From 8c72b5eb76e471879030dee71ed69629eeb6dbc5 Mon Sep 17 00:00:00 2001
From: Tushar Pankaj <tushar.s.pankaj@gmail.com>
Date: Wed, 14 Nov 2018 19:07:53 -0600
Subject: Dirty impl of is_server_in_allowed_ips

Signed-off-by: Tushar Pankaj <tushar.s.pankaj@gmail.com>
---
 client.c | 34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/client.c b/client.c
index ebef8b3..131e6fb 100644
--- a/client.c
+++ b/client.c
@@ -10,13 +10,43 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <arpa/inet.h>
+#include "wireguard.h"
 #include "protocol.h"
 #include "client.h"
 
 bool is_server_in_allowed_ips(const char iface[])
 {
-	/* TODO: check if IP is in wg allowed ips, etc */
-	return true;
+	unsigned __int128 server_addr;
+	unsigned __int128 subnet_mask;
+	unsigned __int128 allowed_ip6;
+	wg_device *device;
+	wg_allowedip *allowedip;
+	int ret;
+
+	inet_pton(AF_INET6, WG_DYNAMIC_SERVER_IP, &server_addr);
+
+	ret = wg_get_device(&device, iface);
+	if (ret < 0) {
+		goto nodevice;
+	}
+
+	wg_for_each_allowedip(device->first_peer, allowedip)
+	{
+		if (allowedip->family == AF_INET6) {
+			allowed_ip6 = *(unsigned __int128 *)(&allowedip->ip6);
+			subnet_mask = ~0 << allowedip->cidr;
+			server_addr &= subnet_mask;
+			allowed_ip6 &= subnet_mask;
+			if (server_addr == allowed_ip6) {
+				return true;
+			}
+		}
+	}
+	return false;
+
+nodevice:
+	wg_free_device(device);
+	return false;
 }
 
 int connect_to_server()
-- 
cgit v1.2.3-59-g8ed1b