Local switch shared secrets#6794
Merged
Merged
Conversation
This allows for a “shared secret” to be entered for a network switch, segmenting traffic so that multiple people could use the feature simultaneously without accidentally entering into or interfering with each other's networks. Takes a string specified in the configuration file (using the net_%02i_secret key) and hashes it through SHA3-256 to prepend to each data packet. This hash is used to compare packets on reception and allow or discard them.
Two birds in one commit: with the introduction of shared secrets, there is a practically-infinite amount of local switches that can be used, by merely editing the shared secret string. As such, support for old switch groups has been removed. In addition to this, the multicast address for local switch has been altered to 239.255.80.86. This ensures a hard compatibility break with the previous code and old (albeit interim) builds of 86Box would not attempt to receive packets with shared secrets.
I used AI to translate the phrase. If it got any of the wrong, I trust it'll be fixed. :-)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This alters the local switch function to use a "shared secret" to separate logical switches. Only by having an identical shared secret can two 86Box machines transmit and receive packets between each other. This feature is optional inasmuch the text field can be left blank. This can be useful in the circumstance of having multiple people on one LAN, say Fred and Wilma each have their own computers and want to set up 86Box networks that don't accidentally join each other, they might use the shared secrets "fred" and "wilma" respectively to keep isolation.
Since shared secrets can supplant the limited number of switch groups, that feature has also been entirely done away with. Using unique shared secrets to segment unique networks is a viable alternative.
IMPORTANT: This is not a security feature! Packets are transmitted in plain-text as they always have, and a malicious actor can trivially modify a local copy of 86Box to "spoof" the shared secret hash and join on a network.
Checklist