summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2015-09-04 20:57:33 +0200
committerMatthias Schiffer <mschiffer@universe-factory.net>2015-09-04 20:57:33 +0200
commite9b472dc9e31def5c8559c6d007fdf770d99d308 (patch)
treecef4bfba8c59ad8c77be8a63abab760029b8c5b2
parentb54f78558b4efc72f22e525369761f130ad34f4e (diff)
downloadfastd-e9b472dc9e31def5c8559c6d007fdf770d99d308.tar
fastd-e9b472dc9e31def5c8559c6d007fdf770d99d308.zip
config: allow moving the 'on verify' clause into a peer group
Diffstat
-rw-r--r--src/config.y23
-rw-r--r--src/fastd.h1
-rw-r--r--src/options.c1
-rw-r--r--src/protocols/ec25519_fhmqvc/handshake.c8
4 files changed, 21 insertions, 12 deletions
diff --git a/src/config.y b/src/config.y
index 196f862..8ab7b7b 100644
--- a/src/config.y
+++ b/src/config.y
@@ -201,7 +201,6 @@ statement: peer_group_statement
| TOK_ON TOK_CONNECT on_connect ';'
| TOK_ON TOK_ESTABLISH on_establish ';'
| TOK_ON TOK_DISESTABLISH on_disestablish ';'
- | TOK_ON TOK_VERIFY on_verify ';'
| TOK_STATUS TOK_SOCKET status_socket ';'
| TOK_FORWARD forward ';'
;
@@ -211,6 +210,7 @@ peer_group_statement:
| TOK_PEER TOK_GROUP peer_group '{' peer_group_config '}' peer_group_after
| TOK_PEER TOK_LIMIT peer_limit ';'
| TOK_METHOD method ';'
+ | TOK_ON TOK_VERIFY on_verify ';'
| TOK_INCLUDE include ';'
;
@@ -437,16 +437,6 @@ on_disestablish: sync TOK_STRING {
}
;
-on_verify: sync TOK_STRING {
-#ifdef WITH_DYNAMIC_PEERS
- fastd_shell_command_set(&conf.on_verify, $2->str, $1);
-#else
- fastd_config_error(&@$, state, "`on verify' is not supported by this version of fastd");
- YYERROR;
-#endif
- }
- ;
-
status_socket: TOK_STRING {
#ifdef WITH_STATUS_SOCKET
free(conf.status_socket); conf.status_socket = fastd_strdup($1->str);
@@ -594,6 +584,17 @@ method: TOK_STRING {
}
;
+on_verify: sync TOK_STRING {
+#ifdef WITH_DYNAMIC_PEERS
+ fastd_shell_command_set(&conf.on_verify, $2->str, $1);
+ conf.on_verify_group = state->peer_group;
+#else
+ fastd_config_error(&@$, state, "`on verify' is not supported by this version of fastd");
+ YYERROR;
+#endif
+ }
+ ;
+
forward: boolean { conf.forward = $1; }
;
diff --git a/src/fastd.h b/src/fastd.h
index 3531219..cc638cb 100644
--- a/src/fastd.h
+++ b/src/fastd.h
@@ -257,6 +257,7 @@ struct fastd_config {
fastd_shell_command_t on_disestablish; /**< The command to execute when a connection has been disestablished */
#ifdef WITH_DYNAMIC_PEERS
fastd_shell_command_t on_verify; /**< The command to execute to check if a connection from an unknown peer should be allowed */
+ fastd_peer_group_t *on_verify_group; /**< The peer group to put dynamic peers into */
#endif
#ifdef WITH_STATUS_SOCKET
diff --git a/src/options.c b/src/options.c
index a84830b..811adef 100644
--- a/src/options.c
+++ b/src/options.c
@@ -379,6 +379,7 @@ static void option_on_disestablish(const char *arg) {
/** Handles the --on-verify option */
static void option_on_verify(const char *arg) {
fastd_shell_command_set(&conf.on_verify, arg, false);
+ conf.on_verify_group = conf.peer_group;
}
#endif
diff --git a/src/protocols/ec25519_fhmqvc/handshake.c b/src/protocols/ec25519_fhmqvc/handshake.c
index bef4385..0cbe15a 100644
--- a/src/protocols/ec25519_fhmqvc/handshake.c
+++ b/src/protocols/ec25519_fhmqvc/handshake.c
@@ -565,12 +565,18 @@ static fastd_peer_t * add_dynamic(fastd_socket_t *sock, const fastd_peer_address
}
fastd_peer_t *peer = fastd_new0(fastd_peer_t);
- peer->group = conf.peer_group;
+ peer->group = conf.on_verify_group;
peer->config_state = CONFIG_DYNAMIC;
peer->key = fastd_new(fastd_protocol_key_t);
*peer->key = peer_key;
+ if (!fastd_peer_may_connect(peer)) {
+ pr_debug("not adding dynamic peer %P[%I] because of local constraints", peer, addr);
+ fastd_peer_free(peer);
+ return NULL;
+ }
+
if (!fastd_peer_add(peer))
exit_bug("failed to add dynamic peer");
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-05 12:39:05 +0200