Fix spurious misidentification of incoming UDP packets.

When a UDP packet was received with an unknown source address/port, and if it
failed a HMAC check against known keys, it could still incorrectly assign that
UDP address to another node. This would temporarily cause outgoing UDP packets
to go to the wrong destination address, until packets from the correct address
were received again.

diff --git a/src/net_packet.c b/src/net_packet.c
index aef5534..13f1325 100644 (file)
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -575,6 +575,7 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
        avl_node_t *node;
        edge_t *e;
        node_t *n = NULL;
+       bool hard = false;
        static time_t last_hard_try = 0;
 
        for(node = edge_weight_tree->head; node; node = node->next) {
@@ -583,12 +584,9 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
                if(sockaddrcmp_noport(from, &e->address)) {
                        if(last_hard_try == now)
                                continue;
-                       last_hard_try = now;
+                       hard = true;
                }
 
-               if(!n)
-                       n = e->to;
-
                if(!try_mac(e->to, pkt))
                        continue;
 
@@ -596,6 +594,9 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
                break;
        }
 
+       if(hard)
+               last_hard_try = now;
+
        return n;
 }