From 25056de5d3845370366114782d2611ca9a139042 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 31 Aug 2016 17:56:59 -0700 Subject: [PATCH] Also need to send credentials when TEEing and REDIRECTing. --- node/Membership.hpp | 2 +- node/Network.cpp | 31 ++++++++++++++++++++++++------- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/node/Membership.hpp b/node/Membership.hpp index 90363e2e9..5e5efc50d 100644 --- a/node/Membership.hpp +++ b/node/Membership.hpp @@ -124,7 +124,7 @@ public: * * @param RR Runtime environment * @param now Current time - * @param peerAddress Address of member peer + * @param peerAddress Address of member peer (the one that this Membership describes) * @param nconf My network config * @param cap Capability to send or 0 if none */ diff --git a/node/Network.cpp b/node/Network.cpp index 13566a809..9464c1868 100644 --- a/node/Network.cpp +++ b/node/Network.cpp @@ -663,10 +663,16 @@ bool Network::filterOutgoingPacket( case DOZTFILTER_NO_MATCH: case DOZTFILTER_DROP: // explicit DROP in a capability just terminates its evaluation and is an anti-pattern break; + case DOZTFILTER_REDIRECT: // interpreted as ACCEPT but ztDest2 will have been changed in _doZtFilter() case DOZTFILTER_ACCEPT: case DOZTFILTER_SUPER_ACCEPT: // no difference in behavior on outbound side + relevantCap = &(_config.capabilities[c]); + accept = true; + if ((!noTee)&&(cc2)) { + _memberships[cc2].sendCredentialsIfNeeded(RR,RR->node->now(),cc2,_config,relevantCap); + Packet outp(cc2,RR->identity.address(),Packet::VERB_EXT_FRAME); outp.append(_id); outp.append((uint8_t)0x02); // TEE/REDIRECT from outbound side: 0x02 @@ -677,8 +683,7 @@ bool Network::filterOutgoingPacket( outp.compress(); RR->sw->send(outp,true); } - relevantCap = &(_config.capabilities[c]); - accept = true; + break; } if (accept) @@ -697,10 +702,9 @@ bool Network::filterOutgoingPacket( } if (accept) { - if (ztDest2) - m.sendCredentialsIfNeeded(RR,RR->node->now(),ztDest2,_config,relevantCap); - if ((!noTee)&&(cc)) { + _memberships[cc].sendCredentialsIfNeeded(RR,RR->node->now(),cc,_config,relevantCap); + Packet outp(cc,RR->identity.address(),Packet::VERB_EXT_FRAME); outp.append(_id); outp.append((uint8_t)0x02); // TEE/REDIRECT from outbound side: 0x02 @@ -712,7 +716,9 @@ bool Network::filterOutgoingPacket( RR->sw->send(outp,true); } - if (ztDest != ztDest2) { + if ((ztDest != ztDest2)&&(ztDest2)) { + _memberships[ztDest2].sendCredentialsIfNeeded(RR,RR->node->now(),ztDest2,_config,relevantCap); + Packet outp(ztDest2,RR->identity.address(),Packet::VERB_EXT_FRAME); outp.append(_id); outp.append((uint8_t)0x02); // TEE/REDIRECT from outbound side: 0x02 @@ -722,7 +728,10 @@ bool Network::filterOutgoingPacket( outp.append(frameData,frameLen); outp.compress(); RR->sw->send(outp,true); + return false; // DROP locally, since we redirected + } else if (ztDest) { + m.sendCredentialsIfNeeded(RR,RR->node->now(),ztDest,_config,relevantCap); } } @@ -772,8 +781,11 @@ int Network::filterIncomingPacket( accept = 2; // super-ACCEPT break; } + if (accept) { if (cc2) { + _memberships[cc2].sendCredentialsIfNeeded(RR,RR->node->now(),cc2,_config,(const Capability *)0); + Packet outp(cc2,RR->identity.address(),Packet::VERB_EXT_FRAME); outp.append(_id); outp.append((uint8_t)0x06); // TEE/REDIRECT from inbound side: 0x06 @@ -803,6 +815,8 @@ int Network::filterIncomingPacket( if (accept) { if (cc) { + _memberships[cc].sendCredentialsIfNeeded(RR,RR->node->now(),cc,_config,(const Capability *)0); + Packet outp(cc,RR->identity.address(),Packet::VERB_EXT_FRAME); outp.append(_id); outp.append((uint8_t)0x06); // TEE/REDIRECT from inbound side: 0x06 @@ -814,7 +828,9 @@ int Network::filterIncomingPacket( RR->sw->send(outp,true); } - if (ztDest != ztDest2) { + if ((ztDest != ztDest2)&&(ztDest2)) { + _memberships[ztDest2].sendCredentialsIfNeeded(RR,RR->node->now(),ztDest2,_config,(const Capability *)0); + Packet outp(ztDest2,RR->identity.address(),Packet::VERB_EXT_FRAME); outp.append(_id); outp.append((uint8_t)0x06); // TEE/REDIRECT from inbound side: 0x06 @@ -824,6 +840,7 @@ int Network::filterIncomingPacket( outp.append(frameData,frameLen); outp.compress(); RR->sw->send(outp,true); + return 0; // DROP locally, since we redirected } }