stroke: Use peer name as namespace for shunt policies

The same goes for the start-action-job.  When unrouting, we search for
the first policy with a matching child-cfg.

diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index 7b0602cfbd85d911a240eabe5fa856b7ca54c19c..ee83067727568126ddae38aadb8669baf6e1727e 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -641,7 +641,8 @@ static void charon_route(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
        mode = child_cfg->get_mode(child_cfg);
        if (mode == MODE_PASS || mode == MODE_DROP)
        {
-               if (charon->shunts->install(charon->shunts, NULL, child_cfg))
+               if (charon->shunts->install(charon->shunts,
+                                                                       peer_cfg->get_name(peer_cfg), child_cfg))
                {
                        fprintf(out, "'%s' shunt %N policy installed\n",
                                        name, ipsec_mode_names, mode);
@@ -729,15 +730,30 @@ METHOD(stroke_control_t, route, void,
 METHOD(stroke_control_t, unroute, void,
        private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
 {
+       child_cfg_t *child_cfg;
        child_sa_t *child_sa;
        enumerator_t *enumerator;
+       char *ns, *found = NULL;
        uint32_t id = 0;
 
-       if (charon->shunts->uninstall(charon->shunts, NULL, msg->unroute.name))
+       enumerator = charon->shunts->create_enumerator(charon->shunts);
+       while (enumerator->enumerate(enumerator, &ns, &child_cfg))
        {
+               if (ns && streq(msg->unroute.name, child_cfg->get_name(child_cfg)))
+               {
+                       found = strdup(ns);
+                       break;
+               }
+       }
+       enumerator->destroy(enumerator);
+       if (found && charon->shunts->uninstall(charon->shunts, found,
+                                                                                  msg->unroute.name))
+       {
+               free(found);
                fprintf(out, "shunt policy '%s' uninstalled\n", msg->unroute.name);
                return;
        }
+       free(found);
 
        enumerator = charon->traps->create_enumerator(charon->traps);
        while (enumerator->enumerate(enumerator, NULL, &child_sa))

diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c
index 19f2052512c37a17f9c9eb380863f346ff111155..654ec6abe7b7ad85db177ed5dc48ea11f3f344cd 100644 (file)
--- a/src/libcharon/processing/jobs/start_action_job.c
+++ b/src/libcharon/processing/jobs/start_action_job.c
@@ -68,7 +68,8 @@ METHOD(job_t, execute, job_requeue_t,
                                        mode = child_cfg->get_mode(child_cfg);
                                        if (mode == MODE_PASS || mode == MODE_DROP)
                                        {
-                                               charon->shunts->install(charon->shunts, NULL,
+                                               charon->shunts->install(charon->shunts,
+                                                                                               peer_cfg->get_name(peer_cfg),
                                                                                                child_cfg);
                                        }
                                        else