mirror of
https://github.com/yggdrasil-network/yggdrasil-go.git
synced 2025-04-29 14:45:07 +03:00
Optional peer authentication, if non-empty then incoming TCP and all UDP peers must match one of these box keys
This commit is contained in:
Arceliar
parent
5962d009a5
commit
6026e0a014
6 changed files with 45 additions and 7 deletions
|
|
@ -204,6 +204,14 @@ func (iface *udpInterface) handleKeys(msg []byte, addr connAddr) {
|
|||
iface.mutex.RUnlock()
|
||||
if !isIn {
|
||||
udpAddr := addr.toUDPAddr()
|
||||
// Check if we're authorized to connect to this key / IP
|
||||
// TODO monitor and always allow outgoing connections
|
||||
if !iface.core.peers.isAuthBoxPub(&ks.box) {
|
||||
// Allow unauthorized peers if they're link-local
|
||||
if !udpAddr.IP.IsLinkLocalUnicast() {
|
||||
return
|
||||
}
|
||||
}
|
||||
themNodeID := getNodeID(&ks.box)
|
||||
themAddr := address_addrForNodeID(themNodeID)
|
||||
themAddrString := net.IP(themAddr[:]).String()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue