Use source address in get_nexthop() call
authorTobias Brunner <tobias@strongswan.org>
Tue, 18 Sep 2012 15:55:38 +0000 (17:55 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 21 Sep 2012 16:16:25 +0000 (18:16 +0200)
Otherwise the nexthop returned might belong to a different route than
the one actually used with the current source address.

src/libhydra/kernel/kernel_interface.c
src/libhydra/kernel/kernel_interface.h
src/libhydra/kernel/kernel_net.h
src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c
src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c

index 0ee5e1a..90ed737 100644 (file)
@@ -269,13 +269,13 @@ METHOD(kernel_interface_t, get_source_addr, host_t*,
 }
 
 METHOD(kernel_interface_t, get_nexthop, host_t*,
-       private_kernel_interface_t *this, host_t *dest)
+       private_kernel_interface_t *this, host_t *dest, host_t *src)
 {
        if (!this->net)
        {
                return NULL;
        }
-       return this->net->get_nexthop(this->net, dest);
+       return this->net->get_nexthop(this->net, dest, src);
 }
 
 METHOD(kernel_interface_t, get_interface, char*,
index a17e8c6..338cf39 100644 (file)
@@ -282,7 +282,7 @@ struct kernel_interface_t {
         * Does a route lookup to get the source address used to reach dest.
         * The returned host is allocated and must be destroyed.
         * An optional src address can be used to check if a route is available
-        * for given source to dest.
+        * for the given source to dest.
         *
         * @param dest                  target destination address
         * @param src                   source address to check, or NULL
@@ -296,11 +296,13 @@ struct kernel_interface_t {
         *
         * Does a route lookup to get the next hop used to reach dest.
         * The returned host is allocated and must be destroyed.
+        * An optional src address can be used to check if a route is available
+        * for the given source to dest.
         *
         * @param dest                  target destination address
         * @return                              next hop address, NULL if unreachable
         */
-       host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest);
+       host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest, host_t *src);
 
        /**
         * Get the interface name of a local address.
index a89e768..a9b6fba 100644 (file)
@@ -42,7 +42,7 @@ struct kernel_net_t {
         * Does a route lookup to get the source address used to reach dest.
         * The returned host is allocated and must be destroyed.
         * An optional src address can be used to check if a route is available
-        * for given source to dest.
+        * for the given source to dest.
         *
         * @param dest                  target destination address
         * @param src                   source address to check, or NULL
@@ -55,11 +55,14 @@ struct kernel_net_t {
         *
         * Does a route lookup to get the next hop used to reach dest.
         * The returned host is allocated and must be destroyed.
+        * An optional src address can be used to check if a route is available
+        * for the given source to dest.
         *
         * @param dest                  target destination address
+        * @param src                   source address to check, or NULL
         * @return                              next hop address, NULL if unreachable
         */
-       host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest);
+       host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest, host_t *src);
 
        /**
         * Get the interface name of a local address.
index fa7f610..ac1122d 100644 (file)
@@ -2174,7 +2174,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
 
                /* get the nexthop to dst */
                route->gateway = hydra->kernel_interface->get_nexthop(
-                                                                                               hydra->kernel_interface, dst);
+                                                               hydra->kernel_interface, dst, route->src_ip);
                route->dst_net = chunk_clone(policy->dst.net->get_address(policy->dst.net));
                route->prefixlen = policy->dst.mask;
 
index ac9d9fe..31ca717 100644 (file)
@@ -2167,7 +2167,8 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
                {
                        /* get the nexthop to src (src as we are in POLICY_FWD) */
                        route->gateway = hydra->kernel_interface->get_nexthop(
-                                                                               hydra->kernel_interface, ipsec->src);
+                                                                                       hydra->kernel_interface, ipsec->src,
+                                                                                       ipsec->dst);
                        /* install route via outgoing interface */
                        route->if_name = hydra->kernel_interface->get_interface(
                                                                                hydra->kernel_interface, ipsec->dst);
index 287640b..ecd265d 100644 (file)
@@ -1443,9 +1443,9 @@ METHOD(kernel_net_t, get_source_addr, host_t*,
 }
 
 METHOD(kernel_net_t, get_nexthop, host_t*,
-       private_kernel_netlink_net_t *this, host_t *dest)
+       private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
 {
-       return get_route(this, dest, TRUE, NULL);
+       return get_route(this, dest, TRUE, src);
 }
 
 /**
index a562ddd..4ecb727 100644 (file)
@@ -2026,7 +2026,8 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this,
                {
                        /* get the nexthop to src (src as we are in POLICY_FWD).*/
                        route->gateway = hydra->kernel_interface->get_nexthop(
-                                                                               hydra->kernel_interface, ipsec->src);
+                                                                                       hydra->kernel_interface, ipsec->src,
+                                                                                       ipsec->dst);
                        /* install route via outgoing interface */
                        route->if_name = hydra->kernel_interface->get_interface(
                                                                                hydra->kernel_interface, ipsec->dst);
index 47e9b06..7f38a9d 100644 (file)
@@ -520,7 +520,7 @@ METHOD(kernel_net_t, get_source_addr, host_t*,
 }
 
 METHOD(kernel_net_t, get_nexthop, host_t*,
-       private_kernel_pfroute_net_t *this, host_t *dest)
+       private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
 {
        return NULL;
 }