diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-04-01 16:51:51 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2016-04-09 16:51:00 +0200 |
| commit | f7e9e6a3fdda8c714eddf70015f998bb9c370904 (patch) | |
| tree | c5854d60988cbfd963efa582d7724aec726e34ae /src | |
| parent | 9c12635252080af3fad7d4d8e02813d479b6ffdf (diff) | |
| download | strongswan-f7e9e6a3fdda8c714eddf70015f998bb9c370904.tar.bz2 strongswan-f7e9e6a3fdda8c714eddf70015f998bb9c370904.tar.xz | |
kernel-netlink: Only associate templates with inbound FWD policies
We can't set a template on the outbound FWD policy (or we'd have to make
it optional). Because if the traffic does not come from another (matching)
IPsec tunnel it would get dropped due to the template mismatch.
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index df79f86fc..22afc6352 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -2156,7 +2156,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, policy_info->lft.soft_use_expires_seconds = 0; policy_info->lft.hard_use_expires_seconds = 0; - if (mapping->type == POLICY_IPSEC) + if (mapping->type == POLICY_IPSEC && ipsec->cfg.reqid) { struct xfrm_user_tmpl *tmpl; struct { |