kernel-interface: get_address_by_ts() can tell if a returned IP is virtual

diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c
index 53b8324b72329933a3b54c4b18e2757ce7bcd9ee..290c25a62d06b0ea123b6d88638205f64d6b886e 100644 (file)
--- a/src/libhydra/kernel/kernel_interface.c
+++ b/src/libhydra/kernel/kernel_interface.c
@@ -415,7 +415,8 @@ METHOD(kernel_interface_t, all_interfaces_usable, bool,
 }
 
 METHOD(kernel_interface_t, get_address_by_ts, status_t,
-       private_kernel_interface_t *this, traffic_selector_t *ts, host_t **ip)
+       private_kernel_interface_t *this, traffic_selector_t *ts,
+       host_t **ip, bool *vip)
 {
        enumerator_t *addrs;
        host_t *host;
@@ -446,18 +447,41 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t,
        }
        host->destroy(host);
 
-       addrs = create_address_enumerator(this, ADDR_TYPE_ALL);
+       addrs = create_address_enumerator(this, ADDR_TYPE_VIRTUAL);
        while (addrs->enumerate(addrs, (void**)&host))
        {
                if (ts->includes(ts, host))
                {
                        found = TRUE;
                        *ip = host->clone(host);
+                       if (vip)
+                       {
+                               *vip = TRUE;
+                       }
                        break;
                }
        }
        addrs->destroy(addrs);
 
+       if (!found)
+       {
+               addrs = create_address_enumerator(this, ADDR_TYPE_REGULAR);
+               while (addrs->enumerate(addrs, (void**)&host))
+               {
+                       if (ts->includes(ts, host))
+                       {
+                               found = TRUE;
+                               *ip = host->clone(host);
+                               if (vip)
+                               {
+                                       *vip = FALSE;
+                               }
+                               break;
+                       }
+               }
+               addrs->destroy(addrs);
+       }
+
        if (!found)
        {
                DBG2(DBG_KNL, "no local address found in traffic selector %R", ts);

diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h
index 1d2253b9423aed1704bcc8ffdaab79f9ff75835d..f481043220d6bbd3cf548863d28839bf59dd4e55 100644 (file)
--- a/src/libhydra/kernel/kernel_interface.h
+++ b/src/libhydra/kernel/kernel_interface.h
@@ -451,10 +451,11 @@ struct kernel_interface_t {
         *
         * @param ts                    traffic selector
         * @param ip                    returned IP address (has to be destroyed)
+        * @param vip                   set to TRUE if returned address is a virtual IP
         * @return                              SUCCESS if address found
         */
        status_t (*get_address_by_ts)(kernel_interface_t *this,
-                                                                 traffic_selector_t *ts, host_t **ip);
+                                                                 traffic_selector_t *ts, host_t **ip, bool *vip);
 
        /**
         * Register an ipsec kernel interface constructor on the manager.

diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
index a120b3d00bcc6f8ea378eed8b2456252280f3f12..2d09d33cc81f2d94b4e08fc6222625fec31d1cf0 100644 (file)
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -2118,7 +2118,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
                        this->install_routes)
                {
                        hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface,
-                                                                                                          src_ts, &route->src_ip);
+                                                                                               src_ts, &route->src_ip, NULL);
                }
 
                if (!route->src_ip)

diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 9a2e9f8b427ed740de7ec495e95ab753c08bb485..b30c9533f17f604e7fe6e4415e81a43d689c2e8a 100644 (file)
--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -2102,7 +2102,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
                );
 
                if (hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface,
-                               fwd->dst_ts, &route->src_ip) == SUCCESS)
+                               fwd->dst_ts, &route->src_ip, NULL) == SUCCESS)
                {
                        /* get the nexthop to src (src as we are in POLICY_FWD) */
                        route->gateway = hydra->kernel_interface->get_nexthop(

diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 650e16ff10c1f520d91ae5e5001b1b51de0c94a5..5d059cf2be4dd8d1115fcafeb1473873939fe371 100644 (file)
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -1925,7 +1925,7 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
        host_t *host, *src, *dst;
 
        if (hydra->kernel_interface->get_address_by_ts(hydra->kernel_interface,
-                                                                                               in->dst_ts, &host) != SUCCESS)
+                                                                               in->dst_ts, &host, NULL) != SUCCESS)
        {
                return FALSE;
        }