From f09eedbd7adee2a804978182c1f9fdc2a1ad1d6a Mon Sep 17 00:00:00 2001
From: Daniel Skowroński <daniel@dsinf.net>
Date: Sun, 25 Dec 2016 22:54:27 +0100
Subject: make it compilable

---
 service/OneService.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'service/OneService.cpp')

diff --git a/service/OneService.cpp b/service/OneService.cpp
index 13820f5c..4dd73c19 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -114,6 +114,10 @@ namespace ZeroTier { typedef WindowsEthernetTap EthernetTap; }
 #include "../osdep/BSDEthernetTap.hpp"
 namespace ZeroTier { typedef BSDEthernetTap EthernetTap; }
 #endif // __FreeBSD__
+#ifdef __NetBSD__
+#include "../osdep/NetBSDEthernetTap.hpp"
+namespace ZeroTier { typedef NetBSDEthernetTap EthernetTap; }
+#endif // __FreeBSD__
 
 #endif // ZT_SERVICE_NETCON
 
@@ -1684,7 +1688,7 @@ public:
 	inline int nodePathCheckFunction(const struct sockaddr_storage *localAddr,const struct sockaddr_storage *remoteAddr)
 	{
 		Mutex::Lock _l(_nets_m);
-	
+
 		for(std::map<uint64_t,NetworkState>::const_iterator n(_nets.begin());n!=_nets.end();++n) {
 			if (n->second.tap) {
 				std::vector<InetAddress> ips(n->second.tap->ips());
@@ -1695,7 +1699,7 @@ public:
 				}
 			}
 		}
-	
+
 		/* Note: I do not think we need to scan for overlap with managed routes
 		 * because of the "route forking" and interface binding that we do. This
 		 * ensures (we hope) that ZeroTier traffic will still take the physical
-- 
cgit v1.2.3


From 73ca9b6373a758bcba7d589064dd2cfb27208d3a Mon Sep 17 00:00:00 2001
From: neutronscott <dn42@scottn.us>
Date: Sat, 3 Feb 2018 14:53:46 -0500
Subject: check physical blacklist for interface binding as well

---
 service/OneService.cpp | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'service/OneService.cpp')

diff --git a/service/OneService.cpp b/service/OneService.cpp
index 27b71141..250e4b38 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -2414,7 +2414,22 @@ public:
 					return false;
 			}
 		}
-
+		{
+			// Check global blacklists
+			const std::vector<InetAddress> *gbl = (const std::vector<InetAddress> *)0;
+			if (ifaddr.ss_family == AF_INET) {
+				gbl = &_globalV4Blacklist;
+			} else if (ifaddr.ss_family == AF_INET6) {
+				gbl = &_globalV6Blacklist;
+			}
+			if (gbl) {
+				Mutex::Lock _l(_localConfig_m);
+				for(std::vector<InetAddress>::const_iterator a(gbl->begin());a!=gbl->end();++a) {
+					if (a->containsAddress(ifaddr))
+						return false;
+				}
+			}
+		}
 		{
 			Mutex::Lock _l(_nets_m);
 			for(std::map<uint64_t,NetworkState>::const_iterator n(_nets.begin());n!=_nets.end();++n) {
-- 
cgit v1.2.3