Include ICMP traffic in sync tunnel
authorMartin Willi <martin@strongswan.org>
Tue, 29 Sep 2009 08:43:47 +0000 (10:43 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 7 Apr 2010 11:55:15 +0000 (13:55 +0200)
src/charon/plugins/ha_sync/ha_sync_tunnel.c

index e984825..8510549 100644 (file)
@@ -234,9 +234,13 @@ static void setup_sync_tunnel(private_ha_sync_tunnel_t *this,
 
        child_cfg = child_cfg_create("ha-sync", &lifetime, NULL, TRUE,
                                                MODE_TRANSPORT, ACTION_NONE, ACTION_NONE, FALSE);
-       ts = traffic_selector_create_dynamic(0, HA_SYNC_PORT, HA_SYNC_PORT);
+       ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_SYNC_PORT, HA_SYNC_PORT);
        child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
-       ts = traffic_selector_create_dynamic(0, HA_SYNC_PORT, HA_SYNC_PORT);
+       ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
+       child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
+       ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_SYNC_PORT, HA_SYNC_PORT);
+       child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
+       ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
        child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
        child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
        peer_cfg->add_child_cfg(peer_cfg, child_cfg);