mirror of
https://github.com/cwinfo/yggdrasil-go.git
synced 2024-11-25 23:01:38 +00:00
Only validate CKR routes if CKR enabled
This commit is contained in:
parent
19e6aaf9f5
commit
f0947223bb
@ -58,9 +58,11 @@ func (c *cryptokey) isValidSource(addr address) bool {
|
||||
}
|
||||
|
||||
// Does it match a configured CKR source?
|
||||
for _, subnet := range c.ipv6sources {
|
||||
if subnet.Contains(ip) {
|
||||
return true
|
||||
if c.isEnabled() {
|
||||
for _, subnet := range c.ipv6sources {
|
||||
if subnet.Contains(ip) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -39,7 +39,7 @@ type SessionFirewall struct {
|
||||
|
||||
// TunnelRouting contains the crypto-key routing tables for tunneling
|
||||
type TunnelRouting struct {
|
||||
Enable bool `comment:"Enable or disable tunneling."`
|
||||
IPv6Routes map[string]string `comment:"IPv6 subnets, mapped to the public keys to which they should be routed."`
|
||||
IPv6Sources []string `comment:"Allow source addresses in these subnets."`
|
||||
Enable bool `comment:"Enable or disable tunneling."`
|
||||
IPv6Destinations map[string]string `comment:"IPv6 subnets, mapped to the EncryptionPublicKey to which they should\nbe routed to."`
|
||||
IPv6Sources []string `comment:"Optional IPv6 subnets which are allowed to be used as source addresses\nin addition to this node's Yggdrasil address/subnet."`
|
||||
}
|
||||
|
@ -122,7 +122,7 @@ func (c *Core) Start(nc *config.NodeConfig, log *log.Logger) error {
|
||||
}
|
||||
|
||||
if nc.TunnelRouting.Enable {
|
||||
for ipv6, pubkey := range nc.TunnelRouting.IPv6Routes {
|
||||
for ipv6, pubkey := range nc.TunnelRouting.IPv6Destinations {
|
||||
if err := c.router.cryptokey.addRoute(ipv6, pubkey); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user