search for: add_subnet_h

Displaying 4 results from an estimated 4 matches for "add_subnet_h".

Did you mean: add_subnet
Authenticating VPN addresses: a proposal
2015 Nov 24
1
Authenticating VPN addresses: a proposal
...and additionally the following patch on the core-nodes where (nearly) everyone connects to: (cut&paste whitespace damaged) diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index 06dafbc..e2d4bfc 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -117,7 +117,9 @@ bool add_subnet_h(connection_t *c, const char *request) { if(strictsubnets) { logger(DEBUG_ALWAYS, LOG_WARNING, "Ignoring unauthorized %s from %s (%s): %s", "ADD_SUBNET", c->name, c->hostname, subnetstr); + /* Disabled fo...
tinc exit when there is no internet?
2015 Nov 25
0
tinc exit when there is no internet?
...on the core-nodes where (nearly) everyone connects to: > > (cut&paste whitespace damaged) > > diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c > index 06dafbc..e2d4bfc 100644 > --- a/src/protocol_subnet.c > +++ b/src/protocol_subnet.c > @@ -117,7 +117,9 @@ bool add_subnet_h(connection_t *c, const char > *request) { > if(strictsubnets) { > logger(DEBUG_ALWAYS, LOG_WARNING, "Ignoring unauthorized > %s from %s (%s): %s", > "ADD_SUBNET", c->name, c->hostname, > subnetstr);...
tinc exit when there is no internet?
2015 Nov 25
0
tinc exit when there is no internet?
...on the core-nodes where (nearly) everyone connects to: > > (cut&paste whitespace damaged) > > diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c > index 06dafbc..e2d4bfc 100644 > --- a/src/protocol_subnet.c > +++ b/src/protocol_subnet.c > @@ -117,7 +117,9 @@ bool add_subnet_h(connection_t *c, const char > *request) { > if(strictsubnets) { > logger(DEBUG_ALWAYS, LOG_WARNING, "Ignoring unauthorized > %s from %s (%s): %s", > "ADD_SUBNET", c->name, c->hostname, > subnetstr);...
Authenticating VPN addresses: a proposal
2015 Nov 22
5
Authenticating VPN addresses: a proposal
...hey receive, such that they will not forward ADD_SUBNET messages that are deemed invalid (i.e. forged). Oddly enough, enabling StrictSubnets on central nodes is *not* enough to do this, because StrictSubnets only affects the node itself - ADD_SUBNET messages are still unconditionally forwarded (see add_subnet_h())! In practice that means that StrictSubnets will only protect the central nodes themselves, it will not protect a client node from attacking another client node. One quick fix would be to change the behavior of StrictSubnets so that it not only prevents invalid ADD_SUBNET messages from being pro...