From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 14 Sep 2012 14:43:54 +0000 (+0200)
Subject: Drop packets received on ignored interfaces
X-Git-Tag: 5.0.1~66
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=090c556ce862e59eebdaea1c91c74ab561ac3d6e;p=thirdparty%2Fstrongswan.git

Drop packets received on ignored interfaces
---

diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index b270d65dfa..143d46f0f8 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -20,6 +20,7 @@
 
 #include "receiver.h"
 
+#include <hydra.h>
 #include <daemon.h>
 #include <network/socket.h>
 #include <processing/jobs/job.h>
@@ -444,10 +445,19 @@ static job_requeue_t receive_packets(private_receiver_t *this)
 		return JOB_REQUEUE_DIRECT;
 	}
 
-	/* if neither source nor destination port is 500 we assume an IKE packet
-	 * with Non-ESP marker or an ESP packet */
 	dst = packet->get_destination(packet);
 	src = packet->get_source(packet);
+	if (!hydra->kernel_interface->get_interface(hydra->kernel_interface,
+												dst, NULL))
+	{
+		DBG3(DBG_NET, "received packet from %#H to %#H on ignored interface",
+			 src, dst);
+		packet->destroy(packet);
+		return JOB_REQUEUE_DIRECT;
+	}
+
+	/* if neither source nor destination port is 500 we assume an IKE packet
+	 * with Non-ESP marker or an ESP packet */
 	if (dst->get_port(dst) != IKEV2_UDP_PORT &&
 		src->get_port(src) != IKEV2_UDP_PORT)
 	{