u_int32_t reqid;
/** is this a forward policy trap for tunnel mode? */
bool fwd;
+ /** do we have installed a route for this trap policy? */
+ bool route;
+ /** local address of associated route */
+ host_t *local;
+ /** remote address of associated route */
+ host_t *remote;
/** src traffic selector */
traffic_selector_t *src;
/** dst traffic selector */
*/
static void destroy_trap(trap_t *this)
{
+ this->local->destroy(this->local);
+ this->remote->destroy(this->remote);
this->src->destroy(this->src);
this->dst->destroy(this->dst);
free(this);
* Create and install a new trap entry
*/
static bool add_trap(private_kernel_wfp_ipsec_t *this,
- u_int32_t reqid, bool fwd,
+ u_int32_t reqid, bool fwd, host_t *local, host_t *remote,
traffic_selector_t *src, traffic_selector_t *dst)
{
trap_t *trap;
.fwd = fwd,
.src = src->clone(src),
.dst = dst->clone(dst),
+ .local = local->clone(local),
+ .remote = remote->clone(remote),
);
if (!install_trap(this, trap))
destroy_trap(trap);
return FALSE;
}
+
+ trap->route = manage_route(this, local, remote, src, dst, TRUE);
+
this->mutex->lock(this->mutex);
this->traps->put(this->traps, trap, trap);
this->mutex->unlock(this->mutex);
if (found)
{
+ if (trap->route)
+ {
+ trap->route = !manage_route(this, trap->local, trap->remote,
+ src, dst, FALSE);
+ }
uninstall_trap(this, found);
destroy_trap(found);
return TRUE;
case POLICY_PRIORITY_DEFAULT:
break;
case POLICY_PRIORITY_ROUTED:
- if (!add_trap(this, sa->reqid, FALSE, src_ts, dst_ts))
+ if (!add_trap(this, sa->reqid, FALSE, src, dst, src_ts, dst_ts))
{
return FAILED;
}
if (sa->mode == MODE_TUNNEL)
{
- if (!add_trap(this, sa->reqid, TRUE, src_ts, dst_ts))
+ if (!add_trap(this, sa->reqid, TRUE, src, dst, src_ts, dst_ts))
{
return FAILED;
}
projects / thirdparty / strongswan.git / commitdiff
