diff options
author | Tobias Brunner <tobias@strongswan.org> | 2013-07-10 15:02:48 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2013-07-17 17:45:18 +0200 |
commit | cb082d15eff3948f9bfbb4d43d48cdf8e4ee993e (patch) | |
tree | e36f4f9e1f3d4ff8f318fdd2139e7afc86913430 /src/libhydra | |
parent | 527663d6b6f3e9d7ca76869771a758491a5692c2 (diff) | |
download | strongswan-cb082d15eff3948f9bfbb4d43d48cdf8e4ee993e.tar.bz2 strongswan-cb082d15eff3948f9bfbb4d43d48cdf8e4ee993e.tar.xz |
kernel-pfroute: Make sure source addresses are not virtual and usable
It seems we sometimes get the virtual IP as source (with
rightsubnet=0.0.0.0/0) even if the exclude route is already
installed. Might be a timing issue because shortly afterwards the
lookup seems to succeed.
Diffstat (limited to 'src/libhydra')
-rw-r--r-- | src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c index 0760513b8..c1224cc98 100644 --- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -1519,12 +1519,28 @@ retry: } DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno)); } - - if (host) + if (!host) { - DBG2(DBG_KNL, "using %H as %s to reach %H", host, - nexthop ? "nexthop" : "address", dest); + return NULL; + } + if (!nexthop) + { /* make sure the source address is not virtual and usable */ + addr_entry_t *entry, lookup = { + .ip = host, + }; + + this->lock->read_lock(this->lock); + entry = this->addrs->get_match(this->addrs, &lookup, + (void*)addr_map_entry_match_up_and_usable); + this->lock->unlock(this->lock); + if (!entry) + { + host->destroy(host); + return NULL; + } } + DBG2(DBG_KNL, "using %H as %s to reach %H", host, + nexthop ? "nexthop" : "address", dest); return host; } |