ExternalVendorCode/ZeroTierOne
1
0
Fork 0
mirror of https://github.com/zerotier/ZeroTierOne.git synced 2025-01-30 16:13:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

GitHub issue #352

Browse Source
This commit is contained in:
Adam Ierymenko 2016-07-12 08:42:36 -07:00
parent 765082fdb6
commit 6535730255
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
service/OneService.cpp
View File

@ -1041,13 +1041,13 @@ public:
// Begin private implementation methods // Begin private implementation methods
// Checks if a managed IP or route target is allowed // Checks if a managed IP or route target is allowed
bool checkIfManagedIsAllowed(const NetworkState &n,const InetAddress &addr) bool checkIfManagedIsAllowed(const NetworkState &n,const InetAddress &target)
{ {
if (!n.settings.allowManaged) if (!n.settings.allowManaged)
return false; return false;
if (addr.isDefaultRoute()) if (target.isDefaultRoute())
return n.settings.allowDefault; return n.settings.allowDefault;
switch(addr.ipScope()) { switch(target.ipScope()) {
case InetAddress::IP_SCOPE_NONE: case InetAddress::IP_SCOPE_NONE:
case InetAddress::IP_SCOPE_MULTICAST: case InetAddress::IP_SCOPE_MULTICAST:
case InetAddress::IP_SCOPE_LOOPBACK: case InetAddress::IP_SCOPE_LOOPBACK:
@ -1099,10 +1099,12 @@ public:
Utils::scopy(tapdev,sizeof(tapdev),n.tap->deviceName().c_str()); Utils::scopy(tapdev,sizeof(tapdev),n.tap->deviceName().c_str());
#endif #endif
std::vector<InetAddress> myIps(n.tap->ips());
// Nuke applied routes that are no longer in n.config.routes[] and/or are not allowed // Nuke applied routes that are no longer in n.config.routes[] and/or are not allowed
for(std::list<ManagedRoute>::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();) { for(std::list<ManagedRoute>::iterator mr(n.managedRoutes.begin());mr!=n.managedRoutes.end();) {
bool haveRoute = false; bool haveRoute = false;
if (checkIfManagedIsAllowed(n,mr->target())) { if ( (checkIfManagedIsAllowed(n,mr->target())) && ((!mr->via())||(std::find(myIps.begin(),myIps.end(),mr->via()) == myIps.end())) ) {
for(unsigned int i=0;i<n.config.routeCount;++i) { for(unsigned int i=0;i<n.config.routeCount;++i) {
const InetAddress *const target = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].target)); const InetAddress *const target = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].target));
const InetAddress *const via = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].via)); const InetAddress *const via = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].via));
@ -1124,7 +1126,7 @@ public:
const InetAddress *const target = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].target)); const InetAddress *const target = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].target));
const InetAddress *const via = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].via)); const InetAddress *const via = reinterpret_cast<const InetAddress *>(&(n.config.routes[i].via));
if (!checkIfManagedIsAllowed(n,*target)) if ( (!checkIfManagedIsAllowed(n,*target)) || ((via->ss_family == target->ss_family)&&(std::find(myIps.begin(),myIps.end(),*via) != myIps.end())) )
continue; continue;
bool haveRoute = false; bool haveRoute = false;