99b28c1d95
* refactor: start building an Android package Part of https://github.com/ooni/probe/issues/1335. This seems also a good moment to move some packages out of the engine, e.g., oonimkall. This package, for example, is a consumer of the engine, so it makes sense it's not _inside_ it. * fix: committed some stuff I didn't need to commit * fix: oonimkall needs to be public to build The side effect is that we will probably need to bump the major version number every time we change one of these APIs. (We can also of course choose to violate the basic guidelines of Go software, but I believe this is bad form.) I have no problem in bumping the major quite frequently and in any case this monorepo solution is convinving me more than continuing to keep a split between engine and cli. The need to embed assets to make the probe more reliable trumps the negative effects of having to ~frequently bump major because we expose a public API. * fix: let's not forget about libooniffi Honestly, I don't know what to do with this library. I added it to provide a drop in replacement for MK but I have no idea whether it's used and useful. I would not feel comfortable exposing it, unlike oonimkall, since we're not using it. It may be that the right thing to do here is just to delete the package and reduce the amount of code we're maintaining? * woops, we're still missing the publish android script * fix(publish-android.bash): add proper API key * ouch fix another place where the name changed
72 lines
1.9 KiB
Go
72 lines
1.9 KiB
Go
package resolver
|
|
|
|
import (
|
|
"context"
|
|
"net"
|
|
|
|
"github.com/ooni/probe-cli/v3/internal/engine/runtimex"
|
|
"github.com/ooni/probe-cli/v3/internal/engine/netx/errorx"
|
|
)
|
|
|
|
var privateIPBlocks []*net.IPNet
|
|
|
|
func init() {
|
|
for _, cidr := range []string{
|
|
"0.0.0.0/8", // "This" network (however, Linux...)
|
|
"10.0.0.0/8", // RFC1918
|
|
"100.64.0.0/10", // Carrier grade NAT
|
|
"127.0.0.0/8", // IPv4 loopback
|
|
"169.254.0.0/16", // RFC3927 link-local
|
|
"172.16.0.0/12", // RFC1918
|
|
"192.168.0.0/16", // RFC1918
|
|
"224.0.0.0/4", // Multicast
|
|
"::1/128", // IPv6 loopback
|
|
"fe80::/10", // IPv6 link-local
|
|
"fc00::/7", // IPv6 unique local addr
|
|
} {
|
|
_, block, err := net.ParseCIDR(cidr)
|
|
runtimex.PanicOnError(err, "net.ParseCIDR failed")
|
|
privateIPBlocks = append(privateIPBlocks, block)
|
|
}
|
|
}
|
|
|
|
func isPrivate(ip net.IP) bool {
|
|
if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
|
|
return true
|
|
}
|
|
for _, block := range privateIPBlocks {
|
|
if block.Contains(ip) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
// IsBogon returns whether if an IP address is bogon. Passing to this
|
|
// function a non-IP address causes it to return bogon.
|
|
func IsBogon(address string) bool {
|
|
ip := net.ParseIP(address)
|
|
return ip == nil || isPrivate(ip)
|
|
}
|
|
|
|
// BogonResolver is a bogon aware resolver. When a bogon is encountered in
|
|
// a reply, this resolver will return an error.
|
|
type BogonResolver struct {
|
|
Resolver
|
|
}
|
|
|
|
// LookupHost implements Resolver.LookupHost
|
|
func (r BogonResolver) LookupHost(ctx context.Context, hostname string) ([]string, error) {
|
|
addrs, err := r.Resolver.LookupHost(ctx, hostname)
|
|
for _, addr := range addrs {
|
|
if IsBogon(addr) == true {
|
|
// We need to return the addrs otherwise the caller cannot see/log/save
|
|
// the specific addresses that triggered our bogon filter
|
|
return addrs, errorx.ErrDNSBogon
|
|
}
|
|
}
|
|
return addrs, err
|
|
}
|
|
|
|
var _ Resolver = BogonResolver{}
|