Protect InternetChecker from being tricked by a captive portal #461
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a partial fix for the InternetChecker to keep it from being
tricked by a captive portal that resolves DNS queries to itself. What
was happening was that the remote host that was being checked got
redirected to the captive portal. Since the ping test is simplistic, it
only makes a TCP connection to the specified host and port, it was
successful due to the port being 443. This made the InternetChecker
think that it had connected to a remote host and it hadn't. The updated
behavior is to verify that the IP address to check is not on the LAN
(off subnet). This, of course, isn't perfect since the captive portal
can make up off-LAN IP addresses just as easy as local ones, but the
hope is that it is a low risk way of reducing false positives.