diff --git a/src/fne/network/FNENetwork.cpp b/src/fne/network/FNENetwork.cpp index 9d854cb9..cd8570e2 100644 --- a/src/fne/network/FNENetwork.cpp +++ b/src/fne/network/FNENetwork.cpp @@ -569,6 +569,22 @@ void* FNENetwork::threadedNetworkRx(void* arg) connection->currStreamId(streamId); network->setupRepeaterLogin(peerId, connection); + + // check if the peer is in the peer ACL list + if (network->m_peerListLookup->getACL()) { + if (!network->m_peerListLookup->isPeerAllowed(peerId)) { + if (network->m_peerListLookup->getMode() == lookups::PeerListLookup::BLACKLIST) { + LogWarning(LOG_NET, "PEER %u RPTL, blacklisted from access", peerId); + } else { + LogWarning(LOG_NET, "PEER %u RPTL, failed whitelist check", peerId); + } + + network->writePeerNAK(peerId, TAG_REPEATER_LOGIN, NET_CONN_NAK_PEER_ACL, req->address, req->addrLen); + + delete connection; + network->erasePeer(peerId); + } + } } else { // check if the peer is in our peer list -- if he is, and he isn't in a running state, reset @@ -587,6 +603,22 @@ void* FNENetwork::threadedNetworkRx(void* arg) network->erasePeerAffiliations(peerId); network->setupRepeaterLogin(peerId, connection); + + // check if the peer is in the peer ACL list + if (network->m_peerListLookup->getACL()) { + if (!network->m_peerListLookup->isPeerAllowed(peerId)) { + if (network->m_peerListLookup->getMode() == lookups::PeerListLookup::BLACKLIST) { + LogWarning(LOG_NET, "PEER %u RPTL, blacklisted from access", peerId); + } else { + LogWarning(LOG_NET, "PEER %u RPTL, failed whitelist check", peerId); + } + + network->writePeerNAK(peerId, TAG_REPEATER_LOGIN, NET_CONN_NAK_PEER_ACL, req->address, req->addrLen); + + delete connection; + network->erasePeer(peerId); + } + } } else { network->writePeerNAK(peerId, TAG_REPEATER_LOGIN, NET_CONN_NAK_BAD_CONN_STATE, req->address, req->addrLen); diff --git a/src/host/network/Network.cpp b/src/host/network/Network.cpp index 88f91e04..437a7fb6 100644 --- a/src/host/network/Network.cpp +++ b/src/host/network/Network.cpp @@ -545,7 +545,9 @@ void Network::clock(uint32_t ms) LogWarning(LOG_NET, "PEER %u master NAK; FNE demanded connection reset, remotePeerId = %u", m_peerId, rtpHeader.getSSRC()); break; case NET_CONN_NAK_PEER_ACL: - LogWarning(LOG_NET, "PEER %u master NAK; ACL rejection, remotePeerId = %u", m_peerId, rtpHeader.getSSRC()); + LogError(LOG_NET, "PEER %u master NAK; ACL rejection, network disabled, remotePeerId = %u", m_peerId, rtpHeader.getSSRC()); + m_status = NET_STAT_WAITING_LOGIN; + m_enabled = false; // ACL rejection give up stop trying to connect break; case NET_CONN_NAK_GENERAL_FAILURE: @@ -562,9 +564,11 @@ void Network::clock(uint32_t ms) m_retryTimer.start(); } else { - LogError(LOG_NET, "PEER %u master NAK; network reconnect, remotePeerId = %u", m_peerId, rtpHeader.getSSRC()); - close(); - open(); + if (m_enabled) { + LogError(LOG_NET, "PEER %u master NAK; network reconnect, remotePeerId = %u", m_peerId, rtpHeader.getSSRC()); + close(); + open(); + } return; } }