Drop packets received on ignored interfaces

diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index b270d65dfaab66577a338f696fb17aa2d57fa38c..143d46f0f899a947a9f7bc6607cf1bcd5626aebb 100644 (file)
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -20,6 +20,7 @@
 
 #include "receiver.h"
 
+#include <hydra.h>
 #include <daemon.h>
 #include <network/socket.h>
 #include <processing/jobs/job.h>
@@ -444,10 +445,19 @@ static job_requeue_t receive_packets(private_receiver_t *this)
                return JOB_REQUEUE_DIRECT;
        }
 
-       /* if neither source nor destination port is 500 we assume an IKE packet
-        * with Non-ESP marker or an ESP packet */
        dst = packet->get_destination(packet);
        src = packet->get_source(packet);
+       if (!hydra->kernel_interface->get_interface(hydra->kernel_interface,
+                                                                                               dst, NULL))
+       {
+               DBG3(DBG_NET, "received packet from %#H to %#H on ignored interface",
+                        src, dst);
+               packet->destroy(packet);
+               return JOB_REQUEUE_DIRECT;
+       }
+
+       /* if neither source nor destination port is 500 we assume an IKE packet
+        * with Non-ESP marker or an ESP packet */
        if (dst->get_port(dst) != IKEV2_UDP_PORT &&
                src->get_port(src) != IKEV2_UDP_PORT)
        {