From dd30808e5e1c462e19528c8d7c44c06dd9341f01 Mon Sep 17 00:00:00 2001
From: cnderrauber <zengjie9004@gmail.com>
Date: Mon, 31 Oct 2022 17:50:11 +0800
Subject: [PATCH] Don't collect external address for ip filterd out (#1135)

---
 pkg/rtc/config.go | 161 ++++++++++++++++++++++++++--------------------
 1 file changed, 90 insertions(+), 71 deletions(-)

diff --git a/pkg/rtc/config.go b/pkg/rtc/config.go
index 78af305fe..96e81643a 100644
--- a/pkg/rtc/config.go
+++ b/pkg/rtc/config.go
@@ -69,10 +69,24 @@ func NewWebRTCConfig(conf *config.Config, externalIP string) (*WebRTCConfig, err
 		LoggerFactory: logging.NewLoggerFactory(logger.GetLogger()),
 	}
 
+	if len(rtcConf.Interfaces.Includes) != 0 || len(rtcConf.Interfaces.Excludes) != 0 {
+		s.SetInterfaceFilter(InterfaceFilterFromConf(rtcConf.Interfaces))
+	}
+
+	var ipFilter func(net.IP) bool
+	if len(rtcConf.IPs.Includes) != 0 || len(rtcConf.IPs.Excludes) != 0 {
+		filter, err := IPFilterFromConf(rtcConf.IPs)
+		if err != nil {
+			return nil, err
+		}
+		ipFilter = filter
+		s.SetIPFilter(filter)
+	}
+
 	// force it to the node IPs that the user has set
 	if externalIP != "" && (conf.RTC.UseExternalIP || (conf.RTC.NodeIP != "" && !conf.RTC.NodeIPAutoGenerated)) {
 		if conf.RTC.UseExternalIP {
-			ips, err := getNAT1to1IPsForConf(conf)
+			ips, err := getNAT1to1IPsForConf(conf, ipFilter)
 			if err != nil {
 				return nil, err
 			}
@@ -206,75 +220,6 @@ func NewWebRTCConfig(conf *config.Config, externalIP string) (*WebRTCConfig, err
 		}
 	}
 
-	if len(rtcConf.Interfaces.Includes) != 0 || len(rtcConf.Interfaces.Excludes) != 0 {
-		includes := rtcConf.Interfaces.Includes
-		excludes := rtcConf.Interfaces.Excludes
-		s.SetInterfaceFilter(func(s string) bool {
-			// filter by include interfaces
-			if len(includes) > 0 {
-				for _, iface := range includes {
-					if iface == s {
-						return true
-					}
-				}
-				return false
-			}
-
-			// filter by exclude interfaces
-			if len(excludes) > 0 {
-				for _, iface := range excludes {
-					if iface == s {
-						return false
-					}
-				}
-			}
-			return true
-		})
-	}
-
-	if len(rtcConf.IPs.Includes) != 0 || len(rtcConf.IPs.Excludes) != 0 {
-		var ipnets [2][]*net.IPNet
-		for i, ips := range [][]string{rtcConf.IPs.Includes, rtcConf.IPs.Excludes} {
-			ipnets[i], err = func(fromIPs []string) ([]*net.IPNet, error) {
-				var toNets []*net.IPNet
-				for _, ip := range fromIPs {
-					_, ipnet, err := net.ParseCIDR(ip)
-					if err != nil {
-						return nil, err
-					}
-					toNets = append(toNets, ipnet)
-				}
-				return toNets, nil
-			}(ips)
-
-			if err != nil {
-				return nil, err
-			}
-		}
-
-		includes, excludes := ipnets[0], ipnets[1]
-
-		s.SetIPFilter(func(ip net.IP) bool {
-			if len(includes) > 0 {
-				for _, ipn := range includes {
-					if ipn.Contains(ip) {
-						return true
-					}
-				}
-				return false
-			}
-
-			if len(excludes) > 0 {
-				for _, ipn := range excludes {
-					if ipn.Contains(ip) {
-						return false
-					}
-				}
-			}
-			return true
-		})
-	}
-
 	return &WebRTCConfig{
 		Configuration: c,
 		SettingEngine: s,
@@ -301,7 +246,7 @@ func iceServerForStunServers(servers []string) webrtc.ICEServer {
 	return iceServer
 }
 
-func getNAT1to1IPsForConf(conf *config.Config) ([]string, error) {
+func getNAT1to1IPsForConf(conf *config.Config, ipFilter func(net.IP) bool) ([]string, error) {
 	stunServers := conf.RTC.STUNServers
 	if len(stunServers) == 0 {
 		stunServers = config.DefaultStunServers
@@ -316,6 +261,10 @@ func getNAT1to1IPsForConf(conf *config.Config) ([]string, error) {
 	}
 	addrCh := make(chan ipmapping, len(localIPs))
 	for _, ip := range localIPs {
+		if ipFilter != nil && !ipFilter(net.ParseIP(ip)) {
+			continue
+		}
+
 		go func(localIP string) {
 			addr, err := config.GetExternalIP(stunServers, &net.UDPAddr{IP: net.ParseIP(localIP)})
 			if err != nil {
@@ -373,3 +322,73 @@ done:
 	}
 	return nat1to1IPs, nil
 }
+
+func InterfaceFilterFromConf(ifs config.InterfacesConfig) func(string) bool {
+	includes := ifs.Includes
+	excludes := ifs.Excludes
+	return func(s string) bool {
+		// filter by include interfaces
+		if len(includes) > 0 {
+			for _, iface := range includes {
+				if iface == s {
+					return true
+				}
+			}
+			return false
+		}
+
+		// filter by exclude interfaces
+		if len(excludes) > 0 {
+			for _, iface := range excludes {
+				if iface == s {
+					return false
+				}
+			}
+		}
+		return true
+	}
+}
+
+func IPFilterFromConf(ips config.IPsConfig) (func(ip net.IP) bool, error) {
+	var ipnets [2][]*net.IPNet
+	var err error
+	for i, ips := range [][]string{ips.Includes, ips.Excludes} {
+		ipnets[i], err = func(fromIPs []string) ([]*net.IPNet, error) {
+			var toNets []*net.IPNet
+			for _, ip := range fromIPs {
+				_, ipnet, err := net.ParseCIDR(ip)
+				if err != nil {
+					return nil, err
+				}
+				toNets = append(toNets, ipnet)
+			}
+			return toNets, nil
+		}(ips)
+
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	includes, excludes := ipnets[0], ipnets[1]
+
+	return func(ip net.IP) bool {
+		if len(includes) > 0 {
+			for _, ipn := range includes {
+				if ipn.Contains(ip) {
+					return true
+				}
+			}
+			return false
+		}
+
+		if len(excludes) > 0 {
+			for _, ipn := range excludes {
+				if ipn.Contains(ip) {
+					return false
+				}
+			}
+		}
+		return true
+	}, nil
+}