Don't send probe replies if we don't have the other's key.

[tinc] / src / net_packet.c

diff --git a/src/net_packet.c b/src/net_packet.c
index 456b43d..0021aab 100644 (file)
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -97,10 +97,16 @@ static void udp_probe_timeout_handler(void *data) {
 
 static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
        if(!DATA(packet)[0]) {
-               logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
-
                /* It's a probe request, send back a reply */
 
+               if(!n->status.sptps && !n->status.validkey) {
+                       // But not if we don't have his key.
+                       logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request from %s (%s) but we don't have his key yet", n->name, n->hostname);
+                       return;
+               }
+
+               logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
+
                /* Type 2 probe replies were introduced in protocol 17.3 */
                if ((n->options >> 24) >= 3) {
                        uint8_t *data = DATA(packet);