From 10df5dcf707e76d4f66daef8dfb4a51df27abce1 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 31 Dec 2013 11:03:45 -0800 Subject: Fix several things: (1) The changes to path learning in the two previous releases were poorly thought out, and this version should remedy that by introducing PROBE. This is basically a kind of ECHO request and is used to authenticate endpoints that are not learned via a valid request/response pair. Thus we will still passively learn endpoints, but securely. (2) Turns out there was a security oversight in _doHELLO() that could have permitted... well... I'm not sure it was exploitable to do anything particularly interesting since a bad identity would be discarded anyway, but fix it just the same. --- node/Switch.cpp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'node/Switch.cpp') diff --git a/node/Switch.cpp b/node/Switch.cpp index a46746e7..585b8716 100644 --- a/node/Switch.cpp +++ b/node/Switch.cpp @@ -226,6 +226,20 @@ bool Switch::sendHELLO(const SharedPtr &dest,Demarc::Port localPort,const } else return false; } +bool Switch::sendPROBE(const SharedPtr &dest,Demarc::Port localPort,const InetAddress &remoteAddr) +{ + uint64_t now = Utils::now(); + Packet outp(dest->address(),_r->identity.address(),Packet::VERB_PROBE); + outp.append(now); + outp.append(dest->lastDirectSend()); // FIXME: need to refactor to also track relayed sends + outp.armor(dest->key(),true); + + if (_r->demarc->send(localPort,remoteAddr,outp.data(),outp.size(),-1)) { + dest->expectResponseTo(outp.packetId(),Packet::VERB_PROBE,localPort,now); + return true; + } else return false; +} + bool Switch::unite(const Address &p1,const Address &p2,bool force) { if ((p1 == _r->identity.address())||(p2 == _r->identity.address())) -- cgit v1.2.3