diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-07-04 23:47:20 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-07-04 23:47:20 +0000 |
| commit | 7b0305f59ddab9ea026b202a8c569912e5bf9a90 (patch) | |
| tree | 131d39a22cf97e9e8c6da58ddefabc8138a731c2 /src/_updown | |
| parent | 08ee5250bd9c43fda5f24d10b791ca2c4c17fcee (diff) | |
| download | vyos-strongswan-7b0305f59ddab9ea026b202a8c569912e5bf9a90.tar.gz vyos-strongswan-7b0305f59ddab9ea026b202a8c569912e5bf9a90.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.1.4)
Diffstat (limited to 'src/_updown')
| -rw-r--r-- | src/_updown/Makefile.in | 1 | ||||
| -rwxr-xr-x | src/_updown/_updown | 41 |
2 files changed, 32 insertions, 10 deletions
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index 9118eef49..ff4651d05 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -113,6 +113,7 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ diff --git a/src/_updown/_updown b/src/_updown/_updown index 8db74f737..795b6f388 100755 --- a/src/_updown/_updown +++ b/src/_updown/_updown @@ -4,7 +4,7 @@ # Copyright (C) 2003-2004 Nigel Meteringham # Copyright (C) 2003-2004 Tuomo Soini # Copyright (C) 2002-2004 Michael Richardson -# Copyright (C) 2005-2006 Andreas Steffen <andreas.steffen@strongswan.org> +# Copyright (C) 2005-2007 Andreas Steffen <andreas.steffen@strongswan.org> # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the @@ -191,14 +191,6 @@ addsource() { doroute() { st=0 - parms="$PLUTO_PEER_CLIENT" - - parms2= - if [ -n "$PLUTO_NEXT_HOP" ] - then - parms2="via $PLUTO_NEXT_HOP" - fi - parms2="$parms2 dev $PLUTO_INTERFACE" if [ -z "$PLUTO_MY_SOURCEIP" ] then @@ -218,6 +210,26 @@ doroute() { fi fi + if [ -z "$KLIPS" -a -z "$PLUTO_MY_SOURCEIP" ] + then + # leave because no route entry is required + return $st + fi + + parms1="$PLUTO_PEER_CLIENT" + + parms2= + if [ -n "$KLIPS" ] + then + if [ -n "$PLUTO_NEXT_HOP" ] + then + parms2="via $PLUTO_NEXT_HOP" + fi + else + parms2="via $PLUTO_ME" + fi + parms2="$parms2 dev $PLUTO_INTERFACE" + parms3= if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" then @@ -233,7 +245,7 @@ doroute() { it="ip route $1 0.0.0.0/1 $parms2 $parms3 && ip route $1 128.0.0.0/1 $parms2 $parms3" ;; - *) it="ip route $1 $parms $parms2 $parms3" + *) it="ip route $1 $parms1 $parms2 $parms3" ;; esac oops="`eval $it 2>&1`" @@ -252,9 +264,11 @@ doroute() { # in the presence of KLIPS and ipsecN interfaces do not use IPSEC_POLICY if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ] then + KLIPS=1 IPSEC_POLICY_IN="" IPSEC_POLICY_OUT="" else + KLIPS= IPSEC_POLICY="-m policy --pol ipsec --proto esp --reqid $PLUTO_REQID" IPSEC_POLICY_IN="$IPSEC_POLICY --dir in" IPSEC_POLICY_OUT="$IPSEC_POLICY --dir out" @@ -275,6 +289,13 @@ fi # the big choice case "$PLUTO_VERB:$1" in prepare-host:*|prepare-client:*) + if [ -z "$KLIPS" -a -z "$PLUTO_MY_SOURCEIP" ] + then + # exit because no route will be added, + # so that existing routes can stay + exit 0 + fi + # delete possibly-existing route (preliminary to adding a route) case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") |