diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/kernel/kernel_interface.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/charon/kernel/kernel_interface.c b/src/charon/kernel/kernel_interface.c index 4d47907bf..05a1b31ed 100644 --- a/src/charon/kernel/kernel_interface.c +++ b/src/charon/kernel/kernel_interface.c @@ -371,6 +371,11 @@ struct private_kernel_interface_t { * time of the last roam_job */ struct timeval last_roam; + + /** + * whether to install routes along policies + */ + bool install_routes; }; /** @@ -2544,9 +2549,11 @@ static status_t add_policy(private_kernel_interface_t *this, * - this is a forward policy (to just get one for each child) * - we are in tunnel mode * - we are not using IPv6 (does not work correctly yet!) + * - routing is not disabled via strongswan.conf */ if (policy->route == NULL && direction == POLICY_FWD && - mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6) + mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6 && + this->install_routes) { policy->route = malloc_thing(route_entry_t); if (get_address_by_ts(this, dst_ts, &policy->route->src_ip) == SUCCESS) @@ -2777,7 +2784,8 @@ kernel_interface_t *kernel_interface_create() pthread_mutex_init(&this->nl_mutex, NULL); pthread_cond_init(&this->cond, NULL); timerclear(&this->last_roam); - + this->install_routes = lib->settings->get_bool(lib->settings, + "charon.install_routes", TRUE); memset(&addr, 0, sizeof(addr)); addr.nl_family = AF_NETLINK; |