From f0947223bb552eded37f7433eb9c54a30063e702 Mon Sep 17 00:00:00 2001
From: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Tue, 6 Nov 2018 11:11:57 +0000
Subject: [PATCH] Only validate CKR routes if CKR enabled

---
 src/yggdrasil/ckr.go           | 8 +++++---
 src/yggdrasil/config/config.go | 6 +++---
 src/yggdrasil/core.go          | 2 +-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/yggdrasil/ckr.go b/src/yggdrasil/ckr.go
index 96fde27..ffe9206 100644
--- a/src/yggdrasil/ckr.go
+++ b/src/yggdrasil/ckr.go
@@ -58,9 +58,11 @@ func (c *cryptokey) isValidSource(addr address) bool {
 	}
 
 	// Does it match a configured CKR source?
-	for _, subnet := range c.ipv6sources {
-		if subnet.Contains(ip) {
-			return true
+	if c.isEnabled() {
+		for _, subnet := range c.ipv6sources {
+			if subnet.Contains(ip) {
+				return true
+			}
 		}
 	}
 
diff --git a/src/yggdrasil/config/config.go b/src/yggdrasil/config/config.go
index 9594745..f669466 100644
--- a/src/yggdrasil/config/config.go
+++ b/src/yggdrasil/config/config.go
@@ -39,7 +39,7 @@ type SessionFirewall struct {
 
 // TunnelRouting contains the crypto-key routing tables for tunneling
 type TunnelRouting struct {
-	Enable      bool              `comment:"Enable or disable tunneling."`
-	IPv6Routes  map[string]string `comment:"IPv6 subnets, mapped to the public keys to which they should be routed."`
-	IPv6Sources []string          `comment:"Allow source addresses in these subnets."`
+	Enable           bool              `comment:"Enable or disable tunneling."`
+	IPv6Destinations map[string]string `comment:"IPv6 subnets, mapped to the EncryptionPublicKey to which they should\nbe routed to."`
+	IPv6Sources      []string          `comment:"Optional IPv6 subnets which are allowed to be used as source addresses\nin addition to this node's Yggdrasil address/subnet."`
 }
diff --git a/src/yggdrasil/core.go b/src/yggdrasil/core.go
index 3114218..03e8a26 100644
--- a/src/yggdrasil/core.go
+++ b/src/yggdrasil/core.go
@@ -122,7 +122,7 @@ func (c *Core) Start(nc *config.NodeConfig, log *log.Logger) error {
 	}
 
 	if nc.TunnelRouting.Enable {
-		for ipv6, pubkey := range nc.TunnelRouting.IPv6Routes {
+		for ipv6, pubkey := range nc.TunnelRouting.IPv6Destinations {
 			if err := c.router.cryptokey.addRoute(ipv6, pubkey); err != nil {
 				panic(err)
 			}