net: consider /dns/localhost as private address (#221)

* manet: consider /dns/localhost as private address * fix naming

net: consider /dns/localhost as private address (#221)
* manet: consider /dns/localhost as private address * fix naming
f9a66bc3 · Sukun · GitHub · a1249543 · f9a66bc3 · f9a66bc3
Unverified Commit f9a66bc3 authored Oct 12, 2023 by Sukun Committed by GitHub Oct 12, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 5 deletions

net/private.go net/private.go +24 -5

net/private_test.go net/private_test.go +10 -0

No files found.
--- a/net/private.go
+++ b/net/private.go
@@ -69,13 +69,14 @@ var privateUseDomains = []string{
 	// MDNS
 	".local",
-	// RFC 6761: Users may assume that IPv4 and IPv6 address queries for localhost names will
-	// always resolve to the respective IP loopback address
-	".localhost",
 	// RFC 6761: No central authority for .test names
 	".test",
 }
+// RFC 6761: Users may assume that IPv4 and IPv6 address queries for localhost names will
+// always resolve to the respective IP loopback address
+const localHostDomain = ".localhost"
 func init() {
 	Private4 = parseCIDR(privateCIDR4)
 	Private6 = parseCIDR(privateCIDR6)
@@ -112,14 +113,18 @@ func IsPublicAddr(a ma.Multiaddr) bool {
 		case ma.P_DNS, ma.P_DNS4, ma.P_DNS6, ma.P_DNSADDR:
 			dnsAddr := c.Value()
 			isPublic = true
+			if isSubdomain(dnsAddr, localHostDomain) {
+				isPublic = false
+				return false
+			}
 			for _, ud := range unResolvableDomains {
-				if strings.HasSuffix(dnsAddr, ud) {
+				if isSubdomain(dnsAddr, ud) {
 					isPublic = false
 					return false
 				}
 			}
 			for _, pd := range privateUseDomains {
-				if strings.HasSuffix(dnsAddr, pd) {
+				if isSubdomain(dnsAddr, pd) {
 					isPublic = false
 					break
 				}
@@ -130,6 +135,13 @@ func IsPublicAddr(a ma.Multiaddr) bool {
 	return isPublic
 }
+// isSubdomain checks if child is sub domain of parent. It also returns true if child and parent are
+// the same domain.
+// Parent must have a "." prefix.
+func isSubdomain(child, parent string) bool {
+	return strings.HasSuffix(child, parent) || child == parent[1:]
+}
 // IsPrivateAddr returns true if the IP part of the mutiaddr is in a private network
 func IsPrivateAddr(a ma.Multiaddr) bool {
 	isPrivate := false
@@ -141,6 +153,13 @@ func IsPrivateAddr(a ma.Multiaddr) bool {
 			isPrivate = inAddrRange(net.IP(c.RawValue()), Private4)
 		case ma.P_IP6:
 			isPrivate = inAddrRange(net.IP(c.RawValue()), Private6)
+		case ma.P_DNS, ma.P_DNS4, ma.P_DNS6, ma.P_DNSADDR:
+			dnsAddr := c.Value()
+			if isSubdomain(dnsAddr, localHostDomain) {
+				isPrivate = true
+			}
+			// We don't check for privateUseDomains because private use domains can
+			// resolve to public IP addresses
 		}
 		return false
 	})

--- a/net/private_test.go
+++ b/net/private_test.go
@@ -43,6 +43,16 @@ func TestIsPublicAddr(t *testing.T) {
 			isPublic:  false,
 			isPrivate: false, // You can configure .local domains in local networks to return public addrs
 		},
+		{
+			addr:      ma.StringCast("/dns/localhost/udp/1/quic-v1"),
+			isPublic:  false,
+			isPrivate: true,
+		},
+		{
+			addr:      ma.StringCast("/dns/a.localhost/tcp/1"),
+			isPublic:  false,
+			isPrivate: true,
+		},
 	}
 	for i, tt := range tests {
 		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {