Add PKI logiv to KNOWN_ONLY and LOCAL_ONLY routing modes.

src/modules/RoutingModule.cpp

@@ -13,6 +13,19 @@ bool RoutingModule::handleReceivedProtobuf(const meshtastic_MeshPacket &mp, mesh
     printPacket("Routing sniffing", &mp);
     router->sniffReceived(&mp, r);
 
+    bool maybePKI =
+        mp.which_payload_variant == meshtastic_MeshPacket_encrypted_tag && mp.channel == 0 && mp.to != NODENUM_BROADCAST;
+    // Beginning of logic whether to drop the packet based on Rebroadcast mode
+    if (mp.which_payload_variant == meshtastic_MeshPacket_encrypted_tag &&
+        (config.device.rebroadcast_mode == meshtastic_Config_DeviceConfig_RebroadcastMode_LOCAL_ONLY ||
+         config.device.rebroadcast_mode == meshtastic_Config_DeviceConfig_RebroadcastMode_KNOWN_ONLY)) {
+        if (!maybePKI)
+            return false;
+        if ((nodeDB->getMeshNode(mp.from) == NULL || !nodeDB->getMeshNode(mp.from)->has_user) &&
+            (nodeDB->getMeshNode(mp.to) == NULL || !nodeDB->getMeshNode(mp.to)->has_user))
+            return false;
+    }
+
     // FIXME - move this to a non promsicious PhoneAPI module?
     // Note: we are careful not to send back packets that started with the phone back to the phone
     if ((mp.to == NODENUM_BROADCAST || mp.to == nodeDB->getNodeNum()) && (mp.from != 0)) {
@@ -65,6 +78,9 @@ uint8_t RoutingModule::getHopLimitForResponse(uint8_t hopStart, uint8_t hopLimit
 RoutingModule::RoutingModule() : ProtobufModule("routing", meshtastic_PortNum_ROUTING_APP, &meshtastic_Routing_msg)
 {
     isPromiscuous = true;
-    encryptedOk = config.device.rebroadcast_mode != meshtastic_Config_DeviceConfig_RebroadcastMode_LOCAL_ONLY &&
-                  config.device.rebroadcast_mode != meshtastic_Config_DeviceConfig_RebroadcastMode_KNOWN_ONLY;
+
+    // moved the ReboradcastMode logic into handleReceivedProtobuf
+    // LocalOnly requires either the from or to to be a known node
+    // knownOnly specifically requires the from to be a known node.
+    encryptedOk = true;
 }