From e23708bdf321bd33b6e12aaf09e5d022d540e57c Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 26 Feb 2020 16:53:06 +0100
Subject: [PATCH] kernel-netlink: Don't require an interface name for
 passthrough policies

---
 src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 5 +++--
 src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c   | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index da22c0bbba..9d0c925c01 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -2661,8 +2661,9 @@ static void install_route(private_kernel_netlink_ipsec_t *this,
 			iface = route->src_ip;
 		}
 		if (!charon->kernel->get_interface(charon->kernel, iface,
-										   &route->if_name))
-		{
+										   &route->if_name) &&
+			!route->pass)
+		{	/* don't require an interface for passthrough policies */
 			route_entry_destroy(route);
 			return;
 		}
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 24d93cc2f2..e8e1f9ce84 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -585,7 +585,7 @@ static job_requeue_t reinstall_routes(private_kernel_netlink_net_t *this)
 		net_change_t *change, lookup = {
 			.if_name = route->if_name,
 		};
-		if (route->pass)
+		if (route->pass || !route->if_name)
 		{	/* no need to reinstall these, they don't reference interfaces */
 			continue;
 		}
-- 
2.47.2