kernel-netlink: Don't require an interface name for passthrough policies
authorTobias Brunner <tobias@strongswan.org>
Wed, 26 Feb 2020 15:53:06 +0000 (16:53 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 10 Mar 2020 09:26:42 +0000 (10:26 +0100)
src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c

index da22c0b..9d0c925 100644 (file)
@@ -2661,8 +2661,9 @@ static void install_route(private_kernel_netlink_ipsec_t *this,
                        iface = route->src_ip;
                }
                if (!charon->kernel->get_interface(charon->kernel, iface,
-                                                                                  &route->if_name))
-               {
+                                                                                  &route->if_name) &&
+                       !route->pass)
+               {       /* don't require an interface for passthrough policies */
                        route_entry_destroy(route);
                        return;
                }
index 24d93cc..e8e1f9c 100644 (file)
@@ -585,7 +585,7 @@ static job_requeue_t reinstall_routes(private_kernel_netlink_net_t *this)
                net_change_t *change, lookup = {
                        .if_name = route->if_name,
                };
-               if (route->pass)
+               if (route->pass || !route->if_name)
                {       /* no need to reinstall these, they don't reference interfaces */
                        continue;
                }