mirrors/nebula
1
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2025-12-06 02:30:57 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Teardown tunnel automatically if peer's certificate expired (#370)

Browse source
This commit is contained in:
Donatas Abraitis 2021-10-20 21:23:33 +03:00 committed by GitHub
parent e8b08e49e6
commit 32e2619323
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 167 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

3
interface.go
View file

@ -43,6 +43,7 @@ type InterfaceConfig struct {
MessageMetrics *MessageMetrics
version string
caPool *cert.NebulaCAPool
disconnectInvalid bool
ConntrackCacheTimeout time.Duration
l *logrus.Logger
@ -67,6 +68,7 @@ type Interface struct {
udpBatchSize int
routines int
caPool *cert.NebulaCAPool
disconnectInvalid bool
// rebindCount is used to decide if an active tunnel should trigger a punch notification through a lighthouse
rebindCount int8
@ -118,6 +120,7 @@ func NewInterface(c *InterfaceConfig) (*Interface, error) {
writers: make([]*udpConn, c.routines),
readers: make([]io.ReadWriteCloser, c.routines),
caPool: c.caPool,
disconnectInvalid: c.disconnectInvalid,
myVpnIp: ip2int(c.certState.certificate.Details.Ips[0].IP),
conntrackCacheTimeout: c.ConntrackCacheTimeout,