not installing a route when policy gets updated

diff --git a/src/charon/threads/kernel_interface.c b/src/charon/threads/kernel_interface.c
index 43956b05542a3d2c142efbaf6719bbb4cd28f709..9ee788abfac92c14c6cf88e9bd87546aaf386281 100644 (file)
--- a/src/charon/threads/kernel_interface.c
+++ b/src/charon/threads/kernel_interface.c
@@ -1663,8 +1663,14 @@ static status_t add_policy(private_kernel_interface_t *this,
                return FAILED;
        }
        
-       if (direction == POLICY_FWD && mode != MODE_TRANSPORT &&
-               src->get_family(src) != AF_INET6)
+       /* install a route, if:
+        * - we are NOT updating a policy
+        * - this is a forward policy (to just get one for each child)
+        * - we are in tunnel mode
+        * - we are not using IPv6 (does not work correctly yet!)
+        */
+       if (policy->route == NULL && direction == POLICY_FWD &&
+               mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6)
        {
                policy->route = malloc_thing(route_entry_t);
                if (get_address_by_ts(this, dst_ts, &policy->route->src_ip) == SUCCESS)