kernel-pfroute: Make sure source addresses are not virtual and usable

It seems we sometimes get the virtual IP as source (with
rightsubnet=0.0.0.0/0) even if the exclude route is already
installed.  Might be a timing issue because shortly afterwards the
lookup seems to succeed.

1 files changed, 20 insertions, 4 deletions

diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index 0760513b8..c1224cc98 100644
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -1519,12 +1519,28 @@ retry:
 		}
 		DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno));
 	}
-
-	if (host)
+	if (!host)
 	{
-		DBG2(DBG_KNL, "using %H as %s to reach %H", host,
-			 nexthop ? "nexthop" : "address", dest);
+		return NULL;
+	}
+	if (!nexthop)
+	{	/* make sure the source address is not virtual and usable */
+		addr_entry_t *entry, lookup = {
+			.ip = host,
+		};
+
+		this->lock->read_lock(this->lock);
+		entry = this->addrs->get_match(this->addrs, &lookup,
+									(void*)addr_map_entry_match_up_and_usable);
+		this->lock->unlock(this->lock);
+		if (!entry)
+		{
+			host->destroy(host);
+			return NULL;
+		}
 	}
+	DBG2(DBG_KNL, "using %H as %s to reach %H", host,
+		 nexthop ? "nexthop" : "address", dest);
 	return host;
 }