diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2012-09-14 16:43:54 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2012-09-21 18:16:26 +0200 |
| commit | 090c556ce862e59eebdaea1c91c74ab561ac3d6e (patch) | |
| tree | f79cc546c4f5b66fa126ce251647050b266b4e62 | |
| parent | 940e1b0f66dc04b0853414c1f4c45fa3f6e33bdd (diff) | |
| download | strongswan-090c556ce862e59eebdaea1c91c74ab561ac3d6e.tar.bz2 strongswan-090c556ce862e59eebdaea1c91c74ab561ac3d6e.tar.xz | |
Drop packets received on ignored interfaces
| -rw-r--r-- | src/libcharon/network/receiver.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index b270d65df..143d46f0f 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -20,6 +20,7 @@ #include "receiver.h" +#include <hydra.h> #include <daemon.h> #include <network/socket.h> #include <processing/jobs/job.h> @@ -444,10 +445,19 @@ static job_requeue_t receive_packets(private_receiver_t *this) return JOB_REQUEUE_DIRECT; } - /* if neither source nor destination port is 500 we assume an IKE packet - * with Non-ESP marker or an ESP packet */ dst = packet->get_destination(packet); src = packet->get_source(packet); + if (!hydra->kernel_interface->get_interface(hydra->kernel_interface, + dst, NULL)) + { + DBG3(DBG_NET, "received packet from %#H to %#H on ignored interface", + src, dst); + packet->destroy(packet); + return JOB_REQUEUE_DIRECT; + } + + /* if neither source nor destination port is 500 we assume an IKE packet + * with Non-ESP marker or an ESP packet */ if (dst->get_port(dst) != IKEV2_UDP_PORT && src->get_port(src) != IKEV2_UDP_PORT) { |