From dad6d904ee96a2411c4bfa30cc59f1451f6e13df Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Tue, 18 Sep 2012 17:55:38 +0200 Subject: Use source address in get_nexthop() call Otherwise the nexthop returned might belong to a different route than the one actually used with the current source address. --- src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c') diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c index fa7f6107c..ac1122d16 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c @@ -2174,7 +2174,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, /* get the nexthop to dst */ route->gateway = hydra->kernel_interface->get_nexthop( - hydra->kernel_interface, dst); + hydra->kernel_interface, dst, route->src_ip); route->dst_net = chunk_clone(policy->dst.net->get_address(policy->dst.net)); route->prefixlen = policy->dst.mask; -- cgit v1.2.3