Minor security: lock roots to only be reachable via World IPs.
This commit is contained in:
Adam Ierymenko
parent
4b3a47849d
commit
244f37179c
3 changed files with 36 additions and 0 deletions
|
|
@ -163,6 +163,22 @@ public:
|
|||
*/
|
||||
void setUpstream(const Address &a,bool upstream);
|
||||
|
||||
/**
|
||||
* Check for prohibited endpoints
|
||||
*
|
||||
* Right now this returns true if the designated ZT address is a root and if
|
||||
* the IP (IP only, not port) does not equal any of the IPs defined in the
|
||||
* current World. This is an extra little security feature in case root keys
|
||||
* get appropriated or something.
|
||||
*
|
||||
* Otherwise it returns false.
|
||||
*
|
||||
* @param ztaddr ZeroTier address
|
||||
* @param ipaddr IP address
|
||||
* @return True if this ZT/IP pair should not be allowed to be used
|
||||
*/
|
||||
bool isProhibitedEndpoint(const Address &ztaddr,const InetAddress &ipaddr) const;
|
||||
|
||||
/**
|
||||
* @return Vector of active upstream addresses (including roots)
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue