Use packet source if ADNL addr_list is empty (#6)

broxus · Aug 29, 2024 · 93061b4 · 93061b4
1 parent ca84e8b
commit 93061b4
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 13 deletions.
diff --git a/src/adnl/channel.rs b/src/adnl/channel.rs
@@ -350,12 +350,16 @@ pub enum AdnlChannelError {
 
 #[cfg(test)]
 mod tests {
+    use std::net::SocketAddr;
+
     use super::*;
     use crate::adnl::ComputeNodeIds;
     use crate::util::now;
 
     #[test]
     fn test_encrypt_decrypt() {
+        let addr = SocketAddr::from(([127, 0, 0, 1], 0));
+
         let peer1_key = ed25519::SecretKey::generate(&mut rand::thread_rng());
         let (_, peer1_id) = peer1_key.compute_node_ids();
         let peer1_channel_key = ed25519::KeyPair::generate(&mut rand::thread_rng());
@@ -390,7 +394,7 @@ mod tests {
                 let mut packet = message.to_vec();
                 channel12.encrypt(&mut packet, false, version);
 
-                let mut received_packet = PacketView::from(packet.as_mut_slice());
+                let mut received_packet = PacketView::new(addr, packet.as_mut_slice());
                 let parsed_version = channel21.decrypt(&mut received_packet, false).unwrap();
                 assert_eq!(parsed_version, version);
 
@@ -402,7 +406,7 @@ mod tests {
                 let mut packet = message.to_vec();
                 channel21.encrypt(&mut packet, true, version);
 
-                let mut received_packet = PacketView::from(packet.as_mut_slice());
+                let mut received_packet = PacketView::new(addr, packet.as_mut_slice());
                 let parsed_version = channel12.decrypt(&mut received_packet, true).unwrap();
                 assert_eq!(parsed_version, version);
 

diff --git a/src/adnl/node/mod.rs b/src/adnl/node/mod.rs
@@ -86,6 +86,12 @@ pub struct NodeOptions {
     /// Default: `false`
     pub use_loopback_for_neighbours: bool,
 
+    /// Whether to use an address from incoming packets if there are no explicitly provided addresses.
+    /// NOTE: This address might be changed by an attacker. See https://en.wikipedia.org/wiki/Packet_injection
+    ///
+    /// Default: `false`
+    pub use_packet_source_addr: bool,
+
     /// ADNL protocol version.
     ///
     /// Default: None
@@ -105,6 +111,7 @@ impl Default for NodeOptions {
             packet_signature_required: true,
             force_use_priority_channels: true,
             use_loopback_for_neighbours: false,
+            use_packet_source_addr: false,
             version: None,
         }
     }

diff --git a/src/adnl/node/receiver.rs b/src/adnl/node/receiver.rs
@@ -1,4 +1,5 @@
 use std::borrow::Cow;
+use std::net::SocketAddr;
 use std::sync::Arc;
 use std::time::Duration;
 
@@ -64,9 +65,9 @@ impl Node {
                     Either::Right(_) => break,
                 };
 
-                let len = match result {
+                let (len, source) = match result {
                     Ok((0, _)) => continue,
-                    Ok((len, _)) => len,
+                    Ok(res) => res,
                     Err(e) => {
                         tracing::warn!("failed to receive data: {e}");
                         continue;
@@ -89,7 +90,7 @@ impl Node {
                     if let Err(error) = ctx
                         .node
                         .handle_received_data(
-                            PacketView::from(buffer.as_mut_slice()),
+                            PacketView::new(source, buffer.as_mut_slice()),
                             &ctx.message_subscribers,
                             &ctx.query_subscribers,
                         )
@@ -413,8 +414,21 @@ impl Node {
                 self.options.packet_signature_required,
             )?;
 
-            if let Some(list) = &packet.address {
-                let addr = parse_address_list(list, self.options.clock_tolerance_sec)?;
+            let addr = 'addr: {
+                if let Some(list) = &packet.address {
+                    break 'addr Some(parse_address_list(list, self.options.clock_tolerance_sec)?);
+                }
+
+                if self.options.use_packet_source_addr {
+                    if let SocketAddr::V4(addr) = raw_packet.source() {
+                        break 'addr Some(addr);
+                    }
+                }
+
+                None
+            };
+
+            if let Some(addr) = addr {
                 self.add_peer(
                     NewPeerContext::AdnlPacket,
                     local_id,

diff --git a/src/adnl/packet_view.rs b/src/adnl/packet_view.rs
@@ -1,10 +1,20 @@
+use std::net::SocketAddr;
 use std::ops::{Index, IndexMut, Range, RangeFrom, RangeTo};
 
 pub struct PacketView<'a> {
+    source: SocketAddr,
     bytes: &'a mut [u8],
 }
 
 impl<'a> PacketView<'a> {
+    pub fn new(source: SocketAddr, bytes: &'a mut [u8]) -> Self {
+        Self { source, bytes }
+    }
+
+    pub fn source(&self) -> SocketAddr {
+        self.source
+    }
+
     #[inline(always)]
     pub const fn as_ptr(&self) -> *const u8 {
         self.bytes.as_ptr()
@@ -64,9 +74,3 @@ impl IndexMut<RangeFrom<usize>> for PacketView<'_> {
         self.bytes.index_mut(index)
     }
 }
-
-impl<'a> From<&'a mut [u8]> for PacketView<'a> {
-    fn from(bytes: &'a mut [u8]) -> Self {
-        Self { bytes }
-    }
-}