If proxying to public IPs, skip link local sockets. Fixes #1148

author Alan T. DeKok <aland@freeradius.org>

Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)
author Alan T. DeKok <aland@freeradius.org>
Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)
diff --git a/src/lib/packet.c b/src/lib/packet.c

index 65c3bdf..20c1897 100644 (file)
--- a/src/lib/packet.c
+++ b/src/lib/packet.c
@@ -694,6 +694,15 @@ bool fr_packet_list_id_alloc(fr_packet_list_t *pl, int proto,
                     (ps->src_port != request->src_port)) continue;
  
                 /*
+                *      We don't care about the source IP, but this
+                *      socket is link local, and the requested
+                *      destination is not link local.  Ignore it.
+                */
+               if (src_any && (ps->src_ipaddr.af == AF_INET) &&        
+                   (((ps->src_ipaddr.ipaddr.ip4addr.s_addr >> 24) & 0xff) == 127) &&
+                   (((request->dst_ipaddr.ipaddr.ip4addr.s_addr >> 24) & 0xff) != 127)) continue;
+
+               /*
                  *      We're sourcing from *, and they asked for a
                  *      specific source address: ignore it.
                  */
author	Alan T. DeKok <aland@freeradius.org>
	Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)