diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-09-18 17:55:38 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-09-21 18:16:25 +0200 |
| commit | dad6d904ee96a2411c4bfa30cc59f1451f6e13df (patch) | |
| tree | d8444ca189a4c39d06e3b595d16edd1be3c17b96 /src/libhydra/plugins | |
| parent | 662534657f4336b220ea10c17e6df2d422970ea3 (diff) | |
| download | strongswan-dad6d904ee96a2411c4bfa30cc59f1451f6e13df.tar.bz2 strongswan-dad6d904ee96a2411c4bfa30cc59f1451f6e13df.tar.xz | |
Use source address in get_nexthop() call
Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.
Diffstat (limited to 'src/libhydra/plugins')
5 files changed, 8 insertions, 6 deletions
diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c index fa7f6107c..ac1122d16 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c @@ -2174,7 +2174,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, /* get the nexthop to dst */ route->gateway = hydra->kernel_interface->get_nexthop( - hydra->kernel_interface, dst); + hydra->kernel_interface, dst, route->src_ip); route->dst_net = chunk_clone(policy->dst.net->get_address(policy->dst.net)); route->prefixlen = policy->dst.mask; diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index ac9d9fe77..31ca71718 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -2167,7 +2167,8 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, { /* get the nexthop to src (src as we are in POLICY_FWD) */ route->gateway = hydra->kernel_interface->get_nexthop( - hydra->kernel_interface, ipsec->src); + hydra->kernel_interface, ipsec->src, + ipsec->dst); /* install route via outgoing interface */ route->if_name = hydra->kernel_interface->get_interface( hydra->kernel_interface, ipsec->dst); diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c index 287640bfb..ecd265d06 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c @@ -1443,9 +1443,9 @@ METHOD(kernel_net_t, get_source_addr, host_t*, } METHOD(kernel_net_t, get_nexthop, host_t*, - private_kernel_netlink_net_t *this, host_t *dest) + private_kernel_netlink_net_t *this, host_t *dest, host_t *src) { - return get_route(this, dest, TRUE, NULL); + return get_route(this, dest, TRUE, src); } /** diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index a562dddaa..4ecb72731 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -2026,7 +2026,8 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, { /* get the nexthop to src (src as we are in POLICY_FWD).*/ route->gateway = hydra->kernel_interface->get_nexthop( - hydra->kernel_interface, ipsec->src); + hydra->kernel_interface, ipsec->src, + ipsec->dst); /* install route via outgoing interface */ route->if_name = hydra->kernel_interface->get_interface( hydra->kernel_interface, ipsec->dst); diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c index 47e9b068f..7f38a9dab 100644 --- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -520,7 +520,7 @@ METHOD(kernel_net_t, get_source_addr, host_t*, } METHOD(kernel_net_t, get_nexthop, host_t*, - private_kernel_pfroute_net_t *this, host_t *dest) + private_kernel_pfroute_net_t *this, host_t *dest, host_t *src) { return NULL; } |