From dad6d904ee96a2411c4bfa30cc59f1451f6e13df Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 18 Sep 2012 17:55:38 +0200
Subject: Use source address in get_nexthop() call

Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.
---
 src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c')

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index ac9d9fe77..31ca71718 100644
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -2167,7 +2167,8 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
 		{
 			/* get the nexthop to src (src as we are in POLICY_FWD) */
 			route->gateway = hydra->kernel_interface->get_nexthop(
-										hydra->kernel_interface, ipsec->src);
+											hydra->kernel_interface, ipsec->src,
+											ipsec->dst);
 			/* install route via outgoing interface */
 			route->if_name = hydra->kernel_interface->get_interface(
 										hydra->kernel_interface, ipsec->dst);
-- 
cgit v1.2.3