aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/libhydra/kernel/kernel_interface.h2
-rw-r--r--src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c7
2 files changed, 9 insertions, 0 deletions
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index f48104322..fd64f50c2 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -65,6 +65,8 @@ typedef enum kernel_feature_t kernel_feature_t;
enum kernel_feature_t {
/** IPsec can process ESPv3 (RFC 4303) TFC padded packets */
KERNEL_ESP_V3_TFC = (1<<0),
+ /** Networking requires an "exclude" route for IKE/ESP packets */
+ KERNEL_REQUIRE_EXCLUDE_ROUTE = (1<<1),
};
/**
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index b1d3fd88b..8d8d0362a 100644
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -770,6 +770,12 @@ METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
(void*)address_enumerator_destroy);
}
+METHOD(kernel_net_t, get_features, kernel_feature_t,
+ private_kernel_pfroute_net_t *this)
+{
+ return KERNEL_REQUIRE_EXCLUDE_ROUTE;
+}
+
METHOD(kernel_net_t, get_interface_name, bool,
private_kernel_pfroute_net_t *this, host_t* ip, char **name)
{
@@ -1276,6 +1282,7 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
INIT(this,
.public = {
.interface = {
+ .get_features = _get_features,
.get_interface = _get_interface_name,
.create_address_enumerator = _create_address_enumerator,
.get_source_addr = _get_source_addr,
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 09:48:10 +0000