-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathskipaddresses.go
78 lines (67 loc) · 2.53 KB
/
skipaddresses.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
/*
Copyright 2009-2012 Phil Pennock
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package sks_spider
import "net"
func init() {
prepDisallowedIPs()
}
var disallowedIPs []*net.IPNet
// RFC 5735 / BCP 153 Special Use IPv4 Addresses (DSUA)
// RFC 5736 IANA IPv4 Special Purpose Address Registry
// RFC 5737 IPv4 Address Blocks Reserved for Documentation
// RFC 5156 Special-Use IPv6 Addresses
func prepDisallowedIPs() {
list := make([]*net.IPNet, 0, 50)
for _, spec := range []string{
"0.0.0.0/8", // DSUA this
"10.0.0.0/8", // DSUA RFC1918
"127.0.0.0/8", // DSUA loopback
"169.254.0.0/16", // DSUA link-local
"172.16.0.0/12", // DSUA RFC1918
"192.0.2.0/24", // TEST-NET-1
"192.88.99.0/24", // DSUA 6to4 anycast relay; should not be sending SKS traffic to this underlying IP
"192.168.0.0/16", // DSUA RFC1918
"198.18.0.0/15", // DSUA Benchmarking
"198.51.100.0/24", // TEST-NET-2
"203.0.113.0/24", // TEST-NET-3
"224.0.0.0/4", // DSUA Class D Multicast
"240.0.0.0/4", // DSUA Class E
"255.255.255.255/32", // DSUA Limited Broadcast
"192.0.0.0/29", // http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xml
"2001:db8::/32", // Documentation
"2001:10::/28", // ORCHID
"2002:c058:6301::/48", // 6to4 anycast relay, IPv6-side
"fc00::/7", // RFC 4193 unique local unicast addresses
"fe00::/8", // various non-global scoped addresses
"ff00::/8", // Multicast
"0100::/64", // Blackhole / Discard prefix; RFC 6666
// ignore (permit): 6bone, 6to4, teredo
// For fe00::/8: the 16 feXE::/16 blocks are nominally global; we skip them too for sanity
} {
_, block, _ := net.ParseCIDR(spec)
list = append(list, block)
}
disallowedIPs = list
}
func IPDisallowed(ipstr string) bool {
ip := net.ParseIP(ipstr)
if ip == nil {
return true
}
for _, block := range disallowedIPs {
if block.Contains(ip) {
return true
}
}
return false
}