diff --git a/src/yggdrasil/admin.go b/src/yggdrasil/admin.go index 78e6cd4..39aceb9 100644 --- a/src/yggdrasil/admin.go +++ b/src/yggdrasil/admin.go @@ -105,18 +105,18 @@ func (a *admin) init(c *Core, listenaddr string) { *out = []byte(a.printInfos([]admin_nodeInfo{info})) } }) - a.addHandler("getAuthBoxPubs", nil, func(out *[]byte, _ ...string) { - *out = []byte(a.getAuthBoxPubs()) + a.addHandler("getAllowedBoxPubs", nil, func(out *[]byte, _ ...string) { + *out = []byte(a.getAllowedBoxPubs()) }) - a.addHandler("addAuthBoxPub", []string{""}, func(out *[]byte, saddr ...string) { - if a.addAuthBoxPub(saddr[0]) == nil { + a.addHandler("addAllowedBoxPub", []string{""}, func(out *[]byte, saddr ...string) { + if a.addAllowedBoxPub(saddr[0]) == nil { *out = []byte("Adding key: " + saddr[0] + "\n") } else { *out = []byte("Failed to add key: " + saddr[0] + "\n") } }) - a.addHandler("removeAuthBoxPub", []string{""}, func(out *[]byte, sport ...string) { - if a.removeAuthBoxPub(sport[0]) == nil { + a.addHandler("removeAllowedBoxPub", []string{""}, func(out *[]byte, sport ...string) { + if a.removeAllowedBoxPub(sport[0]) == nil { *out = []byte("Removing key: " + sport[0] + "\n") } else { *out = []byte("Failed to remove key: " + sport[0] + "\n") @@ -365,8 +365,8 @@ func (a *admin) getData_getSessions() []admin_nodeInfo { return infos } -func (a *admin) getAuthBoxPubs() string { - pubs := a.core.peers.getAuthBoxPubs() +func (a *admin) getAllowedBoxPubs() string { + pubs := a.core.peers.getAllowedBoxPubs() var out []string for _, pub := range pubs { out = append(out, hex.EncodeToString(pub[:])) @@ -375,22 +375,22 @@ func (a *admin) getAuthBoxPubs() string { return strings.Join(out, "\n") } -func (a *admin) addAuthBoxPub(bstr string) (err error) { +func (a *admin) addAllowedBoxPub(bstr string) (err error) { boxBytes, err := hex.DecodeString(bstr) if err == nil { var box boxPubKey copy(box[:], boxBytes) - a.core.peers.addAuthBoxPub(&box) + a.core.peers.addAllowedBoxPub(&box) } return } -func (a *admin) removeAuthBoxPub(bstr string) (err error) { +func (a *admin) removeAllowedBoxPub(bstr string) (err error) { boxBytes, err := hex.DecodeString(bstr) if err == nil { var box boxPubKey copy(box[:], boxBytes) - a.core.peers.removeAuthBoxPub(&box) + a.core.peers.removeAllowedBoxPub(&box) } return } diff --git a/src/yggdrasil/config/config.go b/src/yggdrasil/config/config.go index d1b58a9..f2d25f4 100644 --- a/src/yggdrasil/config/config.go +++ b/src/yggdrasil/config/config.go @@ -2,20 +2,20 @@ package config // NodeConfig defines all configuration values needed to run a signle yggdrasil node type NodeConfig struct { - Listen string - AdminListen string - Peers []string - PeerBoxPubs []string - BoxPub string - BoxPriv string - SigPub string - SigPriv string - Multicast bool - LinkLocal string - IfName string - IfTAPMode bool - IfMTU int - Net NetConfig + Listen string + AdminListen string + Peers []string + AllowedBoxPubs []string + BoxPub string + BoxPriv string + SigPub string + SigPriv string + Multicast bool + LinkLocal string + IfName string + IfTAPMode bool + IfMTU int + Net NetConfig } // NetConfig defines network/proxy related configuration values diff --git a/src/yggdrasil/debug.go b/src/yggdrasil/debug.go index 68f19c9..32c52e3 100644 --- a/src/yggdrasil/debug.go +++ b/src/yggdrasil/debug.go @@ -397,8 +397,8 @@ func (c *Core) DEBUG_setIfceExpr(expr *regexp.Regexp) { c.ifceExpr = expr } -func (c *Core) DEBUG_addAuthBoxPub(boxStr string) { - err := c.admin.addAuthBoxPub(boxStr) +func (c *Core) DEBUG_addAllowedBoxPub(boxStr string) { + err := c.admin.addAllowedBoxPub(boxStr) if err != nil { panic(err) } diff --git a/src/yggdrasil/peer.go b/src/yggdrasil/peer.go index 