server messages

[hippotat.git] / server / slocal.rs

diff --git a/server/slocal.rs b/server/slocal.rs
index 56dd853ddfd41782654c83b422343db7ed6a6bda..130df23942b4c9de28d630aa9c7281635ff770e2 100644 (file)
--- a/server/slocal.rs
+++ b/server/slocal.rs
@@ -28,15 +28,30 @@ pub async fn run(global: Arc<Global>,
           goodness -= goodness >> GOODNESS_SHIFT;
 
           match checkn(SlipNoConv, global.config.mtu, &data, |header|{
-            // don't really check the addresses: trusting our local knrel
-            ip_packet_addr::<true>(header)
-          }, |(data, daddr)| route_packet(
-            &global, "ipif", None,
-            data, daddr, may_route.clone()
-          ).map(Ok), |pe| match pe {
-            PE::Empty => Ok(()),
+            let saddr = ip_packet_addr::<false>(header)?;
+            let daddr = ip_packet_addr::<true>(header)?;
+            Ok((saddr,daddr))
+          }, |(data, (saddr, daddr))| {
+            let global = &global;
+            let may_route = &may_route;
+            async move {
+              if ! global.config.vnetwork.iter().any(|n| n.contains(&saddr)) {
+                trace!( "ipif local discard outside-vnets saddr={:?}",
+                         saddr);
+                return Ok(())
+              }
+
+              route_packet(
+                &global, "ipif", None,
+                data, daddr, may_route.clone()
+              ).await;
+
+              Ok(())
+            }
+          }, |pe| Ok(match pe {
+            PE::Empty => { },
             other => throw!(other),
-          }).await {
+          })).await {
             Ok(()) => goodness += 1,
             Err(e) => {
               goodness -= 1;