5
0
mirror of https://github.com/cwinfo/yggdrasil-go.git synced 2024-12-23 12:15:39 +00:00

Check the session perm pub key against the CKR key

This commit is contained in:
Neil Alexander 2018-11-07 10:16:46 +00:00
parent fbfae473d4
commit 9542bfa902
No known key found for this signature in database
GPG Key ID: A02A2019A2BB0944

View File

@ -23,6 +23,7 @@ package yggdrasil
// The router then runs some sanity checks before passing it to the tun
import (
"bytes"
"time"
"golang.org/x/net/icmp"
@ -127,6 +128,7 @@ func (r *router) sendPacket(bs []byte) {
var sourceAddr address
var destAddr address
var destSnet subnet
var destPubKey *boxPubKey
var destNodeID *NodeID
var addrlen int
if bs[0]&0xf0 == 0x60 {
@ -149,7 +151,8 @@ func (r *router) sendPacket(bs []byte) {
}
if !destAddr.isValid() && !destSnet.isValid() {
if key, err := r.cryptokey.getPublicKeyForAddress(destAddr, addrlen); err == nil {
destNodeID = getNodeID(&key)
destPubKey = &key
destNodeID = getNodeID(destPubKey)
addr := *address_addrForNodeID(destNodeID)
copy(destAddr[:], addr[:])
copy(destSnet[:], addr[:])
@ -227,6 +230,14 @@ func (r *router) sendPacket(bs []byte) {
}
fallthrough // Also send the packet
default:
// If we know the public key ahead of time (i.e. a CKR route) then check
// if the session perm pub key matches before we send the packet to it
if destPubKey != nil {
if !bytes.Equal((*destPubKey)[:], sinfo.theirPermPub[:]) {
return
}
}
// Drop packets if the session MTU is 0 - this means that one or other
// side probably has their TUN adapter disabled
if sinfo.getMTU() == 0 {
@ -277,6 +288,7 @@ func (r *router) sendPacket(bs []byte) {
// Don't continue - drop the packet
return
}
sinfo.send <- bs
}
}