farp: Ignore SAs with 0.0.0.0/0 remote traffic selector

This is mostly to avoid hijacking the local LAN if the farp plugin is inadvertently active on a roadwarrior. Fixes #3116.
2019-11-26 17:43:57 +01:00 · 2019-11-26 17:43:57 +01:00 · 7035340b21
parent 202c204785
commit 7035340b21
1 changed files with 9 additions and 0 deletions
--- a/src/libcharon/plugins/farp/farp_listener.c
+++ b/src/libcharon/plugins/farp/farp_listener.c
@ -75,6 +75,8 @@ METHOD(listener_t, child_updown, bool,
 	enumerator_t *enumerator;
 	traffic_selector_t *ts;
 	entry_t *entry;
+	const chunk_t full_from = chunk_from_chars(0x00, 0x00, 0x00, 0x00),
+				  full_to   = chunk_from_chars(0xff, 0xff, 0xff, 0xff);

 	if (up)
 	{
@ -91,6 +93,13 @@ METHOD(listener_t, child_updown, bool,
 			{
 				continue;
 			}
+			/* ignore 0.0.0.0/0 remote TS because we don't want to
+			 * reply to ARP requests for locally connected subnets */
+			if (chunk_equals(ts->get_from_address(ts), full_from) &&
+				chunk_equals(ts->get_to_address(ts), full_to))
+			{
+				continue;
+			}
 			entry->remote->insert_last(entry->remote, ts->clone(ts));
 		}
 		enumerator->destroy(enumerator);