Use source address in get_nexthop() call

Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.

2 files changed, 4 insertions, 3 deletions

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index ac9d9fe77..31ca71718 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -2167,7 +2167,8 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
 		{
 			/* get the nexthop to src (src as we are in POLICY_FWD) */
 			route->gateway = hydra->kernel_interface->get_nexthop(
-										hydra->kernel_interface, ipsec->src);
+											hydra->kernel_interface, ipsec->src,
+											ipsec->dst);
 			/* install route via outgoing interface */
 			route->if_name = hydra->kernel_interface->get_interface(
 										hydra->kernel_interface, ipsec->dst);
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index 287640bfb..ecd265d06 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1443,9 +1443,9 @@ METHOD(kernel_net_t, get_source_addr, host_t*,
 }
 
 METHOD(kernel_net_t, get_nexthop, host_t*,
-	private_kernel_netlink_net_t *this, host_t *dest)
+	private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
 {
-	return get_route(this, dest, TRUE, NULL);
+	return get_route(this, dest, TRUE, src);
 }
 
 /**