Revert "removed duplicate function is_trusted_protocol_ip from IPAddressChecks"

This reverts commit f46086a463d3b9884c2f15ab067d07c53122cf53.

IPAddressChecks.cpp

@@ -77,10 +77,6 @@ unsigned ip_distance(uint32_t ip/*network-order*/)
 }
 
 
-//Determine if the IP is one that we would trust a UDP packet from without the
-//IP being part of the cluster. We trust loopback interface, private networks
-//and direct LAN networks by default. Eventually this may get extended with
-//configuration but this seems like the right thing to do out-of-the-box.
 bool is_internal_net_ip(uint32_t ip/*network-order*/)
 {
 	ip = ntohl(ip);
@@ -114,6 +110,42 @@ bool is_internal_net_ip(uint32_t ip/*network-order*/)
 }
 
 
+//Determine if the IP is one that we would trust a UDP packet from without the
+//IP being part of the cluster. We trust loopback interface, private networks
+//and direct LAN networks by default. Eventually this may get extended with
+//configuration but this seems like the right thing to do out-of-the-box.
+bool is_trusted_protocol_ip(uint32_t ip/*network-order*/)
+{
+	ip = ntohl(ip);
+	
+	//loopback?
+	if(ip==0x7f000001)
+		return true;
+	//linux loopback?
+	if((ip&0xff000000) == 0x7f000000)
+		return true;
+	
+	//private networks?
+	if((ip&0xff000000)==0x0a000000) //10.0.0.0/8
+		return true;
+	if((ip&0xfff00000)==0xac100000) //172.16.0.0/12
+		return true;
+	if((ip&0xffff0000)==0xc0a80000) //192.168.0.0/16
+		return true;
+	//Private networks could still be over a limited WAN link but at least
+	//it will not annoy external innocent parties.
+	
+	//On direct lan?
+	for(size_t i=0; i<local_nets; i++)
+		if((ip&local_net_mask[i])==(local_net_address[i]&local_net_mask[i]))
+			return ip_distance_lan;
+	
+	//todo: allow configuration of "intranet networks"
+	
+	//probably not an intranet host, so we err on the side of caution
+	return false;
+}
+
 
 #if 0
 Disabled until we have measured if there is any benefit of having these checks concerning internal/external links based solely on IP-address.

IPAddressChecks.h

@@ -16,6 +16,9 @@ unsigned ip_distance(uint32_t ip/*network-order*/);
 //Is the IP an internal IP as in "we control the hosts and allow more aggressive crawling"
 bool is_internal_net_ip(uint32_t ip/*network-order*/);
 
+//Is the IP an internal-like that we allow to use the udp protocol without being registered as part of the cluster?
+bool is_trusted_protocol_ip(uint32_t ip/*network-order*/);
+
 //Make a guess if the two IPs are on the same network / controlled by the same
 //entity and links between them should be treated as internal links
 //bool is_same_network_linkwise(uint32_t ip_a/*network order*/, uint32_t ip_b/*network order*/);

UdpServer.cpp

@@ -968,7 +968,7 @@ int32_t UdpServer::readSock(UdpSlot **slotPtr, int64_t now) {
 	// . don't bother checking for dns server, who knows where that is
 	// . now also allow all admin ips
 	else if ( m_proto->useAcks() &&
-		  ! is_internal_net_ip(ip) &&
+		  ! is_trusted_protocol_ip(ip) &&
 		  ! g_hostdb.isIpInNetwork ( ip ) &&
 		  ! g_conf.isMasterIp ( ip ) &&
 		  ! g_conf.isConnectIp ( ip ) ) {