Likely fix for invalid MAC problem.
This commit is contained in:
parent
cf03996bf2
commit
4389b9feff
2 changed files with 9 additions and 5 deletions
|
@ -47,14 +47,13 @@ bool IncomingPacket::tryDecode(const RuntimeEnvironment *RR,void *tPtr,int32_t f
|
|||
try {
|
||||
// Check for trusted paths or unencrypted HELLOs (HELLO is the only packet sent in the clear)
|
||||
const unsigned int c = cipher();
|
||||
bool trusted = false;
|
||||
if (c == ZT_PROTO_CIPHER_SUITE__NO_CRYPTO_TRUSTED_PATH) {
|
||||
// If this is marked as a packet via a trusted path, check source address and path ID.
|
||||
// Obviously if no trusted paths are configured this always returns false and such
|
||||
// packets are dropped on the floor.
|
||||
const uint64_t tpid = trustedPathId();
|
||||
if (RR->topology->shouldInboundPathBeTrusted(_path->address(),tpid)) {
|
||||
trusted = true;
|
||||
_authenticated = true;
|
||||
} else {
|
||||
RR->t->incomingPacketMessageAuthenticationFailure(tPtr,_path,packetId(),sourceAddress,hops(),"path not trusted");
|
||||
return true;
|
||||
|
@ -66,7 +65,7 @@ bool IncomingPacket::tryDecode(const RuntimeEnvironment *RR,void *tPtr,int32_t f
|
|||
|
||||
const SharedPtr<Peer> peer(RR->topology->getPeer(tPtr,sourceAddress));
|
||||
if (peer) {
|
||||
if (!trusted) {
|
||||
if (!_authenticated) {
|
||||
if (!dearmor(peer->key(), peer->aesKeys())) {
|
||||
RR->t->incomingPacketMessageAuthenticationFailure(tPtr,_path,packetId(),sourceAddress,hops(),"invalid MAC");
|
||||
peer->recordIncomingInvalidPacket(_path);
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue