AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2026-02-05 18:20:32 +03:00
Code Releases Activity

Add check to prevent Native NAT packets to host's own IP addresses

Browse Source 
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-02-05 08:21:46 +00:00
parent 2963142d2e
commit 55bfcb9a94
1 changed files with 90 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
src/Cedar/Virtual.c
View File

@ -1209,6 +1209,36 @@ void NnIcmpEchoRecvForInternet(VH *v, UINT src_ip, UINT dest_ip, void *data, UIN
return;
}
// Check if destination is the host's own IP address
// When Native NAT tries to send packets to the host's own IP, the OS routing
// may fail or behave unexpectedly. Drop such packets to avoid issues.
LIST *local_ip_list = GetHostIPAddressList();
if (local_ip_list != NULL)
{
UINT i;
bool is_host_ip = false;
IP dest_ip_obj;
UINTToIP(&dest_ip_obj, dest_ip);
for (i = 0; i < LIST_NUM(local_ip_list); i++)
{
IP *host_ip = LIST_DATA(local_ip_list, i);
if (IsIP4(host_ip) && CmpIpAddr(&dest_ip_obj, host_ip) == 0)
{
is_host_ip = true;
break;
}
}
FreeHostIPAddressList(local_ip_list);
if (is_host_ip)
{
// Destination is the host's own IP - drop the packet
return;
}
}
t = v->NativeNat;
old_icmp_header = (ICMP_HEADER *)icmp_data;
@ -1351,6 +1381,36 @@ void NnUdpRecvForInternet(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT
return;
}
// Check if destination is the host's own IP address
// When Native NAT tries to send packets to the host's own IP, the OS routing
// may fail or behave unexpectedly. Drop such packets to avoid issues.
LIST *local_ip_list = GetHostIPAddressList();
if (local_ip_list != NULL)
{
UINT i;
bool is_host_ip = false;
IP dest_ip_obj;
UINTToIP(&dest_ip_obj, dest_ip);
for (i = 0; i < LIST_NUM(local_ip_list); i++)
{
IP *host_ip = LIST_DATA(local_ip_list, i);
if (IsIP4(host_ip) && CmpIpAddr(&dest_ip_obj, host_ip) == 0)
{
is_host_ip = true;
break;
}
}
FreeHostIPAddressList(local_ip_list);
if (is_host_ip)
{
// Destination is the host's own IP - drop the packet
return;
}
}
t = v->NativeNat;
// Search whether there is an existing session
@ -1449,6 +1509,36 @@ void NnTcpRecvForInternet(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT
return;
}
// Check if destination is the host's own IP address
// When Native NAT tries to send packets to the host's own IP, the OS routing
// may fail or behave unexpectedly. Drop such packets to avoid issues.
LIST *local_ip_list = GetHostIPAddressList();
if (local_ip_list != NULL)
{
UINT i;
bool is_host_ip = false;
IP dest_ip_obj;
UINTToIP(&dest_ip_obj, dest_ip);
for (i = 0; i < LIST_NUM(local_ip_list); i++)
{
IP *host_ip = LIST_DATA(local_ip_list, i);
if (IsIP4(host_ip) && CmpIpAddr(&dest_ip_obj, host_ip) == 0)
{
is_host_ip = true;
break;
}
}
FreeHostIPAddressList(local_ip_list);
if (is_host_ip)
{
// Destination is the host's own IP - drop the packet
return;
}
}
t = v->NativeNat;
// Search whether there is an existing session