Install bypass policies after creating XFRM netlink socket, loading xfrm_user module
authorMartin Willi <martin@strongswan.org>
Mon, 9 Nov 2009 12:23:24 +0000 (13:23 +0100)
committerMartin Willi <martin@strongswan.org>
Mon, 9 Nov 2009 14:07:00 +0000 (15:07 +0100)
src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c

index 2fc281e..51a9ea3 100644 (file)
@@ -1989,12 +1989,6 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
                close(fd);
        }
 
-       /* add bypass policies on the sockets used by charon */
-       if (!add_bypass_policies())
-       {
-               charon->kill(charon, "unable to add bypass policies on sockets");
-       }
-
        this->socket_xfrm = netlink_socket_create(NETLINK_XFRM);
 
        memset(&addr, 0, sizeof(addr));
@@ -2013,6 +2007,12 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create()
                charon->kill(charon, "unable to bind XFRM event socket");
        }
 
+       /* add bypass policies on the sockets used by charon */
+       if (!add_bypass_policies())
+       {
+               charon->kill(charon, "unable to add bypass policies on sockets");
+       }
+
        this->job = callback_job_create((callback_job_cb_t)receive_events,
                                                                        this, NULL, NULL);
        charon->processor->queue_job(charon->processor, (job_t*)this->job);