More spoof remediation (#7612)

* More spoof remediation

* Fix signed comparison error

* Only fire self-bound messages into the routing module

* Update src/mesh/MeshModule.cpp

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* String const

---------

Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 3 people

src/mesh/MeshModule.cpp

@@ -85,8 +85,11 @@ meshtastic_MeshPacket *MeshModule::allocErrorResponse(meshtastic_Routing_Error e
     return r;
 }
 
-void MeshModule::callModules(meshtastic_MeshPacket &mp, RxSource src)
+void MeshModule::callModules(meshtastic_MeshPacket &mp, RxSource src, const char *specificModule)
 {
+    if (specificModule) {
+        LOG_DEBUG("Calling specific module: %s", specificModule);
+    }
     // LOG_DEBUG("In call modules");
     bool moduleFound = false;
 
@@ -104,6 +107,11 @@ void MeshModule::callModules(meshtastic_MeshPacket &mp, RxSource src)
     for (auto i = modules->begin(); i != modules->end(); ++i) {
         auto &pi = **i;
 
+        // If specificModule is provided, only call that specific module
+        if (specificModule && (!pi.name || strcmp(pi.name, specificModule) != 0)) {
+            continue;
+        }
+
         pi.currentRequest = ∓
 
         /// We only call modules that are interested in the packet (and the message is destined to us or we are promiscious)

src/mesh/MeshModule.h

@@ -73,7 +73,7 @@ class MeshModule
 
     /** For use only by MeshService
      */
-    static void callModules(meshtastic_MeshPacket &mp, RxSource src = RX_SRC_RADIO);
+    static void callModules(meshtastic_MeshPacket &mp, RxSource src = RX_SRC_RADIO, const char *specificModule = nullptr);
 
     static std::vector<MeshModule *> GetMeshModulesWithUIFrames(int startIndex);
     static void observeUIEvents(Observer<const UIFrameEvent *> *observer);

src/mesh/NodeDB.cpp

@@ -1867,7 +1867,7 @@ bool NodeDB::checkLowEntropyPublicKey(const meshtastic_Config_SecurityConfig_pub
         uint8_t keyHash[32] = {0};
         memcpy(keyHash, keyToTest.bytes, keyToTest.size);
         crypto->hash(keyHash, 32);
-        for (int i = 0; i < sizeof(LOW_ENTROPY_HASHES) / sizeof(LOW_ENTROPY_HASHES[0]); i++) {
+        for (uint16_t i = 0; i < sizeof(LOW_ENTROPY_HASHES) / sizeof(LOW_ENTROPY_HASHES[0]); i++) {
             if (memcmp(keyHash, LOW_ENTROPY_HASHES[i], sizeof(LOW_ENTROPY_HASHES[0])) == 0) {
                 return true;
             }

src/mesh/Router.cpp

@@ -653,7 +653,8 @@ void Router::handleReceived(meshtastic_MeshPacket *p, RxSource src)
     }
 
     // call modules here
-    if (!skipHandle) {
+    // If this could be a spoofed packet, don't let the modules see it.
+    if (!skipHandle && p->from != nodeDB->getNodeNum()) {
         MeshModule::callModules(*p, src);
 
 #if !MESHTASTIC_EXCLUDE_MQTT
@@ -667,6 +668,8 @@ void Router::handleReceived(meshtastic_MeshPacket *p, RxSource src)
             !isFromUs(p) && mqtt)
             mqtt->onSend(*p_encrypted, *p, p->channel);
 #endif
+    } else if (p->from == nodeDB->getNodeNum() && !skipHandle) {
+        MeshModule::callModules(*p, src, ROUTING_MODULE);
     }
 
     packetPool.release(p_encrypted); // Release the encrypted packet

src/modules/RoutingModule.cpp

@@ -73,7 +73,7 @@ uint8_t RoutingModule::getHopLimitForResponse(uint8_t hopStart, uint8_t hopLimit
     return Default::getConfiguredOrDefaultHopLimit(config.lora.hop_limit); // Use the default hop limit
 }
 
-RoutingModule::RoutingModule() : ProtobufModule("routing", meshtastic_PortNum_ROUTING_APP, &meshtastic_Routing_msg)
+RoutingModule::RoutingModule() : ProtobufModule(ROUTING_MODULE, meshtastic_PortNum_ROUTING_APP, &meshtastic_Routing_msg)
 {
     isPromiscuous = true;
 

src/modules/RoutingModule.h

@@ -2,6 +2,8 @@
 #include "Channels.h"
 #include "ProtobufModule.h"
 
+static const char *ROUTING_MODULE = "routing";
+
 /**
  * Routing module for router control messages
  */