From 6fcfe763aa54e0522e726dc088b23d24899794d8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 10 Jan 2015 23:58:35 +0100 Subject: [PATCH] Don't send probe replies if we don't have the other's key. This can happen with the legacy protocol. Don't try to send anything back in this case, otherwise it will be sent via TCP, which is silly. --- src/net_packet.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index 456b43d2..0021aabb 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -97,10 +97,16 @@ static void udp_probe_timeout_handler(void *data) { static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) { if(!DATA(packet)[0]) { - logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname); - /* It's a probe request, send back a reply */ + if(!n->status.sptps && !n->status.validkey) { + // But not if we don't have his key. + logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request from %s (%s) but we don't have his key yet", n->name, n->hostname); + return; + } + + logger(DEBUG_TRAFFIC, LOG_INFO, "Got UDP probe request %d from %s (%s)", packet->len, n->name, n->hostname); + /* Type 2 probe replies were introduced in protocol 17.3 */ if ((n->options >> 24) >= 3) { uint8_t *data = DATA(packet); -- 2.20.1