diff options
Diffstat (limited to 'src/libcharon/plugins/kernel_libipsec')
| -rw-r--r-- | src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c index 05635b388..40f253d5a 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c @@ -464,6 +464,15 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this, policy->route = NULL; } + if (dst_ts->is_host(dst_ts, dst)) + { + DBG1(DBG_KNL, "can't install route for %R === %R %N, conflicts with " + "IKE traffic", src_ts, dst_ts, policy_dir_names, + policy->direction); + route_entry_destroy(route); + this->mutex->unlock(this->mutex); + return FALSE; + } /* if remote traffic selector covers the IKE peer, add an exclude route */ if (dst_ts->includes(dst_ts, dst)) { |