If proxying to public IPs, skip link local sockets. Fixes #1148

author Alan T. DeKok <aland@freeradius.org>

Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)
author Alan T. DeKok <aland@freeradius.org>
Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)
diff --git a/src/lib/packet.c b/src/lib/packet.c

index 65c3bdfe3c4502d0575a53bcd3b63eddd5220eea..20c1897e9a6eb61c6541bb903a2ec8d77e07bad1 100644 (file)
--- a/src/lib/packet.c
+++ b/src/lib/packet.c
@@ -693,6 +693,15 @@ bool fr_packet_list_id_alloc(fr_packet_list_t *pl, int proto,
                 if ((request->src_port != 0) &&
                     (ps->src_port != request->src_port)) continue;
  
+               /*
+                *      We don't care about the source IP, but this
+                *      socket is link local, and the requested
+                *      destination is not link local.  Ignore it.
+                */
+               if (src_any && (ps->src_ipaddr.af == AF_INET) &&        
+                   (((ps->src_ipaddr.ipaddr.ip4addr.s_addr >> 24) & 0xff) == 127) &&
+                   (((request->dst_ipaddr.ipaddr.ip4addr.s_addr >> 24) & 0xff) != 127)) continue;
+
                 /*
                  *      We're sourcing from *, and they asked for a
                  *      specific source address: ignore it.
author	Alan T. DeKok <aland@freeradius.org>
	Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Thu, 16 Jul 2015 20:54:32 +0000 (16:54 -0400)