diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2016-06-10 18:15:42 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-06-10 18:15:42 +0200 |
| commit | 96b1fab53ce7f7b4b6c5e2a0bb85c3f3f14be62c (patch) | |
| tree | 1b19c6494e2142a8faacd3c87c8cb67e67d03fc4 /src/libcharon/plugins/kernel_pfroute | |
| parent | 436f64d5bcc3946387dd95265d83d8764fe37797 (diff) | |
| parent | b52e540f43c8a97ea3343e12a1cc33b6dc3d3fbc (diff) | |
| download | strongswan-96b1fab53ce7f7b4b6c5e2a0bb85c3f3f14be62c.tar.bz2 strongswan-96b1fab53ce7f7b4b6c5e2a0bb85c3f3f14be62c.tar.xz | |
Merge branch 'interface-for-routes'
Changes how the interface for routes installed with policies is
determined. In most cases we now use the interface over which we reach the
other peer, not the interface on which the local address (or the source IP) is
installed. However, that might be the same interface depending on the
configuration (i.e. in practice there will often not be a change).
Routes are not installed anymore for drop policies and for policies with
protocol/port selectors.
Fixes #809, #824, #1347.
Diffstat (limited to 'src/libcharon/plugins/kernel_pfroute')
| -rw-r--r-- | src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c index 5ab39bbfe..236e3417f 100644 --- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009-2013 Tobias Brunner + * Copyright (C) 2009-2016 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -1533,7 +1533,7 @@ METHOD(kernel_net_t, del_route, status_t, * address. */ static host_t *get_route(private_kernel_pfroute_net_t *this, bool nexthop, - host_t *dest, host_t *src) + host_t *dest, host_t *src, char **iface) { struct { struct rt_msghdr hdr; @@ -1612,6 +1612,15 @@ retry: host = gtw; } } + if (type == RTAX_IFP && addr->sa_family == AF_LINK) + { + struct sockaddr_dl *sdl = (struct sockaddr_dl*)addr; + if (iface) + { + free(*iface); + *iface = strndup(sdl->sdl_data, sdl->sdl_nlen); + } + } } else { @@ -1680,13 +1689,18 @@ retry: METHOD(kernel_net_t, get_source_addr, host_t*, private_kernel_pfroute_net_t *this, host_t *dest, host_t *src) { - return get_route(this, FALSE, dest, src); + return get_route(this, FALSE, dest, src, NULL); } METHOD(kernel_net_t, get_nexthop, host_t*, - private_kernel_pfroute_net_t *this, host_t *dest, int prefix, host_t *src) + private_kernel_pfroute_net_t *this, host_t *dest, int prefix, host_t *src, + char **iface) { - return get_route(this, TRUE, dest, src); + if (iface) + { + *iface = NULL; + } + return get_route(this, TRUE, dest, src, iface); } /** |