daxi20/AdGuardHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pull request: 2271 handle nolint

Browse Source 
Merge in DNS/adguard-home from 2271-handle-nolint to master

Closes #2271.

Squashed commit of the following:

commit fde5c8795ac79e1f7d02ba8c8e369b5a724a000e
Merge: fc2acd898 642dcd647
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Fri Nov 20 17:12:28 2020 +0300

    Merge branch 'master' into 2271-handle-nolint

commit fc2acd89871de08c39e80ace9e5bb8a7acb7afba
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Nov 17 11:55:29 2020 +0300

    dnsforward: fix test output strings

commit c4ebae6ea9c293bad239519c44ca5a6c576bb921
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Mon Nov 16 22:43:20 2020 +0300

    dnsfilter: make package pass tests

commit f2d98c6acabd8977f3b1b361987eaa31eb6eb9ad
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Mon Nov 16 20:05:00 2020 +0300

    querylog: make decoding pass tests

commit ab5850d24c50d53b8393f2de448cc340241351d7
Merge: 6ed2066bf 8a9c6e8a0
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Mon Nov 16 19:48:31 2020 +0300

    Merge branch 'master' into 2271-handle-nolint

commit 6ed2066bf567e13dd14cfa16fc7b109b59fa39ef
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Mon Nov 16 18:13:45 2020 +0300

    home: fix tests naming

commit af691081fb02b7500a746b16492f01f7f9befe9a
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Mon Nov 16 12:15:49 2020 +0300

    home: impove code quality

commit 2914cd3cd23ef2a1964116baab9187d89b377f86
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed Nov 11 15:46:39 2020 +0300

    * querylog: remove useless check

commit 9996840650e784ccc76d1f29964560435ba27dc7
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Wed Nov 11 13:18:34 2020 +0300

    * all: fix noticed defects

commit 2b15293e59337f70302fbc0db81ebb26bee0bed2
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Nov 10 20:15:53 2020 +0300

    * stats: remove last nolint directive

commit b2e1ddf7b58196a2fdbf879f084edb41ca1aa1eb
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Nov 10 18:35:41 2020 +0300

    * all: remove another nolint directive

commit c6fc5cfcc9c95ab9e570a95ab41c3e5c0125e62e
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Nov 10 18:11:28 2020 +0300

    * querylog: remove nolint directive

commit 226ddbf2c92f737f085b44a4ddf6daec7b602153
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Nov 10 16:35:26 2020 +0300

    * home: remove nolint directive

commit 2ea3086ad41e9003282add7e996ae722d72d878b
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Nov 10 16:13:57 2020 +0300

    * home: reduce cyclomatic complexity of run function

commit f479b480c48e0bb832ddef8f57586f56b8a55bab
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Nov 10 15:35:46 2020 +0300

    * home: use crypto/rand instead of math/rand

commit a28d4a53e3b930136b036606fc7e78404f1d208b
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Nov 10 14:11:07 2020 +0300

    * dnsforward: remove gocyclo nolint directive

commit 64a0a324cc2b20614ceec3ccc6505e960fe526e9
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Nov 10 11:45:49 2020 +0300

    all *: remove some nolint directives

    Updates #2271.
This commit is contained in:
Eugene Burkov
2020-11-20 17:32:41 +03:00
parent 642dcd647c
commit 3045da1742
17 changed files with 1053 additions and 832 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
internal/home/auth.go
View File

