From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 22 Aug 2021 00:25:09 +0000 (+0100)
Subject: wip server
X-Git-Tag: hippotat/1.0.0~115
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=hippotat.git;a=commitdiff_plain;h=6a35daf7485069d04c28722dcfcc65ada0234d72

wip server
---

diff --git a/server/server.rs b/server/server.rs
index 667ff2e..7031164 100644
--- a/server/server.rs
+++ b/server/server.rs
@@ -61,7 +61,7 @@ pub async fn route_packet(global: &Global,
   let c = &global.config;
   let len = packet.len();
   let trace = |how: &str, why: &str| {
-    trace!("{} {} {} {} {:?} len={}",
+    trace!("{} {} {} {} daddr={:?} len={}",
            transport_conn,
            match source {
              Some(s) => (s as &dyn Display),
diff --git a/server/slocal.rs b/server/slocal.rs
index 56dd853..09e6aba 100644
--- a/server/slocal.rs
+++ b/server/slocal.rs
@@ -28,15 +28,24 @@ pub async fn run(global: Arc<Global>,
           goodness -= goodness >> GOODNESS_SHIFT;
 
           match checkn(SlipNoConv, global.config.mtu, &data, |header|{
-            // don't really check the addresses: trusting our local knrel
-            ip_packet_addr::<true>(header)
+            let saddr = ip_packet_addr::<false>(header)?;
+            let daddr = ip_packet_addr::<true>(header)?;
+            if ! global.config.vnetwork.iter().any(|n| n.contains(&saddr)) {
+              throw!(PE::Src(saddr))
+            }
+            Ok(daddr)
           }, |(data, daddr)| route_packet(
             &global, "ipif", None,
             data, daddr, may_route.clone()
-          ).map(Ok), |pe| match pe {
-            PE::Empty => Ok(()),
+          ).map(Ok), |pe| Ok(match pe {
+            PE::Empty => { },
+            PE::Src(saddr) => trace!(
+              target: "hippotatd",
+              "ipif local discard outside-vnets saddr={:?}",
+              saddr
+            ),
             other => throw!(other),
-          }).await {
+          })).await {
             Ok(()) => goodness += 1,
             Err(e) => {
               goodness -= 1;
diff --git a/server/sweb.rs b/server/sweb.rs
index d4e825e..4998bd9 100644
--- a/server/sweb.rs
+++ b/server/sweb.rs
@@ -178,7 +178,8 @@ pub async fn handle(
     // boundary, start, &comp.name, &client.ic);
 
     let (reply_to, reply_recv) = oneshot::channel();
-    trace!("{} {} request, Content-Length={}",
+    trace!(target: "hippotatd",
+           "{} {} request, Content-Length={}",
            &conn, &client_name, length_hint);
     let wreq = WebRequest {
       initial,