From 02767e430975eb4c832b6c8e5733a8c304e71515 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 8 Feb 2017 16:13:32 +0100
Subject: [PATCH] stroke: Use peer name as namespace for shunt policies

The same goes for the start-action-job.  When unrouting, we search for
the first policy with a matching child-cfg.
---
 src/libcharon/plugins/stroke/stroke_control.c | 20 +++++++++++++++++--
 .../processing/jobs/start_action_job.c        |  3 ++-
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c
index 7b0602cfbd..ee83067727 100644
--- a/src/libcharon/plugins/stroke/stroke_control.c
+++ b/src/libcharon/plugins/stroke/stroke_control.c
@@ -641,7 +641,8 @@ static void charon_route(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg,
 	mode = child_cfg->get_mode(child_cfg);
 	if (mode == MODE_PASS || mode == MODE_DROP)
 	{
-		if (charon->shunts->install(charon->shunts, NULL, child_cfg))
+		if (charon->shunts->install(charon->shunts,
+									peer_cfg->get_name(peer_cfg), child_cfg))
 		{
 			fprintf(out, "'%s' shunt %N policy installed\n",
 					name, ipsec_mode_names, mode);
@@ -729,15 +730,30 @@ METHOD(stroke_control_t, route, void,
 METHOD(stroke_control_t, unroute, void,
 	private_stroke_control_t *this, stroke_msg_t *msg, FILE *out)
 {
+	child_cfg_t *child_cfg;
 	child_sa_t *child_sa;
 	enumerator_t *enumerator;
+	char *ns, *found = NULL;
 	uint32_t id = 0;
 
-	if (charon->shunts->uninstall(charon->shunts, NULL, msg->unroute.name))
+	enumerator = charon->shunts->create_enumerator(charon->shunts);
+	while (enumerator->enumerate(enumerator, &ns, &child_cfg))
 	{
+		if (ns && streq(msg->unroute.name, child_cfg->get_name(child_cfg)))
+		{
+			found = strdup(ns);
+			break;
+		}
+	}
+	enumerator->destroy(enumerator);
+	if (found && charon->shunts->uninstall(charon->shunts, found,
+										   msg->unroute.name))
+	{
+		free(found);
 		fprintf(out, "shunt policy '%s' uninstalled\n", msg->unroute.name);
 		return;
 	}
+	free(found);
 
 	enumerator = charon->traps->create_enumerator(charon->traps);
 	while (enumerator->enumerate(enumerator, NULL, &child_sa))
diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c
index 19f2052512..654ec6abe7 100644
--- a/src/libcharon/processing/jobs/start_action_job.c
+++ b/src/libcharon/processing/jobs/start_action_job.c
@@ -68,7 +68,8 @@ METHOD(job_t, execute, job_requeue_t,
 					mode = child_cfg->get_mode(child_cfg);
 					if (mode == MODE_PASS || mode == MODE_DROP)
 					{
-						charon->shunts->install(charon->shunts, NULL,
+						charon->shunts->install(charon->shunts,
+												peer_cfg->get_name(peer_cfg),
 												child_cfg);
 					}
 					else
-- 
2.47.2