@@ -1,12 +1,14 @@
package home
import (
"crypto/rand"
"crypto/sha256"
"encoding/binary"
"encoding/hex"
"encoding/json"
"fmt"
"math/rand"
"math"
"math/big"
"net/http"
"strings"
"sync"
@@ -76,7 +78,6 @@ func InitAuth(dbFilename string, users []User, sessionTTL uint32) *Auth {
a := Auth{}
a.sessionTTL = sessionTTL
a.sessions = make(map[string]*session)
rand.Seed(time.Now().UTC().Unix())
var err error
a.db, err = bbolt.Open(dbFilename, 0o644, nil)
if err != nil {
@@ -275,23 +276,28 @@ type loginJSON struct {
Password string `json:"password"`
}
func getSession(u *User) []byte {
// the developers don't currently believe that using a
// non-cryptographic RNG for the session hash salt is
// insecure
salt := rand.Uint32() //nolint:gosec
d := []byte(fmt.Sprintf("%d%s%s", salt, u.Name, u.PasswordHash))
hash := sha256.Sum256(d)
return hash[:]
}
func (a *Auth) httpCookie(req loginJSON) string {
u := a.UserFind(req.Name, req.Password)
if len(u.Name) == 0 {
return ""
func getSession(u *User) ([]byte, error) {
maxSalt := big.NewInt(math.MaxUint32)
salt, err := rand.Int(rand.Reader, maxSalt)
if err != nil {
return nil, err
}
sess := getSession(&u)
d := []byte(fmt.Sprintf("%s%s%s", salt, u.Name, u.PasswordHash))
hash := sha256.Sum256(d)
return hash[:], nil
}
func (a *Auth) httpCookie(req loginJSON) (string, error) {
u := a.UserFind(req.Name, req.Password)
if len(u.Name) == 0 {
return "", nil
}
sess, err := getSession(&u)
if err != nil {
return "", err
}
now := time.Now().UTC()
expire := now.Add(cookieTTL * time.Hour)
@@ -305,7 +311,7 @@ func (a *Auth) httpCookie(req loginJSON) string {
a.addSession(sess, &s)
return fmt.Sprintf("%s=%s; Path=/; HttpOnly; Expires=%s",
sessionCookieName, hex.EncodeToString(sess), expstr)
sessionCookieName, hex.EncodeToString(sess), expstr), nil
}
func handleLogin(w http.ResponseWriter, r *http.Request) {
@@ -316,7 +322,11 @@ func handleLogin(w http.ResponseWriter, r *http.Request) {
return
}
cookie := Context.auth.httpCookie(req)
cookie, err := Context.auth.httpCookie(req)
if err != nil {
httpError(w, http.StatusBadRequest, "crypto rand reader: %s", err)
return
}
if len(cookie) == 0 {
log.Info("Auth: invalid user name or password: name=%q", req.Name)
time.Sleep(1 * time.Second)
@@ -369,7 +379,54 @@ func parseCookie(cookie string) string {
return ""
}
// nolint(gocyclo)
// optionalAuthThird return true if user should authenticate first.
func optionalAuthThird(w http.ResponseWriter, r *http.Request) (authFirst bool) {
authFirst = false
// redirect to login page if not authenticated
ok := false
cookie, err := r.Cookie(sessionCookieName)
if glProcessCookie(r) {
log.Debug("Auth: authentification was handled by GL-Inet submodule")
ok = true
} else if err == nil {
r := Context.auth.CheckSession(cookie.Value)
if r == 0 {
ok = true
} else if r < 0 {
log.Debug("Auth: invalid cookie value: %s", cookie)
}
} else {
// there's no Cookie, check Basic authentication
user, pass, ok2 := r.BasicAuth()
if ok2 {
u := Context.auth.UserFind(user, pass)
if len(u.Name) != 0 {
ok = true
} else {
log.Info("Auth: invalid Basic Authorization value")
}
}
}
if !ok {
if r.URL.Path == "/" || r.URL.Path == "/index.html" {
if glProcessRedirect(w, r) {
log.Debug("Auth: redirected to login page by GL-Inet submodule")
} else {
w.Header().Set("Location", "/login.html")
w.WriteHeader(http.StatusFound)
}
} else {
w.WriteHeader(http.StatusForbidden)
_, _ = w.Write([]byte("Forbidden"))
}
authFirst = true
}
return authFirst
}
func optionalAuth(handler func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/login.html" {
@@ -392,45 +449,7 @@ func optionalAuth(handler func(http.ResponseWriter, *http.Request)) func(http.Re
// process as usual
// no additional auth requirements
} else if Context.auth != nil && Context.auth.AuthRequired() {
// redirect to login page if not authenticated
ok := false
cookie, err := r.Cookie(sessionCookieName)
if glProcessCookie(r) {
log.Debug("Auth: authentification was handled by GL-Inet submodule")
ok = true
} else if err == nil {
r := Context.auth.CheckSession(cookie.Value)
if r == 0 {
ok = true
} else if r < 0 {
log.Debug("Auth: invalid cookie value: %s", cookie)
}
} else {
// there's no Cookie, check Basic authentication
user, pass, ok2 := r.BasicAuth()
if ok2 {
u := Context.auth.UserFind(user, pass)
if len(u.Name) != 0 {
ok = true
} else {
log.Info("Auth: invalid Basic Authorization value")
}
}
}
if !ok {
if r.URL.Path == "/" || r.URL.Path == "/index.html" {
if glProcessRedirect(w, r) {
log.Debug("Auth: redirected to login page by GL-Inet submodule")
} else {
w.Header().Set("Location", "/login.html")
w.WriteHeader(http.StatusFound)
}
} else {
w.WriteHeader(http.StatusForbidden)
_, _ = w.Write([]byte("Forbidden"))
}
if optionalAuthThird(w, r) {
return
}
}

