From cb082d15eff3948f9bfbb4d43d48cdf8e4ee993e Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 10 Jul 2013 15:02:48 +0200 Subject: [PATCH] kernel-pfroute: Make sure source addresses are not virtual and usable It seems we sometimes get the virtual IP as source (with rightsubnet=0.0.0.0/0) even if the exclude route is already installed. Might be a timing issue because shortly afterwards the lookup seems to succeed. --- .../kernel_pfroute/kernel_pfroute_net.c | 24 +++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c index 0760513b8a..c1224cc983 100644 --- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -1519,12 +1519,28 @@ retry: } DBG1(DBG_KNL, "PF_ROUTE lookup failed: %s", strerror(errno)); } - - if (host) + if (!host) { - DBG2(DBG_KNL, "using %H as %s to reach %H", host, - nexthop ? "nexthop" : "address", dest); + return NULL; + } + if (!nexthop) + { /* make sure the source address is not virtual and usable */ + addr_entry_t *entry, lookup = { + .ip = host, + }; + + this->lock->read_lock(this->lock); + entry = this->addrs->get_match(this->addrs, &lookup, + (void*)addr_map_entry_match_up_and_usable); + this->lock->unlock(this->lock); + if (!entry) + { + host->destroy(host); + return NULL; + } } + DBG2(DBG_KNL, "using %H as %s to reach %H", host, + nexthop ? "nexthop" : "address", dest); return host; } -- 2.47.2