Accept packets destined to bound address

...if bound to an address.

We previously checked the source of a packet instead of the destination
of a packet when bound to an address.

PiperOrigin-RevId: 396497647

1 files changed, 4 insertions, 5 deletions

diff --git a/pkg/tcpip/transport/raw/endpoint.go b/pkg/tcpip/transport/raw/endpoint.go
index 3bf6c0a8f..4a5858bdd 100644
--- a/pkg/tcpip/transport/raw/endpoint.go
+++ b/pkg/tcpip/transport/raw/endpoint.go
@@ -562,8 +562,6 @@ func (e *endpoint) HandlePacket(pkt *stack.PacketBuffer) {
 		return
 	}
 
-	remoteAddr := pkt.Network().SourceAddress()
-
 	if e.bound {
 		// If bound to a NIC, only accept data for that NIC.
 		if e.BindNICID != 0 && e.BindNICID != pkt.NICID {
@@ -572,16 +570,17 @@ func (e *endpoint) HandlePacket(pkt *stack.PacketBuffer) {
 			return
 		}
 		// If bound to an address, only accept data for that address.
-		if e.BindAddr != "" && e.BindAddr != remoteAddr {
+		if e.BindAddr != "" && e.BindAddr != pkt.Network().DestinationAddress() {
 			e.rcvMu.Unlock()
 			e.mu.RUnlock()
 			return
 		}
 	}
 
+	srcAddr := pkt.Network().SourceAddress()
 	// If connected, only accept packets from the remote address we
 	// connected to.
-	if e.connected && e.route.RemoteAddress() != remoteAddr {
+	if e.connected && e.route.RemoteAddress() != srcAddr {
 		e.rcvMu.Unlock()
 		e.mu.RUnlock()
 		return
@@ -593,7 +592,7 @@ func (e *endpoint) HandlePacket(pkt *stack.PacketBuffer) {
 	packet := &rawPacket{
 		senderAddr: tcpip.FullAddress{
 			NIC:  pkt.NICID,
-			Addr: remoteAddr,
+			Addr: srcAddr,
 		},
 	}