From 19d1de64ca9e9f7e42a0ddf7f9351e2681b31fca Mon Sep 17 00:00:00 2001 From: Aaron Johnson <4023+aaronjohnson@users.noreply.github.com> Date: Fri, 15 Aug 2025 10:29:06 -0700 Subject: [PATCH] Fix: Restore backward compatibility for mixed-version networks Restores the deprecated ENCRYPTED flag (0x80) that was removed between 1.14.2 and 1.16, fixing L2 multicast failures when 1.16 controllers communicate through pre-1.16 moons. - Move ZT_PROTO_FLAG_EXTENDED_ARMOR to unused bit 0x20 - Restore ZT_PROTO_FLAG_ENCRYPTED at 0x80 - Restore setCipher() backward compatibility code from 1.14.2 This ensures MULTICAST_GATHER responses can be relayed through older moons, fixing ARP resolution in L2 networks with broadcastEnabled:true. Fixes connectivity issues in mixed-version networks. --- node/Packet.hpp | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/node/Packet.hpp b/node/Packet.hpp index f6b8fdbdc..5161ce207 100644 --- a/node/Packet.hpp +++ b/node/Packet.hpp @@ -132,10 +132,14 @@ * If this is set, the packet will have an ephemeral key appended to it its payload * will be encrypted with AES-CTR using this ephemeral key and the packet's header * as an IV. - * - * Note that this is a reuse of a flag that has long been deprecated and ignored. */ -#define ZT_PROTO_FLAG_EXTENDED_ARMOR 0x80 +#define ZT_PROTO_FLAG_EXTENDED_ARMOR 0x20 + +/** + * DEPRECATED: This has been replaced by the three-bit cipher suite selection field. + * Kept for backward compatibility with pre-1.16 nodes. + */ +#define ZT_PROTO_FLAG_ENCRYPTED 0x80 /** * Header flag indicating that a packet is fragmented @@ -1276,6 +1280,12 @@ class Packet : public Buffer { { unsigned char& b = (*this)[ZT_PACKET_IDX_FLAGS]; b = (b & 0xc7) | (unsigned char)((c << 3) & 0x38); // bits: FFCCCHHH + // Set DEPRECATED "encrypted" flag -- used by pre-1.0.3 peers + if (c == ZT_PROTO_CIPHER_SUITE__C25519_POLY1305_SALSA2012) { + b |= ZT_PROTO_FLAG_ENCRYPTED; + } else { + b &= (~ZT_PROTO_FLAG_ENCRYPTED); + } } /**