mirror of
https://github.com/cwinfo/yggdrasil-go.git
synced 2024-11-22 16:30:27 +00:00
Check the session perm pub key against the CKR key
This commit is contained in:
parent
fbfae473d4
commit
9542bfa902
@ -23,6 +23,7 @@ package yggdrasil
|
|||||||
// The router then runs some sanity checks before passing it to the tun
|
// The router then runs some sanity checks before passing it to the tun
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"golang.org/x/net/icmp"
|
"golang.org/x/net/icmp"
|
||||||
@ -127,6 +128,7 @@ func (r *router) sendPacket(bs []byte) {
|
|||||||
var sourceAddr address
|
var sourceAddr address
|
||||||
var destAddr address
|
var destAddr address
|
||||||
var destSnet subnet
|
var destSnet subnet
|
||||||
|
var destPubKey *boxPubKey
|
||||||
var destNodeID *NodeID
|
var destNodeID *NodeID
|
||||||
var addrlen int
|
var addrlen int
|
||||||
if bs[0]&0xf0 == 0x60 {
|
if bs[0]&0xf0 == 0x60 {
|
||||||
@ -149,7 +151,8 @@ func (r *router) sendPacket(bs []byte) {
|
|||||||
}
|
}
|
||||||
if !destAddr.isValid() && !destSnet.isValid() {
|
if !destAddr.isValid() && !destSnet.isValid() {
|
||||||
if key, err := r.cryptokey.getPublicKeyForAddress(destAddr, addrlen); err == nil {
|
if key, err := r.cryptokey.getPublicKeyForAddress(destAddr, addrlen); err == nil {
|
||||||
destNodeID = getNodeID(&key)
|
destPubKey = &key
|
||||||
|
destNodeID = getNodeID(destPubKey)
|
||||||
addr := *address_addrForNodeID(destNodeID)
|
addr := *address_addrForNodeID(destNodeID)
|
||||||
copy(destAddr[:], addr[:])
|
copy(destAddr[:], addr[:])
|
||||||
copy(destSnet[:], addr[:])
|
copy(destSnet[:], addr[:])
|
||||||
@ -227,6 +230,14 @@ func (r *router) sendPacket(bs []byte) {
|
|||||||
}
|
}
|
||||||
fallthrough // Also send the packet
|
fallthrough // Also send the packet
|
||||||
default:
|
default:
|
||||||
|
// If we know the public key ahead of time (i.e. a CKR route) then check
|
||||||
|
// if the session perm pub key matches before we send the packet to it
|
||||||
|
if destPubKey != nil {
|
||||||
|
if !bytes.Equal((*destPubKey)[:], sinfo.theirPermPub[:]) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Drop packets if the session MTU is 0 - this means that one or other
|
// Drop packets if the session MTU is 0 - this means that one or other
|
||||||
// side probably has their TUN adapter disabled
|
// side probably has their TUN adapter disabled
|
||||||
if sinfo.getMTU() == 0 {
|
if sinfo.getMTU() == 0 {
|
||||||
@ -277,6 +288,7 @@ func (r *router) sendPacket(bs []byte) {
|
|||||||
// Don't continue - drop the packet
|
// Don't continue - drop the packet
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
sinfo.send <- bs
|
sinfo.send <- bs
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user