Refactor dnsRebindChecker.isRebindIP()
This commit is contained in:
Reinaldo de Souza Jr
@@ -66,41 +66,48 @@ func (c *dnsRebindChecker) isRebindHost(host string) bool {
|
||||
return host == "localhost"
|
||||
}
|
||||
|
||||
func (c *dnsRebindChecker) isLocalNetworkV4(ip4 net.IP) bool {
|
||||
switch {
|
||||
case ip4[0] == 0:
|
||||
/* 0.0.0.0/8 (RFC 5735 section 3. "here" network) */
|
||||
case ip4[0] == 10:
|
||||
/* 10.0.0.0/8 (private) */
|
||||
case ip4[0] == 172 && ip4[1]&0x10 == 0x10:
|
||||
/* 172.16.0.0/12 (private) */
|
||||
case ip4[0] == 169 && ip4[1] == 254:
|
||||
/* 169.254.0.0/16 (zeroconf) */
|
||||
case ip4[0] == 192 && ip4[1] == 0 && ip4[2] == 2:
|
||||
/* 192.0.2.0/24 (test-net) */
|
||||
case ip4[0] == 198 && ip4[1] == 51 && ip4[2] == 100:
|
||||
/* 198.51.100.0/24(test-net) */
|
||||
case ip4[0] == 203 && ip4[1] == 0 && ip4[2] == 113:
|
||||
/* 203.0.113.0/24 (test-net) */
|
||||
case ip4.Equal(net.IPv4bcast):
|
||||
/* 255.255.255.255/32 (broadcast)*/
|
||||
default:
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func (c *dnsRebindChecker) isLocalNetworkV6(ip6 net.IP) bool {
|
||||
return ip6.Equal(net.IPv6zero) ||
|
||||
ip6.Equal(net.IPv6unspecified) ||
|
||||
ip6.Equal(net.IPv6interfacelocalallnodes) ||
|
||||
ip6.Equal(net.IPv6linklocalallnodes) ||
|
||||
ip6.Equal(net.IPv6linklocalallrouters)
|
||||
}
|
||||
|
||||
func (c *dnsRebindChecker) isRebindIP(ip net.IP) bool {
|
||||
// This is compatible with dnsmasq definition
|
||||
// See: https://github.com/imp/dnsmasq/blob/4e7694d7107d2299f4aaededf8917fceb5dfb924/src/rfc1035.c#L412
|
||||
|
||||
rebind := false
|
||||
if ip4 := ip.To4(); ip4 != nil {
|
||||
|
||||
/* 0.0.0.0/8 (RFC 5735 section 3. "here" network) */
|
||||
rebind = ip4[0] == 0 ||
|
||||
|
||||
/* 10.0.0.0/8 (private) */
|
||||
ip4[0] == 10 ||
|
||||
|
||||
/* 172.16.0.0/12 (private) */
|
||||
(ip4[0] == 172 && ip4[1]&0x10 == 0x10) ||
|
||||
|
||||
/* 169.254.0.0/16 (zeroconf) */
|
||||
(ip4[0] == 169 && ip4[1] == 254) ||
|
||||
|
||||
/* 192.0.2.0/24 (test-net) */
|
||||
(ip4[0] == 192 && ip4[1] == 0 && ip4[2] == 2) ||
|
||||
|
||||
/* 198.51.100.0/24(test-net) */
|
||||
(ip4[0] == 198 && ip4[1] == 51 && ip4[2] == 100) ||
|
||||
|
||||
/* 203.0.113.0/24 (test-net) */
|
||||
(ip4[0] == 203 && ip4[1] == 0 && ip4[2] == 113) ||
|
||||
|
||||
/* 255.255.255.255/32 (broadcast)*/
|
||||
ip4.Equal(net.IPv4bcast)
|
||||
rebind = c.isLocalNetworkV4(ip4)
|
||||
} else {
|
||||
rebind = ip.Equal(net.IPv6zero) || ip.Equal(net.IPv6unspecified) ||
|
||||
ip.Equal(net.IPv6interfacelocalallnodes) ||
|
||||
ip.Equal(net.IPv6linklocalallnodes) ||
|
||||
ip.Equal(net.IPv6linklocalallrouters)
|
||||
rebind = c.isLocalNetworkV6(ip)
|
||||
}
|
||||
|
||||
return rebind || c.isPrivate(ip) || ip.IsLoopback()
|
||||
|
||||
Reference in New Issue
Block a user