diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go index 564832f4..d37d6e62 100644 --- a/src/yggdrasil/tcp.go +++ b/src/yggdrasil/tcp.go @@ -25,6 +25,7 @@ import ( "golang.org/x/net/proxy" + "github.com/yggdrasil-network/yggdrasil-go/src/address" "github.com/yggdrasil-network/yggdrasil-go/src/util" ) @@ -397,6 +398,19 @@ func (t *tcp) handler(sock net.Conn, incoming bool, options tcpOptions) { local, _, _ = net.SplitHostPort(sock.LocalAddr().String()) remote, _, _ = net.SplitHostPort(sock.RemoteAddr().String()) } + localIP := net.ParseIP(local) + if localIP = localIP.To16(); localIP != nil { + var laddr address.Address + var lsubnet address.Subnet + copy(laddr[:], localIP) + copy(lsubnet[:], localIP) + if laddr.IsValid() || lsubnet.IsValid() { + // The local address is with the network address/prefix range + // This would route ygg over ygg, which we don't want + t.link.core.log.Debugln("Dropping ygg-tunneled connection", local, remote) + return + } + } force := net.ParseIP(strings.Split(remote, "%")[0]).IsLinkLocalUnicast() link, err := t.links.create(&stream, name, proto, local, remote, incoming, force, options.linkOptions) if err != nil {