From 5be75c2cb189265d6263c124297b2fa3467694d9 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@strongswan.org>
Date: Tue, 24 Nov 2009 14:10:18 +0100
Subject: Added support for IPv6 source route installation

---
 .../plugins/kernel_netlink/kernel_netlink_ipsec.c  | 28 +++++++++++++++-------
 1 file changed, 19 insertions(+), 9 deletions(-)

(limited to 'src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c')

diff --git a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 51a9ea31d..12e20ebec 100644
--- a/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/charon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -260,7 +260,7 @@ static void route_entry_destroy(route_entry_t *this)
 {
 	free(this->if_name);
 	this->src_ip->destroy(this->src_ip);
-	this->gateway->destroy(this->gateway);
+	DESTROY_IF(this->gateway);
 	chunk_free(&this->dst_net);
 	free(this);
 }
@@ -1661,24 +1661,34 @@ static status_t add_policy(private_kernel_netlink_ipsec_t *this,
 	 * - we are NOT updating a policy
 	 * - this is a forward policy (to just get one for each child)
 	 * - we are in tunnel mode
-	 * - we are not using IPv6 (does not work correctly yet!)
 	 * - routing is not disabled via strongswan.conf
 	 */
 	if (policy->route == NULL && direction == POLICY_FWD &&
-		mode != MODE_TRANSPORT && src->get_family(src) != AF_INET6 &&
-		this->install_routes)
+		mode != MODE_TRANSPORT && this->install_routes)
 	{
 		route_entry_t *route = malloc_thing(route_entry_t);
 
 		if (charon->kernel_interface->get_address_by_ts(charon->kernel_interface,
 				dst_ts, &route->src_ip) == SUCCESS)
 		{
-			/* get the nexthop to src (src as we are in POLICY_FWD).*/
-			route->gateway = charon->kernel_interface->get_nexthop(
+			if (policy->sel.family == AF_INET)
+			{
+				/* get the nexthop to src (src as we are in POLICY_FWD).*/
+				route->gateway = charon->kernel_interface->get_nexthop(
 									charon->kernel_interface, src);
-			route->if_name = charon->kernel_interface->get_interface(
-									charon->kernel_interface, dst);
-			route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16);
+				/* for IPv4, the route is installed on the outgoing interface */
+				route->if_name = charon->kernel_interface->get_interface(
+												charon->kernel_interface, dst);
+				route->dst_net = chunk_alloc(4);
+			}
+			else
+			{
+				route->gateway = NULL;
+				/* for IPv6, it is on the interface with our source address */
+				route->if_name = charon->kernel_interface->get_interface(
+										charon->kernel_interface, route->src_ip);
+				route->dst_net = chunk_alloc(16);
+			}
 			memcpy(route->dst_net.ptr, &policy->sel.saddr, route->dst_net.len);
 			route->prefixlen = policy->sel.prefixlen_s;
 
-- 
cgit v1.2.3