diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-03-11 19:09:54 +0100 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-06-10 13:57:27 +0200 |
| commit | 4ba5ea407bb8a4afc295d0fb3e80c8e1cff410bb (patch) | |
| tree | dae5e2b4e5a1a7ff61cc12d6a03f1ac4bb030b21 /src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c | |
| parent | 66e9165bc686b7b0328b0ffe1424620653a034b8 (diff) | |
| download | strongswan-4ba5ea407bb8a4afc295d0fb3e80c8e1cff410bb.tar.bz2 strongswan-4ba5ea407bb8a4afc295d0fb3e80c8e1cff410bb.tar.xz | |
kernel-netlink: Use interface to next hop for shunt policies
Using the source address to determine the interface is not correct for
net-to-net shunts between two interfaces on which the host has IP addresses
for each subnet.
Diffstat (limited to 'src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c')
| -rw-r--r-- | src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index be0756d6f..46f94bdb0 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -2335,19 +2335,22 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, /* get the interface to install the route for. If we have a local * address, use it. Otherwise (for shunt policies) use the - * routes source address. */ + * route's source address. */ iface = ipsec->dst; if (iface->is_anyaddr(iface)) { - iface = route->src_ip; - } - /* install route via outgoing interface */ - if (!charon->kernel->get_interface(charon->kernel, iface, - &route->if_name)) - { - policy_change_done(this, policy); - route_entry_destroy(route); - return SUCCESS; + iface = ipsec->dst; + if (iface->is_anyaddr(iface)) + { + iface = route->src_ip; + } + if (!charon->kernel->get_interface(charon->kernel, iface, + &route->if_name)) + { + policy_change_done(this, policy); + route_entry_destroy(route); + return SUCCESS; + } } if (policy->route) |