let c = &global.config;
let len = packet.len();
let trace = |how: &str, why: &str| {
- trace!("{} {} {} {} {:?} len={}",
+ trace!("{} {} {} {} daddr={:?} len={}",
transport_conn,
match source {
Some(s) => (s as &dyn Display),
goodness -= goodness >> GOODNESS_SHIFT;
match checkn(SlipNoConv, global.config.mtu, &data, |header|{
- // don't really check the addresses: trusting our local knrel
- ip_packet_addr::<true>(header)
+ let saddr = ip_packet_addr::<false>(header)?;
+ let daddr = ip_packet_addr::<true>(header)?;
+ if ! global.config.vnetwork.iter().any(|n| n.contains(&saddr)) {
+ throw!(PE::Src(saddr))
+ }
+ Ok(daddr)
}, |(data, daddr)| route_packet(
&global, "ipif", None,
data, daddr, may_route.clone()
- ).map(Ok), |pe| match pe {
- PE::Empty => Ok(()),
+ ).map(Ok), |pe| Ok(match pe {
+ PE::Empty => { },
+ PE::Src(saddr) => trace!(
+ target: "hippotatd",
+ "ipif local discard outside-vnets saddr={:?}",
+ saddr
+ ),
other => throw!(other),
- }).await {
+ })).await {
Ok(()) => goodness += 1,
Err(e) => {
goodness -= 1;
// boundary, start, &comp.name, &client.ic);
let (reply_to, reply_recv) = oneshot::channel();
- trace!("{} {} request, Content-Length={}",
+ trace!(target: "hippotatd",
+ "{} {} request, Content-Length={}",
&conn, &client_name, length_hint);
let wreq = WebRequest {
initial,
~ian / hippotat.git / commitdiff