diff options
| author | 2025-03-02 13:38:06 +0000 | |
|---|---|---|
| committer | 2025-03-02 13:38:29 +0000 | |
| commit | ccdf1d4975842da4d26aa71dfa1822a426644291 (patch) | |
| tree | 70e59558f7759c49014a57f9e10e2d1ea03604d8 /src/modules | |
| parent | Scope the container SSL enforcement a bit better. (diff) | |
Revert "Scope the container SSL enforcement a bit better".
This reverts commit 9c151650212e2101002f04bca902ca18982697c0.
Diffstat (limited to 'src/modules')
| -rw-r--r-- | src/modules/m_spanningtree/server.cpp | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/src/modules/m_spanningtree/server.cpp b/src/modules/m_spanningtree/server.cpp index 212b2f7c3..1e358e3ae 100644 --- a/src/modules/m_spanningtree/server.cpp +++ b/src/modules/m_spanningtree/server.cpp @@ -37,16 +37,15 @@ namespace { - bool IsContainerAddress(const irc::sockets::sockaddrs& sa) + bool RunningInContainer() { std::error_code ec; if (std::filesystem::is_regular_file("/.dockerenv", ec)) { - // We are running in docker, check for internal addresses. - if (irc::sockets::cidr_mask("172.17.0.0/16").match(sa)) - return true; // docker0 - if (irc::sockets::cidr_mask("172.18.0.0/16").match(sa)) - return true; // docker_gwbridge. + // We are running inside of Docker so all IP addresses are + // non-local and as far as I can see there isn't a way to + // reliably detect the Docker network. + return true; } return false; } @@ -158,7 +157,7 @@ std::shared_ptr<Link> TreeSocket::AuthRemote(const CommandBase::Params& params) ssliohook->GetCiphersuite(ciphersuite); ServerInstance->SNO.WriteToSnoMask('l', "Negotiated ciphersuite {} on link {}", ciphersuite, x->Name); } - else if (!capab->remotesa.is_local() && !IsContainerAddress(capab->remotesa)) + else if (!capab->remotesa.is_local() && !RunningInContainer()) { this->SendError("Non-local server connections MUST be linked with SSL!"); return nullptr; |
