mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-08-08 14:22:31 -04:00
Removed flawed logic samenet/samesubnet you cannot determine if two ip are in the same subnet just from ips the internet is not just a bunch of /24
This commit is contained in:
Gio
parent
febea809b1
commit
16a5eed453
10 changed files with 4 additions and 348 deletions
|
|
@ -1710,7 +1710,7 @@ bool p3LinkMgrIMPL::retryConnectTCP(const RsPeerId &id)
|
|||
|
||||
#define MAX_TCP_ADDR_AGE (3600 * 24 * 14) // two weeks in seconds.
|
||||
|
||||
bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &addr, time_t age)
|
||||
bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &addr, time_t age)
|
||||
{
|
||||
#ifdef LINKMGR_DEBUG
|
||||
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr(";
|
||||
|
|
@ -1731,13 +1731,8 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad
|
|||
return false;
|
||||
}
|
||||
|
||||
bool isValid = sockaddr_storage_isValidNet(addr);
|
||||
bool isLoopback = sockaddr_storage_isLoopbackNet(addr);
|
||||
// bool isPrivate = sockaddr_storage_isPrivateNet(addr);
|
||||
bool isExternal = sockaddr_storage_isExternalNet(addr);
|
||||
|
||||
/* if invalid - quick rejection */
|
||||
if (!isValid)
|
||||
if ( ! sockaddr_storage_isValidNet(addr) )
|
||||
{
|
||||
#ifdef LINKMGR_DEBUG
|
||||
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() REJECTING - INVALID";
|
||||
|
|
@ -1772,60 +1767,7 @@ bool p3LinkMgrIMPL::locked_CheckPotentialAddr(const struct sockaddr_storage &ad
|
|||
return false ;
|
||||
}
|
||||
|
||||
/* if it is an external address, we'll accept it.
|
||||
* - even it is meant to be a local address.
|
||||
*/
|
||||
if (isExternal)
|
||||
{
|
||||
#ifdef LINKMGR_DEBUG
|
||||
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - EXTERNAL";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/* if loopback, then okay - probably proxy connection (or local testing).
|
||||
*/
|
||||
if (isLoopback)
|
||||
{
|
||||
#ifdef LINKMGR_DEBUG
|
||||
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - LOOPBACK";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/* get here, it is private or loopback
|
||||
* - can only connect to these addresses if we are on the same subnet.
|
||||
- check net against our local address.
|
||||
*/
|
||||
|
||||
#ifdef LINKMGR_DEBUG
|
||||
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() Checking sameNet against: ";
|
||||
std::cerr << sockaddr_storage_iptostring(mLocalAddress);
|
||||
std::cerr << ")";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
if (sockaddr_storage_samenet(mLocalAddress, addr))
|
||||
{
|
||||
#ifdef LINKMGR_DEBUG
|
||||
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() ACCEPTING - PRIVATE & sameNET";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
return true;
|
||||
}
|
||||
|
||||
#ifdef LINKMGR_DEBUG
|
||||
std::cerr << "p3LinkMgrIMPL::locked_CheckPotentialAddr() REJECTING - PRIVATE & !sameNET";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
/* else it fails */
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -758,52 +758,6 @@ bool getLocalInterfaces(struct sockaddr_storage &existAddr, std::list<struct soc
|
|||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
bool sameNet(const struct in_addr *addr, const struct in_addr *addr2)
|
||||
{
|
||||
#ifdef NET_DEBUG
|
||||
std::cerr << "sameNet: " << rs_inet_ntoa(*addr);
|
||||
std::cerr << " VS " << rs_inet_ntoa(*addr2);
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
struct in_addr addrnet, addrnet2;
|
||||
|
||||
addrnet.s_addr = inet_netof(*addr);
|
||||
addrnet2.s_addr = inet_netof(*addr2);
|
||||
|
||||
#ifdef NET_DEBUG
|
||||
std::cerr << " (" << rs_inet_ntoa(addrnet);
|
||||
std::cerr << " =?= " << rs_inet_ntoa(addrnet2);
|
||||
std::cerr << ")" << std::endl;
|
||||
#endif
|
||||
|
||||
in_addr_t address1 = htonl(addr->s_addr);
|
||||
in_addr_t address2 = htonl(addr2->s_addr);
|
||||
|
||||
// handle case for private net: 172.16.0.0/12
|
||||
if (address1>>20 == (172<<4 | 16>>4))
|
||||
{
|
||||
return (address1>>20 == address2>>20);
|
||||
}
|
||||
|
||||
return (inet_netof(*addr) == inet_netof(*addr2));
|
||||
}
|
||||
|
||||
|
||||
bool isSameSubnet(struct in_addr *addr1, struct in_addr *addr2)
|
||||
{
|
||||
/*
|
||||
* check that the (addr1 & 255.255.255.0) == (addr2 & 255.255.255.0)
|
||||
*/
|
||||
|
||||
unsigned long a1 = ntohl(addr1->s_addr);
|
||||
unsigned long a2 = ntohl(addr2->s_addr);
|
||||
|
||||
return ((a1 & 0xffffff00) == (a2 & 0xffffff00));
|
||||
}
|
||||
|
||||
/* This just might be portable!!! will see!!!
