5
0
mirror of https://github.com/cwinfo/yggdrasil-go.git synced 2024-11-26 01:21:37 +00:00

Only validate CKR routes if CKR enabled

This commit is contained in:
Neil Alexander 2018-11-06 11:11:57 +00:00
parent 19e6aaf9f5
commit f0947223bb
No known key found for this signature in database
GPG Key ID: A02A2019A2BB0944
3 changed files with 9 additions and 7 deletions

View File

@ -58,9 +58,11 @@ func (c *cryptokey) isValidSource(addr address) bool {
} }
// Does it match a configured CKR source? // Does it match a configured CKR source?
for _, subnet := range c.ipv6sources { if c.isEnabled() {
if subnet.Contains(ip) { for _, subnet := range c.ipv6sources {
return true if subnet.Contains(ip) {
return true
}
} }
} }

View File

@ -39,7 +39,7 @@ type SessionFirewall struct {
// TunnelRouting contains the crypto-key routing tables for tunneling // TunnelRouting contains the crypto-key routing tables for tunneling
type TunnelRouting struct { type TunnelRouting struct {
Enable bool `comment:"Enable or disable tunneling."` Enable bool `comment:"Enable or disable tunneling."`
IPv6Routes map[string]string `comment:"IPv6 subnets, mapped to the public keys to which they should be routed."` IPv6Destinations map[string]string `comment:"IPv6 subnets, mapped to the EncryptionPublicKey to which they should\nbe routed to."`
IPv6Sources []string `comment:"Allow source addresses in these subnets."` IPv6Sources []string `comment:"Optional IPv6 subnets which are allowed to be used as source addresses\nin addition to this node's Yggdrasil address/subnet."`
} }

View File

@ -122,7 +122,7 @@ func (c *Core) Start(nc *config.NodeConfig, log *log.Logger) error {
} }
if nc.TunnelRouting.Enable { if nc.TunnelRouting.Enable {
for ipv6, pubkey := range nc.TunnelRouting.IPv6Routes { for ipv6, pubkey := range nc.TunnelRouting.IPv6Destinations {
if err := c.router.cryptokey.addRoute(ipv6, pubkey); err != nil { if err := c.router.cryptokey.addRoute(ipv6, pubkey); err != nil {
panic(err) panic(err)
} }