From: Mathias Hall-Andersen <mathias@hall-andersen.dk>
Date: Mon, 31 Jul 2017 20:26:55 +0000 (+0200)
Subject: Verify source address
X-Git-Tag: 0.0.20180514~130
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7a49b8b8c43d92fd601d32b2f5130d2dabbc748;p=thirdparty%2Fwireguard-go.git

Verify source address
---

diff --git a/src/receive.go b/src/receive.go
index c74211b..700b894 100644
--- a/src/receive.go
+++ b/src/receive.go
@@ -508,8 +508,8 @@ func (peer *Peer) RoutineSequentialReceiver() {
 
 				// verify IPv4 source
 
-				dst := elem.packet[IPv4offsetDst : IPv4offsetDst+net.IPv4len]
-				if device.routingTable.LookupIPv4(dst) != peer {
+				src := elem.packet[IPv4offsetSrc : IPv4offsetSrc+net.IPv4len]
+				if device.routingTable.LookupIPv4(src) != peer {
 					logInfo.Println("Packet with unallowed source IP from", peer.String())
 					return
 				}
@@ -529,8 +529,8 @@ func (peer *Peer) RoutineSequentialReceiver() {
 
 				// verify IPv6 source
 
-				dst := elem.packet[IPv6offsetDst : IPv6offsetDst+net.IPv6len]
-				if device.routingTable.LookupIPv6(dst) != peer {
+				src := elem.packet[IPv6offsetSrc : IPv6offsetSrc+net.IPv6len]
+				if device.routingTable.LookupIPv6(src) != peer {
 					logInfo.Println("Packet with unallowed source IP from", peer.String())
 					return
 				}