diff options
Diffstat (limited to 'src/plugins/wireguard')
-rw-r--r-- | src/plugins/wireguard/wireguard_input.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/src/plugins/wireguard/wireguard_input.c b/src/plugins/wireguard/wireguard_input.c index 22850b832b4..f4d9132d948 100644 --- a/src/plugins/wireguard/wireguard_input.c +++ b/src/plugins/wireguard/wireguard_input.c @@ -837,8 +837,11 @@ wg_input_inline (vlib_main_t *vm, vlib_node_runtime_t *node, if (PREDICT_FALSE (peer_idx && (last_peer_time_idx != peer_idx))) { - wg_peer_update_endpoint_from_mt (*peer_idx, &out_src_ip, - out_udp_src_port); + if (PREDICT_FALSE ( + !ip46_address_is_equal (&peer->dst.addr, &out_src_ip) || + peer->dst.port != out_udp_src_port)) + wg_peer_update_endpoint_from_mt (*peer_idx, &out_src_ip, + out_udp_src_port); wg_timers_any_authenticated_packet_received_opt (peer, time); wg_timers_any_authenticated_packet_traversal (peer); last_peer_time_idx = peer_idx; @@ -970,8 +973,11 @@ wg_input_post (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame, if (PREDICT_FALSE (peer_idx && (last_peer_time_idx != peer_idx))) { - wg_peer_update_endpoint_from_mt (*peer_idx, &out_src_ip, - out_udp_src_port); + if (PREDICT_FALSE ( + !ip46_address_is_equal (&peer->dst.addr, &out_src_ip) || + peer->dst.port != out_udp_src_port)) + wg_peer_update_endpoint_from_mt (*peer_idx, &out_src_ip, + out_udp_src_port); wg_timers_any_authenticated_packet_received_opt (peer, time); wg_timers_any_authenticated_packet_traversal (peer); last_peer_time_idx = peer_idx; |