shunt-manager: Install "outbound" FWD policy

author Tobias Brunner <tobias@strongswan.org>

Mon, 4 Apr 2016 08:49:35 +0000 (10:49 +0200)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Sat, 9 Apr 2016 14:51:00 +0000 (16:51 +0200)
author Tobias Brunner <tobias@strongswan.org>
Mon, 4 Apr 2016 08:49:35 +0000 (10:49 +0200)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Sat, 9 Apr 2016 14:51:00 +0000 (16:51 +0200)
diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c

index 13c8b5e3def747f7e6b558e187dbb5a12cea6079..36af86bae2d6f260a68431f30c6a089794ada7b5 100644 (file)
--- a/src/libcharon/sa/shunt_manager.c
+++ b/src/libcharon/sa/shunt_manager.c
@@ -124,6 +124,9 @@ static bool install_shunt_policy(child_cfg_t *child)
                                 .sa = &sa,
                         };
                         status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
+                       /* install "outbound" forward policy */
+                       id.dir = POLICY_FWD;
+                       status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
                         /* install in policy */
                         id = (kernel_ipsec_policy_id_t){
                                 .dir = POLICY_IN,
@@ -132,7 +135,7 @@ static bool install_shunt_policy(child_cfg_t *child)
                                 .mark = child->get_mark(child, TRUE),
                         };
                         status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
-                       /* install forward policy */
+                       /* install "inbound" forward policy */
                         id.dir = POLICY_FWD;
                         status |= charon->kernel->add_policy(charon->kernel, &id, &policy);
                 }
@@ -267,6 +270,9 @@ static void uninstall_shunt_policy(child_cfg_t *child)
                                 .sa = &sa,
                         };
                         status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
+                       /* uninstall "outbound" forward policy */
+                       id.dir = POLICY_FWD;
+                       status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
                         /* uninstall in policy */
                         id = (kernel_ipsec_policy_id_t){
                                 .dir = POLICY_IN,
@@ -275,7 +281,7 @@ static void uninstall_shunt_policy(child_cfg_t *child)
                                 .mark = child->get_mark(child, TRUE),
                         };
                         status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
-                       /* uninstall forward policy */
+                       /* uninstall "inbound" forward policy */
                         id.dir = POLICY_FWD;
                         status |= charon->kernel->del_policy(charon->kernel, &id, &policy);
                 }
author	Tobias Brunner <tobias@strongswan.org>
	Mon, 4 Apr 2016 08:49:35 +0000 (10:49 +0200)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Sat, 9 Apr 2016 14:51:00 +0000 (16:51 +0200)