func routableIP(network string, ip net.IP) net.IP {
if !ip.IsLoopback() && !ip.IsLinkLocalUnicast() && !ip.IsGlobalUnicast() {
return nil
}
switch network {
case "ip4":
if ip := ip.To4(); ip != nil {
return ip
}
case "ip6":
if ip.IsLoopback() { // addressing scope of the loopback address depends on each implementation
return nil
}
if ip := ip.To16(); ip != nil && ip.To4() == nil {
return ip
}
default:
if ip := ip.To4(); ip != nil {
return ip
}
if ip := ip.To16(); ip != nil {
return ip
}
}
return nil
}
// IsGlobalIP determs passed ip address is global or not.
// if ip address is global , it returns address type(ip4 or ip6).
func IsGlobalIP(trial net.IP) string {
type localIPrange struct {
from net.IP
to net.IP
}
locals := []localIPrange{
localIPrange{net.ParseIP("10.0.0.0"), net.ParseIP("10.255.255.255")},
localIPrange{net.ParseIP("172.16.0.0"), net.ParseIP("172.31.255.255")},
localIPrange{net.ParseIP("192.168.0.0"), net.ParseIP("192.168.255.255")}}
if trial == nil || trial.IsLoopback() {
return ""
}
//for udp6
if trial.To4() == nil {
if trial.IsGlobalUnicast() {
return "ip6"
}
return ""
}
//for udp4
for _, r := range locals {
if bytes.Compare(trial, r.from) >= 0 && bytes.Compare(trial, r.to) <= 0 {
return ""
}
}
return "ip4"
}
func (d *Daemon) ListenAddresses() ([]string, error) {
addresses := make([]string, 0)
value, err := d.ConfigValueGet("core.https_address")
if err != nil || value == "" {
return addresses, err
}
localHost, localPort, err := net.SplitHostPort(value)
if err != nil {
localHost = value
localPort = shared.DefaultPort
}
if localHost == "0.0.0.0" || localHost == "::" || localHost == "[::]" {
ifaces, err := net.Interfaces()
if err != nil {
return addresses, err
}
for _, i := range ifaces {
addrs, err := i.Addrs()
if err != nil {
continue
}
for _, addr := range addrs {
var ip net.IP
switch v := addr.(type) {
case *net.IPNet:
ip = v.IP
case *net.IPAddr:
ip = v.IP
}
if !ip.IsGlobalUnicast() {
continue
}
if ip.To4() == nil {
if localHost == "0.0.0.0" {
continue
}
addresses = append(addresses, fmt.Sprintf("[%s]:%s", ip, localPort))
} else {
addresses = append(addresses, fmt.Sprintf("%s:%s", ip, localPort))
}
}
}
} else {
if strings.Contains(localHost, ":") {
addresses = append(addresses, fmt.Sprintf("[%s]:%s", localHost, localPort))
} else {
addresses = append(addresses, fmt.Sprintf("%s:%s", localHost, localPort))
}
}
return addresses, nil
}
func isPublicIPv6(ip net.IP) bool {
if ip.To4() != nil {
// Not an IPv6 address (IPv4)
// (To16() returns a v6 mapped v4 address so can't be used to check
// that it's an actual v6 address)
return false
}
return ip.IsGlobalUnicast()
}
// IsPublicIP returns true if the given IP can be routed on the Internet
func IsPublicIP(ip net.IP) bool {
if !ip.IsGlobalUnicast() {
return false
}
for _, mask := range privateMasks {
if mask.Contains(ip) {
return false
}
}
return true
}
func isBadIPv4(ip net.IP) bool {
if ip.To4() == nil {
panic("cannot be called for IPv6")
}
if ip.Equal(net.IPv4bcast) || !ip.IsGlobalUnicast() ||
netPrivateClassA.Contains(ip) || netPrivateClassB.Contains(ip) || netPrivateClassC.Contains(ip) ||
netTestNet.Contains(ip) || net6To4Relay.Contains(ip) {
return true
}
return false
}
// getClientConnectURLs returns suitable URLs for clients to connect to the listen
// port based on the server options' Host and Port. If the Host corresponds to
// "any" interfaces, this call returns the list of resolved IP addresses.
func (s *Server) getClientConnectURLs() []string {
s.mu.Lock()
defer s.mu.Unlock()
sPort := strconv.Itoa(s.opts.Port)
urls := make([]string, 0, 1)
ipAddr, err := net.ResolveIPAddr("ip", s.opts.Host)
// If the host is "any" (0.0.0.0 or ::), get specific IPs from available
// interfaces.
if err == nil && ipAddr.IP.IsUnspecified() {
var ip net.IP
ifaces, _ := net.Interfaces()
for _, i := range ifaces {
addrs, _ := i.Addrs()
for _, addr := range addrs {
switch v := addr.(type) {
case *net.IPNet:
ip = v.IP
case *net.IPAddr:
ip = v.IP
}
// Skip non global unicast addresses
if !ip.IsGlobalUnicast() || ip.IsUnspecified() {
ip = nil
continue
}
urls = append(urls, net.JoinHostPort(ip.String(), sPort))
}
}
}
if err != nil || len(urls) == 0 {
// We are here if s.opts.Host is not "0.0.0.0" nor "::", or if for some
// reason we could not add any URL in the loop above.
