ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

kernel-netlink: Allow IPsec policies to replace shunt policies 

Shunt policies don't have a reqid set, so we allow unequal reqids in
this particular case (i.e. if one of the reqids is 0).
This commit is contained in:
Tobias Brunner 2015-10-05 14:36:29 +02:00
parent baff14d049
commit 4aff445202
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
View File

@ -2135,7 +2135,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
{
continue;
}
tmpl->reqid = policy->reqid;
tmpl->reqid = ipsec->cfg.reqid;
tmpl->id.proto = protos[i].proto;
tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0;
tmpl->mode = mode2kernel(proto_mode);
@ -2317,7 +2317,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
current = this->policies->get(this->policies, policy);
if (current)
{
if (current->reqid != sa->reqid)
if (current->reqid && sa->reqid && current->reqid != sa->reqid)
{
DBG1(DBG_CFG, "unable to install policy %R === %R %N (mark "
"%u/0x%08x) for reqid %u, the same policy for reqid %u exists",
@ -2503,7 +2503,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
/* find the policy */
this->mutex->lock(this->mutex);
current = this->policies->get(this->policies, &policy);
if (!current || current->reqid != sa->reqid)
if (!current)
{
if (mark.value)
{