diff options
| author | 2025-08-15 11:53:19 +0100 | |
|---|---|---|
| committer | 2025-08-15 11:55:00 +0100 | |
| commit | 6a12f06cfeff8a99f22d05ea25fe37c603574922 (patch) | |
| tree | 62440de9bf5436343078864d3e0e8f7e341ae8cb /src/modules/m_spanningtree/server.cpp | |
| parent | Fix parsing template values in ifdef/ifndef. (diff) | |
Add an undocumented option for specifying the local ranges.
Diffstat (limited to 'src/modules/m_spanningtree/server.cpp')
| -rw-r--r-- | src/modules/m_spanningtree/server.cpp | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp index 8a309eeb3..70f50b42e 100644 --- a/src/modules/m_spanningtree/server.cpp +++ b/src/modules/m_spanningtree/server.cpp @@ -37,15 +37,15 @@ namespace { - bool RunningInContainer() + bool IsLocalRange(const irc::sockets::sockaddrs& sa) { - std::error_code ec; - if (std::filesystem::is_regular_file("/.dockerenv", ec)) + if (sa.is_local()) + return true; // Always allowed. + + for (const auto& cidr : Utils->LocalRanges) { - // We are running inside of Docker so all IP addresses are - // non-local and as far as I can see there isn't a way to - // reliably detect the Docker network. - return true; + if (cidr.match(sa)) + return true; // Explicitly allowed range. } return false; } @@ -157,7 +157,7 @@ std::shared_ptr<Link> TreeSocket::AuthRemote(const CommandBase::Params& params) ssliohook->GetCiphersuite(ciphersuite); ServerInstance->SNO.WriteToSnoMask('l', "Negotiated ciphersuite {} on link {}", ciphersuite, x->Name); } - else if (!capab->remotesa.is_local() && !RunningInContainer()) + else if (!IsLocalRange(capab->remotesa)) { this->SendError("Non-local server connections MUST be linked with SSL!"); return nullptr; |
