tpws: block connections to 127.0.0.0/8

2025-05-24 22:32:58 +03:00 · 2021-03-19 10:55:20 +03:00
parent 638a27c181
commit 94405e89c3
11 changed files with 10 additions and 2 deletions
--- a/tpws/helpers.c
+++ b/tpws/helpers.c
@@ -75,7 +75,10 @@ void print_sockaddr(const struct sockaddr *sa)
 bool check_local_ip(const struct sockaddr *saddr)
 {
 	struct ifaddrs *addrs,*a;
-    
+
+	if (saddr->sa_family==AF_INET && is_localnet((struct sockaddr_in *)saddr))
+		return true;
+
 	if (getifaddrs(&addrs)<0) return false;
 	a  = addrs;

@@ -150,7 +153,11 @@ bool saconvmapped(struct sockaddr_storage *a)
 	return false;
 }

-bool is_linklocal(const struct sockaddr_in6* a)
+bool is_localnet(const struct sockaddr_in *a)
+{
+	return (htonl(a->sin_addr.s_addr)>>24)==127;
+}
+bool is_linklocal(const struct sockaddr_in6 *a)
 {
 	// fe80::/10
 	return a->sin6_addr.s6_addr[0]==0xFE && (a->sin6_addr.s6_addr[1] & 0xC0)==0x80;
--- a/tpws/helpers.h
+++ b/tpws/helpers.h
@@ -21,6 +21,7 @@ uint16_t saport(const struct sockaddr *sa);
 // true = was converted
 bool saconvmapped(struct sockaddr_storage *a);

+bool is_localnet(const struct sockaddr_in *a);
 bool is_linklocal(const struct sockaddr_in6* a);
 bool is_private6(const struct sockaddr_in6* a);