Merge branch 'vip-shunts'
authorMartin Willi <martin@revosec.ch>
Fri, 1 Mar 2013 10:30:13 +0000 (11:30 +0100)
committerMartin Willi <martin@revosec.ch>
Fri, 1 Mar 2013 10:30:13 +0000 (11:30 +0100)
Installs bypass policies for the physical address if a virtual address is
assigned, and installs a proper source route to actually use the physical
address for bypassed destinations.

Conflicts:
src/libcharon/plugins/unity/unity_handler.c

1  2 
src/libcharon/plugins/unity/unity_handler.c
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c

@@@ -187,13 -186,16 +186,18 @@@ static job_requeue_t add_exclude_async(
                                                                         FALSE, 0, 0, NULL, NULL, FALSE);
                child_cfg->add_traffic_selector(child_cfg, FALSE,
                                                                                entry->ts->clone(entry->ts));
 -                              traffic_selector_create_from_subnet(host->clone(host), 32, 0, 0));
+               host = ike_sa->get_my_host(ike_sa);
+               child_cfg->add_traffic_selector(child_cfg, TRUE,
++                              traffic_selector_create_from_subnet(host->clone(host),
++                                                                                                      32, 0, 0, 65535));
+               charon->ike_sa_manager->checkin(charon->ike_sa_manager, ike_sa);
                enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, TRUE);
                while (enumerator->enumerate(enumerator, &host))
                {
-                       has_vip = TRUE;
                        child_cfg->add_traffic_selector(child_cfg, TRUE,
 -                              traffic_selector_create_from_subnet(host->clone(host), 32, 0, 0));
 +                              traffic_selector_create_from_subnet(host->clone(host),
 +                                                                                                      32, 0, 0, 65535));
                }
                enumerator->destroy(enumerator);