11 years ago · b8729de9da
--- a/node/Network.hpp
+++ b/node/Network.hpp
@@ -357,6 +357,14 @@ public:
 
				 		return std::set<InetAddress>();
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @return True if multicasts must be authenticated on this network
			
 
				+	 */
			
 
				+	inline bool authenticateMulticasts() const
			
 
				+	{
			
 
				+		return false;
			
 
				+	}
			
 
				+
			
 
				 	/**
			
 
				 	 * Shortcut for config()->permitsBridging(), returns false if no config
			
 
				 	 *
			
--- a/node/PacketDecoder.cpp
+++ b/node/PacketDecoder.cpp
@@ -612,10 +612,16 @@ bool PacketDecoder::_doMULTICAST_FRAME(const RuntimeEnvironment *_r,const Shared
 
				 
			
 
				 		// Check the multicast frame's signature to verify that its original sender is
			
 
				 		// who it claims to be.
			
 
				-		const unsigned int signedPartLen = (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME - ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION) + frameLen;
			
 
				-		if (!originPeer->identity().verify(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION,signedPartLen),signedPartLen,signature,signatureLen)) {
			
 
				-			LOG("dropped MULTICAST_FRAME from %s(%s): failed signature verification, claims to be from %s",source().toString().c_str(),_remoteAddress.toString().c_str(),origin.toString().c_str());
			
 
				-			return true;
			
 
				+		if ((!network)||(network->authenticateMulticasts())) {
			
 
				+			// Note that right now we authenticate multicasts if we aren't a member of a
			
 
				+			// network... have to think about whether this is mandatory. It mostly only
			
 
				+			// matters for supernodes though, since ordinary peers are unlikely ever to
			
 
				+			// see multicasts for networks they don't belong to.
			
 
				+			const unsigned int signedPartLen = (ZT_PROTO_VERB_MULTICAST_FRAME_IDX_FRAME - ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION) + frameLen;
			
 
				+			if (!originPeer->identity().verify(field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION,signedPartLen),signedPartLen,signature,signatureLen)) {
			
 
				+				LOG("dropped MULTICAST_FRAME from %s(%s): failed signature verification, claims to be from %s",source().toString().c_str(),_remoteAddress.toString().c_str(),origin.toString().c_str());
			
 
				+				return true;
			
 
				+			}
			
 
				 		}
			
 
				 
			
 
				 		// Security check to prohibit multicasts that are really Ethernet unicasts...
			
--- a/node/Switch.cpp
+++ b/node/Switch.cpp
@@ -213,9 +213,13 @@ void Switch::onLocalEthernet(const SharedPtr<Network> &network,const MAC &from,c
 
				 			outp.append((uint16_t)data.size());
			
 
				 			outp.append(data);
			
 
				 
			
 
				-			C25519::Signature sig(_r->identity.sign(outp.field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION,signedPartLen),signedPartLen));
			
 
				-			outp.append((uint16_t)sig.size());
			
 
				-			outp.append(sig.data,(unsigned int)sig.size());
			
 
				+			if (network->authenticateMulticasts()) {
			
 
				+				C25519::Signature sig(_r->identity.sign(outp.field(ZT_PROTO_VERB_MULTICAST_FRAME_IDX__START_OF_SIGNED_PORTION,signedPartLen),signedPartLen));
			
 
				+				outp.append((uint16_t)sig.size());
			
 
				+				outp.append(sig.data,(unsigned int)sig.size());
			
 
				+			} else {
			
 
				+				outp.append((uint16_t)0);
			
 
				+			}
			
 
				 
			
 
				 			// FIXME: now we send the netconf cert with every single multicast,
			
 
				 			// which pretty much ensures everyone has it ahead of time but adds