 14 | ||||
| -rw-r--r-- | src/libcharon/config/child_cfg.h | 10 |
2 files changed, 24 insertions, 0 deletions
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 76d7f2c58..6a9c342f4 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -154,6 +154,11 @@ struct private_child_cfg_t { bool install_policy; /** + * Install outbound FWD policies + */ + bool fwd_out_policy; + + /** * anti-replay window size */ uint32_t replay_window; @@ -564,6 +569,12 @@ METHOD(child_cfg_t, install_policy, bool, return this->install_policy; } +METHOD(child_cfg_t, install_fwd_out_policy, bool, + private_child_cfg_t *this) +{ + return this->fwd_out_policy; +} + #define LT_PART_EQUALS(a, b) ({ a.life == b.life && a.rekey == b.rekey && a.jitter == b.jitter; }) #define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); }) @@ -613,6 +624,7 @@ METHOD(child_cfg_t, equals, bool, this->replay_window == other->replay_window && this->proxy_mode == other->proxy_mode && this->install_policy == other->install_policy && + this->fwd_out_policy == other->fwd_out_policy && streq(this->updown, other->updown) && streq(this->interface, other->interface); } @@ -673,6 +685,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .set_replay_window = _set_replay_window, .use_proxy_mode = _use_proxy_mode, .install_policy = _install_policy, + .install_fwd_out_policy = _install_fwd_out_policy, .equals = _equals, .get_ref = _get_ref, .destroy = _destroy, @@ -695,6 +708,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) .manual_prio = data->priority, .interface = strdupnull(data->interface), .install_policy = !data->suppress_policies, + .fwd_out_policy = data->fwd_out_policies, .refcount = 1, .proposals = linked_list_create(), .my_ts = linked_list_create(), diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index e736b2737..b85bfd9bc 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -284,6 +284,14 @@ struct child_cfg_t { bool (*install_policy)(child_cfg_t *this); /** + * Check whether outbound FWD IPsec policies should be installed. + * + * @return TRUE, if outbound FWD policies should be installed + * FALSE, otherwise + */ + bool (*install_fwd_out_policy)(child_cfg_t *this); + + /** * Check if two child_cfg objects are equal. * * @param other candidate to check for equality against this @@ -346,6 +354,8 @@ struct child_cfg_create_t { bool hostaccess; /** Don't install IPsec policies */ bool suppress_policies; + /** Install outbound FWD IPsec policies to bypass drop policies */ + bool fwd_out_policies; }; /** |