From: Martin Willi <martin@strongswan.org>
Date: Mon, 9 Nov 2009 12:23:24 +0000 (+0100)
Subject: Install bypass policies after creating XFRM netlink socket, loading xfrm_user module
X-Git-Tag: 4.3.6~252
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=67c3875c02503a56126ab7750a49cf7770c48179;p=thirdparty%2Fstrongswan.git

Install bypass policies after creating XFRM netlink socket, loading xfrm_user module
---

diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 2fc281ebdf..51a9ea31d1 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1989,12 +1989,6 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
 		close(fd);
 	}
 
-	/* add bypass policies on the sockets used by charon */
-	if (!add_bypass_policies())
-	{
-		charon->kill(charon, "unable to add bypass policies on sockets");
-	}
-
 	this->socket_xfrm = netlink_socket_create(NETLINK_XFRM);
 
 	memset(&addr, 0, sizeof(addr));
@@ -2013,6 +2007,12 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
 		charon->kill(charon, "unable to bind XFRM event socket");
 	}
 
+	/* add bypass policies on the sockets used by charon */
+	if (!add_bypass_policies())
+	{
+		charon->kill(charon, "unable to add bypass policies on sockets");
+	}
+
 	this->job = callback_job_create((callback_job_cb_t)receive_events,
 									this, NULL, NULL);
 	charon->processor->queue_job(charon->processor, (job_t*)this->job);