child-sa: Enable ICMP forwarding on SA and policies if configured

author Tobias Brunner <tobias@strongswan.org>

Mon, 7 Feb 2022 13:35:39 +0000 (14:35 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Mon, 7 Feb 2022 14:05:32 +0000 (15:05 +0100)
author Tobias Brunner <tobias@strongswan.org>
Mon, 7 Feb 2022 13:35:39 +0000 (14:35 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Mon, 7 Feb 2022 14:05:32 +0000 (15:05 +0100)
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c

index 9b06ebc3c345123d04d92be2e5c2c0aada8ce2d7..6960763f50e63d96f19e05b08a655a62865d53b7 100644 (file)
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -919,6 +919,7 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr,
                 .copy_df = !this->config->has_option(this->config, OPT_NO_COPY_DF),
                 .copy_ecn = !this->config->has_option(this->config, OPT_NO_COPY_ECN),
                 .copy_dscp = this->config->get_copy_dscp(this->config),
+               .forward_icmp = this->config->has_option(this->config, OPT_FORWARD_ICMP),
                 .initiator = initiator,
                 .inbound = inbound,
                 .update = update,
@@ -968,6 +969,7 @@ static void prepare_sa_cfg(private_child_sa_t *this, ipsec_sa_cfg_t *my_sa,
         *my_sa = (ipsec_sa_cfg_t){
                 .mode = this->mode,
                 .reqid = this->reqid,
+               .forward_icmp = this->config->has_option(this->config, OPT_FORWARD_ICMP),
                 .ipcomp = {
                         .transform = this->ipcomp,
                 },
author	Tobias Brunner <tobias@strongswan.org>
	Mon, 7 Feb 2022 13:35:39 +0000 (14:35 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Mon, 7 Feb 2022 14:05:32 +0000 (15:05 +0100)