(n *NebulaMeta, fromVpnAddrs []netip.Addr, w EncWriter)
| 1237 | } |
| 1238 | |
| 1239 | func (lhh *LightHouseHandler) handleHostUpdateNotification(n *NebulaMeta, fromVpnAddrs []netip.Addr, w EncWriter) { |
| 1240 | if !lhh.lh.amLighthouse { |
| 1241 | if lhh.l.Level >= logrus.DebugLevel { |
| 1242 | lhh.l.Debugln("I am not a lighthouse, do not take host updates: ", fromVpnAddrs) |
| 1243 | } |
| 1244 | return |
| 1245 | } |
| 1246 | |
| 1247 | // not using GetVpnAddrAndVersion because we don't want to error on a blank detailsVpnAddr |
| 1248 | var detailsVpnAddr netip.Addr |
| 1249 | var useVersion cert.Version |
| 1250 | if n.Details.OldVpnAddr != 0 { //v1 always sets this field |
| 1251 | b := [4]byte{} |
| 1252 | binary.BigEndian.PutUint32(b[:], n.Details.OldVpnAddr) |
| 1253 | detailsVpnAddr = netip.AddrFrom4(b) |
| 1254 | useVersion = cert.Version1 |
| 1255 | } else if n.Details.VpnAddr != nil { //this field is "optional" in v2, but if it's set, we should enforce it |
| 1256 | detailsVpnAddr = protoAddrToNetAddr(n.Details.VpnAddr) |
| 1257 | useVersion = cert.Version2 |
| 1258 | } else { |
| 1259 | detailsVpnAddr = netip.Addr{} |
| 1260 | useVersion = cert.Version2 |
| 1261 | } |
| 1262 | |
| 1263 | //Simple check that the host sent this not someone else, if detailsVpnAddr is filled |
| 1264 | if detailsVpnAddr.IsValid() && !slices.Contains(fromVpnAddrs, detailsVpnAddr) { |
| 1265 | if lhh.l.Level >= logrus.DebugLevel { |
| 1266 | lhh.l.WithField("vpnAddrs", fromVpnAddrs).WithField("answer", detailsVpnAddr).Debugln("Host sent invalid update") |
| 1267 | } |
| 1268 | return |
| 1269 | } |
| 1270 | |
| 1271 | relays := n.Details.GetRelays() |
| 1272 | |
| 1273 | lhh.lh.Lock() |
| 1274 | am := lhh.lh.unlockedGetRemoteList(fromVpnAddrs) |
| 1275 | am.Lock() |
| 1276 | lhh.lh.Unlock() |
| 1277 | |
| 1278 | am.unlockedSetV4(fromVpnAddrs[0], fromVpnAddrs[0], n.Details.V4AddrPorts, lhh.lh.unlockedShouldAddV4) |
| 1279 | am.unlockedSetV6(fromVpnAddrs[0], fromVpnAddrs[0], n.Details.V6AddrPorts, lhh.lh.unlockedShouldAddV6) |
| 1280 | am.unlockedSetRelay(fromVpnAddrs[0], relays) |
| 1281 | am.Unlock() |
| 1282 | |
| 1283 | n = lhh.resetMeta() |
| 1284 | n.Type = NebulaMeta_HostUpdateNotificationAck |
| 1285 | switch useVersion { |
| 1286 | case cert.Version1: |
| 1287 | if !fromVpnAddrs[0].Is4() { |
| 1288 | lhh.l.WithField("vpnAddrs", fromVpnAddrs).Error("Can not send HostUpdateNotificationAck for a ipv6 vpn ip in a v1 message") |
| 1289 | return |
| 1290 | } |
| 1291 | vpnAddrB := fromVpnAddrs[0].As4() |
| 1292 | n.Details.OldVpnAddr = binary.BigEndian.Uint32(vpnAddrB[:]) |
| 1293 | case cert.Version2: |
| 1294 | // do nothing, we want to send a blank message |
| 1295 | default: |
| 1296 | lhh.l.WithField("useVersion", useVersion).Error("invalid protocol version") |
no test coverage detected