Strict checking of Yggdrasil source/destination addresses

This commit is contained in:
Neil Alexander 2019-08-20 09:38:27 +01:00
parent 2a629880fd
commit 2b6462c8a9
No known key found for this signature in database
GPG Key ID: A02A2019A2BB0944

View File

@ -1,6 +1,7 @@
package tuntap
import (
"bytes"
"errors"
"time"
@ -70,6 +71,17 @@ func (s *tunConn) reader() (err error) {
return e
}
} else if len(bs) > 0 {
if bs[0]&0xf0 == 0x60 {
switch {
case bs[8] == 0x02 && !bytes.Equal(s.addr[:16], bs[8:24]): // source
case bs[8] == 0x03 && !bytes.Equal(s.snet[:8], bs[8:16]): // source
case bs[24] == 0x02 && !bytes.Equal(s.tun.addr[:16], bs[24:40]): // destination
case bs[24] == 0x03 && !bytes.Equal(s.tun.subnet[:8], bs[24:32]): // destination
util.PutBytes(bs)
continue
default:
}
}
s.tun.send <- bs
s.stillAlive()
} else {
@ -96,6 +108,16 @@ func (s *tunConn) writer() error {
if !ok {
return errors.New("send closed")
}
if bs[0]&0xf0 == 0x60 {
switch {
case bs[8] == 0x02 && !bytes.Equal(s.tun.addr[:16], bs[8:24]): // source
case bs[8] == 0x03 && !bytes.Equal(s.tun.subnet[:8], bs[8:16]): // source
case bs[24] == 0x02 && !bytes.Equal(s.addr[:16], bs[24:40]): // destination
case bs[24] == 0x03 && !bytes.Equal(s.snet[:8], bs[24:32]): // destination
continue
default:
}
}
msg := yggdrasil.FlowKeyMessage{
FlowKey: util.GetFlowKey(bs),
Message: bs,