2016-11-21 11:11:21 -06:00
|
|
|
|
// Copyright 2016 The go-ethereum Authors
|
|
|
|
|
// This file is part of the go-ethereum library.
|
|
|
|
|
//
|
|
|
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
|
|
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
//
|
|
|
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU Lesser General Public License for more details.
|
|
|
|
|
//
|
|
|
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
|
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
// Package netutil contains extensions to the net package.
|
|
|
|
|
package netutil
|
|
|
|
|
|
|
|
|
|
import (
|
2018-02-12 06:36:09 -06:00
|
|
|
|
"bytes"
|
2016-11-21 11:11:21 -06:00
|
|
|
|
"errors"
|
2018-02-12 06:36:09 -06:00
|
|
|
|
"fmt"
|
2016-11-21 11:11:21 -06:00
|
|
|
|
"net"
|
2024-06-05 12:31:04 -05:00
|
|
|
|
"net/netip"
|
|
|
|
|
"slices"
|
2016-11-21 11:11:21 -06:00
|
|
|
|
"strings"
|
2024-06-05 12:31:04 -05:00
|
|
|
|
|
|
|
|
|
"golang.org/x/exp/maps"
|
2016-11-21 11:11:21 -06:00
|
|
|
|
)
|
|
|
|
|
|
2024-06-05 12:31:04 -05:00
|
|
|
|
var special4, special6 Netlist
|
2016-11-21 11:11:21 -06:00
|
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
|
// Lists from RFC 5735, RFC 5156,
|
|
|
|
|
// https://www.iana.org/assignments/iana-ipv4-special-registry/
|
2024-06-05 12:31:04 -05:00
|
|
|
|
special4.Add("0.0.0.0/8") // "This" network.
|
2016-11-21 11:11:21 -06:00
|
|
|
|
special4.Add("192.0.0.0/29") // IPv4 Service Continuity
|
|
|
|
|
special4.Add("192.0.0.9/32") // PCP Anycast
|
|
|
|
|
special4.Add("192.0.0.170/32") // NAT64/DNS64 Discovery
|
|
|
|
|
special4.Add("192.0.0.171/32") // NAT64/DNS64 Discovery
|
|
|
|
|
special4.Add("192.0.2.0/24") // TEST-NET-1
|
|
|
|
|
special4.Add("192.31.196.0/24") // AS112
|
|
|
|
|
special4.Add("192.52.193.0/24") // AMT
|
|
|
|
|
special4.Add("192.88.99.0/24") // 6to4 Relay Anycast
|
|
|
|
|
special4.Add("192.175.48.0/24") // AS112
|
|
|
|
|
special4.Add("198.18.0.0/15") // Device Benchmark Testing
|
|
|
|
|
special4.Add("198.51.100.0/24") // TEST-NET-2
|
|
|
|
|
special4.Add("203.0.113.0/24") // TEST-NET-3
|
|
|
|
|
special4.Add("255.255.255.255/32") // Limited Broadcast
|
|
|
|
|
|
|
|
|
|
// http://www.iana.org/assignments/iana-ipv6-special-registry/
|
|
|
|
|
special6.Add("100::/64")
|
|
|
|
|
special6.Add("2001::/32")
|
|
|
|
|
special6.Add("2001:1::1/128")
|
|
|
|
|
special6.Add("2001:2::/48")
|
|
|
|
|
special6.Add("2001:3::/32")
|
|
|
|
|
special6.Add("2001:4:112::/48")
|
|
|
|
|
special6.Add("2001:5::/32")
|
|
|
|
|
special6.Add("2001:10::/28")
|
|
|
|
|
special6.Add("2001:20::/28")
|
|
|
|
|
special6.Add("2001:db8::/32")
|
|
|
|
|
special6.Add("2002::/16")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Netlist is a list of IP networks.
|
2024-06-05 12:31:04 -05:00
|
|
|
|
type Netlist []netip.Prefix
|
2016-11-21 11:11:21 -06:00
|
|
|
|
|
|
|
|
|
// ParseNetlist parses a comma-separated list of CIDR masks.
|
|
|
|
|
// Whitespace and extra commas are ignored.
