Certificate of ownership -- used to secure against IP address spoofing, especially for IPv4 and regular IPv6.
This commit is contained in:
Adam Ierymenko
parent
33b94e8478
commit
10185e92fa
15 changed files with 553 additions and 97 deletions
|
|
@ -832,6 +832,7 @@ bool IncomingPacket::_doNETWORK_CREDENTIALS(const RuntimeEnvironment *RR,const S
|
|||
Capability cap;
|
||||
Tag tag;
|
||||
Revocation revocation;
|
||||
CertificateOfOwnership coo;
|
||||
bool trustEstablished = false;
|
||||
|
||||
unsigned int p = ZT_PACKET_IDX_PAYLOAD;
|
||||
|
|
@ -909,6 +910,24 @@ bool IncomingPacket::_doNETWORK_CREDENTIALS(const RuntimeEnvironment *RR,const S
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
const unsigned int numCoos = at<uint16_t>(p); p += 2;
|
||||
for(unsigned int i=0;i<numCoos;++i) {
|
||||
p += coo.deserialize(*this,p);
|
||||
const SharedPtr<Network> network(RR->node->network(coo.networkId()));
|
||||
if (network) {
|
||||
switch(network->addCredential(coo)) {
|
||||
case Membership::ADD_REJECTED:
|
||||
break;
|
||||
case Membership::ADD_ACCEPTED_NEW:
|
||||
case Membership::ADD_ACCEPTED_REDUNDANT:
|
||||
trustEstablished = true;
|
||||
break;
|
||||
case Membership::ADD_DEFERRED_FOR_WHOIS:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
peer->received(_path,hops(),packetId(),Packet::VERB_NETWORK_CREDENTIALS,0,Packet::VERB_NOP,trustEstablished);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue