diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2014-04-10 14:22:25 -0700 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2014-04-10 14:22:25 -0700 |
| commit | c9294c1a78fa86fbba38b1a81988ea7527b0872c (patch) | |
| tree | 0a2b3b88014b244020864839d4517a92ef1b5948 /node/Switch.cpp | |
| parent | b117ff54358d4e2b6b8eae4bd5300464f377d948 (diff) | |
| download | infinitytier-c9294c1a78fa86fbba38b1a81988ea7527b0872c.tar.gz infinitytier-c9294c1a78fa86fbba38b1a81988ea7527b0872c.zip | |
Prevent recursive transit of ZeroTier packets, toward GitHub issue #56
Diffstat (limited to 'node/Switch.cpp')
| -rw-r--r-- | node/Switch.cpp | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/node/Switch.cpp b/node/Switch.cpp index 1c794176..2bdc1bef 100644 --- a/node/Switch.cpp +++ b/node/Switch.cpp @@ -48,6 +48,7 @@ #include "Peer.hpp" #include "NodeConfig.hpp" #include "CMWC4096.hpp" +#include "AntiRecursion.hpp" #include "../version.h" @@ -85,6 +86,11 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c if (!nconf) return; + if (!_r->antiRec->checkEthernetFrame(data.data(),data.size())) { + TRACE("%s: rejected recursively addressed ZeroTier packet by tail match",network->tapDeviceName().c_str()); + return; + } + if (to == network->mac()) { LOG("%s: frame received from self, ignoring (bridge loop? OS bug?)",network->tapDeviceName().c_str()); return; @@ -225,7 +231,11 @@ bool Switch::sendHELLO(const SharedPtr<Peer> &dest,const Path &path) outp.append(now); _r->identity.serialize(outp,false); outp.armor(dest->key(),false); - return _r->sm->send(path.address(),path.tcp(),path.type() == Path::PATH_TYPE_TCP_OUT,outp.data(),outp.size()); + if (_r->sm->send(path.address(),path.tcp(),path.type() == Path::PATH_TYPE_TCP_OUT,outp.data(),outp.size())) { + _r->antiRec->logOutgoingZT(outp.data(),outp.size()); + return true; + } + return false; } bool Switch::sendHELLO(const SharedPtr<Peer> &dest,const InetAddress &destUdp) @@ -239,7 +249,11 @@ bool Switch::sendHELLO(const SharedPtr<Peer> &dest,const InetAddress &destUdp) outp.append(now); _r->identity.serialize(outp,false); outp.armor(dest->key(),false); - return _r->sm->send(destUdp,false,false,outp.data(),outp.size()); + if (_r->sm->send(destUdp,false,false,outp.data(),outp.size())) { + _r->antiRec->logOutgoingZT(outp.data(),outp.size()); + return true; + } + return false; } bool Switch::unite(const Address &p1,const Address &p2,bool force) |