kernel-pfroute: Don't install virtual IPs if charon.install_virtual_ip is disabled

diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index 0f780227028ad836f9750e5d0a93a17728effaa5..df80c29b8f4e7d4e195e6fe1cdb753b6cb205869 100644 (file)
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -408,6 +408,11 @@ struct private_kernel_pfroute_net_t
         * Time in ms to wait for IP addresses to appear/disappear
         */
        int vip_wait;
+
+       /**
+        * whether to actually install virtual IPs
+        */
+       bool install_virtual_ip;
 };
 
 
@@ -1197,6 +1202,11 @@ METHOD(kernel_net_t, add_ip, status_t,
        tun_device_t *tun;
        bool timeout = FALSE;
 
+       if (!this->install_virtual_ip)
+       {       /* disabled by config */
+               return SUCCESS;
+       }
+
        tun = tun_device_create(NULL);
        if (!tun)
        {
@@ -1271,6 +1281,11 @@ METHOD(kernel_net_t, del_ip, status_t,
        host_t *addr;
        bool timeout = FALSE, found = FALSE;
 
+       if (!this->install_virtual_ip)
+       {       /* disabled by config */
+               return SUCCESS;
+       }
+
        this->lock->write_lock(this->lock);
        enumerator = this->tuns->create_enumerator(this->tuns);
        while (enumerator->enumerate(enumerator, &tun))
@@ -1848,6 +1863,8 @@ kernel_pfroute_net_t *kernel_pfroute_net_create()
                .roam_lock = spinlock_create(),
                .vip_wait = lib->settings->get_int(lib->settings,
                                                "%s.plugins.kernel-pfroute.vip_wait", 1000, lib->ns),
+               .install_virtual_ip = lib->settings->get_bool(lib->settings,
+                                               "%s.install_virtual_ip", TRUE, lib->ns),
        );
        timerclear(&this->last_route_reinstall);
        timerclear(&this->next_roam);