mirror of
https://github.com/cwinfo/yggdrasil-go.git
synced 2024-11-23 02:01:36 +00:00
Enforce AllowedEncryptionPublicKeys for all peers inc. link-local
This commit is contained in:
parent
432f93de89
commit
ec5f7d9879
@ -107,15 +107,10 @@ func (intf *linkInterface) handler() error {
|
|||||||
}
|
}
|
||||||
// Check if we're authorized to connect to this key / IP
|
// Check if we're authorized to connect to this key / IP
|
||||||
if !intf.link.core.peers.isAllowedEncryptionPublicKey(&meta.box) {
|
if !intf.link.core.peers.isAllowedEncryptionPublicKey(&meta.box) {
|
||||||
// Allow unauthorized peers if they're link-local
|
intf.link.core.log.Debugf("%s connection to %s forbidden: AllowedEncryptionPublicKeys does not contain key %s",
|
||||||
raddrStr, _, _ := net.SplitHostPort(intf.info.remote)
|
strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.box[:]))
|
||||||
raddr := net.ParseIP(raddrStr)
|
intf.msgIO.close()
|
||||||
if !raddr.IsLinkLocalUnicast() {
|
return nil
|
||||||
intf.link.core.log.Debugf("%s connection to %s forbidden: AllowedEncryptionPublicKey does not contain key %s",
|
|
||||||
strings.ToUpper(intf.info.linkType), intf.info.remote, hex.EncodeToString(meta.box[:]))
|
|
||||||
intf.msgIO.close()
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
// Check if we already have a link to this node
|
// Check if we already have a link to this node
|
||||||
intf.info.box = meta.box
|
intf.info.box = meta.box
|
||||||
|
Loading…
Reference in New Issue
Block a user