6
internal/home/auth_test.go
View File

@@ -41,7 +41,8 @@ func TestAuth(t *testing.T) {
assert.True(t, a.CheckSession("notfound") == -1)
a.RemoveSession("notfound")
sess := getSession(&users[0])
sess, err := getSession(&users[0])
assert.Nil(t, err)
sessStr := hex.EncodeToString(sess)
now := time.Now().UTC().Unix()
@@ -136,7 +137,8 @@ func TestAuthHTTP(t *testing.T) {
assert.True(t, handlerCalled)
// perform login
cookie := Context.auth.httpCookie(loginJSON{Name: "name", Password: "password"})
cookie, err := Context.auth.httpCookie(loginJSON{Name: "name", Password: "password"})
assert.Nil(t, err)
assert.True(t, cookie != "")
// get /

58
internal/home/dns.go
View File

@@ -88,60 +88,6 @@ func isRunning() bool {
return Context.dnsServer != nil && Context.dnsServer.IsRunning()
}
// nolint (gocyclo)
// Return TRUE if IP is within public Internet IP range
func isPublicIP(ip net.IP) bool {
ip4 := ip.To4()
if ip4 != nil {
switch ip4[0] {
case 0:
return false // software
case 10:
return false // private network
case 127:
return false // loopback
case 169:
if ip4[1] == 254 {
return false // link-local
}
case 172:
if ip4[1] >= 16 && ip4[1] <= 31 {
return false // private network
}
case 192:
if (ip4[1] == 0 && ip4[2] == 0) || // private network
(ip4[1] == 0 && ip4[2] == 2) || // documentation
(ip4[1] == 88 && ip4[2] == 99) || // reserved
(ip4[1] == 168) { // private network
return false
}
case 198:
if (ip4[1] == 18 || ip4[2] == 19) || // private network
(ip4[1] == 51 || ip4[2] == 100) { // documentation
return false
}
case 203:
if ip4[1] == 0 && ip4[2] == 113 { // documentation
return false
}
case 224:
if ip4[1] == 0 && ip4[2] == 0 { // multicast
return false
}
case 255:
if ip4[1] == 255 && ip4[2] == 255 && ip4[3] == 255 { // subnet
return false
}
}
} else {
if ip.IsLoopback() || ip.IsLinkLocalMulticast() || ip.IsLinkLocalUnicast() {
return false
}
}
return true
}
func onDNSRequest(d *proxy.DNSContext) {
ip := dnsforward.GetIPString(d.Addr)
if ip == "" {
@@ -153,7 +99,7 @@ func onDNSRequest(d *proxy.DNSContext) {
if !ipAddr.IsLoopback() {
Context.rdns.Begin(ip)
}
if isPublicIP(ipAddr) {
if !Context.ipDetector.detectSpecialNetwork(ipAddr) {
Context.whois.Begin(ip)
}
}
@@ -327,7 +273,7 @@ func startDNSServer() error {
if !ipAddr.IsLoopback() {
Context.rdns.Begin(ip)
}
if isPublicIP(ipAddr) {
if !Context.ipDetector.detectSpecialNetwork(ipAddr) {
Context.whois.Begin(ip)
}
}

