implement a blacklist for dest ip addresses

Signed-off-by: Uncle Jack <[email protected]>

README.md

@@ -18,6 +18,12 @@ whitelist = [
     "103.31.4.0/22",
     ...
 ]
+
+# it blocks private networks by default
+# but you can add other ip addresses (such as torrent trackers) to the list
+blacklist = [
+    "93.158.213.92/32",
+]
 ```
 
 **protocol version**: v1 refers to [bepass-relay protocol](https://github.com/bepass-org/bepass-relay/)

src/config.rs

@@ -11,14 +11,33 @@ pub struct Config {
     pub bind: IpAddr,
     pub port: u16,
     pub version: Version,
+    #[serde(default)]
     pub whitelist: Vec<IpCidr>,
+    #[serde(default)]
+    pub blacklist: Vec<IpCidr>,
 }
 
 impl Config {
     pub fn new(config: &str) -> Result<Self> {
-        match toml::from_str(config) {
-            Ok(c) => Ok(c),
-            Err(e) => Err(anyhow!("could not parse config file {}", e)),
-        }
+        let mut config: Self = match toml::from_str(config) {
+            Ok(c) => c,
+            Err(e) => return Err(anyhow!("could not parse config file {}", e)),
+        };
+
+        // block private networks by default
+        let addrs: Vec<IpCidr> = [
+            "127.0.0.0/8",
+            "::1/128",
+            "10.0.0.0/8",
+            "172.16.0.0/12",
+            "192.168.0.0/16",
+            "fd00::/8",
+        ]
+        .iter()
+        .map(|s| s.parse().unwrap())
+        .collect();
+        config.blacklist.extend_from_slice(&addrs);
+
+        Ok(config)
     }
 }

src/proxy.rs

@@ -101,6 +101,20 @@ impl Proxy {
 }
 
 async fn handler(config: Arc<Config>, header: Header, stream: TcpStream) {
+    // block blacklisted ip addresses
+    if config
+        .blacklist
+        .iter()
+        .any(|cidr| cidr.contains(&header.addr))
+    {
+        log::error!(
+            "[blocked] destination {}:{} is in the blacklist",
+            header.addr,
+            header.port
+        );
+        return;
+    }
+
     if let Err(e) = match header.net {
         Network::Tcp => {
             if !config