Don't send probe replies if we don't have the other's key.

This can happen with the legacy protocol. Don't try to send anything
back in this case, otherwise it will be sent via TCP, which is silly.

diff --git a/src/net_packet.c b/src/net_packet.c
index 456b43d..0021aab 100644 (file)
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -97,10 +97,16 @@ static void udp_probe_timeout_handler(void *data) {
 
 static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
        if(!DATA(packet)[0]) {
-               logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
-
                /* It's a probe request, send back a reply */
 
+               if(!n->status.sptps && !n->status.validkey) {
+                       // But not if we don't have his key.
+                       logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request from %s (%s) but we don't have his key yet", n->name, n->hostname);
+                       return;
+               }
+
+               logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname);
+
                /* Type 2 probe replies were introduced in protocol 17.3 */
                if ((n->options >> 24) >= 3) {
                        uint8_t *data = DATA(packet);