024d9ba..bec9135 100644 --- a/src/yggdrasil/peer.go +++ b/src/yggdrasil/peer.go @@ -34,8 +34,8 @@ type peers struct { mutex sync.Mutex // Synchronize writes to atomic ports atomic.Value //map[Port]*peer, use CoW semantics //ports map[Port]*peer - authMutex sync.RWMutex - authBoxPubs map[boxPubKey]struct{} + authMutex sync.RWMutex + allowedBoxPubs map[boxPubKey]struct{} } func (ps *peers) init(c *Core) { @@ -43,33 +43,33 @@ func (ps *peers) init(c *Core) { defer ps.mutex.Unlock() ps.putPorts(make(map[switchPort]*peer)) ps.core = c - ps.authBoxPubs = make(map[boxPubKey]struct{}) + ps.allowedBoxPubs = make(map[boxPubKey]struct{}) } -func (ps *peers) isAuthBoxPub(box *boxPubKey) bool { +func (ps *peers) isAllowedBoxPub(box *boxPubKey) bool { ps.authMutex.RLock() defer ps.authMutex.RUnlock() - _, isIn := ps.authBoxPubs[*box] - return isIn || len(ps.authBoxPubs) == 0 + _, isIn := ps.allowedBoxPubs[*box] + return isIn || len(ps.allowedBoxPubs) == 0 } -func (ps *peers) addAuthBoxPub(box *boxPubKey) { +func (ps *peers) addAllowedBoxPub(box *boxPubKey) { ps.authMutex.Lock() defer ps.authMutex.Unlock() - ps.authBoxPubs[*box] = struct{}{} + ps.allowedBoxPubs[*box] = struct{}{} } -func (ps *peers) removeAuthBoxPub(box *boxPubKey) { +func (ps *peers) removeAllowedBoxPub(box *boxPubKey) { ps.authMutex.Lock() defer ps.authMutex.Unlock() - delete(ps.authBoxPubs, *box) + delete(ps.allowedBoxPubs, *box) } -func (ps *peers) getAuthBoxPubs() []boxPubKey { +func (ps *peers) getAllowedBoxPubs() []boxPubKey { ps.authMutex.RLock() defer ps.authMutex.RUnlock() - keys := make([]boxPubKey, 0, len(ps.authBoxPubs)) - for key := range ps.authBoxPubs { + keys := make([]boxPubKey, 0, len(ps.allowedBoxPubs)) + for key := range ps.allowedBoxPubs { keys = append(keys, key) } return keys diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index be2ba83..7aafca3 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -151,7 +151,7 @@ func (iface *tcpInterface) handler(sock net.Conn, incoming bool) { return } // Check if we're authorized to connect to this key / IP - if incoming && !iface.core.peers.isAuthBoxPub(&info.box) { + if incoming && !iface.core.peers.isAllowedBoxPub(&info.box) { // Allow unauthorized peers if they're link-local raddrStr, _, _ := net.SplitHostPort(sock.RemoteAddr().String()) raddr := net.ParseIP(raddrStr) diff --git a/src/yggdrasil/udp.go b/src/yggdrasil/udp.go index 53aaec1..03663b6 100644 --- a/src/yggdrasil/udp.go +++ b/src/yggdrasil/udp.go @@ -206,7 +206,7 @@ func (iface *udpInterface) handleKeys(msg []byte, addr connAddr) { udpAddr := addr.toUDPAddr() // Check if we're authorized to connect to this key / IP // TODO monitor and always allow outgoing connections - if !iface.core.peers.isAuthBoxPub(&ks.box) { + if !iface.core.peers.isAllowedBoxPub(&ks.box) { // Allow unauthorized peers if they're link-local if !udpAddr.IP.IsLinkLocalUnicast() { return diff --git a/yggdrasil.go b/yggdrasil.go index b9a45da..5e5ba9c 100644 --- a/yggdrasil.go +++ b/yggdrasil.go @@ -66,8 +66,8 @@ func (n *node) init(cfg *nodeConfig, logger *log.Logger) { logger.Println("Starting admin socket...") n.core.DEBUG_setupAndStartAdminInterface(cfg.AdminListen) logger.Println("Started admin socket") - for _, pBoxStr := range cfg.PeerBoxPubs { - n.core.DEBUG_addAuthBoxPub(pBoxStr) + for _, pBoxStr := range cfg.AllowedBoxPubs { + n.core.DEBUG_addAllowedBoxPub(pBoxStr) } go func() { @@ -101,7 +101,7 @@ func generateConfig(isAutoconf bool) *nodeConfig { cfg.SigPub = hex.EncodeToString(spub[:]) cfg.SigPriv = hex.EncodeToString(spriv[:]) cfg.Peers = []string{} - cfg.PeerBoxPubs = []string{} + cfg.AllowedBoxPubs = []string{} cfg.Multicast = true cfg.LinkLocal = "" cfg.IfName = core.DEBUG_GetTUNDefaultIfName()