rbxii3/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2025-12-16 07:42:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Uplink DMs not to us if MQTT encryption enabled (#5025)

Browse Source 
* Uplink DMs not to us if MQTT encryption enabled

* Only really need to try uplinking encrypted packet if MQTT encryption is enabled

* Add log about publishing nothing when packet is not decrypted and encryption_enabled is false

* Improve comment
This commit is contained in:
GUVWAF
2024-10-10 22:11:58 +02:00
committed by GitHub
parent e8f287a36f
commit d55c08d5cd
3 changed files with 21 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/mqtt/MQTT.cpp
View File

@@ -524,9 +524,9 @@ void MQTT::publishQueuedMessages()
}
}
void MQTT::onSend(const meshtastic_MeshPacket &mp, const meshtastic_MeshPacket &mp_decoded, ChannelIndex chIndex)
void MQTT::onSend(const meshtastic_MeshPacket &mp_encrypted, const meshtastic_MeshPacket &mp_decoded, ChannelIndex chIndex)
{
if (mp.via_mqtt)
if (mp_encrypted.via_mqtt)
return; // Don't send messages that came from MQTT back into MQTT
bool uplinkEnabled = false;
for (int i = 0; i <= 7; i++) {
@@ -537,12 +537,8 @@ void MQTT::onSend(const meshtastic_MeshPacket &mp, const meshtastic_MeshPacket &
return; // no channels have an uplink enabled
auto &ch = channels.getByIndex(chIndex);
if (!mp.pki_encrypted) {
if (mp_decoded.which_payload_variant != meshtastic_MeshPacket_decoded_tag) {
LOG_CRIT("MQTT::onSend(): mp_decoded isn't actually decoded\n");
return;
}
// mp_decoded will not be decoded when it's PKI encrypted and not directed to us
if (mp_decoded.which_payload_variant == meshtastic_MeshPacket_decoded_tag) {
// check for the lowest bit of the data bitfield set false, and the use of one of the default keys.
if (!isFromUs(&mp_decoded) && strcmp(moduleConfig.mqtt.address, "127.0.0.1") != 0 && mp_decoded.decoded.has_bitfield &&
!(mp_decoded.decoded.bitfield & BITFIELD_OK_TO_MQTT_MASK) &&
@@ -559,8 +555,11 @@ void MQTT::onSend(const meshtastic_MeshPacket &mp, const meshtastic_MeshPacket &
return;
}
}
if (mp.pki_encrypted || ch.settings.uplink_enabled) {
const char *channelId = mp.pki_encrypted ? "PKI" : channels.getGlobalId(chIndex);
// Either encrypted packet (we couldn't decrypt) is marked as pki_encrypted, or we could decode the PKI encrypted packet
bool isPKIEncrypted = mp_encrypted.pki_encrypted || mp_decoded.pki_encrypted;
// If it was to a channel, check uplink enabled, else must be pki_encrypted
if ((ch.settings.uplink_enabled && !isPKIEncrypted) || isPKIEncrypted) {
const char *channelId = isPKIEncrypted ? "PKI" : channels.getGlobalId(chIndex);
meshtastic_ServiceEnvelope *env = mqttPool.allocZeroed();
env->channel_id = (char *)channelId;
@@ -568,12 +567,14 @@ void MQTT::onSend(const meshtastic_MeshPacket &mp, const meshtastic_MeshPacket &
LOG_DEBUG("MQTT onSend - Publishing ");
if (moduleConfig.mqtt.encryption_enabled) {
env->packet = (meshtastic_MeshPacket *)&mp;
env->packet = (meshtastic_MeshPacket *)&mp_encrypted;
LOG_DEBUG("encrypted message\n");
} else if (mp_decoded.which_payload_variant ==
meshtastic_MeshPacket_decoded_tag) { // Don't upload a still-encrypted PKI packet
} else if (mp_decoded.which_payload_variant == meshtastic_MeshPacket_decoded_tag) {
env->packet = (meshtastic_MeshPacket *)&mp_decoded;
LOG_DEBUG("portnum %i message\n", env->packet->decoded.portnum);
} else {
LOG_DEBUG("nothing, pkt not decrypted\n");
return; // Don't upload a still-encrypted PKI packet if not encryption_enabled
}
if (moduleConfig.mqtt.proxy_to_client_enabled || this->isConnectedDirectly()) {