wip server

[hippotat.git] / server / slocal.rs

diff --git a/server/slocal.rs b/server/slocal.rs
index 56dd853ddfd41782654c83b422343db7ed6a6bda..09e6aba82cbdf0813a202d5b1c86c499c8eff3ff 100644 (file)
--- a/server/slocal.rs
+++ b/server/slocal.rs
@@ -28,15 +28,24 @@ pub async fn run(global: Arc<Global>,
           goodness -= goodness >> GOODNESS_SHIFT;
 
           match checkn(SlipNoConv, global.config.mtu, &data, |header|{
-            // don't really check the addresses: trusting our local knrel
-            ip_packet_addr::<true>(header)
+            let saddr = ip_packet_addr::<false>(header)?;
+            let daddr = ip_packet_addr::<true>(header)?;
+            if ! global.config.vnetwork.iter().any(|n| n.contains(&saddr)) {
+              throw!(PE::Src(saddr))
+            }
+            Ok(daddr)
           }, |(data, daddr)| route_packet(
             &global, "ipif", None,
             data, daddr, may_route.clone()
-          ).map(Ok), |pe| match pe {
-            PE::Empty => Ok(()),
+          ).map(Ok), |pe| Ok(match pe {
+            PE::Empty => { },
+            PE::Src(saddr) => trace!(
+              target: "hippotatd",
+              "ipif local discard outside-vnets saddr={:?}",
+              saddr
+            ),
             other => throw!(other),
-          }).await {
+          })).await {
             Ok(()) => goodness += 1,
             Err(e) => {
               goodness -= 1;