From 502ab3cfaa6493af8cda818bdb3eabb6cfb77a08 Mon Sep 17 00:00:00 2001
From: Arceliar <Arceliar@users.noreply.github.com>
Date: Fri, 19 Jan 2018 17:33:04 -0600
Subject: [PATCH] check that the source IP inside a packet matches the address
 or prefix for the session that transmitted it

---
 src/yggdrasil/router.go  | 15 ++++++++-------
 src/yggdrasil/session.go |  2 +-
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/yggdrasil/router.go b/src/yggdrasil/router.go
index 836293c..61f2560 100644
--- a/src/yggdrasil/router.go
+++ b/src/yggdrasil/router.go
@@ -149,21 +149,22 @@ func (r *router) sendPacket(bs []byte) {
 	}
 }
 
-func (r *router) recvPacket(bs []byte, theirAddr *address) {
-	// TODO pass their NodeID, check *that* instead
-	//  Or store their address in the session?...
+func (r *router) recvPacket(bs []byte, theirAddr *address, theirSubnet *subnet) {
+  // TODO? move this into the session?
 	//fmt.Println("Recv packet")
-	if theirAddr == nil {
-		panic("Should not happen ever")
-	}
 	if len(bs) < 24 {
+		util_putBytes(bs)
 		return
 	}
 	var source address
 	copy(source[:], bs[8:])
 	var snet subnet
 	copy(snet[:], bs[8:])
-	if !source.isValid() && !snet.isValid() {
+	switch {
+	case source.isValid() && source == *theirAddr:
+	case snet.isValid() && snet == *theirSubnet:
+	default:
+		util_putBytes(bs)
 		return
 	}
 	//go func() { r.recv<-bs }()
diff --git a/src/yggdrasil/session.go b/src/yggdrasil/session.go
index 3a0703c..913918f 100644
--- a/src/yggdrasil/session.go
+++ b/src/yggdrasil/session.go
@@ -373,5 +373,5 @@ func (sinfo *sessionInfo) doRecv(p *wire_trafficPacket) {
 	}
 	sinfo.updateNonce(&p.nonce)
 	sinfo.time = time.Now()
-	sinfo.core.router.recvPacket(bs, &sinfo.theirAddr)
+	sinfo.core.router.recvPacket(bs, &sinfo.theirAddr, &sinfo.theirSubnet)
 }