From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 26 Feb 2020 15:53:06 +0000 (+0100)
Subject: kernel-netlink: Don't require an interface name for passthrough policies
X-Git-Tag: 5.8.3rc1~4^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e23708bdf321bd33b6e12aaf09e5d022d540e57c;p=thirdparty%2Fstrongswan.git

kernel-netlink: Don't require an interface name for passthrough policies
---

diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index da22c0bbba..9d0c925c01 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -2661,8 +2661,9 @@ static void install_route(private_kernel_netlink_ipsec_t *this,
 			iface = route->src_ip;
 		}
 		if (!charon->kernel->get_interface(charon->kernel, iface,
-										   &route->if_name))
-		{
+										   &route->if_name) &&
+			!route->pass)
+		{	/* don't require an interface for passthrough policies */
 			route_entry_destroy(route);
 			return;
 		}
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 24d93cc2f2..e8e1f9ce84 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -585,7 +585,7 @@ static job_requeue_t reinstall_routes(private_kernel_netlink_net_t *this)
 		net_change_t *change, lookup = {
 			.if_name = route->if_name,
 		};
-		if (route->pass)
+		if (route->pass || !route->if_name)
 		{	/* no need to reinstall these, they don't reference interfaces */
 			continue;
 		}