The custom message packet sender needs a dest port

Source/Dest ports are required for the nebula firewall on the receiving side, allow the port to be configured so that it can be matched to specific rules as required.
2025-11-11 19:03:57 +01:00 · 2020-10-02 20:46:08 +10:00 · 2020-10-02 20:46:08 +10:00 · 3cebf38504
commit 3cebf38504
parent ae3ee42469
1 changed files with 10 additions and 7 deletions
--- a/control.go
+++ b/control.go
@ -189,20 +189,23 @@ func (c *Control) Hook(t NebulaMessageSubType, w func([]byte) error) error {
 }

 // Send provides the ability to send arbitrary message packets to peer nodes.
-// The provided payload will be encapsulated in an IPv4 packet from the
-// node IP to the provided destination nebula IP. Any protocol handling
-// above layer 3 (IP) must be managed by the caller.
-func (c *Control) Send(ip uint32, t NebulaMessageSubType, payload []byte) {
+// The provided payload will be encapsulated in a Nebula Firewall packet
+// (IPv4 plus ports) from the node IP to the provided destination nebula IP.
+// Any protocol handling above layer 3 (IP) must be managed by the caller.
+func (c *Control) Send(ip uint32, port uint16, t NebulaMessageSubType, payload []byte) {
 	hostinfo := c.f.getOrHandshake(ip)
 	ci := hostinfo.ConnectionState

-	length := ipv4.HeaderLen + len(payload)
+	headerLen := ipv4.HeaderLen + minFwPacketLen
+	length := headerLen + len(payload)
 	packet := make([]byte, length)
-	packet[0] = 0x45
+	packet[0] = 0x45 // IPv4 HL=20
+	packet[9] = 114  // Declare as arbitrary 0-hop protocol
 	binary.BigEndian.PutUint16(packet[2:4], uint16(length))
 	binary.BigEndian.PutUint32(packet[12:16], ip2int(c.f.inside.CidrNet().IP.To4()))
 	binary.BigEndian.PutUint32(packet[16:20], ip)
-	copy(packet[ipv4.HeaderLen:], payload)
+	binary.BigEndian.PutUint16(packet[22:24], port)
+	copy(packet[headerLen:], payload)

 	nb := make([]byte, 12)
 	out := make([]byte, mtu)