ResiLien
/
wesher
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Protect against rogue routes by adversarial nodes 

Do not blindly trust routes announced by other nodes.
This first step simply checks that announced routes are
inside the configured routed network.
This commit is contained in:
kaiyou 2020-05-18 10:49:32 +02:00
parent 8637377cec
commit ddef84c573
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wg/wireguard.go
View File

@ -144,6 +144,9 @@ func (s *State) SetUpInterface(nodes []common.Node, routedNet *net.IPNet) error
}) })
// via routes // via routes
for _, route := range node.Routes { for _, route := range node.Routes {
if !routedNet.Contains(route.IP) {
continue
}
routes = append(routes, netlink.Route{ routes = append(routes, netlink.Route{
LinkIndex: link.Attrs().Index, LinkIndex: link.Attrs().Index,
Dst: &route, Dst: &route,