yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-04-28 22:25:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

move sessionfirewall into the tuntap. this needs testing. the name is also slightly wrong, since a crypto session can still be set up, packets are just accepted/rejected at the tun/tap level instead

Browse source
This commit is contained in:
Arceliar 2021-05-15 15:55:47 -05:00
parent 7e10025ef0
commit 5b00273dfc
4 changed files with 29 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/tuntap/iface.go
View file

@ -93,6 +93,9 @@ func (tun *TunAdapter) write() {
continue // bad local address/subnet
}
info := tun.store.update(ed25519.PublicKey(from.(iwt.Addr)))
if info == nil {
continue // Blocked by the gatekeeper
}
if srcAddr != info.address && srcSubnet != info.subnet {
continue // bad remote address/subnet
}