@@ -0,0 +1,31 @@
|
|||||||
|
package shared
|
||||||
|
|
||||||
|
import "net"
|
||||||
|
|
||||||
|
// IsLoopbackAddr reports whether listenAddr binds exclusively to loopback.
|
||||||
|
// Addresses with an empty or wildcard host (e.g. ":8080", "0.0.0.0:8080",
|
||||||
|
// "[::]:8080") bind on all interfaces and return false.
|
||||||
|
func IsLoopbackAddr(listenAddr string) bool {
|
||||||
|
host, _, err := net.SplitHostPort(listenAddr)
|
||||||
|
if err != nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if host == "" {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
ip := net.ParseIP(host)
|
||||||
|
if ip != nil {
|
||||||
|
return ip.IsLoopback()
|
||||||
|
}
|
||||||
|
// hostname case (e.g. "localhost")
|
||||||
|
addrs, err := net.LookupHost(host)
|
||||||
|
if err != nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
for _, a := range addrs {
|
||||||
|
if !net.ParseIP(a).IsLoopback() {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return len(addrs) > 0
|
||||||
|
}
|
||||||
@@ -6,6 +6,7 @@ import (
|
|||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log/slog"
|
"log/slog"
|
||||||
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
"os/signal"
|
||||||
@@ -53,6 +54,7 @@ var logTimeFormats = map[string]string{
|
|||||||
"stampnano": time.StampNano,
|
"stampnano": time.StampNano,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
flagConfig := flag.String("config", "", "path to config file (required)")
|
flagConfig := flag.String("config", "", "path to config file (required)")
|
||||||
flagListen := flag.String("listen", "", "listen address (default :8080 or :8443 for TLS)")
|
flagListen := flag.String("listen", "", "listen address (default :8080 or :8443 for TLS)")
|
||||||
@@ -262,6 +264,11 @@ func main() {
|
|||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
|
if !shared.IsLoopbackAddr(listenAddr) {
|
||||||
|
_, port, _ := net.SplitHostPort(listenAddr)
|
||||||
|
proxyLog.Infof("llama-swap is reachable by all hosts on the network, use -listen localhost:%s to restrict to loopback only", port)
|
||||||
|
}
|
||||||
|
|
||||||
exitChan := make(chan struct{})
|
exitChan := make(chan struct{})
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
|
|||||||
Reference in New Issue
Block a user