Strict checking of Yggdrasil source/destination addresses

This commit is contained in:
Neil Alexander 2019-08-20 09:38:27 +01:00
parent 2a629880fd
commit 2b6462c8a9
No known key found for this signature in database
GPG Key ID: A02A2019A2BB0944

View File

@ -1,6 +1,7 @@
package tuntap package tuntap
import ( import (
"bytes"
"errors" "errors"
"time" "time"
@ -70,6 +71,17 @@ func (s *tunConn) reader() (err error) {
return e return e
} }
} else if len(bs) > 0 { } else if len(bs) > 0 {
if bs[0]&0xf0 == 0x60 {
switch {
case bs[8] == 0x02 && !bytes.Equal(s.addr[:16], bs[8:24]): // source
case bs[8] == 0x03 && !bytes.Equal(s.snet[:8], bs[8:16]): // source
case bs[24] == 0x02 && !bytes.Equal(s.tun.addr[:16], bs[24:40]): // destination
case bs[24] == 0x03 && !bytes.Equal(s.tun.subnet[:8], bs[24:32]): // destination
util.PutBytes(bs)
continue
default:
}
}
s.tun.send <- bs s.tun.send <- bs
s.stillAlive() s.stillAlive()
} else { } else {
@ -96,6 +108,16 @@ func (s *tunConn) writer() error {
if !ok { if !ok {
return errors.New("send closed") return errors.New("send closed")
} }
if bs[0]&0xf0 == 0x60 {
switch {
case bs[8] == 0x02 && !bytes.Equal(s.tun.addr[:16], bs[8:24]): // source
case bs[8] == 0x03 && !bytes.Equal(s.tun.subnet[:8], bs[8:16]): // source
case bs[24] == 0x02 && !bytes.Equal(s.addr[:16], bs[24:40]): // destination
case bs[24] == 0x03 && !bytes.Equal(s.snet[:8], bs[24:32]): // destination
continue
default:
}
}
msg := yggdrasil.FlowKeyMessage{ msg := yggdrasil.FlowKeyMessage{
FlowKey: util.GetFlowKey(bs), FlowKey: util.GetFlowKey(bs),
Message: bs, Message: bs,