|
|
|
|
|
func ParseNetlist(s string) (*Netlist, error) {
|
|
|
|
|
ws := strings.NewReplacer(" ", "", "\n", "", "\t", "")
|
|
|
|
|
masks := strings.Split(ws.Replace(s), ",")
|
|
|
|
|
l := make(Netlist, 0)
|
|
|
|
|
for _, mask := range masks {
|
|
|
|
|
if mask == "" {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2024-06-05 12:31:04 -05:00
|
|
|
|
prefix, err := netip.ParsePrefix(mask)
|
2016-11-21 11:11:21 -06:00
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2024-06-05 12:31:04 -05:00
|
|
|
|
l = append(l, prefix)
|
2016-11-21 11:11:21 -06:00
|
|
|
|
}
|
|
|
|
|
return &l, nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-12 09:27:23 -05:00
|
|
|
|
// MarshalTOML implements toml.MarshalerRec.
|
|
|
|
|
func (l Netlist) MarshalTOML() interface{} {
|
|
|
|
|
list := make([]string, 0, len(l))
|
|
|
|
|
for _, net := range l {
|
|
|
|
|
list = append(list, net.String())
|
|
|
|
|
}
|
|
|
|
|
return list
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// UnmarshalTOML implements toml.UnmarshalerRec.
|
|
|
|
|
func (l *Netlist) UnmarshalTOML(fn func(interface{}) error) error {
|
|
|
|
|
var masks []string
|
|
|
|
|
if err := fn(&masks); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
for _, mask := range masks {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
prefix, err := netip.ParsePrefix(mask)
|
2017-04-12 09:27:23 -05:00
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2024-06-05 12:31:04 -05:00
|
|
|
|
*l = append(*l, prefix)
|
2017-04-12 09:27:23 -05:00
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-21 11:11:21 -06:00
|
|
|
|
// Add parses a CIDR mask and appends it to the list. It panics for invalid masks and is
|
|
|
|
|
// intended to be used for setting up static lists.
|
|
|
|
|
func (l *Netlist) Add(cidr string) {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
prefix, err := netip.ParsePrefix(cidr)
|
2016-11-21 11:11:21 -06:00
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
2024-06-05 12:31:04 -05:00
|
|
|
|
*l = append(*l, prefix)
|
2016-11-21 11:11:21 -06:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Contains reports whether the given IP is contained in the list.
|
|
|
|
|
func (l *Netlist) Contains(ip net.IP) bool {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
return l.ContainsAddr(IPToAddr(ip))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ContainsAddr reports whether the given IP is contained in the list.
|
|
|
|
|
func (l *Netlist) ContainsAddr(ip netip.Addr) bool {
|
2016-11-21 11:11:21 -06:00
|
|
|
|
if l == nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
for _, net := range *l {
|
|
|
|
|
if net.Contains(ip) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// IsLAN reports whether an IP is a local network address.
|
|
|
|
|
func IsLAN(ip net.IP) bool {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
return AddrIsLAN(IPToAddr(ip))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AddrIsLAN reports whether an IP is a local network address.
|
|
|
|
|
func AddrIsLAN(ip netip.Addr) bool {
|
|
|
|
|
if ip.Is4In6() {
|
|
|
|
|
ip = netip.AddrFrom4(ip.As4())
|
|
|
|
|
}
|
2016-11-21 11:11:21 -06:00
|
|
|
|
if ip.IsLoopback() {
|
|
|
|
|
return true
|
|
|
|
|
}
|
2024-06-05 12:31:04 -05:00
|
|
|
|
return ip.IsPrivate() || ip.IsLinkLocalUnicast()
|
2016-11-21 11:11:21 -06:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// IsSpecialNetwork reports whether an IP is located in a special-use network range
|
|
|
|
|
// This includes broadcast, multicast and documentation addresses.
|
|
|
|
|
func IsSpecialNetwork(ip net.IP) bool {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
return AddrIsSpecialNetwork(IPToAddr(ip))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AddrIsSpecialNetwork reports whether an IP is located in a special-use network range
|
|
|
|
|
// This includes broadcast, multicast and documentation addresses.
|
|
|
|
|
func AddrIsSpecialNetwork(ip netip.Addr) bool {
|
|
|
|
|
if ip.Is4In6() {
|
|
|
|
|
ip = netip.AddrFrom4(ip.As4())
|
|
|
|
|
}
|
2016-11-21 11:11:21 -06:00
|
|
|
|
if ip.IsMulticast() {
|
|
|
|
|
return true
|
|
|
|
|
}
|
2024-06-05 12:31:04 -05:00
|
|
|
|
if ip.Is4() {
|
|
|
|
|
return special4.ContainsAddr(ip)
|
2016-11-21 11:11:21 -06:00
|
|
|
|
}
|
2024-06-05 12:31:04 -05:00
|
|
|
|
return special6.ContainsAddr(ip)
|
2016-11-21 11:11:21 -06:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
|
errInvalid = errors.New("invalid IP")
|
|
|
|
|
errUnspecified = errors.New("zero address")
|
|
|
|
|
errSpecial = errors.New("special network")
|
|
|
|
|
errLoopback = errors.New("loopback address from non-loopback host")
|
|
|
|
|
errLAN = errors.New("LAN address from WAN host")
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// CheckRelayIP reports whether an IP relayed from the given sender IP
|
|
|
|
|
// is a valid connection target.
