Browse Source

add dest ip restriction

wangyu- 8 years ago
parent
commit
12c65a4564
1 changed files with 11 additions and 0 deletions
  1. 11 0
      tun_dev.cpp

+ 11 - 0
tun_dev.cpp

@@ -293,6 +293,17 @@ int tun_dev_client_event_loop()
 					mylog(log_warn,"read from tun_fd return %d,errno=%s\n",len,strerror(errno));
 					continue;
 				}
+				if(len>=20)
+				{
+					u32_t dest_ip=htonl(read_u32(data+16));
+					if(  ( ntohl(sub_net_uint32)&0xFFFFFF00 ) !=  ( ntohl (dest_ip) &0xFFFFFF00) )
+					{
+						string sub=my_ntoa(dest_ip);
+						string dst=my_ntoa( htonl( ntohl (dest_ip) &0xFFFFFF00)   );
+						mylog(log_warn,"packet's dest ip [%s] not in subnet [%s],dropped\n", sub.c_str(), dst.c_str());
+						continue;
+					}
+				}
 
 				mylog(log_trace,"Received packet from tun,len: %d\n",len);