mirror of
https://github.com/cwinfo/yggdrasil-go.git
synced 2024-11-10 06:20:26 +00:00
Check AllowedEncryptionPublicKeys
This commit is contained in:
parent
e36f88c75f
commit
432f93de89
@ -1,6 +1,7 @@
|
|||||||
package yggdrasil
|
package yggdrasil
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/hex"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
@ -104,6 +105,18 @@ func (intf *linkInterface) handler() error {
|
|||||||
intf.link.core.log.Errorln("Failed to connect to node: " + intf.name + " version: " + fmt.Sprintf("%d.%d", meta.ver, meta.minorVer))
|
intf.link.core.log.Errorln("Failed to connect to node: " + intf.name + " version: " + fmt.Sprintf("%d.%d", meta.ver, meta.minorVer))
|
||||||
return errors.New("failed to connect: wrong version")
|
return errors.New("failed to connect: wrong version")
|
||||||
}
|
}
|
||||||
|
// Check if we're authorized to connect to this key / IP
|
||||||
|
if !intf.link.core.peers.isAllowedEncryptionPublicKey(&meta.box) {
|
||||||
|
// Allow unauthorized peers if they're link-local
|
||||||
|
raddrStr, _, _ := net.SplitHostPort(intf.info.remote)
|
||||||
|
raddr := net.ParseIP(raddrStr)
|
||||||
|
if !raddr.IsLinkLocalUnicast() {
|
||||||
|
intf.link.core.log.Debugf("%s connection to %s forbidden: AllowedEncryptionPublicKey does not contain key %s",
|
||||||
|
strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.box[:]))
|
||||||
|
intf.msgIO.close()
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
// Check if we already have a link to this node
|
// Check if we already have a link to this node
|
||||||
intf.info.box = meta.box
|
intf.info.box = meta.box
|
||||||
intf.info.sig = meta.sig
|
intf.info.sig = meta.sig
|
||||||
|
Loading…
Reference in New Issue
Block a user