Minor security: lock roots to only be reachable via World IPs.
This commit is contained in:
parent
4b3a47849d
commit
244f37179c
3 changed files with 36 additions and 0 deletions
|
@ -264,6 +264,23 @@ void Topology::setUpstream(const Address &a,bool upstream)
|
|||
RR->sw->requestWhois(a);
|
||||
}
|
||||
|
||||
bool Topology::isProhibitedEndpoint(const Address &ztaddr,const InetAddress &ipaddr) const
|
||||
{
|
||||
Mutex::Lock _l(_lock);
|
||||
|
||||
if (std::find(_rootAddresses.begin(),_rootAddresses.end(),ztaddr) != _rootAddresses.end()) {
|
||||
for(std::vector<World::Root>::const_iterator r(_world.roots().begin());r!=_world.roots().end();++r) {
|
||||
for(std::vector<InetAddress>::const_iterator e(r->stableEndpoints.begin());e!=r->stableEndpoints.end();++e) {
|
||||
if (ipaddr.ipsEqual(*e))
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
bool Topology::worldUpdateIfValid(const World &newWorld)
|
||||
{
|
||||
Mutex::Lock _l(_lock);
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue