ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

bypass-lan: Don't use interfaces in policies 

After an interface disappeared we can't remove the policies correctly as
the name doesn't resolve to the previous index anymore.
And making the policies so specific might not provide that much benefit.

To handle the interfaces on the policies correctly would require some
changes to the child-cfg, kernel-interface etc. so they'd take interface
indices directly so we could target the policies correctly even if an
interface disappeared (or reappeared and got a new index).
This commit is contained in:
Tobias Brunner 2017-02-13 19:06:24 +01:00
parent 0c549169c4
commit c2129d1cbe
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/libcharon/plugins/bypass_lan/bypass_lan_listener.c
View File

@ -64,7 +64,6 @@ typedef struct {
private_bypass_lan_listener_t *listener;
host_t *net;
uint8_t mask;
char *iface;
child_cfg_t *cfg;
} bypass_policy_t;
@ -86,7 +85,6 @@ static void bypass_policy_destroy(bypass_policy_t *this)
ts->destroy(ts);
}
this->net->destroy(this->net);
free(this->iface);
free(this);
}
@ -151,16 +149,18 @@ static job_requeue_t update_bypass(private_bypass_lan_listener_t *this)
INIT(lookup,
.net = net->clone(net),
.mask = mask,
.iface = strdupnull(iface),
);
seen->put(seen, lookup, lookup);
found = seen->put(seen, lookup, lookup);
if (found)
{ /* in case the same subnet is on multiple interfaces */
bypass_policy_destroy(found);
}
found = this->policies->get(this->policies, lookup);
if (!found)
{
child_cfg_create_t child = {
.mode = MODE_PASS,
.interface = iface,
};
child_cfg_t *cfg;
traffic_selector_t *ts;
@ -168,7 +168,7 @@ static job_requeue_t update_bypass(private_bypass_lan_listener_t *this)
ts = traffic_selector_create_from_subnet(net->clone(net), mask,
0, 0, 65535);
snprintf(name, sizeof(name), "Bypass LAN %R [%s]", ts, iface ?: "");
snprintf(name, sizeof(name), "Bypass LAN %R", ts);
cfg = child_cfg_create(name, &child);
cfg->add_traffic_selector(cfg, FALSE, ts->clone(ts));
@ -179,7 +179,6 @@ static job_requeue_t update_bypass(private_bypass_lan_listener_t *this)
INIT(found,
.net = net->clone(net),
.mask = mask,
.iface = strdupnull(iface),
.cfg = cfg,
);
this->policies->put(this->policies, found, found);