diff --git a/src/yggdrasil/router.go b/src/yggdrasil/router.go index 0faf850b..e369d836 100644 --- a/src/yggdrasil/router.go +++ b/src/yggdrasil/router.go @@ -253,7 +253,7 @@ func (r *router) sendPacket(bs []byte) { // Called for incoming traffic by the session worker for that connection. // Checks that the IP address is correct (matches the session) and passes the packet to the tun/tap. -func (r *router) recvPacket(bs []byte, theirAddr *address, theirSubnet *subnet) { +func (r *router) recvPacket(bs []byte, sinfo *sessionInfo) { // Note: called directly by the session worker, not the router goroutine if len(bs) < 24 { util_putBytes(bs) @@ -264,11 +264,14 @@ func (r *router) recvPacket(bs []byte, theirAddr *address, theirSubnet *subnet) var snet subnet copy(snet[:], bs[8:]) switch { - case source.isValid() && source == *theirAddr: - case snet.isValid() && snet == *theirSubnet: + case source.isValid() && source == sinfo.theirAddr: + case snet.isValid() && snet == sinfo.theirSubnet: default: - util_putBytes(bs) - return + key, err := r.cryptokey.getPublicKeyForAddress(source) + if err != nil || key != sinfo.theirPermPub { + util_putBytes(bs) + return + } } //go func() { r.recv<-bs }() r.recv <- bs diff --git a/src/yggdrasil/session.go b/src/yggdrasil/session.go index 0bc27a12..0e587d52 100644 --- a/src/yggdrasil/session.go +++ b/src/yggdrasil/session.go @@ -589,5 +589,5 @@ func (sinfo *sessionInfo) doRecv(p *wire_trafficPacket) { sinfo.updateNonce(&p.Nonce) sinfo.time = time.Now() sinfo.bytesRecvd += uint64(len(bs)) - sinfo.core.router.recvPacket(bs, &sinfo.theirAddr, &sinfo.theirSubnet) + sinfo.core.router.recvPacket(bs, sinfo) }