equal
deleted
inserted
replaced
104 // |
104 // |
105 // |
105 // |
106 TBool |
106 TBool |
107 CIPSecPolicyManagerHandler::CalculateCombinedPolicyBypassDropMode() |
107 CIPSecPolicyManagerHandler::CalculateCombinedPolicyBypassDropMode() |
108 { |
108 { |
|
109 LOG(Log::Printf(_L("CalculateCombinedPolicyBypassDropMode\n"))); |
|
110 |
109 // Combined mode is 'bypass_everything_else' by default |
111 // Combined mode is 'bypass_everything_else' by default |
110 TInt combinedMode(KInboundBypass | KOutboundBypass); |
112 TInt combinedMode(KInboundBypass | KOutboundBypass); |
111 |
113 |
112 // Iterate through the policy list to determine the combined mode |
114 // Iterate through the policy list to determine the combined mode |
113 TInt count(iActivePolicyList->Count()); |
115 TInt count(iActivePolicyList->Count()); |
145 // Save calculated Bypass/Drop mode for later use and return |
147 // Save calculated Bypass/Drop mode for later use and return |
146 // TRUE if mode changed. The saved mode is used when loading |
148 // TRUE if mode changed. The saved mode is used when loading |
147 // the combined policy into IPsec protocol component |
149 // the combined policy into IPsec protocol component |
148 TBool changed = (iBypassOrDropMode != combinedMode); |
150 TBool changed = (iBypassOrDropMode != combinedMode); |
149 iBypassOrDropMode = combinedMode; |
151 iBypassOrDropMode = combinedMode; |
|
152 LOG(Log::Printf(_L("combined policy mode %d\n"), iBypassOrDropMode)); |
150 return(changed); |
153 return(changed); |
151 } |
154 } |
152 |
155 |
153 // |
156 // |
154 // This function controls the checking of conflicts relating to the selectors |
157 // This function controls the checking of conflicts relating to the selectors |
325 if ((iFunction & KAddDhcpBypassSelectors) |
328 if ((iFunction & KAddDhcpBypassSelectors) |
326 && (remotePort == 67 || localPort == 68)) |
329 && (remotePort == 67 || localPort == 68)) |
327 { |
330 { |
328 continue; |
331 continue; |
329 } |
332 } |
|
333 //UMA support REQ 417-40027 |
|
334 //loading bypass policy with activated drop_mode policy. Above mentioned is only one way traffic. |
|
335 if ((iIPSecGANSupported) && (iFunction & KAddDhcpBypassSelectors) |
|
336 && (remotePort == 68 || localPort == 67)) |
|
337 { |
|
338 continue; |
|
339 } |
330 |
340 |
331 // Iterate to next selector if IKE bypass is requested and selector |
341 // Iterate to next selector if IKE bypass is requested and selector |
332 // contains ports utilized with IKE |
342 // contains ports utilized with IKE |
333 if ((iFunction & KAddIkeBypassSelectors) |
343 if ((iFunction & KAddIkeBypassSelectors) |
334 && (localPort == 500 || localPort == 4500)) |
344 && (localPort == 500 || localPort == 4500)) |
555 overlappingOccurs = |
565 overlappingOccurs = |
556 CheckAddressOverlapping(aPolicySelector->iRemote.Address(), |
566 CheckAddressOverlapping(aPolicySelector->iRemote.Address(), |
557 aPolicySelector->iRemoteMask.Address(), |
567 aPolicySelector->iRemoteMask.Address(), |
558 ps->iRemote.Address(), |
568 ps->iRemote.Address(), |
559 ps->iRemoteMask.Address()); |
569 ps->iRemoteMask.Address()); |
560 |
570 //UMA support |
|
571 TBool flag_exception = EFalse; |
|
572 if( iIPSecGANSupported ) |
|
573 { |
|
574 flag_exception = CheckException(); |
|
575 LOG(Log::Printf(_L("::CompareSelectorsL, exception policy is = %d\n"), flag_exception)); |
|
576 //Not performing overlapping because UMA loads with any to any selector. Now if any to any will result in |
|
577 //overlapping as 0.0.0.0 0.0.0.0 will encrypt every packet, which dont leads exceptions and overlapping as concern |
|
578 if(flag_exception ||iCurrentException ) |
|
579 { |
|
580 continue; |
|
581 } |
|
582 } |
|
583 |
561 if (overlappingOccurs) |
584 if (overlappingOccurs) |
562 { |
585 { |
563 err = ESelectorConflict; |
586 err = ESelectorConflict; |
564 |
587 |
565 // Overlapping addresses, check if all parameters match. If |
588 // Overlapping addresses, check if all parameters match. If |