Etusivu Tutki Apua
Kirjaudu sisään
golang
/
nebula
peilaus alkaen https://github.com/slackhq/nebula
2
0
Fork 0
Tiedostot Ongelmat 0 Wiki
Selaa lähdekoodia

honor remote_allow_ilst in hole punch response

When we receive a "hole punch notification" from a Lighthouse, we send
a hole punch packet to every remote of that host, even if we don't
include those remotes in our "remote_allow_list". Change the logic here
to check if the remote IP is in our allow list before sending the hole
punch packet.
Wade Simmons 1 vuosi sitten
vanhempi
e6009b8491
commit
1170ff1477
1 muutettua tiedostoa jossa 8 lisäystä ja 2 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 8 2
      lighthouse.go

+ 8 - 2
lighthouse.go
Näytä tiedosto 

@@ -1125,12 +1125,18 @@ func (lhh *LightHouseHandler) handleHostPunchNotification(n *NebulaMeta, vpnIp i
 
 		}
 
 	}
 
 
+	remoteVpnIp := iputil.VpnIp(n.Details.VpnIp)
 
+	remoteAllowList := lhh.lh.GetRemoteAllowList()
 
 	for _, a := range n.Details.Ip4AndPorts {
 
-		punch(NewUDPAddrFromLH4(a))
 
+		if remoteAllowList.AllowIpV4(remoteVpnIp, iputil.VpnIp(a.Ip)) {
 
+			punch(NewUDPAddrFromLH4(a))
 
+		}
 
 	}
 
 
 	for _, a := range n.Details.Ip6AndPorts {
 
-		punch(NewUDPAddrFromLH6(a))
 
+		if remoteAllowList.AllowIpV6(remoteVpnIp, a.Hi, a.Lo) {
 
+			punch(NewUDPAddrFromLH6(a))
 
+		}
 
 	}
 
 
 	// This sends a nebula test packet to the host trying to contact us. In the case