Add: Automatically create permission for connected peers is not exist.
This commit is contained in:
parent
a434a6ad8a
commit
295bac11e3
@ -401,15 +401,39 @@ pub async fn udp_reader_loop_with_limits(
|
|||||||
};
|
};
|
||||||
|
|
||||||
if !allocation.is_peer_allowed(&peer_addr) {
|
if !allocation.is_peer_allowed(&peer_addr) {
|
||||||
let resp = build_error_response_with_integrity_mode(
|
match allocs.add_permission(peer, peer_addr) {
|
||||||
&msg.header,
|
Ok(()) => {
|
||||||
403,
|
tracing::info!(
|
||||||
"Peer Not Permitted",
|
"added implicit permission for {} -> {} (via CHANNEL-BIND)",
|
||||||
&key,
|
peer,
|
||||||
mi_mode,
|
peer_addr
|
||||||
);
|
);
|
||||||
let _ = udp.send_to(&resp, &peer).await;
|
crate::metrics::inc_permission_added();
|
||||||
continue;
|
}
|
||||||
|
Err(e) => {
|
||||||
|
tracing::error!(
|
||||||
|
"failed to add implicit permission {} -> {}: {:?}",
|
||||||
|
peer,
|
||||||
|
peer_addr,
|
||||||
|
e
|
||||||
|
);
|
||||||
|
let (code, reason) = match e.downcast_ref::<AllocationError>() {
|
||||||
|
Some(AllocationError::PermissionQuotaExceeded) => {
|
||||||
|
(508, "Insufficient Capacity")
|
||||||
|
}
|
||||||
|
_ => (403, "Peer Not Permitted"),
|
||||||
|
};
|
||||||
|
let resp = build_error_response_with_integrity_mode(
|
||||||
|
&msg.header,
|
||||||
|
code,
|
||||||
|
reason,
|
||||||
|
&key,
|
||||||
|
mi_mode,
|
||||||
|
);
|
||||||
|
let _ = udp.send_to(&resp, &peer).await;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Err(e) = allocs.add_channel_binding(peer, channel, peer_addr) {
|
if let Err(e) = allocs.add_channel_binding(peer, channel, peer_addr) {
|
||||||
|
|||||||
@ -545,15 +545,39 @@ where
|
|||||||
};
|
};
|
||||||
|
|
||||||
if !allocation.is_peer_allowed(&peer_addr) {
|
if !allocation.is_peer_allowed(&peer_addr) {
|
||||||
let resp = build_error_response_with_integrity_mode(
|
match allocs.add_permission(peer, peer_addr) {
|
||||||
&msg.header,
|
Ok(()) => {
|
||||||
403,
|
tracing::info!(
|
||||||
"Peer Not Permitted",
|
"added implicit permission for {} -> {} (via CHANNEL-BIND)",
|
||||||
key,
|
peer,
|
||||||
mi_mode,
|
peer_addr
|
||||||
);
|
);
|
||||||
let _ = tx.send(resp).await;
|
crate::metrics::inc_permission_added();
|
||||||
continue;
|
}
|
||||||
|
Err(e) => {
|
||||||
|
tracing::error!(
|
||||||
|
"failed to add implicit permission {} -> {}: {:?}",
|
||||||
|
peer,
|
||||||
|
peer_addr,
|
||||||
|
e
|
||||||
|
);
|
||||||
|
let (code, reason) = match e.downcast_ref::<AllocationError>() {
|
||||||
|
Some(AllocationError::PermissionQuotaExceeded) => {
|
||||||
|
(508, "Insufficient Capacity")
|
||||||
|
}
|
||||||
|
_ => (403, "Peer Not Permitted"),
|
||||||
|
};
|
||||||
|
let resp = build_error_response_with_integrity_mode(
|
||||||
|
&msg.header,
|
||||||
|
code,
|
||||||
|
reason,
|
||||||
|
key,
|
||||||
|
mi_mode,
|
||||||
|
);
|
||||||
|
let _ = tx.send(resp).await;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Err(e) =
|
if let Err(e) =
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user