child-sa: Install "outbound" FWD policy
authorTobias Brunner <tobias@strongswan.org>
Fri, 1 Apr 2016 14:41:05 +0000 (16:41 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 9 Apr 2016 14:51:00 +0000 (16:51 +0200)
commit9c12635252080af3fad7d4d8e02813d479b6ffdf
tree17fa63341f6c7a55ada10cd5f2ae59669ccdb0b4
parentc4387e991ac1efb7cd0293ebc57b8372046cf944
child-sa: Install "outbound" FWD policy

If there is a DROP shunt that matches outbound forwarded traffic it
would get dropped as the FWD policy we install only matches decrypted
inbound traffic.  That's because the Linux kernel first checks the FWD
policies before looking up the OUT policy and SA to encrypt the packets.
src/libcharon/sa/child_sa.c