|
|
|
|
|
//
|
|
|
|
|
// There are four rules:
|
|
|
|
|
// - Special network addresses are never valid.
|
|
|
|
|
// - Loopback addresses are OK if relayed by a loopback host.
|
|
|
|
|
// - LAN addresses are OK if relayed by a LAN host.
|
|
|
|
|
// - All other addresses are always acceptable.
|
|
|
|
|
func CheckRelayIP(sender, addr net.IP) error {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
return CheckRelayAddr(IPToAddr(sender), IPToAddr(addr))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CheckRelayAddr reports whether an IP relayed from the given sender IP
|
|
|
|
|
// is a valid connection target.
|
|
|
|
|
//
|
|
|
|
|
// There are four rules:
|
|
|
|
|
// - Special network addresses are never valid.
|
|
|
|
|
// - Loopback addresses are OK if relayed by a loopback host.
|
|
|
|
|
// - LAN addresses are OK if relayed by a LAN host.
|
|
|
|
|
// - All other addresses are always acceptable.
|
|
|
|
|
func CheckRelayAddr(sender, addr netip.Addr) error {
|
|
|
|
|
if !addr.IsValid() {
|
2016-11-21 11:11:21 -06:00
|
|
|
|
return errInvalid
|
|
|
|
|
}
|
|
|
|
|
if addr.IsUnspecified() {
|
|
|
|
|
return errUnspecified
|
|
|
|
|
}
|
2024-06-05 12:31:04 -05:00
|
|
|
|
if AddrIsSpecialNetwork(addr) {
|
2016-11-21 11:11:21 -06:00
|
|
|
|
return errSpecial
|
|
|
|
|
}
|
|
|
|
|
if addr.IsLoopback() && !sender.IsLoopback() {
|
|
|
|
|
return errLoopback
|
|
|
|
|
}
|
2024-06-05 12:31:04 -05:00
|
|
|
|
if AddrIsLAN(addr) && !AddrIsLAN(sender) {
|
2016-11-21 11:11:21 -06:00
|
|
|
|
return errLAN
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2018-02-12 06:36:09 -06:00
|
|
|
|
|
|
|
|
|
// SameNet reports whether two IP addresses have an equal prefix of the given bit length.
|
|
|
|
|
func SameNet(bits uint, ip, other net.IP) bool {
|
|
|
|
|
ip4, other4 := ip.To4(), other.To4()
|
|
|
|
|
switch {
|
|
|
|
|
case (ip4 == nil) != (other4 == nil):
|
|
|
|
|
return false
|
|
|
|
|
case ip4 != nil:
|
|
|
|
|
return sameNet(bits, ip4, other4)
|
|
|
|
|
default:
|
|
|
|
|
return sameNet(bits, ip.To16(), other.To16())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func sameNet(bits uint, ip, other net.IP) bool {
|
|
|
|
|
nb := int(bits / 8)
|
|
|
|
|
mask := ^byte(0xFF >> (bits % 8))
|
|
|
|
|
if mask != 0 && nb < len(ip) && ip[nb]&mask != other[nb]&mask {
|
|
|
|
|
return false
|
|
|
|
|
}
|
2019-11-19 03:17:41 -06:00
|
|
|
|
return nb <= len(ip) && ip[:nb].Equal(other[:nb])
|
2018-02-12 06:36:09 -06:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DistinctNetSet tracks IPs, ensuring that at most N of them
|
|
|
|
|
// fall into the same network range.
|
|
|
|
|
type DistinctNetSet struct {
|
|
|
|
|
Subnet uint // number of common prefix bits
|
|
|
|
|
Limit uint // maximum number of IPs in each subnet
|
|
|
|
|
|
2024-06-05 12:31:04 -05:00
|
|
|
|
members map[netip.Prefix]uint
|
2018-02-12 06:36:09 -06:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Add adds an IP address to the set. It returns false (and doesn't add the IP) if the
|
|
|
|
|
// number of existing IPs in the defined range exceeds the limit.
