From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 20 Jul 2020 14:20:24 +0000 (+0200)
Subject: kernel-netlink: Ignore deprecated candidate source addresses
X-Git-Tag: 5.9.1rc1~5
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=a689e358e52dcd0d20422ca333fbf6275cbfb307;p=thirdparty%2Fstrongswan.git

kernel-netlink: Ignore deprecated candidate source addresses

The currently used address may get deprecated e.g. if an IPv6 prefix changes.
In this case we should switch to another address.

Fixes #3511.
---

diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index 57a26b7deb..8d53326ea0 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -942,8 +942,9 @@ static host_t *get_matching_address(private_kernel_netlink_net_t *this,
 				{	/* optionally match a subnet */
 					continue;
 				}
-				if (candidate && candidate->ip_equals(candidate, addr->ip))
-				{	/* stop if we find the candidate */
+				if (candidate && candidate->ip_equals(candidate, addr->ip) &&
+					!(addr->flags & IFA_F_DEPRECATED))
+				{	/* stop if we find the candidate and it's not deprecated */
 					best = addr;
 					candidate_matched = TRUE;
 					break;