mirror of
https://gitlab.com/famedly/conduit.git
synced 2025-07-02 16:38:36 +00:00
Use is_global checks from Rust ipaddr crate
This commit is contained in:
Reiner Herrmann
parent
d6e3d9aa8a
commit
fc42243ec2
1 changed files with 38 additions and 6 deletions
|
|
@ -103,18 +103,50 @@ fn url_request_allowed(addr: &IpAddr) -> bool {
|
||||||
// could be implemented with reqwest when it supports IP filtering:
|
// could be implemented with reqwest when it supports IP filtering:
|
||||||
// https://github.com/seanmonstar/reqwest/issues/1515
|
// https://github.com/seanmonstar/reqwest/issues/1515
|
||||||
|
|
||||||
// TODO: simplify to .is_global() when it has been stabilized
|
// These checks have been taken from the Rust core/net/ipaddr.rs crate,
|
||||||
|
// IpAddr::V4.is_global() and IpAddr::V6.is_global(), as .is_global is not
|
||||||
|
// yet stabilized. TODO: Once this is stable, this match can be simplified.
|
||||||
match addr {
|
match addr {
|
||||||
IpAddr::V4(ip4) => {
|
IpAddr::V4(ip4) => {
|
||||||
!(ip4.is_private()
|
!(ip4.octets()[0] == 0 // "This network"
|
||||||
|
|| ip4.is_private()
|
||||||
|
|| (ip4.octets()[0] == 100 && (ip4.octets()[1] & 0b1100_0000 == 0b0100_0000)) // is_shared()
|
||||||
|| ip4.is_loopback()
|
|| ip4.is_loopback()
|
||||||
|| ip4.is_link_local()
|
|| ip4.is_link_local()
|
||||||
|| ip4.is_multicast()
|
// addresses reserved for future protocols (`192.0.0.0/24`)
|
||||||
|| ip4.is_broadcast()
|
|| (ip4.octets()[0] == 192 && ip4.octets()[1] == 0 && ip4.octets()[2] == 0)
|
||||||
|| ip4.is_documentation()
|
|| ip4.is_documentation()
|
||||||
|| ip4.is_unspecified())
|
|| (ip4.octets()[0] == 198 && (ip4.octets()[1] & 0xfe) == 18) // is_benchmarking()
|
||||||
|
|| (ip4.octets()[0] & 240 == 240 && !ip4.is_broadcast()) // is_reserved()
|
||||||
|
|| ip4.is_broadcast())
|
||||||
|
}
|
||||||
|
IpAddr::V6(ip6) => {
|
||||||
|
!(ip6.is_unspecified()
|
||||||
|
|| ip6.is_loopback()
|
||||||
|
// IPv4-mapped Address (`::ffff:0:0/96`)
|
||||||
|
|| matches!(ip6.segments(), [0, 0, 0, 0, 0, 0xffff, _, _])
|
||||||
|
// IPv4-IPv6 Translat. (`64:ff9b:1::/48`)
|
||||||
|
|| matches!(ip6.segments(), [0x64, 0xff9b, 1, _, _, _, _, _])
|
||||||
|
// Discard-Only Address Block (`100::/64`)
|
||||||
|
|| matches!(ip6.segments(), [0x100, 0, 0, 0, _, _, _, _])
|
||||||
|
// IETF Protocol Assignments (`2001::/23`)
|
||||||
|
|| (matches!(ip6.segments(), [0x2001, b, _, _, _, _, _, _] if b < 0x200)
|
||||||
|
&& !(
|
||||||
|
// Port Control Protocol Anycast (`2001:1::1`)
|
||||||
|
u128::from_be_bytes(ip6.octets()) == 0x2001_0001_0000_0000_0000_0000_0000_0001
|
||||||
|
// Traversal Using Relays around NAT Anycast (`2001:1::2`)
|
||||||
|
|| u128::from_be_bytes(ip6.octets()) == 0x2001_0001_0000_0000_0000_0000_0000_0002
|
||||||
|
// AMT (`2001:3::/32`)
|
||||||
|
|| matches!(ip6.segments(), [0x2001, 3, _, _, _, _, _, _])
|
||||||
|
// AS112-v6 (`2001:4:112::/48`)
|
||||||
|
|| matches!(ip6.segments(), [0x2001, 4, 0x112, _, _, _, _, _])
|
||||||
|
// ORCHIDv2 (`2001:20::/28`)
|
||||||
|
|| matches!(ip6.segments(), [0x2001, b, _, _, _, _, _, _] if b >= 0x20 && b <= 0x2F)
|
||||||
|
))
|
||||||
|
|| ((ip6.segments()[0] == 0x2001) && (ip6.segments()[1] == 0xdb8)) // is_documentation()
|
||||||
|
|| ((ip6.segments()[0] & 0xfe00) == 0xfc00) // is_unique_local()
|
||||||
|
|| ((ip6.segments()[0] & 0xffc0) == 0xfe80)) // is_unicast_link_local
|
||||||
}
|
}
|
||||||
IpAddr::V6(ip6) => !(ip6.is_loopback() || ip6.is_multicast() || ip6.is_unspecified()),
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue