kernel-pfkey: Also use interface returned by get_nexthop() for IPsec policies
authorTobias Brunner <tobias@strongswan.org>
Mon, 6 Jun 2016 14:20:34 +0000 (16:20 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 10 Jun 2016 11:57:27 +0000 (13:57 +0200)
An exception is if the local address is virtual, in which case we want
the route to be via TUN device.

src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

index 82abc76..a5d3c0a 100644 (file)
@@ -2315,13 +2315,15 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
        if (!dst->is_anyaddr(dst))
        {
                route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1,
-                                                                                                        src, NULL);
+                                                                                                        src, &route->if_name);
 
                /* if the IP is virtual, we install the route over the interface it has
                 * been installed on. Otherwise we use the interface we use for IKE, as
                 * this is required for example on Linux. */
                if (is_virtual)
                {
+                       free(route->if_name);
+                       route->if_name = NULL;
                        src = route->src_ip;
                }
        }