TudbuT/conduit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

IP range denylist logging, and fix logic error

Browse source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-01-24 15:51:13 -05:00 committed by June
parent 382347353e
commit 89d9cdeb3a
2 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/api/server_server.rs
View file

@ -133,7 +133,10 @@ where
} }
if destination.is_ip_literal() { if destination.is_ip_literal() {
info!("Destination is an IP literal, checking against IP range denylist."); info!(
"Destination {} is an IP literal, checking against IP range denylist.",
destination
);
let ip = IPAddress::parse(destination.host()).map_err(|e| { let ip = IPAddress::parse(destination.host()).map_err(|e| {
warn!("Failed to parse IP literal from string: {}", e); warn!("Failed to parse IP literal from string: {}", e);
Error::BadServerResponse("Invalid IP address") Error::BadServerResponse("Invalid IP address")
@ -146,13 +149,17 @@ where
cidr_ranges.push(IPAddress::parse(cidr).expect("we checked this at startup")); cidr_ranges.push(IPAddress::parse(cidr).expect("we checked this at startup"));
} }
debug!("List of pushed CIDR ranges: {:?}", cidr_ranges);
for cidr in cidr_ranges { for cidr in cidr_ranges {
if ip.includes(&cidr) { if cidr.includes(&ip) {
return Err(Error::BadServerResponse( return Err(Error::BadServerResponse(
"Not allowed to send requests to this IP", "Not allowed to send requests to this IP",
)); ));
} }
} }
info!("IP literal {} is allowed.", destination);
} }
debug!("Preparing to send request to {destination}"); debug!("Preparing to send request to {destination}");

11
src/service/sending/mod.rs
View file

@ -718,7 +718,10 @@ impl Service {
T: Debug, T: Debug,
{ {
if destination.is_ip_literal() { if destination.is_ip_literal() {
info!("Destination is an IP literal, checking against IP range denylist."); info!(
"Destination {} is an IP literal, checking against IP range denylist.",
destination
);
let ip = IPAddress::parse(destination.host()).map_err(|e| { let ip = IPAddress::parse(destination.host()).map_err(|e| {
warn!("Failed to parse IP literal from string: {}", e); warn!("Failed to parse IP literal from string: {}", e);
Error::BadServerResponse("Invalid IP address") Error::BadServerResponse("Invalid IP address")
@ -731,13 +734,17 @@ impl Service {
cidr_ranges.push(IPAddress::parse(cidr).expect("we checked this at startup")); cidr_ranges.push(IPAddress::parse(cidr).expect("we checked this at startup"));
} }
debug!("List of pushed CIDR ranges: {:?}", cidr_ranges);
for cidr in cidr_ranges { for cidr in cidr_ranges {
if ip.includes(&cidr) { if cidr.includes(&ip) {
return Err(Error::BadServerResponse( return Err(Error::BadServerResponse(
"Not allowed to send requests to this IP", "Not allowed to send requests to this IP",
)); ));
} }
} }
info!("IP literal {} is allowed.", destination);
} }
debug!("Waiting for permit"); debug!("Waiting for permit");