|
|
|
|
@ -403,26 +403,6 @@ public:
|
|
|
|
|
static BackgroundSoftwareUpdateChecker backgroundSoftwareUpdateChecker; |
|
|
|
|
#endif // ZT_AUTO_UPDATE
|
|
|
|
|
|
|
|
|
|
static bool isBlacklistedLocalInterfaceForZeroTierTraffic(const char *ifn) |
|
|
|
|
{ |
|
|
|
|
#if defined(__linux__) || defined(linux) || defined(__LINUX__) || defined(__linux) |
|
|
|
|
if ((ifn[0] == 'l')&&(ifn[1] == 'o')) return true; // loopback
|
|
|
|
|
if ((ifn[0] == 'z')&&(ifn[1] == 't')) return true; // sanity check: zt#
|
|
|
|
|
if ((ifn[0] == 't')&&(ifn[1] == 'u')&&(ifn[2] == 'n')) return true; // tun# is probably an OpenVPN tunnel or similar
|
|
|
|
|
if ((ifn[0] == 't')&&(ifn[1] == 'a')&&(ifn[2] == 'p')) return true; // tap# is probably an OpenVPN tunnel or similar
|
|
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
#ifdef __APPLE__ |
|
|
|
|
if ((ifn[0] == 'l')&&(ifn[1] == 'o')) return true; // loopback
|
|
|
|
|
if ((ifn[0] == 'z')&&(ifn[1] == 't')) return true; // sanity check: zt#
|
|
|
|
|
if ((ifn[0] == 't')&&(ifn[1] == 'u')&&(ifn[2] == 'n')) return true; // tun# is probably an OpenVPN tunnel or similar
|
|
|
|
|
if ((ifn[0] == 't')&&(ifn[1] == 'a')&&(ifn[2] == 'p')) return true; // tap# is probably an OpenVPN tunnel or similar
|
|
|
|
|
if ((ifn[0] == 'u')&&(ifn[1] == 't')&&(ifn[2] == 'u')&&(ifn[3] == 'n')) return true; // ... as is utun#
|
|
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
static std::string _trimString(const std::string &s) |
|
|
|
|
{ |
|
|
|
|
unsigned long end = (unsigned long)s.length(); |
|
|
|
|
@ -547,6 +527,7 @@ public:
|
|
|
|
|
Hashtable< uint64_t,std::vector<InetAddress> > _v6Blacklists; |
|
|
|
|
std::vector< InetAddress > _globalV4Blacklist; |
|
|
|
|
std::vector< InetAddress > _globalV6Blacklist; |
|
|
|
|
std::vector< std::string > _interfacePrefixBlacklist; |
|
|
|
|
Mutex _localConfig_m; |
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
@ -1237,6 +1218,7 @@ public:
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
_interfacePrefixBlacklist.clear(); |
|
|
|
|
json &settings = _localConfig["settings"]; |
|
|
|
|
if (settings.is_object()) { |
|
|
|
|
const std::string rp(_jS(settings["relayPolicy"],"")); |
|
|
|
|
@ -1245,6 +1227,15 @@ public:
|
|
|
|
|
else if ((rp == "never")||(rp == "NEVER")) |
|
|
|
|
_node->setRelayPolicy(ZT_RELAY_POLICY_NEVER); |
|
|
|
|
else _node->setRelayPolicy(ZT_RELAY_POLICY_TRUSTED); |
|
|
|
|
|
|
|
|
|
json &ignoreIfs = settings["interfacePrefixBlacklist"]; |
|
|
|
|
if (ignoreIfs.is_array()) { |
|
|
|
|
for(unsigned long i=0;i<ignoreIfs.size();++i) { |
|
|
|
|
const std::string tmp(_jS(ignoreIfs[i],"")); |
|
|
|
|
if (tmp.length() > 0) |
|
|
|
|
_interfacePrefixBlacklist.push_back(tmp); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -1992,16 +1983,40 @@ public:
|
|
|
|
|
|
|
|
|
|
bool shouldBindInterface(const char *ifname,const InetAddress &ifaddr) |
|
|
|
|
{ |
|
|
|
|
if (isBlacklistedLocalInterfaceForZeroTierTraffic(ifname)) |
|
|
|
|
return false; |
|
|
|
|
#if defined(__linux__) || defined(linux) || defined(__LINUX__) || defined(__linux) |
|
|
|
|
if ((ifname[0] == 'l')&&(ifname[1] == 'o')) return false; // loopback
|
|
|
|
|
if ((ifname[0] == 'z')&&(ifname[1] == 't')) return false; // sanity check: zt#
|
|
|
|
|
if ((ifname[0] == 't')&&(ifname[1] == 'u')&&(ifname[2] == 'n')) return false; // tun# is probably an OpenVPN tunnel or similar
|
|
|
|
|
if ((ifname[0] == 't')&&(ifname[1] == 'a')&&(ifname[2] == 'p')) return false; // tap# is probably an OpenVPN tunnel or similar
|
|
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
Mutex::Lock _l(_nets_m); |
|
|
|
|
for(std::map<uint64_t,NetworkState>::const_iterator n(_nets.begin());n!=_nets.end();++n) { |
|
|
|
|
if (n->second.tap) { |
|
|
|
|
std::vector<InetAddress> ips(n->second.tap->ips()); |
|
|
|
|
for(std::vector<InetAddress>::const_iterator i(ips.begin());i!=ips.end();++i) { |
|
|
|
|
if (i->ipsEqual(ifaddr)) |
|
|
|
|
return false; |
|
|
|
|
#ifdef __APPLE__ |
|
|
|
|
if ((ifname[0] == 'l')&&(ifname[1] == 'o')) return false; // loopback
|
|
|
|
|
if ((ifname[0] == 'z')&&(ifname[1] == 't')) return false; // sanity check: zt#
|
|
|
|
|
if ((ifname[0] == 't')&&(ifname[1] == 'u')&&(ifname[2] == 'n')) return false; // tun# is probably an OpenVPN tunnel or similar
|
|
|
|
|
if ((ifname[0] == 't')&&(ifname[1] == 'a')&&(ifname[2] == 'p')) return false; // tap# is probably an OpenVPN tunnel or similar
|
|
|
|
|
if ((ifname[0] == 'u')&&(ifname[1] == 't')&&(ifname[2] == 'u')&&(ifname[3] == 'n')) return false; // ... as is utun#
|
|
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
{ |
|
|
|
|
Mutex::Lock _l(_localConfig_m); |
|
|
|
|
for(std::vector<std::string>::const_iterator p(_interfacePrefixBlacklist.begin());p!=_interfacePrefixBlacklist.end();++p) { |
|
|
|
|
if (!strncmp(p->c_str(),ifname,p->length())) { |
|
|
|
|
printf("%s\n",ifname); |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
{ |
|
|
|
|
Mutex::Lock _l(_nets_m); |
|
|
|
|
for(std::map<uint64_t,NetworkState>::const_iterator n(_nets.begin());n!=_nets.end();++n) { |
|
|
|
|
if (n->second.tap) { |
|
|
|
|
std::vector<InetAddress> ips(n->second.tap->ips()); |
|
|
|
|
for(std::vector<InetAddress>::const_iterator i(ips.begin());i!=ips.end();++i) { |
|
|
|
|
if (i->ipsEqual(ifaddr)) |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
Adam Ierymenko
9 years ago