From 8345ae1fa304b6f097903336fa5c37084b047832 Mon Sep 17 00:00:00 2001
From: Arceliar <Arceliar@users.noreply.github.com>
Date: Mon, 25 May 2020 19:08:04 -0500
Subject: [PATCH 1/2] don't allow ygg tcp connections to/from a local ygg
 address

---
 src/yggdrasil/tcp.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go
index c81c4ddf..83305ab6 100644
--- a/src/yggdrasil/tcp.go
+++ b/src/yggdrasil/tcp.go
@@ -25,6 +25,7 @@ import (
 
 	"golang.org/x/net/proxy"
 
+	"github.com/yggdrasil-network/yggdrasil-go/src/address"
 	"github.com/yggdrasil-network/yggdrasil-go/src/util"
 )
 
@@ -397,6 +398,18 @@ func (t *tcp) handler(sock net.Conn, incoming bool, options tcpOptions) {
 		local, _, _ = net.SplitHostPort(sock.LocalAddr().String())
 		remote, _, _ = net.SplitHostPort(sock.RemoteAddr().String())
 	}
+	localIP := net.ParseIP(local)
+	if localIP = localIP.To16(); localIP != nil {
+		var laddr address.Address
+		var lsubnet address.Subnet
+		copy(laddr[:], localIP)
+		copy(lsubnet[:], localIP)
+		if laddr.IsValid() || lsubnet.IsValid() {
+			// The local address is with the network address/prefix range
+			// This would route ygg over ygg, which we don't want
+			return
+		}
+	}
 	force := net.ParseIP(strings.Split(remote, "%")[0]).IsLinkLocalUnicast()
 	link, err := t.link.core.link.create(&stream, name, proto, local, remote, incoming, force, options.linkOptions)
 	if err != nil {

From 85eec5ba8e63116632a408aa6aa27937fc55b09a Mon Sep 17 00:00:00 2001
From: Arceliar <Arceliar@users.noreply.github.com>
Date: Mon, 25 May 2020 19:13:37 -0500
Subject: [PATCH 2/2] tcp ygg-over-ygg debug logging

---
 src/yggdrasil/tcp.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/yggdrasil/tcp.go b/src/yggdrasil/tcp.go
index 83305ab6..129fc0ee 100644
--- a/src/yggdrasil/tcp.go
+++ b/src/yggdrasil/tcp.go
@@ -407,6 +407,7 @@ func (t *tcp) handler(sock net.Conn, incoming bool, options tcpOptions) {
 		if laddr.IsValid() || lsubnet.IsValid() {
 			// The local address is with the network address/prefix range
 			// This would route ygg over ygg, which we don't want
+			t.link.core.log.Debugln("Dropping ygg-tunneled connection", local, remote)
 			return
 		}
 	}