yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-04-28 22:25:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

move sessionfirewall into the tuntap. this needs testing. the name is also slightly wrong, since a crypto session can still be set up, packets are just accepted/rejected at the tun/tap level instead

Browse source
This commit is contained in:
Arceliar 2021-05-15 15:55:47 -05:00
parent 7e10025ef0
commit 5b00273dfc
4 changed files with 29 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/tuntap/keystore.go
View file

@ -115,6 +115,18 @@ func (k *keyStore) update(key ed25519.PublicKey) *keyInfo {
info.address = *address.AddrForKey(ed25519.PublicKey(info.key[:]))
info.subnet = *address.SubnetForKey(ed25519.PublicKey(info.key[:]))
info.mtu = MTU(^uint16(0)) // TODO
var isOutgoing bool
if k.addrBuffer[info.address] != nil {
isOutgoing = true
}
if k.subnetBuffer[info.subnet] != nil {
isOutgoing = true
}
if !k.tun.gatekeeper(key, isOutgoing) {
// Blocked by the gatekeeper, so don't create an entry for this
k.mutex.Unlock()
return nil
}
k.keyToInfo[info.key] = info
k.addrToInfo[info.address] = info
k.subnetToInfo[info.subnet] = info