Mercurial > hg > freeDiameter
comparison libfdcore/p_cnx.c @ 1203:92f33e5ecb77
Do not attempt connecting to addresses advertised by the remote peer during CER/CEA. This creates issues when e.g. local addresses are advertized. Diameter RFC specifies that these addresses are for the purpose of validating the incoming packets, which is not very useful considering we have reliable lower layer (TLS or IPsec).
| author | Sebastien Decugis <sdecugis@freediameter.net> |
|---|---|
| date | Fri, 14 Jun 2013 12:21:42 +0800 |
| parents | 8c4dd4b693c6 |
| children | 407e0a889c7e |
comparison
equal
deleted
inserted
replaced
| 1202:40330b75c044 | 1203:92f33e5ecb77 |
|---|---|
| 119 CHECK_FCT( fd_ep_filter_family( | 119 CHECK_FCT( fd_ep_filter_family( |
| 120 &peer->p_hdr.info.pi_endpoints, | 120 &peer->p_hdr.info.pi_endpoints, |
| 121 AF_INET)); | 121 AF_INET)); |
| 122 } | 122 } |
| 123 | 123 |
| 124 /* We don't use the alternate addresses that were sent by the remote peer */ | |
| 125 CHECK_FCT( fd_ep_clearflags(&peer->p_hdr.info.pi_endpoints, EP_FL_ADV) ); | |
| 126 | |
| 127 | |
| 124 /* Now check we have at least one address to attempt */ | 128 /* Now check we have at least one address to attempt */ |
| 125 if (FD_IS_LIST_EMPTY(&peer->p_hdr.info.pi_endpoints)) { | 129 if (FD_IS_LIST_EMPTY(&peer->p_hdr.info.pi_endpoints)) { |
| 126 TRACE_DEBUG(INFO, "No address %savailable to connect to peer '%s', aborting", | 130 TRACE_DEBUG(INFO, "No address %savailable to connect to peer '%s', aborting", |
| 127 peer->p_hdr.info.config.pic_flags.pro3 ? "in the configured family " : "", peer->p_hdr.info.pi_diamid); | 131 peer->p_hdr.info.config.pic_flags.pro3 ? "in the configured family " : "", peer->p_hdr.info.pi_diamid); |
| 128 fd_psm_terminate( peer, NULL ); | 132 fd_psm_terminate( peer, NULL ); |