From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 17 Aug 2010 07:48:59 +0000 (+0200)
Subject: Do not install routes for pluto.
X-Git-Tag: 4.5.0~268
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b8bf01ddee09faa020d65992d12b4be42be582bb;p=thirdparty%2Fstrongswan.git

Do not install routes for pluto.

There are some incompatibilities with e.g. passthrough policies.
Pluto installs required source routes via updown script.
---

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 25878addfd..5b869e78ba 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -2171,6 +2171,11 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
 												  hydra->daemon),
 	);
 
+	if (streq(hydra->daemon, "pluto"))
+	{	/* no routes for pluto, they are installed via updown script */
+		this->install_routes = FALSE;
+	}
+
 	/* disable lifetimes for allocated SPIs in kernel */
 	fd = open("/proc/sys/net/core/xfrm_acq_expires", O_WRONLY);
 	if (fd)
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index b4e64b61fc..f5786447b1 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -2137,6 +2137,11 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create()
 												  hydra->daemon),
 	);
 
+	if (streq(hydra->daemon, "pluto"))
+	{	/* no routes for pluto, they are installed via updown script */
+		this->install_routes = FALSE;
+	}
+
 	/* create a PF_KEY socket to communicate with the kernel */
 	this->socket = socket(PF_KEY, SOCK_RAW, PF_KEY_V2);
 	if (this->socket <= 0)