112
internal/home/filter.go
View File

@@ -6,6 +6,7 @@ import (
"hash/crc32"
"io"
"io/ioutil"
"net/http"
"os"
"path/filepath"
"regexp"
@@ -497,46 +498,7 @@ func (f *Filtering) update(filter *filter) (bool, error) {
return b, err
}
// nolint(gocyclo)
func (f *Filtering) updateIntl(filter *filter) (bool, error) {
log.Tracef("Downloading update for filter %d from %s", filter.ID, filter.URL)
tmpFile, err := ioutil.TempFile(filepath.Join(Context.getDataDir(), filterDir), "")
if err != nil {
return false, err
}
defer func() {
if tmpFile != nil {
_ = tmpFile.Close()
_ = os.Remove(tmpFile.Name())
}
}()
var reader io.Reader
if filepath.IsAbs(filter.URL) {
f, err := os.Open(filter.URL)
if err != nil {
return false, fmt.Errorf("open file: %w", err)
}
defer f.Close()
reader = f
} else {
resp, err := Context.client.Get(filter.URL)
if resp != nil && resp.Body != nil {
defer resp.Body.Close()
}
if err != nil {
log.Printf("Couldn't request filter from URL %s, skipping: %s", filter.URL, err)
return false, err
}
if resp.StatusCode != 200 {
log.Printf("Got status code %d from URL %s, skipping", resp.StatusCode, filter.URL)
return false, fmt.Errorf("got status code != 200: %d", resp.StatusCode)
}
reader = resp.Body
}
func (f *Filtering) read(reader io.Reader, tmpFile *os.File, filter *filter) (int, error) {
htmlTest := true
firstChunk := make([]byte, 4*1024)
firstChunkLen := 0
@@ -556,12 +518,12 @@ func (f *Filtering) updateIntl(filter *filter) (bool, error) {
if firstChunkLen == len(firstChunk) || err == io.EOF {
if !isPrintableText(firstChunk, firstChunkLen) {
return false, fmt.Errorf("data contains non-printable characters")
return total, fmt.Errorf("data contains non-printable characters")
}
s := strings.ToLower(string(firstChunk))
if strings.Contains(s, "<html") || strings.Contains(s, "<!doctype") {
return false, fmt.Errorf("data is HTML, not plain text")
return total, fmt.Errorf("data is HTML, not plain text")
}
htmlTest = false
@@ -571,17 +533,70 @@ func (f *Filtering) updateIntl(filter *filter) (bool, error) {
_, err2 := tmpFile.Write(buf[:n])
if err2 != nil {
return false, err2
return total, err2
}
if err == io.EOF {
break
return total, nil
}
if err != nil {
log.Printf("Couldn't fetch filter contents from URL %s, skipping: %s", filter.URL, err)
return false, err
return total, err
}
}
}
// updateIntl returns true if filter update performed successfully.
func (f *Filtering) updateIntl(filter *filter) (updated bool, err error) {
updated = false
log.Tracef("Downloading update for filter %d from %s", filter.ID, filter.URL)
tmpFile, err := ioutil.TempFile(filepath.Join(Context.getDataDir(), filterDir), "")
if err != nil {
return updated, err
}
defer func() {
if tmpFile != nil {
if err := tmpFile.Close(); err != nil {
log.Printf("Couldn't close temporary file: %s", err)
}
tmpFileName := tmpFile.Name()
if err := os.Remove(tmpFileName); err != nil {
log.Printf("Couldn't delete temporary file %s: %s", tmpFileName, err)
}
}
}()
var reader io.Reader
if filepath.IsAbs(filter.URL) {
f, err := os.Open(filter.URL)
if err != nil {
return updated, fmt.Errorf("open file: %w", err)
}
defer f.Close()
reader = f
} else {
resp, err := Context.client.Get(filter.URL)
if resp != nil && resp.Body != nil {
defer resp.Body.Close()
}
if err != nil {
log.Printf("Couldn't request filter from URL %s, skipping: %s", filter.URL, err)
return updated, err
}
if resp.StatusCode != http.StatusOK {
log.Printf("Got status code %d from URL %s, skipping", resp.StatusCode, filter.URL)
return updated, fmt.Errorf("got status code != 200: %d", resp.StatusCode)
}
reader = resp.Body
}
total, err := f.read(reader, tmpFile, filter)
if err != nil {
return updated, err
}
// Extract filter name and count number of rules
_, _ = tmpFile.Seek(0, io.SeekStart)
@@ -589,7 +604,7 @@ func (f *Filtering) updateIntl(filter *filter) (bool, error) {
// Check if the filter has been really changed
if filter.checksum == checksum {
log.Tracef("Filter #%d at URL %s hasn't changed, not updating it", filter.ID, filter.URL)
return false, nil
return updated, nil
}
log.Printf("Filter %d has been updated: %d bytes, %d rules",
@@ -606,11 +621,12 @@ func (f *Filtering) updateIntl(filter *filter) (bool, error) {
_ = tmpFile.Close()
err = os.Rename(tmpFile.Name(), filterFilePath)
if err != nil {
return false, err
return updated, err
}
tmpFile = nil
updated = true
return true, nil
return updated, nil
}
// loads filter contents from the file in dataDir

