kernel-interface: Add destination prefix to get_nexthop()

This allows to determine the next hop to reach a subnet, for instance, when
installing routes for shunt policies.

src/libcharon/plugins/kernel_iph/kernel_iph_net.c

@@ -562,7 +562,7 @@ METHOD(kernel_net_t, get_source_addr, host_t*,
 }
 
 METHOD(kernel_net_t, get_nexthop, host_t*,
-	private_kernel_iph_net_t *this, host_t *dest, host_t *src)
+	private_kernel_iph_net_t *this, host_t *dest, int prefix, host_t *src)
 {
 	MIB_IPFORWARD_ROW2 route;
 	SOCKADDR_INET best, *sai_dst, *sai_src = NULL;

src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c

@@ -314,7 +314,7 @@ static void add_exclude_route(private_kernel_libipsec_ipsec_t *this,
 	{
 		DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src);
 		gtw = hydra->kernel_interface->get_nexthop(hydra->kernel_interface,
-												   dst, NULL);
+												   dst, -1, NULL);
 		if (gtw)
 		{
 			char *if_name = NULL;
@@ -445,7 +445,7 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
 #ifndef __linux__
 	/* on Linux we cant't install a gateway */
 	route->gateway = hydra->kernel_interface->get_nexthop(
-											hydra->kernel_interface, dst, src);
+										hydra->kernel_interface, dst, -1, src);
 #endif
 
 	if (policy->route)

src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c

@@ -1348,7 +1348,7 @@ static bool manage_route(private_kernel_wfp_ipsec_t *this,
 		return FALSE;
 	}
 	gtw = hydra->kernel_interface->get_nexthop(hydra->kernel_interface,
-											   remote, local);
+											   remote, -1, local);
 	if (add)
 	{
 		done = install_route(this, dst, mask, src, gtw);

src/libhydra/kernel/kernel_interface.c

@@ -302,13 +302,13 @@ METHOD(kernel_interface_t, get_source_addr, host_t*,
 }
 
 METHOD(kernel_interface_t, get_nexthop, host_t*,
-	private_kernel_interface_t *this, host_t *dest, host_t *src)
+	private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src)
 {
 	if (!this->net)
 	{
 		return NULL;
 	}
-	return this->net->get_nexthop(this->net, dest, src);
+	return this->net->get_nexthop(this->net, dest, prefix, src);
 }
 
 METHOD(kernel_interface_t, get_interface, bool,

src/libhydra/kernel/kernel_interface.h

@@ -330,9 +330,12 @@ struct kernel_interface_t {
 	 * for the given source to dest.
 	 *
 	 * @param dest			target destination address
+	 * @param prefix		prefix length if dest is a subnet, -1 for auto
+	 * @param src			source address to check, or NULL
 	 * @return				next hop address, NULL if unreachable
 	 */
-	host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest, host_t *src);
+	host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest,
+						   int prefix, host_t *src);
 
 	/**
 	 * Get the interface name of a local address. Interfaces that are down or

src/libhydra/kernel/kernel_net.h

@@ -86,10 +86,12 @@ struct kernel_net_t {
 	 * for the given source to dest.
 	 *
 	 * @param dest			target destination address
+	 * @param prefix		prefix length if dest is a subnet, -1 for auto
 	 * @param src			source address to check, or NULL
 	 * @return				next hop address, NULL if unreachable
 	 */
-	host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest, host_t *src);
+	host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest, int prefix,
+						   host_t *src);
 
 	/**
 	 * Get the interface name of a local address. Interfaces that are down or

src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c

@@ -2137,7 +2137,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this,
 			/* get the nexthop to src (src as we are in POLICY_FWD) */
 			route->gateway = hydra->kernel_interface->get_nexthop(
 											hydra->kernel_interface, ipsec->src,
-											ipsec->dst);
+											-1, ipsec->dst);
 			route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16);
 			memcpy(route->dst_net.ptr, &policy->sel.saddr, route->dst_net.len);
 

src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c

@@ -1818,7 +1818,7 @@ METHOD(kernel_net_t, get_source_addr, host_t*,
 }
 
 METHOD(kernel_net_t, get_nexthop, host_t*,
-	private_kernel_netlink_net_t *this, host_t *dest, host_t *src)
+	private_kernel_netlink_net_t *this, host_t *dest, int prefix, host_t *src)
 {
 	return get_route(this, dest, TRUE, src, 0);
 }

src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

@@ -2112,7 +2112,7 @@ static void add_exclude_route(private_kernel_pfkey_ipsec_t *this,
 	{
 		DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src);
 		gtw = hydra->kernel_interface->get_nexthop(hydra->kernel_interface,
-												   dst, NULL);
+												   dst, -1, NULL);
 		if (gtw)
 		{
 			char *if_name = NULL;
@@ -2224,7 +2224,7 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
 		.prefixlen = policy->src.mask,
 		.src_ip = host,
 		.gateway = hydra->kernel_interface->get_nexthop(
-											hydra->kernel_interface, dst, src),
+										hydra->kernel_interface, dst, -1, src),
 		.dst_net = chunk_clone(policy->src.net->get_address(policy->src.net)),
 	);
 

src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c

@@ -1612,7 +1612,7 @@ METHOD(kernel_net_t, get_source_addr, host_t*,
 }
 
 METHOD(kernel_net_t, get_nexthop, host_t*,
-	private_kernel_pfroute_net_t *this, host_t *dest, host_t *src)
+	private_kernel_pfroute_net_t *this, host_t *dest, int prefix, host_t *src)
 {
 	return get_route(this, TRUE, dest, src);
 }