kernel-pfroute: Make sure source addresses are not virtual and usable
authorTobias Brunner <tobias@strongswan.org>
Wed, 10 Jul 2013 13:02:48 +0000 (15:02 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 17 Jul 2013 15:45:18 +0000 (17:45 +0200)
It seems we sometimes get the virtual IP as source (with
rightsubnet=0.0.0.0/0) even if the exclude route is already
installed.  Might be a timing issue because shortly afterwards the
lookup seems to succeed.

src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c

index 0760513..c1224cc 100644 (file)
@@ -1519,12 +1519,28 @@ retry:
                }
                DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno));
        }
-
-       if (host)
+       if (!host)
        {
-               DBG2(DBG_KNL, "using %H as %s to reach %H", host,
-                        nexthop ? "nexthop" : "address", dest);
+               return NULL;
+       }
+       if (!nexthop)
+       {       /* make sure the source address is not virtual and usable */
+               addr_entry_t *entry, lookup = {
+                       .ip = host,
+               };
+
+               this->lock->read_lock(this->lock);
+               entry = this->addrs->get_match(this->addrs, &lookup,
+                                                                       (void*)addr_map_entry_match_up_and_usable);
+               this->lock->unlock(this->lock);
+               if (!entry)
+               {
+                       host->destroy(host);
+                       return NULL;
+               }
        }
+       DBG2(DBG_KNL, "using %H as %s to reach %H", host,
+                nexthop ? "nexthop" : "address", dest);
        return host;
 }