summaryrefslogtreecommitdiff
path: root/node/IncomingPacket.cpp
diff options
context:
space:
mode:
authorAdam Ierymenko <adam.ierymenko@gmail.com>2016-09-08 19:48:05 -0700
committerAdam Ierymenko <adam.ierymenko@gmail.com>2016-09-08 19:48:05 -0700
commit16df2c33631eeb3e123fefa4febf20f202fd476b (patch)
tree209bbd61b04f17b494c9758f7bf2ff08450477ce /node/IncomingPacket.cpp
parent1f6b13b7fdd8d1b79a754338d6ef4f30fd0d4064 (diff)
downloadinfinitytier-16df2c33631eeb3e123fefa4febf20f202fd476b.tar.gz
infinitytier-16df2c33631eeb3e123fefa4febf20f202fd476b.zip
Clean up handling of COMs, network access control, and fix a backward compatiblity issue.
Diffstat (limited to 'node/IncomingPacket.cpp')
-rw-r--r--node/IncomingPacket.cpp8
1 files changed, 4 insertions, 4 deletions
diff --git a/node/IncomingPacket.cpp b/node/IncomingPacket.cpp
index 39f077ff..ac04ce96 100644
--- a/node/IncomingPacket.cpp
+++ b/node/IncomingPacket.cpp
@@ -552,7 +552,7 @@ bool IncomingPacket::_doFRAME(const RuntimeEnvironment *RR,const SharedPtr<Peer>
bool approved = false;
if (network) {
if (size() > ZT_PROTO_VERB_FRAME_IDX_PAYLOAD) {
- if (!network->isAllowed(peer)) {
+ if (!network->gate(peer,verb(),packetId())) {
TRACE("dropped FRAME from %s(%s): not a member of private network %.16llx",peer->address().toString().c_str(),_path->address().toString().c_str(),(unsigned long long)network->id());
} else {
const unsigned int etherType = at<uint16_t>(ZT_PROTO_VERB_FRAME_IDX_ETHERTYPE);
@@ -591,7 +591,7 @@ bool IncomingPacket::_doEXT_FRAME(const RuntimeEnvironment *RR,const SharedPtr<P
network->addCredential(com);
}
- if (!network->isAllowed(peer)) {
+ if (!network->gate(peer,verb(),packetId())) {
TRACE("dropped EXT_FRAME from %s(%s): not a member of private network %.16llx",peer->address().toString().c_str(),_path->address().toString().c_str(),network->id());
peer->received(_path,hops(),packetId(),Packet::VERB_EXT_FRAME,0,Packet::VERB_NOP,false);
return true;
@@ -619,7 +619,7 @@ bool IncomingPacket::_doEXT_FRAME(const RuntimeEnvironment *RR,const SharedPtr<P
peer->received(_path,hops(),packetId(),Packet::VERB_EXT_FRAME,0,Packet::VERB_NOP,true); // trustEstablished because COM is okay
return true;
}
- } else if (to != network->mac()) {
+ } else if ( (to != network->mac()) && (!to.isMulticast()) ) {
if (!network->config().permitsBridging(RR->identity.address())) {
TRACE("dropped EXT_FRAME from %s@%s(%s) to %s: I cannot bridge to %.16llx or bridging disabled on network",from.toString().c_str(),peer->address().toString().c_str(),_path->address().toString().c_str(),to.toString().c_str(),network->id());
peer->received(_path,hops(),packetId(),Packet::VERB_EXT_FRAME,0,Packet::VERB_NOP,true); // trustEstablished because COM is okay
@@ -934,7 +934,7 @@ bool IncomingPacket::_doMULTICAST_FRAME(const RuntimeEnvironment *RR,const Share
// Check membership after we've read any included COM, since
// that cert might be what we needed.
- if (!network->isAllowed(peer)) {
+ if (!network->gate(peer,verb(),packetId())) {
TRACE("dropped MULTICAST_FRAME from %s(%s): not a member of private network %.16llx",peer->address().toString().c_str(),_path->address().toString().c_str(),(unsigned long long)network->id());
peer->received(_path,hops(),packetId(),Packet::VERB_MULTICAST_FRAME,0,Packet::VERB_NOP,false);
return true;
generated by cgit v1.2.3 (git 2.39.1) at 2026-01-12 08:56:05 +0000