From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 29 Nov 2024 13:57:31 +0000 (+0100)
Subject: kernel-netlink: Don't fallback to peer address as gateway
X-Git-Tag: 6.0.1rc1~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f717bb5249caea550bc6e2baeb09ca309ad83b39;p=thirdparty%2Fstrongswan.git

kernel-netlink: Don't fallback to peer address as gateway

This doesn't really seem useful (perhaps it was before we started to
configure the outbound interface on our routes). And it can actually
cause the route installation to fail e.g. for routes over point-to-point
interfaces where we'd get "Error: Nexthop has invalid gateway" errors.

Closes strongswan/strongswan#2548
---

diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 416ae78116..7d49d73b4f 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -2075,10 +2075,6 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest,
 				*iface = get_interface_name_by_index(this, best->oif);
 			}
 		}
-		if (!addr && !match_net)
-		{	/* fallback to destination address */
-			addr = dest->clone(dest);
-		}
 	}
 	else
 	{