From: Matthias Wachs <wachs@net.in.tum.de>
Date: Wed, 2 Nov 2011 17:05:00 +0000 (+0000)
Subject: disable local addresses
X-Git-Tag: initial-import-from-subversion-38251~16092
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=0a82c8fd7bb83ab64797838aaeddce34b8d67fcf;p=oweals%2Fgnunet.git

disable local addresses
---

diff --git a/contrib/defaults.conf b/contrib/defaults.conf
index 5017484aa..25bbf539e 100644
--- a/contrib/defaults.conf
+++ b/contrib/defaults.conf
@@ -71,6 +71,9 @@ IFC_SCAN_FREQUENCY = 3000000
 # for our hostname (to get our own IP), in ms
 DYNDNS_FREQUENCY = 140000
 
+# Do we use addresses from localhost address ranges? (::1, 127.0.0.0/8)
+RETURN_LOCAL_ADDRESSES = NO
+
 [gnunet-nat-server]
 HOSTNAME = gnunet.org
 PORT = 5724
diff --git a/src/nat/nat.c b/src/nat/nat.c
index 6e2011347..2040451d5 100644
--- a/src/nat/nat.c
+++ b/src/nat/nat.c
@@ -334,6 +334,11 @@ struct GNUNET_NAT_Handle
    */
   int use_localaddresses;
 
+  /**
+   * Should we return local addresses to clients
+   */
+  int return_localaddress;
+
   /**
    * Should we do a DNS lookup of our hostname to find out our own IP?
    */
@@ -642,9 +647,19 @@ process_interfaces (void *cls, const char *name, int isDefault,
   case AF_INET:
     s4 = (struct sockaddr_in *) addr;
     ip = &s4->sin_addr;
+
+    /* Check if address is in 127.0.0.0/8 */
+    uint32_t address = ntohl((in_addr_t)(s4->sin_addr.s_addr));
+    uint32_t value = (address & 0xFF000000) ^ 0x7F000000;
+    if ((h->return_localaddress == GNUNET_NO) && (value == 0))
+    {
+      return GNUNET_OK;
+    }
     if (GNUNET_YES == h->use_localaddresses)
+    {
       add_ip_to_address_list (h, LAL_INTERFACE_ADDRESS, &s4->sin_addr,
                               sizeof (struct in_addr));
+    }
     break;
   case AF_INET6:
     s6 = (struct sockaddr_in6 *) addr;
@@ -653,10 +668,17 @@ process_interfaces (void *cls, const char *name, int isDefault,
       /* skip link local addresses */
       return GNUNET_OK;
     }
+    if ((h->return_localaddress == GNUNET_NO) &&
+        (IN6_IS_ADDR_LOOPBACK (&((struct sockaddr_in6 *) addr)->sin6_addr)))
+    {
+      return GNUNET_OK;
+    }
     ip = &s6->sin6_addr;
     if (GNUNET_YES == h->use_localaddresses)
+    {
       add_ip_to_address_list (h, LAL_INTERFACE_ADDRESS, &s6->sin6_addr,
                               sizeof (struct in6_addr));
+    }
     break;
   default:
     GNUNET_break (0);
@@ -1116,6 +1138,9 @@ GNUNET_NAT_register (const struct GNUNET_CONFIGURATION_Handle *cfg, int is_tcp,
       GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "ENABLE_UPNP");
   h->use_localaddresses =
       GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "USE_LOCALADDR");
+  h->return_localaddress =
+      GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "RETURN_LOCAL_ADDRESSES");
+
   h->use_hostname =
       GNUNET_CONFIGURATION_get_value_yesno (cfg, "nat", "USE_HOSTNAME");
   h->disable_ipv6 =