From 9543a771dda78c57981ecd7f76e05f30e0f18377 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 20 Jun 2019 10:02:21 +0200 Subject: [PATCH] updown: Pass the local interface the traffic to the peer actually takes If the local IP is not on the interface the peer is reached through, firewall rules will be installed with the wrong interface. Fixes #3095. --- src/libcharon/plugins/updown/updown_listener.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c index 95d5cded44..c7ee7bf87e 100644 --- a/src/libcharon/plugins/updown/updown_listener.c +++ b/src/libcharon/plugins/updown/updown_listener.c @@ -289,7 +289,9 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa, config->get_name(config)); if (up) { - if (charon->kernel->get_interface(charon->kernel, me, &iface)) + host = charon->kernel->get_nexthop(charon->kernel, other, -1, me, + &iface); + if (host && iface) { cache_iface(this, child_sa->get_reqid(child_sa), iface); } @@ -297,6 +299,7 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa, { iface = NULL; } + DESTROY_IF(host); } else { -- 2.47.2