From ec5f7d98790b246c3e5f0c5b143f5789ad895166 Mon Sep 17 00:00:00 2001
From: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Thu, 31 Jan 2019 23:47:20 +0000
Subject: [PATCH] Enforce AllowedEncryptionPublicKeys for all peers inc.
 link-local

---
 src/yggdrasil/link.go | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/yggdrasil/link.go b/src/yggdrasil/link.go
index 3b540d0..e52ff95 100644
--- a/src/yggdrasil/link.go
+++ b/src/yggdrasil/link.go
@@ -107,15 +107,10 @@ func (intf *linkInterface) handler() error {
 	}
 	// Check if we're authorized to connect to this key / IP
 	if !intf.link.core.peers.isAllowedEncryptionPublicKey(&meta.box) {
-		// Allow unauthorized peers if they're link-local
-		raddrStr, _, _ := net.SplitHostPort(intf.info.remote)
-		raddr := net.ParseIP(raddrStr)
-		if !raddr.IsLinkLocalUnicast() {
-			intf.link.core.log.Debugf("%s connection to %s forbidden: AllowedEncryptionPublicKey does not contain key %s",
-				strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.box[:]))
-			intf.msgIO.close()
-			return nil
-		}
+		intf.link.core.log.Debugf("%s connection to %s forbidden: AllowedEncryptionPublicKeys does not contain key %s",
+			strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.box[:]))
+		intf.msgIO.close()
+		return nil
 	}
 	// Check if we already have a link to this node
 	intf.info.box = meta.box