yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-04-30 07:05:06 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Break out TUN/TAP into another package, make various other changes to support it

Browse source
This commit is contained in:
Neil Alexander 2019-03-27 20:10:25 +00:00
parent 67c670ab4c
commit 7f0e3d5135
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944
22 changed files with 247 additions and 204 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/yggdrasil/session.go
View file

@ -148,17 +148,17 @@ func (ss *sessions) init(core *Core) {
// Determines whether the session firewall is enabled.
func (ss *sessions) isSessionFirewallEnabled() bool {
ss.core.configMutex.RLock()
defer ss.core.configMutex.RUnlock()
ss.core.config.Mutex.RLock()
defer ss.core.config.Mutex.RUnlock()
return ss.core.config.SessionFirewall.Enable
return ss.core.config.Current.SessionFirewall.Enable
}
// Determines whether the session with a given publickey is allowed based on
// session firewall rules.
func (ss *sessions) isSessionAllowed(pubkey *crypto.BoxPubKey, initiator bool) bool {
ss.core.configMutex.RLock()
defer ss.core.configMutex.RUnlock()
ss.core.config.Mutex.RLock()
defer ss.core.config.Mutex.RUnlock()
// Allow by default if the session firewall is disabled
if !ss.isSessionFirewallEnabled() {
@ -167,7 +167,7 @@ func (ss *sessions) isSessionAllowed(pubkey *crypto.BoxPubKey, initiator bool) b
// Prepare for checking whitelist/blacklist
var box crypto.BoxPubKey
// Reject blacklisted nodes
for _, b := range ss.core.config.SessionFirewall.BlacklistEncryptionPublicKeys {
for _, b := range ss.core.config.Current.SessionFirewall.BlacklistEncryptionPublicKeys {
key, err := hex.DecodeString(b)
if err == nil {
copy(box[:crypto.BoxPubKeyLen], key)
@ -177,7 +177,7 @@ func (ss *sessions) isSessionAllowed(pubkey *crypto.BoxPubKey, initiator bool) b
}
}
// Allow whitelisted nodes
for _, b := range ss.core.config.SessionFirewall.WhitelistEncryptionPublicKeys {
for _, b := range ss.core.config.Current.SessionFirewall.WhitelistEncryptionPublicKeys {
key, err := hex.DecodeString(b)
if err == nil {
copy(box[:crypto.BoxPubKeyLen], key)
@ -187,7 +187,7 @@ func (ss *sessions) isSessionAllowed(pubkey *crypto.BoxPubKey, initiator bool) b
}
}
// Allow outbound sessions if appropriate
if ss.core.config.SessionFirewall.AlwaysAllowOutbound {
if ss.core.config.Current.SessionFirewall.AlwaysAllowOutbound {
if initiator {
return true
}
@ -201,11 +201,11 @@ func (ss *sessions) isSessionAllowed(pubkey *crypto.BoxPubKey, initiator bool) b
}
}
// Allow direct peers if appropriate
if ss.core.config.SessionFirewall.AllowFromDirect && isDirectPeer {
if ss.core.config.Current.SessionFirewall.AllowFromDirect && isDirectPeer {
return true
}
// Allow remote nodes if appropriate
if ss.core.config.SessionFirewall.AllowFromRemote && !isDirectPeer {
if ss.core.config.Current.SessionFirewall.AllowFromRemote && !isDirectPeer {
return true
}
// Finally, default-deny if not matching any of the above rules
@ -277,7 +277,7 @@ func (ss *sessions) createSession(theirPermKey *crypto.BoxPubKey) *sessionInfo {
sinfo.mySesPriv = *priv
sinfo.myNonce = *crypto.NewBoxNonce()
sinfo.theirMTU = 1280
sinfo.myMTU = uint16(ss.core.router.tun.mtu)
sinfo.myMTU = uint16(ss.core.router.tun.GetMTU())
now := time.Now()
sinfo.time = now
sinfo.mtuTime = now