sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity

shunt-manager: Don't install policies in case of an address family or IP protocol mismatch

Browse Source 
References #595.
This commit is contained in:
Tobias Brunner 2015-08-26 18:07:06 +02:00
parent 5f18e2c371
commit 65978f08f4
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/libcharon/sa/shunt_manager.c
View File

@ -96,6 +96,16 @@ static bool install_shunt_policy(child_cfg_t *child)
e_other_ts = other_ts_list->create_enumerator(other_ts_list);
while (e_other_ts->enumerate(e_other_ts, &other_ts))
{
if (my_ts->get_type(my_ts) != other_ts->get_type(other_ts))
{
continue;
}
if (my_ts->get_protocol(my_ts) &&
other_ts->get_protocol(other_ts) &&
my_ts->get_protocol(my_ts) != other_ts->get_protocol(other_ts))
{
continue;
}
/* install out policy */
status |= hydra->kernel_interface->add_policy(
hydra->kernel_interface, host_any, host_any,
@ -212,6 +222,16 @@ static void uninstall_shunt_policy(child_cfg_t *child)
e_other_ts = other_ts_list->create_enumerator(other_ts_list);
while (e_other_ts->enumerate(e_other_ts, &other_ts))
{
if (my_ts->get_type(my_ts) != other_ts->get_type(other_ts))
{
continue;
}
if (my_ts->get_protocol(my_ts) &&
other_ts->get_protocol(other_ts) &&
my_ts->get_protocol(my_ts) != other_ts->get_protocol(other_ts))
{
continue;
}
/* uninstall out policy */
status |= hydra->kernel_interface->del_policy(
hydra->kernel_interface, my_ts, other_ts,