mirror of
https://github.com/sot-tech/mochi.git
synced 2026-07-09 10:08:11 -07:00
add filter_private_ips option to discard private IPs.
Might be used when tracker is behind reverse proxy and one of provided addresses in `real_ip_header` is private/local address. Additional changes: * check if provided address is not multicast/broadcast * configure `http.Server.ReadHeaderTimeout` with `http.ReadTimeout` to mitigate Slowloris * update dependencies * minor docs fixes
This commit is contained in:
@@ -214,10 +214,11 @@ func (f *Frontend) makeStopFunc(stopSrv *http.Server) stop.Func {
|
||||
// requests until Stop() is called or an error is returned.
|
||||
func (f *Frontend) serveHTTP(handler http.Handler, tls bool) error {
|
||||
srv := &http.Server{
|
||||
Handler: handler,
|
||||
ReadTimeout: f.ReadTimeout,
|
||||
WriteTimeout: f.WriteTimeout,
|
||||
IdleTimeout: f.IdleTimeout,
|
||||
Handler: handler,
|
||||
ReadTimeout: f.ReadTimeout,
|
||||
ReadHeaderTimeout: f.ReadTimeout,
|
||||
WriteTimeout: f.WriteTimeout,
|
||||
IdleTimeout: f.IdleTimeout,
|
||||
}
|
||||
|
||||
srv.SetKeepAlivesEnabled(f.EnableKeepAlive)
|
||||
|
||||
@@ -110,7 +110,7 @@ func ParseAnnounce(r *http.Request, opts ParseOptions) (*bittorrent.AnnounceRequ
|
||||
// Parse the IP address where the client is listening.
|
||||
request.RequestAddresses = requestedIPs(r, qp, opts)
|
||||
|
||||
if err = bittorrent.SanitizeAnnounce(request, opts.MaxNumWant, opts.DefaultNumWant); err != nil {
|
||||
if err = bittorrent.SanitizeAnnounce(request, opts.MaxNumWant, opts.DefaultNumWant, opts.FilterPrivateIPs); err != nil {
|
||||
request = nil
|
||||
}
|
||||
|
||||
@@ -135,7 +135,7 @@ func ParseScrape(r *http.Request, opts ParseOptions) (*bittorrent.ScrapeRequest,
|
||||
RequestAddresses: requestedIPs(r, qp, opts),
|
||||
}
|
||||
|
||||
err = bittorrent.SanitizeScrape(request, opts.MaxScrapeInfoHashes)
|
||||
err = bittorrent.SanitizeScrape(request, opts.MaxScrapeInfoHashes, opts.FilterPrivateIPs)
|
||||
|
||||
return request, err
|
||||
}
|
||||
@@ -169,9 +169,8 @@ func requestedIPs(r *http.Request, p bittorrent.Params, opts ParseOptions) (addr
|
||||
}
|
||||
|
||||
func parseRequestAddress(s string, provided bool) (ra bittorrent.RequestAddress) {
|
||||
a, e := netip.ParseAddr(s)
|
||||
if e == nil {
|
||||
ra.Addr, ra.Provided = a, provided
|
||||
if addr, err := netip.ParseAddr(s); err == nil {
|
||||
ra.Addr, ra.Provided = addr, provided
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ var logger = log.NewLogger("frontend configurator")
|
||||
// If AllowIPSpoofing is true, IPs provided via params will be used.
|
||||
type ParseOptions struct {
|
||||
AllowIPSpoofing bool `cfg:"allow_ip_spoofing"`
|
||||
FilterPrivateIPs bool `cfg:"filter_private_ips"`
|
||||
MaxNumWant uint32 `cfg:"max_numwant"`
|
||||
DefaultNumWant uint32 `cfg:"default_numwant"`
|
||||
MaxScrapeInfoHashes uint32 `cfg:"max_scrape_infohashes"`
|
||||
|
||||
@@ -104,7 +104,7 @@ func ParseAnnounce(r Request, v6Action bool, opts frontend.ParseOptions) (*bitto
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err = bittorrent.SanitizeAnnounce(request, opts.MaxNumWant, opts.DefaultNumWant); err != nil {
|
||||
if err = bittorrent.SanitizeAnnounce(request, opts.MaxNumWant, opts.DefaultNumWant, opts.FilterPrivateIPs); err != nil {
|
||||
request = nil
|
||||
}
|
||||
|
||||
@@ -207,7 +207,7 @@ func ParseScrape(r Request, opts frontend.ParseOptions) (*bittorrent.ScrapeReque
|
||||
RequestAddresses: bittorrent.RequestAddresses{bittorrent.RequestAddress{Addr: r.IP}},
|
||||
}
|
||||
|
||||
err = bittorrent.SanitizeScrape(request, opts.MaxScrapeInfoHashes)
|
||||
err = bittorrent.SanitizeScrape(request, opts.MaxScrapeInfoHashes, opts.FilterPrivateIPs)
|
||||
}
|
||||
|
||||
return request, err
|
||||
|
||||
Reference in New Issue
Block a user