diff options
| author | Adam Ierymenko <adam.ierymenko@gmail.com> | 2016-12-05 16:09:42 -0800 |
|---|---|---|
| committer | Adam Ierymenko <adam.ierymenko@gmail.com> | 2016-12-05 16:09:42 -0800 |
| commit | 244f37179cb20b1ebec420da5b315ecf8ac0db40 (patch) | |
| tree | 034b5e3ed4ca2b30da4b627b12ffd7aeaefadb5f /node/Node.cpp | |
| parent | 4b3a47849d2c0d9d473602670318b54aaf65e056 (diff) | |
| download | infinitytier-244f37179cb20b1ebec420da5b315ecf8ac0db40.tar.gz infinitytier-244f37179cb20b1ebec420da5b315ecf8ac0db40.zip | |
Minor security: lock roots to only be reachable via World IPs.
Diffstat (limited to 'node/Node.cpp')
| -rw-r--r-- | node/Node.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/node/Node.cpp b/node/Node.cpp index 11f76365..ed60817f 100644 --- a/node/Node.cpp +++ b/node/Node.cpp @@ -633,6 +633,9 @@ bool Node::shouldUsePathForZeroTierTraffic(const Address &ztaddr,const InetAddre if (!Path::isAddressValidForPath(remoteAddress)) return false; + if (RR->topology->isProhibitedEndpoint(ztaddr,remoteAddress)) + return false; + { Mutex::Lock _l(_networks_m); for(std::vector< std::pair< uint64_t, SharedPtr<Network> > >::const_iterator i=_networks.begin();i!=_networks.end();++i) { |