From f22add05f6cccaae85eee4d99044d45f418b0989 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 26 Jun 2014 16:38:28 +0200 Subject: kernel-pfkey: Use address in TS to determine interface for shunt routes --- src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c') diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 5715476e1..e1a58aa94 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -2230,19 +2230,22 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, { route->gateway = hydra->kernel_interface->get_nexthop( hydra->kernel_interface, dst, -1, src); + + /* if the IP is virtual, we install the route over the interface it has + * been installed on. Otherwise we use the interface we use for IKE, as + * this is required for example on Linux. */ + if (is_virtual) + { + src = route->src_ip; + } } else { /* for shunt policies */ route->gateway = hydra->kernel_interface->get_nexthop( hydra->kernel_interface, policy->src.net, policy->src.mask, route->src_ip); - } - /* if the IP is virtual, we install the route over the interface it has - * been installed on. Otherwise we use the interface we use for IKE, as - * this is required for example on Linux. */ - if (is_virtual) - { + /* we don't have a source address, use the address we found */ src = route->src_ip; } -- cgit v1.2.3