Minor security: lock roots to only be reachable via World IPs.

author: Adam Ierymenko <adam.ierymenko@gmail.com> 2016-12-05 16:09:42 -0800
committer: Adam Ierymenko <adam.ierymenko@gmail.com> 2016-12-05 16:09:42 -0800
commit: 244f37179cb20b1ebec420da5b315ecf8ac0db40 (patch)
tree: 034b5e3ed4ca2b30da4b627b12ffd7aeaefadb5f /node/Topology.cpp
parent: 4b3a47849d2c0d9d473602670318b54aaf65e056 (diff)
download: infinitytier-244f37179cb20b1ebec420da5b315ecf8ac0db40.tar.gz
infinitytier-244f37179cb20b1ebec420da5b315ecf8ac0db40.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/node/Topology.cpp b/node/Topology.cpp
index 517934fb..bf51b585 100644
--- a/node/Topology.cpp
+++ b/node/Topology.cpp
@@ -264,6 +264,23 @@ void Topology::setUpstream(const Address &a,bool upstream)
 		RR->sw->requestWhois(a);
 }
 
+bool Topology::isProhibitedEndpoint(const Address &ztaddr,const InetAddress &ipaddr) const
+{
+	Mutex::Lock _l(_lock);
+
+	if (std::find(_rootAddresses.begin(),_rootAddresses.end(),ztaddr) != _rootAddresses.end()) {
+		for(std::vector<World::Root>::const_iterator r(_world.roots().begin());r!=_world.roots().end();++r) {
+			for(std::vector<InetAddress>::const_iterator e(r->stableEndpoints.begin());e!=r->stableEndpoints.end();++e) {
+				if (ipaddr.ipsEqual(*e))
+					return false;
+			}
+		}
+		return true;
+	}
+
+	return false;
+}
+
 bool Topology::worldUpdateIfValid(const World &newWorld)
 {
 	Mutex::Lock _l(_lock);
author	Adam Ierymenko <adam.ierymenko@gmail.com>	2016-12-05 16:09:42 -0800
committer	Adam Ierymenko <adam.ierymenko@gmail.com>	2016-12-05 16:09:42 -0800
commit	244f37179cb20b1ebec420da5b315ecf8ac0db40 (patch)
tree	034b5e3ed4ca2b30da4b627b12ffd7aeaefadb5f /node/Topology.cpp
parent	4b3a47849d2c0d9d473602670318b54aaf65e056 (diff)
download	infinitytier-244f37179cb20b1ebec420da5b315ecf8ac0db40.tar.gz infinitytier-244f37179cb20b1ebec420da5b315ecf8ac0db40.zip