yggdrasil-network/yggdrasil-go
1
0
Fork 0
mirror of https://github.com/yggdrasil-network/yggdrasil-go.git synced 2025-04-30 07:05:06 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions
yggdrasil-go/cmd/yggdrasil/session.go
Neil Alexander 8057d80ec9
Break out cmd/yggdrasil a bit, tweaks
2019-09-02 19:10:34 +01:00

69 lines
1.5 KiB
Go
Raw Blame History

package main
import (
"encoding/hex"
"github.com/yggdrasil-network/yggdrasil-go/src/crypto"
)
func (n *node) sessionFirewall(pubkey *crypto.BoxPubKey, initiator bool) bool {
current := n.config
// Allow by default if the session firewall is disabled
if !current.SessionFirewall.Enable {
return true
}
// Prepare for checking whitelist/blacklist
var box crypto.BoxPubKey
// Reject blacklisted nodes
for _, b := range current.SessionFirewall.BlacklistEncryptionPublicKeys {
key, err := hex.DecodeString(b)
if err == nil {
copy(box[:crypto.BoxPubKeyLen], key)
if box == *pubkey {
return false
}
}
}
// Allow whitelisted nodes
for _, b := range current.SessionFirewall.WhitelistEncryptionPublicKeys {
key, err := hex.DecodeString(b)
if err == nil {
copy(box[:crypto.BoxPubKeyLen], key)
if box == *pubkey {
return true
}
}
}
// Allow outbound sessions if appropriate
if current.SessionFirewall.AlwaysAllowOutbound {
if initiator {
return true
}
}
// Look and see if the pubkey is that of a direct peer
var isDirectPeer bool
for _, peer := range n.core.GetPeers() {
if peer.PublicKey == *pubkey {
isDirectPeer = true
break
}
}
// Allow direct peers if appropriate
if current.SessionFirewall.AllowFromDirect && isDirectPeer {
return true
}
// Allow remote nodes if appropriate
if current.SessionFirewall.AllowFromRemote && !isDirectPeer {
return true
}
// Finally, default-deny if not matching any of the above rules
return false
}
Reference in a new issue View git blame Copy permalink