5
0
mirror of https://github.com/cwinfo/yggdrasil-go.git synced 2024-12-26 12:25:41 +00:00

Only validate CKR routes if CKR enabled

This commit is contained in:
Neil Alexander 2018-11-06 11:11:57 +00:00
parent 19e6aaf9f5
commit f0947223bb
No known key found for this signature in database
GPG Key ID: A02A2019A2BB0944
3 changed files with 9 additions and 7 deletions

View File

@ -58,9 +58,11 @@ func (c *cryptokey) isValidSource(addr address) bool {
}
// Does it match a configured CKR source?
for _, subnet := range c.ipv6sources {
if subnet.Contains(ip) {
return true
if c.isEnabled() {
for _, subnet := range c.ipv6sources {
if subnet.Contains(ip) {
return true
}
}
}

View File

@ -39,7 +39,7 @@ type SessionFirewall struct {
// TunnelRouting contains the crypto-key routing tables for tunneling
type TunnelRouting struct {
Enable bool `comment:"Enable or disable tunneling."`
IPv6Routes map[string]string `comment:"IPv6 subnets, mapped to the public keys to which they should be routed."`
IPv6Sources []string `comment:"Allow source addresses in these subnets."`
Enable bool `comment:"Enable or disable tunneling."`
IPv6Destinations map[string]string `comment:"IPv6 subnets, mapped to the EncryptionPublicKey to which they should\nbe routed to."`
IPv6Sources []string `comment:"Optional IPv6 subnets which are allowed to be used as source addresses\nin addition to this node's Yggdrasil address/subnet."`
}

View File

@ -122,7 +122,7 @@ func (c *Core) Start(nc *config.NodeConfig, log *log.Logger) error {
}
if nc.TunnelRouting.Enable {
for ipv6, pubkey := range nc.TunnelRouting.IPv6Routes {
for ipv6, pubkey := range nc.TunnelRouting.IPv6Destinations {
if err := c.router.cryptokey.addRoute(ipv6, pubkey); err != nil {
panic(err)
}