From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 12 May 2015 15:49:46 +0000 (+0200)
Subject: vici: Don't redirect all SAs if no selectors are given
X-Git-Tag: 5.4.0dr8~12^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c13eb73719958e004cf8ae362f3801a3f3f243b0;p=thirdparty%2Fstrongswan.git

vici: Don't redirect all SAs if no selectors are given

This avoid confusion and redirecting all SAs can now easily be done
explicitly (e.g. peer_ip=0.0.0.0/0).
---

diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index d619a8028a..c526d2fda2 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -451,7 +451,7 @@ CALLBACK(redirect, vici_message_t*,
 	}
 	if (!peer_ip && !peer_id && !ike && !ike_id)
 	{
-		DBG1(DBG_CFG, "vici redirect all IKE_SAs to '%Y'", gateway);
+		return send_reply(this, "missing redirect selector");
 	}
 
 	sas = charon->controller->create_ike_sa_enumerator(charon->controller, TRUE);