|
|
|
@ -933,7 +933,6 @@ namespace llarp
|
|
|
|
|
PathAlignmentTimeout());
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
bool rewriteAddrs = true;
|
|
|
|
|
std::variant<service::Address, RouterID> to;
|
|
|
|
|
service::ProtocolType type;
|
|
|
|
|
if (m_SNodes.at(itr->second))
|
|
|
|
@ -950,7 +949,8 @@ namespace llarp
|
|
|
|
|
|
|
|
|
|
// prepare packet for insertion into network
|
|
|
|
|
// this includes clearing IP addresses, recalculating checksums, etc
|
|
|
|
|
if (rewriteAddrs)
|
|
|
|
|
// this does not happen for exits because the point is they don't rewrite addresses
|
|
|
|
|
if (type != service::ProtocolType::Exit)
|
|
|
|
|
{
|
|
|
|
|
if (pkt.IsV4())
|
|
|
|
|
pkt.UpdateIPv4Address({0}, {0});
|
|
|
|
@ -1059,22 +1059,31 @@ namespace llarp
|
|
|
|
|
src = pkt.srcv6();
|
|
|
|
|
}
|
|
|
|
|
// find what exit we think this should be for
|
|
|
|
|
service::Address fromAddr{};
|
|
|
|
|
if (const auto* ptr = std::get_if<service::Address>(&addr))
|
|
|
|
|
{
|
|
|
|
|
fromAddr = *ptr;
|
|
|
|
|
}
|
|
|
|
|
else // don't allow snode
|
|
|
|
|
return false;
|
|
|
|
|
const auto mapped = m_ExitMap.FindAllEntries(src);
|
|
|
|
|
bool allow = false;
|
|
|
|
|
for (const auto& [range, exitAddr] : mapped)
|
|
|
|
|
{
|
|
|
|
|
if ((range.BogonRange() and range.Contains(src)) or not IsBogon(src))
|
|
|
|
|
{
|
|
|
|
|
// this range is either not a bogon or is a bogon we are explicitly allowing
|
|
|
|
|
if (const auto* ptr = std::get_if<service::Address>(&addr))
|
|
|
|
|
{
|
|
|
|
|
// allow if this address matches the endpoint we think it should be
|
|
|
|
|
allow = exitAddr == *ptr;
|
|
|
|
|
}
|
|
|
|
|
// allow if this address matches the endpoint we think it should be
|
|
|
|
|
allow = exitAddr == fromAddr;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (not allow)
|
|
|
|
|
{
|
|
|
|
|
var::visit(
|
|
|
|
|
[&](auto&& address) { LogWarn(Name(), " does not allow ", src, " from ", address); },
|
|
|
|
|
addr);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|