diff options
Diffstat (limited to 'src/libcharon/sa/child_sa.c')
| -rw-r--r-- | src/libcharon/sa/child_sa.c | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 8a405d93c..e4364de12 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -111,12 +111,17 @@ struct private_child_sa_t { */ bool static_reqid; - /* + /** * Unique CHILD_SA identifier */ uint32_t unique_id; /** + * Whether FWD policieis in the outbound direction should be installed + */ + bool policies_fwd_out; + + /** * inbound mark used for this child_sa */ mark_t mark_in; @@ -931,15 +936,19 @@ static status_t install_policies_internal(private_child_sa_t *this, * policies of two SAs we install them with reduced priority. As they * basically act as bypass policies for drop policies we use a higher * priority than is used for them. */ - out_id.dir = POLICY_FWD; - other_sa->reqid = 0; - if (priority == POLICY_PRIORITY_DEFAULT) + if (this->policies_fwd_out) { - out_policy.prio = POLICY_PRIORITY_ROUTED; + out_id.dir = POLICY_FWD; + other_sa->reqid = 0; + if (priority == POLICY_PRIORITY_DEFAULT) + { + out_policy.prio = POLICY_PRIORITY_ROUTED; + } + status |= charon->kernel->add_policy(charon->kernel, &out_id, + &out_policy); + /* reset the reqid for any other further policies */ + other_sa->reqid = this->reqid; } - status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy); - /* reset the reqid for any other further policies */ - other_sa->reqid = this->reqid; } return status; } @@ -988,14 +997,17 @@ static void del_policies_internal(private_child_sa_t *this, in_id.dir = POLICY_FWD; charon->kernel->del_policy(charon->kernel, &in_id, &in_policy); - out_id.dir = POLICY_FWD; - other_sa->reqid = 0; - if (priority == POLICY_PRIORITY_DEFAULT) + if (this->policies_fwd_out) { - out_policy.prio = POLICY_PRIORITY_ROUTED; + out_id.dir = POLICY_FWD; + other_sa->reqid = 0; + if (priority == POLICY_PRIORITY_DEFAULT) + { + out_policy.prio = POLICY_PRIORITY_ROUTED; + } + charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); + other_sa->reqid = this->reqid; } - charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); - other_sa->reqid = this->reqid; } } @@ -1443,6 +1455,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, .mark_in = config->get_mark(config, TRUE), .mark_out = config->get_mark(config, FALSE), .install_time = time_monotonic(NULL), + .policies_fwd_out = config->install_fwd_out_policy(config), ); this->config = config; |