From d1d6814e2f1654e5f0a3786861b316c0f4f6b05a Mon Sep 17 00:00:00 2001
From: Arvid Norberg <arvid@libtorrent.org>
Date: Fri, 20 Aug 2010 07:13:05 +0000
Subject: [PATCH] drop proxied incoming packets if the source IP doesn't match
 the proxy

---
 src/udp_socket.cpp | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/udp_socket.cpp b/src/udp_socket.cpp
index f57d353af..d9932ba0d 100644
--- a/src/udp_socket.cpp
+++ b/src/udp_socket.cpp
@@ -252,10 +252,12 @@ void udp_socket::on_read(udp::socket* s, error_code const& e, std::size_t bytes_
 		try {
 #endif
 
-		if (m_tunnel_packets && m_v4_ep == m_proxy_addr)
+		if (m_tunnel_packets)
 		{
 			l.unlock();
-			unwrap(e, m_v4_buf, bytes_transferred);
+			// if the source IP doesn't match the proxy's, ignore the packet
+			if (m_v4_ep == m_proxy_addr)
+				unwrap(e, m_v4_buf, bytes_transferred);
 		}
 		else
 		{
@@ -280,10 +282,12 @@ void udp_socket::on_read(udp::socket* s, error_code const& e, std::size_t bytes_
 		try {
 #endif
 
-		if (m_tunnel_packets && m_v6_ep == m_proxy_addr)
+		if (m_tunnel_packets)
 		{
 			l.unlock();
-			unwrap(e, m_v6_buf, bytes_transferred);
+			// if the source IP doesn't match the proxy's, ignore the packet
+			if (m_v6_ep == m_proxy_addr)
+				unwrap(e, m_v6_buf, bytes_transferred);
 		}
 		else
 		{