farp: Ignore SAs with 0.0.0.0/0 remote traffic selector
This is mostly to avoid hijacking the local LAN if the farp plugin is inadvertently active on a roadwarrior. Fixes #3116.
This commit is contained in:
parent
202c204785
commit
7035340b21
|
@ -75,6 +75,8 @@ METHOD(listener_t, child_updown, bool,
|
|||
enumerator_t *enumerator;
|
||||
traffic_selector_t *ts;
|
||||
entry_t *entry;
|
||||
const chunk_t full_from = chunk_from_chars(0x00, 0x00, 0x00, 0x00),
|
||||
full_to = chunk_from_chars(0xff, 0xff, 0xff, 0xff);
|
||||
|
||||
if (up)
|
||||
{
|
||||
|
@ -91,6 +93,13 @@ METHOD(listener_t, child_updown, bool,
|
|||
{
|
||||
continue;
|
||||
}
|
||||
/* ignore 0.0.0.0/0 remote TS because we don't want to
|
||||
* reply to ARP requests for locally connected subnets */
|
||||
if (chunk_equals(ts->get_from_address(ts), full_from) &&
|
||||
chunk_equals(ts->get_to_address(ts), full_to))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
entry->remote->insert_last(entry->remote, ts->clone(ts));
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
|
|
Loading…
Reference in New Issue