Fix several things:
(1) The changes to path learning in the two previous releases were poorly thought out, and this version should remedy that by introducing PROBE. This is basically a kind of ECHO request and is used to authenticate endpoints that are not learned via a valid request/response pair. Thus we will still passively learn endpoints, but securely. (2) Turns out there was a security oversight in _doHELLO() that could have permitted... well... I'm not sure it was exploitable to do anything particularly interesting since a bad identity would be discarded anyway, but fix it just the same.
This commit is contained in:
Adam Ierymenko
parent
8055635e85
commit
10df5dcf70
8 changed files with 145 additions and 36 deletions
|
|
@ -226,6 +226,20 @@ bool Switch::sendHELLO(const SharedPtr<Peer> &dest,Demarc::Port localPort,const
|
|||
} else return false;
|
||||
}
|
||||
|
||||
bool Switch::sendPROBE(const SharedPtr<Peer> &dest,Demarc::Port localPort,const InetAddress &remoteAddr)
|
||||
{
|
||||
uint64_t now = Utils::now();
|
||||
Packet outp(dest->address(),_r->identity.address(),Packet::VERB_PROBE);
|
||||
outp.append(now);
|
||||
outp.append(dest->lastDirectSend()); // FIXME: need to refactor to also track relayed sends
|
||||
outp.armor(dest->key(),true);
|
||||
|
||||
if (_r->demarc->send(localPort,remoteAddr,outp.data(),outp.size(),-1)) {
|
||||
dest->expectResponseTo(outp.packetId(),Packet::VERB_PROBE,localPort,now);
|
||||
return true;
|
||||
} else return false;
|
||||
}
|
||||
|
||||
bool Switch::unite(const Address &p1,const Address &p2,bool force)
|
||||
{
|
||||
if ((p1 == _r->identity.address())||(p2 == _r->identity.address()))
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue