Mercurial > hg > freeDiameter
changeset 1203:92f33e5ecb77
Do not attempt connecting to addresses advertised by the remote peer during CER/CEA. This creates issues when e.g. local addresses are advertized. Diameter RFC specifies that these addresses are for the purpose of validating the incoming packets, which is not very useful considering we have reliable lower layer (TLS or IPsec).
| author | Sebastien Decugis <sdecugis@freediameter.net> |
|---|---|
| date | Fri, 14 Jun 2013 12:21:42 +0800 |
| parents | 40330b75c044 |
| children | a4cdde705f30 |
| files | libfdcore/p_cnx.c |
| diffstat | 1 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/libfdcore/p_cnx.c Fri Jun 14 12:19:58 2013 +0800 +++ b/libfdcore/p_cnx.c Fri Jun 14 12:21:42 2013 +0800 @@ -121,6 +121,10 @@ AF_INET)); } + /* We don't use the alternate addresses that were sent by the remote peer */ + CHECK_FCT( fd_ep_clearflags(&peer->p_hdr.info.pi_endpoints, EP_FL_ADV) ); + + /* Now check we have at least one address to attempt */ if (FD_IS_LIST_EMPTY(&peer->p_hdr.info.pi_endpoints)) { TRACE_DEBUG(INFO, "No address %savailable to connect to peer '%s', aborting",