vici: Don't redirect all SAs if no selectors are given
authorTobias Brunner <tobias@strongswan.org>
Tue, 12 May 2015 15:49:46 +0000 (17:49 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 4 Mar 2016 15:03:00 +0000 (16:03 +0100)
This avoid confusion and redirecting all SAs can now easily be done
explicitly (e.g. peer_ip=0.0.0.0/0).

src/libcharon/plugins/vici/vici_control.c

index d619a80..c526d2f 100644 (file)
@@ -451,7 +451,7 @@ CALLBACK(redirect, vici_message_t*,
        }
        if (!peer_ip && !peer_id && !ike && !ike_id)
        {
-               DBG1(DBG_CFG, "vici redirect all IKE_SAs to '%Y'", gateway);
+               return send_reply(this, "missing redirect selector");
        }
 
        sas = charon->controller->create_ike_sa_enumerator(charon->controller, TRUE);