From 10df5dcf707e76d4f66daef8dfb4a51df27abce1 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 31 Dec 2013 11:03:45 -0800 Subject: Fix several things: (1) The changes to path learning in the two previous releases were poorly thought out, and this version should remedy that by introducing PROBE. This is basically a kind of ECHO request and is used to authenticate endpoints that are not learned via a valid request/response pair. Thus we will still passively learn endpoints, but securely. (2) Turns out there was a security oversight in _doHELLO() that could have permitted... well... I'm not sure it was exploitable to do anything particularly interesting since a bad identity would be discarded anyway, but fix it just the same. --- node/Switch.hpp | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'node/Switch.hpp') diff --git a/node/Switch.hpp b/node/Switch.hpp index 6b3b8e6e..e415a2c9 100644 --- a/node/Switch.hpp +++ b/node/Switch.hpp @@ -129,6 +129,16 @@ public: */ bool sendHELLO(const SharedPtr &dest,Demarc::Port localPort,const InetAddress &remoteAddr); + /** + * Send a PROBE immediately to the indicated address + * + * @param localPort Originating local port or ANY_PORT to pick + * @param remoteAddr IP address to send to + * @param dest Destination peer + * @return True if send appears successful + */ + bool sendPROBE(const SharedPtr &dest,Demarc::Port localPort,const InetAddress &remoteAddr); + /** * Send RENDEZVOUS to two peers to permit them to directly connect * -- cgit v1.2.3