|
|
|
|
|
func (s *DistinctNetSet) Add(ip net.IP) bool {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
return s.AddAddr(IPToAddr(ip))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// AddAddr adds an IP address to the set. It returns false (and doesn't add the IP) if the
|
|
|
|
|
// number of existing IPs in the defined range exceeds the limit.
|
|
|
|
|
func (s *DistinctNetSet) AddAddr(ip netip.Addr) bool {
|
2018-02-12 06:36:09 -06:00
|
|
|
|
key := s.key(ip)
|
2024-06-05 12:31:04 -05:00
|
|
|
|
n := s.members[key]
|
2018-02-12 06:36:09 -06:00
|
|
|
|
if n < s.Limit {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
s.members[key] = n + 1
|
2018-02-12 06:36:09 -06:00
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Remove removes an IP from the set.
|
|
|
|
|
func (s *DistinctNetSet) Remove(ip net.IP) {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
s.RemoveAddr(IPToAddr(ip))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// RemoveAddr removes an IP from the set.
|
|
|
|
|
func (s *DistinctNetSet) RemoveAddr(ip netip.Addr) {
|
2018-02-12 06:36:09 -06:00
|
|
|
|
key := s.key(ip)
|
2024-06-05 12:31:04 -05:00
|
|
|
|
if n, ok := s.members[key]; ok {
|
2018-02-12 06:36:09 -06:00
|
|
|
|
if n == 1 {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
delete(s.members, key)
|
2018-02-12 06:36:09 -06:00
|
|
|
|
} else {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
s.members[key] = n - 1
|
2018-02-12 06:36:09 -06:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-06 02:56:41 -05:00
|
|
|
|
// Contains reports whether the given IP is contained in the set.
|
2018-02-12 06:36:09 -06:00
|
|
|
|
func (s DistinctNetSet) Contains(ip net.IP) bool {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
return s.ContainsAddr(IPToAddr(ip))
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-06 02:56:41 -05:00
|
|
|
|
// ContainsAddr reports whether the given IP is contained in the set.
|
2024-06-05 12:31:04 -05:00
|
|
|
|
func (s DistinctNetSet) ContainsAddr(ip netip.Addr) bool {
|
2018-02-12 06:36:09 -06:00
|
|
|
|
key := s.key(ip)
|
2024-06-05 12:31:04 -05:00
|
|
|
|
_, ok := s.members[key]
|
2018-02-12 06:36:09 -06:00
|
|
|
|
return ok
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Len returns the number of tracked IPs.
|
|
|
|
|
func (s DistinctNetSet) Len() int {
|
|
|
|
|
n := uint(0)
|
|
|
|
|
for _, i := range s.members {
|
|
|
|
|
n += i
|
|
|
|
|
}
|
|
|
|
|
return int(n)
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-05 12:31:04 -05:00
|
|
|
|
// key returns the map key for ip.
|
|
|
|
|
func (s *DistinctNetSet) key(ip netip.Addr) netip.Prefix {
|
2018-02-12 06:36:09 -06:00
|
|
|
|
// Lazily initialize storage.
|
|
|
|
|
if s.members == nil {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
s.members = make(map[netip.Prefix]uint)
|
2018-02-12 06:36:09 -06:00
|
|
|
|
}
|
2024-06-05 12:31:04 -05:00
|
|
|
|
p, err := ip.Prefix(int(s.Subnet))
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
2018-02-12 06:36:09 -06:00
|
|
|
|
}
|
2024-06-05 12:31:04 -05:00
|
|
|
|
return p
|
2018-02-12 06:36:09 -06:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// String implements fmt.Stringer
|
|
|
|
|
func (s DistinctNetSet) String() string {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
keys := maps.Keys(s.members)
|
|
|
|
|
slices.SortFunc(keys, func(a, b netip.Prefix) int {
|
|
|
|
|
return strings.Compare(a.String(), b.String())
|
|
|
|
|
})
|
|
|
|
|
|
2018-02-12 06:36:09 -06:00
|
|
|
|
var buf bytes.Buffer
|
|
|
|
|
buf.WriteString("{")
|
|
|
|
|
for i, k := range keys {
|
2024-06-05 12:31:04 -05:00
|
|
|
|
fmt.Fprintf(&buf, "%v×%d", k, s.members[k])
|
2018-02-12 06:36:09 -06:00
|
|
|
|
if i != len(keys)-1 {
|
|
|
|
|
buf.WriteString(" ")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
buf.WriteString("}")
|
|
|
|
|
return buf.String()
|
|
|
|
|
}
|