--- a/networksecurity/ipsec/ipsecpol/src/ipsecpolmanconflict.cpp Thu Jul 15 20:25:02 2010 +0300
+++ b/networksecurity/ipsec/ipsecpol/src/ipsecpolmanconflict.cpp Thu Aug 19 11:25:30 2010 +0300
@@ -106,6 +106,8 @@
TBool
CIPSecPolicyManagerHandler::CalculateCombinedPolicyBypassDropMode()
{
+ LOG(Log::Printf(_L("CalculateCombinedPolicyBypassDropMode\n")));
+
// Combined mode is 'bypass_everything_else' by default
TInt combinedMode(KInboundBypass | KOutboundBypass);
@@ -147,6 +149,7 @@
// the combined policy into IPsec protocol component
TBool changed = (iBypassOrDropMode != combinedMode);
iBypassOrDropMode = combinedMode;
+ LOG(Log::Printf(_L("combined policy mode %d\n"), iBypassOrDropMode));
return(changed);
}
@@ -327,6 +330,13 @@
{
continue;
}
+ //UMA support REQ 417-40027
+ //loading bypass policy with activated drop_mode policy. Above mentioned is only one way traffic.
+ if ((iIPSecGANSupported) && (iFunction & KAddDhcpBypassSelectors)
+ && (remotePort == 68 || localPort == 67))
+ {
+ continue;
+ }
// Iterate to next selector if IKE bypass is requested and selector
// contains ports utilized with IKE
@@ -557,7 +567,20 @@
aPolicySelector->iRemoteMask.Address(),
ps->iRemote.Address(),
ps->iRemoteMask.Address());
-
+ //UMA support
+ TBool flag_exception = EFalse;
+ if( iIPSecGANSupported )
+ {
+ flag_exception = CheckException();
+ LOG(Log::Printf(_L("::CompareSelectorsL, exception policy is = %d\n"), flag_exception));
+ //Not performing overlapping because UMA loads with any to any selector. Now if any to any will result in
+ //overlapping as 0.0.0.0 0.0.0.0 will encrypt every packet, which dont leads exceptions and overlapping as concern
+ if(flag_exception ||iCurrentException )
+ {
+ continue;
+ }
+ }
+
if (overlappingOccurs)
{
err = ESelectorConflict;