|
||||
* Unfortunately this is usable on winXP+, determined by: (_WIN32_WINNT >= 0x0501)
|
||||
* but not older platforms.... which must use gethostbyname.
|
||||
|
|
|
|||
|
|
@ -104,10 +104,6 @@ int inaddr_cmp(struct sockaddr_in addr1, unsigned long);
|
|||
bool getPreferredInterface(struct sockaddr_storage &existAddr, struct sockaddr_storage &prefAddr); // returns best addr.
|
||||
bool getLocalInterfaces(struct sockaddr_storage &existAddr, std::list<struct sockaddr_storage> &addrs); // returns all possible addrs.
|
||||
|
||||
// checks (addr1 & 255.255.255.0) == (addr2 & 255.255.255.0)
|
||||
bool isSameSubnet(struct in_addr *addr1, struct in_addr *addr2);
|
||||
bool sameNet(const struct in_addr *addr, const struct in_addr *addr2);
|
||||
|
||||
in_addr_t pqi_inet_netof(struct in_addr addr); // our implementation.
|
||||
|
||||
bool LookupDNSAddr(std::string name, struct sockaddr_in &addr);
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3LinkMgr *lm)
|
|||
sslmode(PQISSL_ACTIVE), ssl_connection(NULL), sockfd(-1),
|
||||
readpkt(NULL), pktlen(0), total_len(0),
|
||||
attempt_ts(0),
|
||||
sameLAN(false), n_read_zero(0), mReadZeroTS(0), ssl_connect_timeout(0),
|
||||
n_read_zero(0), mReadZeroTS(0), ssl_connect_timeout(0),
|
||||
mConnectDelay(0), mConnectTS(0),
|
||||
mConnectTimeout(0), mTimeoutTS(0)
|
||||
{
|
||||
|
|
@ -255,7 +255,6 @@ int pqissl::reset_locked()
|
|||
sockfd = -1;
|
||||
waiting = WAITING_NOT;
|
||||
ssl_connection = NULL;
|
||||
sameLAN = false;
|
||||
n_read_zero = 0;
|
||||
mReadZeroTS = 0;
|
||||
total_len = 0 ;
|
||||
|
|
@ -1458,22 +1457,12 @@ int pqissl::accept_locked(SSL *ssl, int fd, const struct sockaddr_storage &forei
|
|||
|
||||
struct sockaddr_storage localaddr;
|
||||
mLinkMgr->getLocalAddress(localaddr);
|
||||
sameLAN = sockaddr_storage_samesubnet(remote_addr, localaddr);
|
||||
|
||||
{
|
||||
std::string out = "pqissl::accept() SUCCESSFUL connection to: " + PeerId().toStdString();
|
||||
out += " localaddr: " + sockaddr_storage_iptostring(localaddr);
|
||||
out += " remoteaddr: " + sockaddr_storage_iptostring(remote_addr);
|
||||
|
||||
if (sameLAN)
|
||||
{
|
||||
out += " SAME LAN";
|
||||
}
|
||||
else
|
||||
{
|
||||
out += " DIFF LANs";
|
||||
}
|
||||
|
||||
rslog(RSL_WARNING, pqisslzone, out);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -196,8 +196,6 @@ virtual int net_internal_fcntl_nonblock(int fd);
|
|||
|
||||
int attempt_ts;
|
||||
|
||||
bool sameLAN; /* flag use to allow high-speed transfers */
|
||||
|
||||
int n_read_zero; /* a counter to determine if the connection is really dead */
|
||||
time_t mReadZeroTS; /* timestamp of first READ_ZERO occurance */
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue