Drop packets received on ignored interfaces
authorTobias Brunner <tobias@strongswan.org>
Fri, 14 Sep 2012 14:43:54 +0000 (16:43 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 21 Sep 2012 16:16:26 +0000 (18:16 +0200)
src/libcharon/network/receiver.c

index b270d65..143d46f 100644 (file)
@@ -20,6 +20,7 @@
 
 #include "receiver.h"
 
 
 #include "receiver.h"
 
+#include <hydra.h>
 #include <daemon.h>
 #include <network/socket.h>
 #include <processing/jobs/job.h>
 #include <daemon.h>
 #include <network/socket.h>
 #include <processing/jobs/job.h>
@@ -444,10 +445,19 @@ static job_requeue_t receive_packets(private_receiver_t *this)
                return JOB_REQUEUE_DIRECT;
        }
 
                return JOB_REQUEUE_DIRECT;
        }
 
-       /* if neither source nor destination port is 500 we assume an IKE packet
-        * with Non-ESP marker or an ESP packet */
        dst = packet->get_destination(packet);
        src = packet->get_source(packet);
        dst = packet->get_destination(packet);
        src = packet->get_source(packet);
+       if (!hydra->kernel_interface->get_interface(hydra->kernel_interface,
+                                                                                               dst, NULL))
+       {
+               DBG3(DBG_NET, "received packet from %#H to %#H on ignored interface",
+                        src, dst);
+               packet->destroy(packet);
+               return JOB_REQUEUE_DIRECT;
+       }
+
+       /* if neither source nor destination port is 500 we assume an IKE packet
+        * with Non-ESP marker or an ESP packet */
        if (dst->get_port(dst) != IKEV2_UDP_PORT &&
                src->get_port(src) != IKEV2_UDP_PORT)
        {
        if (dst->get_port(dst) != IKEV2_UDP_PORT &&
                src->get_port(src) != IKEV2_UDP_PORT)
        {