kernel-netlink: Only associate templates with inbound FWD policies
authorTobias Brunner <tobias@strongswan.org>
Fri, 1 Apr 2016 14:51:51 +0000 (16:51 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 9 Apr 2016 14:51:00 +0000 (16:51 +0200)
commitf7e9e6a3fdda8c714eddf70015f998bb9c370904
treec5854d60988cbfd963efa582d7724aec726e34ae
parent9c12635252080af3fad7d4d8e02813d479b6ffdf
kernel-netlink: Only associate templates with inbound FWD policies

We can't set a template on the outbound FWD policy (or we'd have to make
it optional).  Because if the traffic does not come from another (matching)
IPsec tunnel it would get dropped due to the template mismatch.
src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c