From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 6 Jun 2016 14:20:34 +0000 (+0200)
Subject: kernel-pfkey: Also use interface returned by get_nexthop() for IPsec policies
X-Git-Tag: 5.5.0dr1~29^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50798628c5530ac3b35d3376cbfd89f326ac286f;p=thirdparty%2Fstrongswan.git

kernel-pfkey: Also use interface returned by get_nexthop() for IPsec policies

An exception is if the local address is virtual, in which case we want
the route to be via TUN device.
---

diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 82abc76fae..a5d3c0a4bf 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -2315,13 +2315,15 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
 	if (!dst->is_anyaddr(dst))
 	{
 		route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1,
-													 src, NULL);
+													 src, &route->if_name);
 
 		/* if the IP is virtual, we install the route over the interface it has
 		 * been installed on. Otherwise we use the interface we use for IKE, as
 		 * this is required for example on Linux. */
 		if (is_virtual)
 		{
+			free(route->if_name);
+			route->if_name = NULL;
 			src = route->src_ip;
 		}
 	}