Use source address in get_nexthop() call

Otherwise the nexthop returned might belong to a different route than the one actually used with the current source address.
author: Tobias Brunner <tobias@strongswan.org> 2012-09-18 17:55:38 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2012-09-21 18:16:25 +0200
commit: dad6d904ee96a2411c4bfa30cc59f1451f6e13df (patch)
tree: d8444ca189a4c39d06e3b595d16edd1be3c17b96 /src
parent: 662534657f4336b220ea10c17e6df2d422970ea3 (diff)
download: strongswan-dad6d904ee96a2411c4bfa30cc59f1451f6e13df.tar.bz2
strongswan-dad6d904ee96a2411c4bfa30cc59f1451f6e13df.tar.xz
8 files changed, 19 insertions, 12 deletions
diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index 0ee5e1a55..90ed73716 100644
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -269,13 +269,13 @@ METHOD(kernel_interface_t, get_source_addr, host_t*,
 }
 
 METHOD(kernel_interface_t, get_nexthop, host_t*,
-	private_kernel_interface_t *this, host_t *dest)
+	private_kernel_interface_t *this, host_t *dest, host_t *src)
 {
 	if (!this->net)
 	{
 		return NULL;
 	}
-	return this->net->get_nexthop(this->net, dest);
+	return this->net->get_nexthop(this->net, dest, src);
 }
 
 METHOD(kernel_interface_t, get_interface, char*,
diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index a17e8c6bb..338cf39af 100644
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -282,7 +282,7 @@ struct kernel_interface_t {
 	 * Does a route lookup to get the source address used to reach dest.
 	 * The returned host is allocated and must be destroyed.
 	 * An optional src address can be used to check if a route is available
-	 * for given source to dest.
+	 * for the given source to dest.
 	 *
 	 * @param dest			target destination address
 	 * @param src			source address to check, or NULL
@@ -296,11 +296,13 @@ struct kernel_interface_t {
 	 *
 	 * Does a route lookup to get the next hop used to reach dest.
 	 * The returned host is allocated and must be destroyed.
+	 * An optional src address can be used to check if a route is available
+	 * for the given source to dest.
 	 *
 	 * @param dest			target destination address
 	 * @return				next hop address, NULL if unreachable
 	 */
-	host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest);
+	host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest, host_t *src);
 
 	/**
 	 * Get the interface name of a local address.
diff --git a/src/libhydra/kernel/kernel_net.h b/src/libhydra/kernel/kernel_net.h
index a89e76804..a9b6fba50 100644
--- a/src/libhydra/kernel/kernel_net.h
+++ b/src/libhydra/kernel/kernel_net.h
@@ -42,7 +42,7 @@ struct kernel_net_t {
 	 * Does a route lookup to get the source address used to reach dest.
 	 * The returned host is allocated and must be destroyed.
 	 * An optional src address can be used to check if a route is available
-	 * for given source to dest.
+	 * for the given source to dest.
 	 *
 	 * @param dest			target destination address
 	 * @param src			source address to check, or NULL
@@ -55,11 +55,14 @@ struct kernel_net_t {
 	 *
 	 * Does a route lookup to get the next hop used to reach dest.
 	 * The returned host is allocated and must be destroyed.
+	 * An optional src address can be used to check if a route is available
+	 * for the given source to dest.
 	 *
 	 * @param dest			target destination address
+	 * @param src			source address to check, or NULL
 	 * @return				next hop address, NULL if unreachable
 	 */
-	host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest);
+	host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest, host_t *src);
 
 	/**
 	 * Get the interface name of a local address.
diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
index fa7f6107c..ac1122d16 100644
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -2174,7 +2174,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
 
 		/* get the nexthop to dst */
 		route->gateway = hydra->kernel_interface->get_nexthop(
-												hydra->kernel_interface, dst);
+								hydra->kernel_interface, dst, route->src_ip);
 		route->dst_net = chunk_clone(policy->dst.net->get_address(policy->dst.net));
 		route->prefixlen = policy->dst.mask;
 
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index ac9d9fe77..31ca71718 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -2167,7 +2167,8 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
 		{
 			/* get the nexthop to src (src as we are in POLICY_FWD) */
 			route->gateway = hydra->kernel_interface->get_nexthop(
-										hydra->kernel_interface, ipsec->src);
+											hydra->kernel_interface, ipsec->src,
+											ipsec->dst);
 			/* install route via outgoing interface */
 			route->if_name = hydra->kernel_interface->get_interface(
 										hydra->kernel_interface, ipsec->dst);
diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
index 287640bfb..ecd265d06 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1443,9 +1443,9 @@ METHOD(kernel_net_t, get_source_addr, host_t*,
 }
 
 METHOD(kernel_net_t, get_nexthop, host_t*,
-	private_kernel_netlink_net_t *this, host_t *dest)
+	private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
 {
-	return get_route(this, dest, TRUE, NULL);
+	return get_route(this, dest, TRUE, src);
 }
 
 /**
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index a562dddaa..4ecb72731 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -2026,7 +2026,8 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this,
 		{
 			/* get the nexthop to src (src as we are in POLICY_FWD).*/
 			route->gateway = hydra->kernel_interface->get_nexthop(
-										hydra->kernel_interface, ipsec->src);
+											hydra->kernel_interface, ipsec->src,
+											ipsec->dst);
 			/* install route via outgoing interface */
 			route->if_name = hydra->kernel_interface->get_interface(
 										hydra->kernel_interface, ipsec->dst);
diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
index 47e9b068f..7f38a9dab 100644
--- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
+++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c
@@ -520,7 +520,7 @@ METHOD(kernel_net_t, get_source_addr, host_t*,
 }
 
 METHOD(kernel_net_t, get_nexthop, host_t*,
-	private_kernel_pfroute_net_t *this, host_t *dest)
+	private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
 {
 	return NULL;
 }
author	Tobias Brunner <tobias@strongswan.org>	2012-09-18 17:55:38 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2012-09-21 18:16:25 +0200
commit	dad6d904ee96a2411c4bfa30cc59f1451f6e13df (patch)
tree	d8444ca189a4c39d06e3b595d16edd1be3c17b96 /src
parent	662534657f4336b220ea10c17e6df2d422970ea3 (diff)
download	strongswan-dad6d904ee96a2411c4bfa30cc59f1451f6e13df.tar.bz2 strongswan-dad6d904ee96a2411c4bfa30cc59f1451f6e13df.tar.xz