IP range denylist logging, and fix logic error

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-01-24 15:51:13 -05:00 · 2024-01-24 15:51:13 -05:00 · 89d9cdeb3a
commit 89d9cdeb3a
parent 382347353e
2 changed files with 18 additions and 4 deletions
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@ -133,7 +133,10 @@ where
    }

    if destination.is_ip_literal() {
-        info!("Destination is an IP literal, checking against IP range denylist.");
+        info!(
+            "Destination {} is an IP literal, checking against IP range denylist.",
+            destination
+        );
        let ip = IPAddress::parse(destination.host()).map_err(|e| {
            warn!("Failed to parse IP literal from string: {}", e);
            Error::BadServerResponse("Invalid IP address")
@ -146,13 +149,17 @@ where
            cidr_ranges.push(IPAddress::parse(cidr).expect("we checked this at startup"));
        }

+        debug!("List of pushed CIDR ranges: {:?}", cidr_ranges);
+
        for cidr in cidr_ranges {
-            if ip.includes(&cidr) {
+            if cidr.includes(&ip) {
                return Err(Error::BadServerResponse(
                    "Not allowed to send requests to this IP",
                ));
            }
        }
+
+        info!("IP literal {} is allowed.", destination);
    }

    debug!("Preparing to send request to {destination}");
--- a/src/service/sending/mod.rs
+++ b/src/service/sending/mod.rs
@ -718,7 +718,10 @@ impl Service {
        T: Debug,
    {
        if destination.is_ip_literal() {
-            info!("Destination is an IP literal, checking against IP range denylist.");
+            info!(
+                "Destination {} is an IP literal, checking against IP range denylist.",
+                destination
+            );
            let ip = IPAddress::parse(destination.host()).map_err(|e| {
                warn!("Failed to parse IP literal from string: {}", e);
                Error::BadServerResponse("Invalid IP address")
@ -731,13 +734,17 @@ impl Service {
                cidr_ranges.push(IPAddress::parse(cidr).expect("we checked this at startup"));
            }

+            debug!("List of pushed CIDR ranges: {:?}", cidr_ranges);
+
            for cidr in cidr_ranges {
-                if ip.includes(&cidr) {
+                if cidr.includes(&ip) {
                    return Err(Error::BadServerResponse(
                        "Not allowed to send requests to this IP",
                    ));
                }
            }
+
+            info!("IP literal {} is allowed.", destination);
        }

        debug!("Waiting for permit");