// We had a case where a Windows VM was hosed and would have err == nil
// and not add any address in the array in the loop above, and we
// ended-up returning 0.0.0.0, which is problematic for Windows clients.
// Check for 0.0.0.0 or :: specifically, and ignore if that's the case.
if s.opts.Host == "0.0.0.0" || s.opts.Host == "::" {
Errorf("Address %q can not be resolved properly", s.opts.Host)
} else {
urls = append(urls, net.JoinHostPort(s.opts.Host, sPort))
}
}
return urls
}
func (p *Parser) isBlacklistedIP(addr net.IP) bool {
// if whitelisted then return false
for _, w := range p.WhitelistedIPNetworks {
if w.Contains(addr) {
return false
}
}
// if blacklisted then return true
for _, b := range p.BlacklistedIPNetworks {
if b.Contains(addr) {
return true
}
}
// by default we disable local addresses and bradcast ones
return !addr.IsGlobalUnicast()
}
func getLocalAddresses() ([]net.IP, error) {
addrs, err := net.InterfaceAddrs()
if err != nil {
return nil, err
}
privates := make([]net.IPNet, 0, len(privateRanges))
for _, s := range privateRanges {
_, ipnet, err := net.ParseCIDR(s)
if err != nil {
panic(err)
}
privates = append(privates, *ipnet)
}
result := make([]net.IP, 0, 5)
addrLoop:
for _, a := range addrs {
var ip net.IP
if ipaddr, ok := a.(*net.IPAddr); ok {
ip = ipaddr.IP
}
if ipnet, ok := a.(*net.IPNet); ok {
ip = ipnet.IP
}
if !ip.IsGlobalUnicast() {
continue
}
for _, n := range privates {
if n.Contains(ip) {
continue addrLoop
}
}
result = append(result, ip)
}
return result, nil
}
func isPublicIPv4(ip net.IP) bool {
ip = ip.To4()
if ip == nil {
// Not an IPv4 address (IPv6)
return false
}
// IsGlobalUnicast below only checks that it's not link local or
// multicast, and we want to exclude private (NAT:ed) addresses as well.
rfc1918 := []net.IPNet{
{IP: net.IP{10, 0, 0, 0}, Mask: net.IPMask{255, 0, 0, 0}},
{IP: net.IP{172, 16, 0, 0}, Mask: net.IPMask{255, 240, 0, 0}},
{IP: net.IP{192, 168, 0, 0}, Mask: net.IPMask{255, 255, 0, 0}},
}
for _, n := range rfc1918 {
if n.Contains(ip) {
return false
}
}
return ip.IsGlobalUnicast()
}
func isGlobalIP(ip net.IP) bool {
if ip == nil {
return false
}
if !ip.IsGlobalUnicast() {
return false
}
if ip4 := ip.To4(); ip4 != nil {
if ip4[0] == 10 {
return false
}
if ip4[0] == 192 && ip4[1] == 168 {
return false
}
if ip4[0] == 172 && ip4[1] >= 16 && ip4[1] <= 31 {
return false
}
}
// TODO(tav): Exclude unique local addresses within the block fc00::/7 for
// IPv6 addresses.
return true
}
func (self *defaultRuler) ConnectionAllowed(requestee, requested net.IP) RulerResult {
if !requested.IsGlobalUnicast() {
return DenyConnection
}
addrs, err := net.InterfaceAddrs()
if err != nil {
return DenyConnection
}
for _, addr := range addrs {
switch ipa := addr.(type) {
case *net.IPAddr:
if ipa.IP.Equal(requested) {
return DenyConnection
}
case *net.IPNet:
if ipa.Contains(requested) {
return DenyConnection
}
}
}
return AllowConnection
}
func routableIP(network string, ip net.IP) net.IP {
if !ip.IsLoopback() && !ip.IsLinkLocalUnicast() && !ip.IsGlobalUnicast() {
return nil
}
switch network {
case "ip4":
if ip := ip.To4(); ip != nil {
return ip
}
case "ip6":
if ip := ip.To16(); ip != nil && ip.To4() == nil {
return ip
}
default:
if ip := ip.To4(); ip != nil {
return ip
}
if ip := ip.To16(); ip != nil {
return ip
}
}
return nil
}
func usableAddress(ip net.IP) bool {
return ip.To4() != nil && ip.IsGlobalUnicast()
}
func isUnicast(ip net.IP) bool {
return ip.To4() != nil && (ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsGlobalUnicast())
}
func ignoreIp(ip net.IP) bool {
return !ip.IsGlobalUnicast() || isPrivateAddress(ip)
}