71
internal/home/home.go
View File

@@ -65,6 +65,8 @@ type homeContext struct {
autoHosts util.AutoHosts // IP-hostname pairs taken from system configuration (e.g. /etc/hosts) files
updater *update.Updater
ipDetector *ipDetector
// Runtime properties
// --
@@ -140,28 +142,7 @@ func version() string {
return fmt.Sprintf(msg, versionString, updateChannel, runtime.GOOS, runtime.GOARCH)
}
// run initializes configuration and runs the AdGuard Home
// run is a blocking method!
// nolint
func run(args options) {
// configure config filename
initConfigFilename(args)
// configure working dir and config path
initWorkingDir(args)
// configure log level and output
configureLogger(args)
// Go memory hacks
memoryUsage(args)
// print the first message after logger is configured
log.Println(version())
log.Debug("Current working directory is %s", Context.workDir)
if args.runningAsService {
log.Info("AdGuard Home is running as a service")
}
func setupContext(args options) {
Context.runningAsService = args.runningAsService
Context.disableUpdate = args.disableUpdate
@@ -179,7 +160,8 @@ func run(args options) {
DialContext: customDialContext,
Proxy: getHTTPProxy,
TLSClientConfig: &tls.Config{
RootCAs: Context.tlsRoots,
RootCAs: Context.tlsRoots,
MinVersion: tls.VersionTLS12,
},
}
Context.client = &http.Client{
@@ -205,12 +187,9 @@ func run(args options) {
os.Exit(0)
}
}
}
// 'clients' module uses 'dnsfilter' module's static data (dnsfilter.BlockedSvcKnown()),
// so we have to initialize dnsfilter's static data first,
// but also avoid relying on automatic Go init() function
dnsfilter.InitModule()
func setupConfig(args options) {
config.DHCP.WorkDir = Context.workDir
config.DHCP.HTTPRegister = httpRegister
config.DHCP.ConfigModified = onConfigModified
@@ -251,6 +230,37 @@ func run(args options) {
if len(args.pidFile) != 0 && writePIDFile(args.pidFile) {
Context.pidFileName = args.pidFile
}
}
// run performs configurating and starts AdGuard Home.
func run(args options) {
// configure config filename
initConfigFilename(args)
// configure working dir and config path
initWorkingDir(args)
// configure log level and output
configureLogger(args)
// Go memory hacks
memoryUsage(args)
// print the first message after logger is configured
log.Println(version())
log.Debug("Current working directory is %s", Context.workDir)
if args.runningAsService {
log.Info("AdGuard Home is running as a service")
}
setupContext(args)
// clients package uses dnsfilter package's static data (dnsfilter.BlockedSvcKnown()),
// so we have to initialize dnsfilter's static data first,
// but also avoid relying on automatic Go init() function
dnsfilter.InitModule()
setupConfig(args)
if !Context.firstRun {
// Save the updated config
@@ -322,6 +332,11 @@ func run(args options) {
}
}
Context.ipDetector, err = newIPDetector()
if err != nil {
log.Fatal(err)
}
Context.web.Start()
// wait indefinitely for other go-routines to complete their job

72
internal/home/ipdetector.go Normal file
View File

@@ -0,0 +1,72 @@
package home
import "net"
// ipDetector describes IP address properties.
type ipDetector struct {
nets []*net.IPNet
}
// newIPDetector returns a new IP detector.
func newIPDetector() (ipd *ipDetector, err error) {
specialNetworks := []string{
"0.0.0.0/8",
"10.0.0.0/8",
"100.64.0.0/10",
"127.0.0.0/8",
"169.254.0.0/16",
"172.16.0.0/12",
"192.0.0.0/24",
"192.0.0.0/29",
"192.0.2.0/24",
"192.88.99.0/24",
"192.168.0.0/16",
"198.18.0.0/15",
"198.51.100.0/24",
"203.0.113.0/24",
"240.0.0.0/4",
"255.255.255.255/32",
"::1/128",
"::/128",
"64:ff9b::/96",
// Since this network is used for mapping IPv4 addresses, we
// don't include it.
// "::ffff:0:0/96",
"100::/64",
"2001::/23",
"2001::/32",
"2001:2::/48",
"2001:db8::/32",
"2001:10::/28",
"2002::/16",
"fc00::/7",
"fe80::/10",
}
ipd = &ipDetector{
nets: make([]*net.IPNet, len(specialNetworks)),
}
for i, ipnetStr := range specialNetworks {
_, ipnet, err := net.ParseCIDR(ipnetStr)
if err != nil {
return nil, err
}
ipd.nets[i] = ipnet
}
return ipd, nil
}
// detectSpecialNetwork returns true if IP address is contained by any of
// special-purpose IP address registries according to RFC-6890
// (https://tools.ietf.org/html/rfc6890).
func (ipd *ipDetector) detectSpecialNetwork(ip net.IP) bool {
for _, ipnet := range ipd.nets {
if ipnet.Contains(ip) {
return true
}
}
return false
}

