From cdbbbfabea173894bd2fb5f28135a04ddc5e3fd7 Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@tinc-vpn.org>
Date: Fri, 18 Feb 2011 23:02:11 +0100
Subject: [PATCH] Fix spurious misidentification of incoming UDP packets.

When a UDP packet was received with an unknown source address/port, and if it
failed a HMAC check against known keys, it could still incorrectly assign that
UDP address to another node. This would temporarily cause outgoing UDP packets
to go to the wrong destination address, until packets from the correct address
were received again.
---
 src/net_packet.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/net_packet.c b/src/net_packet.c
index aef55342..13f13256 100644
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -575,6 +575,7 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
 	avl_node_t *node;
 	edge_t *e;
 	node_t *n = NULL;
+	bool hard = false;
 	static time_t last_hard_try = 0;
 
 	for(node = edge_weight_tree->head; node; node = node->next) {
@@ -583,12 +584,9 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
 		if(sockaddrcmp_noport(from, &e->address)) {
 			if(last_hard_try == now)
 				continue;
-			last_hard_try = now;
+			hard = true;
 		}
 
-		if(!n)
-			n = e->to;
-
 		if(!try_mac(e->to, pkt))
 			continue;
 
@@ -596,6 +594,9 @@ static node_t *try_harder(const sockaddr_t *from, const vpn_packet_t *pkt) {
 		break;
 	}
 
+	if(hard)
+		last_hard_try = now;
+
 	return n;
 }
 
-- 
2.20.1