From 3051b6897d04b54db1a79a3f36293cbb8d16a4e7 Mon Sep 17 00:00:00 2001
From: Mark Qvist <mark@unsigned.io>
Date: Tue, 15 Mar 2022 14:55:47 +0100
Subject: [PATCH] Updated filtering rules. Fixes #18.

---
 RNS/Destination.py |  6 ++++++
 RNS/Transport.py   | 30 +++++++++++++++++++++++++++---
 2 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/RNS/Destination.py b/RNS/Destination.py
index 0e74936..0edf04f 100755
--- a/RNS/Destination.py
+++ b/RNS/Destination.py
@@ -118,6 +118,9 @@ class Destination:
             identity = RNS.Identity()
             aspects = aspects+(identity.hexhash,)
 
+        if identity != None and self.type == Destination.PLAIN:
+            raise TypeError("Selected destination type PLAIN cannot hold an identity")
+
         self.identity = identity
 
         self.name = Destination.full_name(app_name, *aspects)      
@@ -146,6 +149,9 @@ class Destination:
         :param app_data: *bytes* containing the app_data.
         :param path_response: Internal flag used by :ref:`RNS.Transport<api-transport>`. Ignore.
         """
+        if self.type != Destination.SINGLE:
+            raise TypeError("Only SINGLE destination types can be announced")
+            
         destination_hash = self.hash
         random_hash = RNS.Identity.get_random_hash()[0:5]+int(time.time()).to_bytes(5, "big")
 
diff --git a/RNS/Transport.py b/RNS/Transport.py
index e0388a3..59c0fc0 100755
--- a/RNS/Transport.py
+++ b/RNS/Transport.py
@@ -457,7 +457,7 @@ class Transport:
         sent = False
 
         # Check if we have a known path for the destination in the path table
-        if packet.packet_type != RNS.Packet.ANNOUNCE and packet.destination_hash in Transport.destination_table:
+        if packet.packet_type != RNS.Packet.ANNOUNCE and packet.destination.type != RNS.Destination.PLAIN and packet.destination.type != RNS.Destination.GROUP and packet.destination_hash in Transport.destination_table:
             outbound_interface = Transport.destination_table[packet.destination_hash][5]
 
             # If there's more than one hop to the destination, and we know
@@ -572,14 +572,38 @@ class Transport:
             return True
         if packet.context == RNS.Packet.CACHE_REQUEST:
             return True
+
         if packet.destination_type == RNS.Destination.PLAIN:
-            return True
+            if packet.packet_type != RNS.Packet.ANNOUNCE:
+                if packet.hops > 1:
+                    RNS.log("Dropped PLAIN packet "+RNS.prettyhexrep(packet.hash)+" with "+str(packet.hops)+" hops", RNS.LOG_DEBUG)
+                    return False
+                else:
+                    return True
+            else:
+                RNS.log("Dropped invalid PLAIN announce packet", RNS.LOG_DEBUG)
+                return False
+
+        if packet.destination_type == RNS.Destination.GROUP:
+            if packet.packet_type != RNS.Packet.ANNOUNCE:
+                if packet.hops > 1:
+                    RNS.log("Dropped GROUP packet "+RNS.prettyhexrep(packet.hash)+" with "+str(packet.hops)+" hops", RNS.LOG_DEBUG)
+                    return False
+                else:
+                    return True
+            else:
+                RNS.log("Dropped invalid GROUP announce packet", RNS.LOG_DEBUG)
+                return False
 
         if not packet.packet_hash in Transport.packet_hashlist:
             return True
         else:
             if packet.packet_type == RNS.Packet.ANNOUNCE:
-                return True
+                if packet.destination_type == RNS.Destination.SINGLE:
+                    return True
+                else:
+                    RNS.log("Dropped invalid announce packet", RNS.LOG_DEBUG)
+                    return False
 
         RNS.log("Filtered packet with hash "+RNS.prettyhexrep(packet.packet_hash), RNS.LOG_DEBUG)
         return False