From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 16 Jul 2015 20:54:32 +0000 (-0400)
Subject: If proxying to public IPs, skip link local sockets.  Fixes #1148
X-Git-Tag: release_3_0_10~327
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e53eb89cbfc107546b94ad7721e1c61175e9503;p=thirdparty%2Ffreeradius-server.git

If proxying to public IPs, skip link local sockets.  Fixes #1148
---

diff --git a/src/lib/packet.c b/src/lib/packet.c
index 65c3bdfe3c4..20c1897e9a6 100644
--- a/src/lib/packet.c
+++ b/src/lib/packet.c
@@ -693,6 +693,15 @@ bool fr_packet_list_id_alloc(fr_packet_list_t *pl, int proto,
 		if ((request->src_port != 0) &&
 		    (ps->src_port != request->src_port)) continue;
 
+		/*
+		 *	We don't care about the source IP, but this
+		 *	socket is link local, and the requested
+		 *	destination is not link local.  Ignore it.
+		 */
+		if (src_any && (ps->src_ipaddr.af == AF_INET) &&	
+		    (((ps->src_ipaddr.ipaddr.ip4addr.s_addr >> 24) & 0xff) == 127) &&
+		    (((request->dst_ipaddr.ipaddr.ip4addr.s_addr >> 24) & 0xff) != 127)) continue;
+
 		/*
 		 *	We're sourcing from *, and they asked for a
 		 *	specific source address: ignore it.