From 32bbdc4f7846f535ed9ce3330bcb17e866e85c6d Mon Sep 17 00:00:00 2001
From: asxalex <asxalex@163.com>
Date: Tue, 22 Oct 2024 15:14:03 +0800
Subject: [PATCH] arp reply encrypt

---
 src/network/arp.rs    |  4 ++--
 src/network/packet.rs | 14 ++++++++++----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/network/arp.rs b/src/network/arp.rs
index 8bd9de8..0c3ae23 100644
--- a/src/network/arp.rs
+++ b/src/network/arp.rs
@@ -176,9 +176,9 @@ impl ArpInfo {
 
         if (ip & host_netmask) == (host_ip & host_netmask) {
             println!(
-                "hostip = {:?}\nhostmac={:?}\nip={:?}",
-                host_netmask.to_be_bytes(),
+                "hostip = {:?}, ip={:?}",
                 host_ip.to_be_bytes(),
+                // host_ip.to_be_bytes(),
                 ip.to_be_bytes(),
             );
             target_ip = ip;
diff --git a/src/network/packet.rs b/src/network/packet.rs
index 1743f59..cc4ca3e 100644
--- a/src/network/packet.rs
+++ b/src/network/packet.rs
@@ -23,8 +23,8 @@ use sdlan_sn_rs::{
     config::{AF_INET, AF_INET6},
     peer::{is_sdlan_sock_equal, SdlanSock, V6Info},
     utils::{
-        aes_decrypt, get_current_timestamp, get_sdlan_sock_from_socketaddr, ip_to_string,
-        is_multi_broadcast, Mac, Result, SDLanError, BROADCAST_MAC,
+        aes_decrypt, aes_encrypt, get_current_timestamp, get_sdlan_sock_from_socketaddr,
+        ip_to_string, is_multi_broadcast, Mac, Result, SDLanError, BROADCAST_MAC,
     },
 };
 use std::sync::Arc;
@@ -804,19 +804,25 @@ async fn handle_tun_packet(
                             arp.sipaddr =
                                 [((self_ip >> 16) & 0xffff) as u16, (self_ip & 0xffff) as u16];
 
+                            let data = arp.marshal_to_bytes();
+                            let Ok(encrypted) = aes_encrypt(key.as_slice(), &data) else {
+                                error!("failed to encrypt arp reply");
+                                return;
+                            };
+
                             let data = SdlData {
                                 is_p2p: true,
                                 ttl: 2,
                                 network_id: edge.network_id.load(Ordering::Relaxed),
                                 src_mac: Vec::from(self_mac),
                                 dst_mac: Vec::from(arp.shwaddr),
-                                data: arp.marshal_to_bytes(),
+                                data: encrypted,
                             };
 
                             let v =
                                 encode_to_udp_message(Some(data), PacketType::Data as u8).unwrap();
                             println!("xxxx send arp reply");
-                            send_packet_to_net(edge, BROADCAST_MAC, &v, 0).await;
+                            send_packet_to_net(edge, arp.shwaddr, &v, 0).await;
                             // send_to_sock(edge, &v, from_sock);
                             // edge.sock.send(v).await;
                         }