diff options
author | Tushar Pankaj <tushar.s.pankaj@gmail.com> | 2018-11-14 19:07:53 -0600 |
---|---|---|
committer | Tushar Pankaj <tushar.s.pankaj@gmail.com> | 2018-11-14 19:07:53 -0600 |
commit | 8c72b5eb76e471879030dee71ed69629eeb6dbc5 (patch) | |
tree | ae579b38e82152c720280b5d157fc631d2db08ba | |
parent | Rename message type in protocol (diff) | |
download | wg-dynamic-8c72b5eb76e471879030dee71ed69629eeb6dbc5.tar.xz wg-dynamic-8c72b5eb76e471879030dee71ed69629eeb6dbc5.zip |
Dirty impl of is_server_in_allowed_ips
Signed-off-by: Tushar Pankaj <tushar.s.pankaj@gmail.com>
-rw-r--r-- | client.c | 34 |
1 files changed, 32 insertions, 2 deletions
@@ -10,13 +10,43 @@ #include <sys/types.h> #include <sys/socket.h> #include <arpa/inet.h> +#include "wireguard.h" #include "protocol.h" #include "client.h" bool is_server_in_allowed_ips(const char iface[]) { - /* TODO: check if IP is in wg allowed ips, etc */ - return true; + unsigned __int128 server_addr; + unsigned __int128 subnet_mask; + unsigned __int128 allowed_ip6; + wg_device *device; + wg_allowedip *allowedip; + int ret; + + inet_pton(AF_INET6, WG_DYNAMIC_SERVER_IP, &server_addr); + + ret = wg_get_device(&device, iface); + if (ret < 0) { + goto nodevice; + } + + wg_for_each_allowedip(device->first_peer, allowedip) + { + if (allowedip->family == AF_INET6) { + allowed_ip6 = *(unsigned __int128 *)(&allowedip->ip6); + subnet_mask = ~0 << allowedip->cidr; + server_addr &= subnet_mask; + allowed_ip6 &= subnet_mask; + if (server_addr == allowed_ip6) { + return true; + } + } + } + return false; + +nodevice: + wg_free_device(device); + return false; } int connect_to_server() |