equal
deleted
inserted
replaced
104 // |
104 // |
105 // |
105 // |
106 TBool |
106 TBool |
107 CIPSecPolicyManagerHandler::CalculateCombinedPolicyBypassDropMode() |
107 CIPSecPolicyManagerHandler::CalculateCombinedPolicyBypassDropMode() |
108 { |
108 { |
109 LOG(Log::Printf(_L("CalculateCombinedPolicyBypassDropMode\n"))); |
|
110 |
|
111 // Combined mode is 'bypass_everything_else' by default |
109 // Combined mode is 'bypass_everything_else' by default |
112 TInt combinedMode(KInboundBypass | KOutboundBypass); |
110 TInt combinedMode(KInboundBypass | KOutboundBypass); |
113 |
111 |
114 // Iterate through the policy list to determine the combined mode |
112 // Iterate through the policy list to determine the combined mode |
115 TInt count(iActivePolicyList->Count()); |
113 TInt count(iActivePolicyList->Count()); |
147 // Save calculated Bypass/Drop mode for later use and return |
145 // Save calculated Bypass/Drop mode for later use and return |
148 // TRUE if mode changed. The saved mode is used when loading |
146 // TRUE if mode changed. The saved mode is used when loading |
149 // the combined policy into IPsec protocol component |
147 // the combined policy into IPsec protocol component |
150 TBool changed = (iBypassOrDropMode != combinedMode); |
148 TBool changed = (iBypassOrDropMode != combinedMode); |
151 iBypassOrDropMode = combinedMode; |
149 iBypassOrDropMode = combinedMode; |
152 LOG(Log::Printf(_L("combined policy mode %d\n"), iBypassOrDropMode)); |
|
153 return(changed); |
150 return(changed); |
154 } |
151 } |
155 |
152 |
156 // |
153 // |
157 // This function controls the checking of conflicts relating to the selectors |
154 // This function controls the checking of conflicts relating to the selectors |
328 if ((iFunction & KAddDhcpBypassSelectors) |
325 if ((iFunction & KAddDhcpBypassSelectors) |
329 && (remotePort == 67 || localPort == 68)) |
326 && (remotePort == 67 || localPort == 68)) |
330 { |
327 { |
331 continue; |
328 continue; |
332 } |
329 } |
333 //UMA support REQ 417-40027 |
|
334 //loading bypass policy with activated drop_mode policy. Above mentioned is only one way traffic. |
|
335 if ((iIPSecGANSupported) && (iFunction & KAddDhcpBypassSelectors) |
|
336 && (remotePort == 68 || localPort == 67)) |
|
337 { |
|
338 continue; |
|
339 } |
|
340 |
330 |
341 // Iterate to next selector if IKE bypass is requested and selector |
331 // Iterate to next selector if IKE bypass is requested and selector |
342 // contains ports utilized with IKE |
332 // contains ports utilized with IKE |
343 if ((iFunction & KAddIkeBypassSelectors) |
333 if ((iFunction & KAddIkeBypassSelectors) |
344 && (localPort == 500 || localPort == 4500)) |
334 && (localPort == 500 || localPort == 4500)) |
565 overlappingOccurs = |
555 overlappingOccurs = |
566 CheckAddressOverlapping(aPolicySelector->iRemote.Address(), |
556 CheckAddressOverlapping(aPolicySelector->iRemote.Address(), |
567 aPolicySelector->iRemoteMask.Address(), |
557 aPolicySelector->iRemoteMask.Address(), |
568 ps->iRemote.Address(), |
558 ps->iRemote.Address(), |
569 ps->iRemoteMask.Address()); |
559 ps->iRemoteMask.Address()); |
570 //UMA support |
560 |
571 TBool flag_exception = EFalse; |
|
572 if( iIPSecGANSupported ) |
|
573 { |
|
574 flag_exception = CheckException(); |
|
575 LOG(Log::Printf(_L("::CompareSelectorsL, exception policy is = %d\n"), flag_exception)); |
|
576 //Not performing overlapping because UMA loads with any to any selector. Now if any to any will result in |
|
577 //overlapping as 0.0.0.0 0.0.0.0 will encrypt every packet, which dont leads exceptions and overlapping as concern |
|
578 if(flag_exception ||iCurrentException ) |
|
579 { |
|
580 continue; |
|
581 } |
|
582 } |
|
583 |
|
584 if (overlappingOccurs) |
561 if (overlappingOccurs) |
585 { |
562 { |
586 err = ESelectorConflict; |
563 err = ESelectorConflict; |
587 |
564 |
588 // Overlapping addresses, check if all parameters match. If |
565 // Overlapping addresses, check if all parameters match. If |