Fix several things:

(1) The changes to path learning in the two previous releases were poorly thought out, and this version should remedy that by introducing PROBE. This is basically a kind of ECHO request and is used to authenticate endpoints that are not learned via a valid request/response pair. Thus we will still passively learn endpoints, but securely. (2) Turns out there was a security oversight in _doHELLO() that could have permitted... well... I'm not sure it was exploitable to do anything particularly interesting since a bad identity would be discarded anyway, but fix it just the same.
2025-06-17 14:48:17 +00:00 · 2013-12-31 11:03:45 -08:00
parent 8055635e85
commit 10df5dcf70
8 changed files with 145 additions and 36 deletions
--- a/node/Switch.hpp
+++ b/node/Switch.hpp
@ -129,6 +129,16 @@ public:
 	 */
 	bool sendHELLO(const SharedPtr<Peer> &dest,Demarc::Port localPort,const InetAddress &remoteAddr);

+	/**
+	 * Send a PROBE immediately to the indicated address
+	 *
+	 * @param localPort Originating local port or ANY_PORT to pick
+	 * @param remoteAddr IP address to send to
+	 * @param dest Destination peer
+	 * @return True if send appears successful
+	 */
+	bool sendPROBE(const SharedPtr<Peer> &dest,Demarc::Port localPort,const InetAddress &remoteAddr);
+
 	/**
 	 * Send RENDEZVOUS to two peers to permit them to directly connect
 	 *