146
internal/home/ipdetector_test.go Normal file
View File

@@ -0,0 +1,146 @@
package home
import (
"net"
"testing"
"github.com/stretchr/testify/assert"
)
func TestIPDetector_detectSpecialNetwork(t *testing.T) {
var ipd *ipDetector
t.Run("newIPDetector", func(t *testing.T) {
var err error
ipd, err = newIPDetector()
assert.Nil(t, err)
})
testCases := []struct {
name string
ip net.IP
want bool
}{{
name: "not_specific",
ip: net.ParseIP("8.8.8.8"),
want: false,
}, {
name: "this_host_on_this_network",
ip: net.ParseIP("0.0.0.0"),
want: true,
}, {
name: "private-Use",
ip: net.ParseIP("10.0.0.0"),
want: true,
}, {
name: "shared_address_space",
ip: net.ParseIP("100.64.0.0"),
want: true,
}, {
name: "loopback",
ip: net.ParseIP("127.0.0.0"),
want: true,
}, {
name: "link_local",
ip: net.ParseIP("169.254.0.0"),
want: true,
}, {
name: "private-use",
ip: net.ParseIP("172.16.0.0"),
want: true,
}, {
name: "ietf_protocol_assignments",
ip: net.ParseIP("192.0.0.0"),
want: true,
}, {
name: "ds-lite",
ip: net.ParseIP("192.0.0.0"),
want: true,
}, {
name: "documentation_(test-net-1)",
ip: net.ParseIP("192.0.2.0"),
want: true,
}, {
name: "6to4_relay_anycast",
ip: net.ParseIP("192.88.99.0"),
want: true,
}, {
name: "private-use",
ip: net.ParseIP("192.168.0.0"),
want: true,
}, {
name: "benchmarking",
ip: net.ParseIP("198.18.0.0"),
want: true,
}, {
name: "documentation_(test-net-2)",
ip: net.ParseIP("198.51.100.0"),
want: true,
}, {
name: "documentation_(test-net-3)",
ip: net.ParseIP("203.0.113.0"),
want: true,
}, {
name: "reserved",
ip: net.ParseIP("240.0.0.0"),
want: true,
}, {
name: "limited_broadcast",
ip: net.ParseIP("255.255.255.255"),
want: true,
}, {
name: "loopback_address",
ip: net.ParseIP("::1"),
want: true,
}, {
name: "unspecified_address",
ip: net.ParseIP("::"),
want: true,
}, {
name: "ipv4-ipv6_translation",
ip: net.ParseIP("64:ff9b::"),
want: true,
}, {
name: "discard-only_address_block",
ip: net.ParseIP("100::"),
want: true,
}, {
name: "ietf_protocol_assignments",
ip: net.ParseIP("2001::"),
want: true,
}, {
name: "teredo",
ip: net.ParseIP("2001::"),
want: true,
}, {
name: "benchmarking",
ip: net.ParseIP("2001:2::"),
want: true,
}, {
name: "documentation",
ip: net.ParseIP("2001:db8::"),
want: true,
}, {
name: "orchid",
ip: net.ParseIP("2001:10::"),
want: true,
}, {
name: "6to4",
ip: net.ParseIP("2002::"),
want: true,
}, {
name: "unique-local",
ip: net.ParseIP("fc00::"),
want: true,
}, {
name: "linked-scoped_unicast",
ip: net.ParseIP("fe80::"),
want: true,
}}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
assert.Equal(t, tc.want, ipd.detectSpecialNetwork(tc.ip))
})
}
}