Filter reserved ranges

rspamd · Oct 26, 2023 · c00136d · c00136d
1 parent 244a646
commit c00136d
Show file tree

Hide file tree

Showing 13 changed files with 3,139 additions and 6 deletions.
diff --git a/go.mod b/go.mod
@@ -3,6 +3,7 @@ module github.com/rspamd/goasn
 go 1.21.0
 
 require (
+	github.com/asergeyev/nradix v0.0.0-20220715161825-e451993e425c
 	github.com/osrg/gobgp/v3 v3.19.0
 	github.com/spf13/pflag v1.0.5
 	go.uber.org/zap v1.26.0

diff --git a/go.sum b/go.sum
@@ -1,3 +1,5 @@
+github.com/asergeyev/nradix v0.0.0-20220715161825-e451993e425c h1:cN6WRmhJkh/u5bvf/XXjoqcHxljVKIz3Nt7q2dVJySo=
+github.com/asergeyev/nradix v0.0.0-20220715161825-e451993e425c/go.mod h1:8BhOLuqtSuT5NZtZMwfvEibi09RO3u79uqfHZzfDTR4=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=

diff --git a/iana/ip4.go b/iana/ip4.go
@@ -0,0 +1,73 @@
+package iana
+
+import (
+	"encoding/xml"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/rspamd/goasn/sources"
+
+	"github.com/asergeyev/nradix"
+)
+
+type IANAIP4Record struct {
+	Prefix      string `xml:"prefix"`
+	Designation string `xml:"designation"`
+	Status      string `xml:"status"`
+}
+
+type IANAIP4Registry struct {
+	XMLName xml.Name        `xml:"registry"`
+	Records []IANAIP4Record `xml:"record"`
+}
+
+func GetReservedIP4(appCacheDir string) (*nradix.Tree, error) {
+	tree := nradix.NewTree(0)
+
+	ianaIP4File := sources.MustBasename(sources.IANA_IP4)
+	xmlPath := filepath.Join(appCacheDir, ianaIP4File)
+	f, err := os.Open(xmlPath)
+	if err != nil {
+		return tree, err
+	}
+	defer f.Close()
+
+	dec := xml.NewDecoder(f)
+	res := new(IANAIP4Registry)
+	err = dec.Decode(res)
+	if err != nil {
+		return tree, err
+	}
+
+	for _, rec := range res.Records {
+		if rec.Status == "RESERVED" {
+			if !strings.HasSuffix(rec.Prefix, "/8") {
+				return tree, fmt.Errorf("not prepared to deal with allocation: %s", rec.Prefix)
+			}
+			rePrefix := strings.TrimLeft(rec.Prefix, "0")
+			if strings.HasPrefix(rePrefix, "/") {
+				rePrefix = "0" + rePrefix
+			}
+			slashIdx := strings.Index(rePrefix, "/")
+			rePrefix = rePrefix[:slashIdx] + ".0.0.0/8"
+			tree.AddCIDR(rePrefix, 0)
+		}
+	}
+
+	// these ranges are just footness in IANA XML
+	tree.AddCIDR("100.64.0.0/10", 0)
+	tree.AddCIDR("169.254.0.0/16", 0)
+	tree.AddCIDR("172.16.0.0/12", 0)
+	tree.AddCIDR("192.0.2.0/24", 0)
+	tree.AddCIDR("192.88.99.0/24", 0)
+	tree.AddCIDR("192.88.99.2/32", 0)
+	tree.AddCIDR("192.168.0.0/16", 0)
+	tree.AddCIDR("192.0.0.0/24", 0)
+	tree.AddCIDR("198.18.0.0/15", 0)
+	tree.AddCIDR("198.51.100.0/24", 0)
+	tree.AddCIDR("203.0.113.0/24", 0)
+
+	return tree, nil
+}
diff --git a/iana/ip4_test.go b/iana/ip4_test.go
@@ -0,0 +1,57 @@
+package iana
+
+import (
+	"path"
+	"runtime"
+	"testing"
+
+	"github.com/rspamd/goasn/log"
+)
+
+var (
+	expectedEntries = []string{
+		"127.0.0.1/32",
+		"127.0.0.0/24",
+		"10.1.0.0/16",
+		"10.0.0.0/8",
+		"255.255.255.255/32",
+	}
+	unexpectedEntries = []string{
+		"1.1.1.1/32",
+		"8.8.8.0/24",
+		"223.0.0.1/24",
+	}
+)
+
+func TestIANAIP4(t *testing.T) {
+	log.SetupLogger(false)
+
+	_, ourFile, _, _ := runtime.Caller(0)
+	testDataDir := path.Join(path.Dir(ourFile), "testdata")
+
+	tree, err := GetReservedIP4(testDataDir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, e := range expectedEntries {
+		inf, err := tree.FindCIDR(e)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if inf == nil {
+			t.Fatalf("didn't find expected entry %s", e)
+		}
+	}
+
+	for _, e := range unexpectedEntries {
+		inf, err := tree.FindCIDR(e)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if inf != nil {
+			t.Fatalf("found unexpected entry %s", e)
+		}
+	}
+
+}
diff --git a/iana/ip6.go b/iana/ip6.go
@@ -0,0 +1,58 @@
+package iana
+
+import (
+	"encoding/xml"
+	"os"
+	"path/filepath"
+
+	"github.com/rspamd/goasn/sources"
+
+	"github.com/asergeyev/nradix"
+)
+
+type IANAIP6Record struct {
+	Prefix      string `xml:"prefix"`
+	Description string `xml:"description"`
+}
+
+type IANAIP6Registry struct {
+	Records []IANAIP6Record `xml:"record"`
+}
+
+type IANAIP6Info struct {
+	XMLName  xml.Name        `xml:"registry"`
+	Registry IANAIP6Registry `xml:"registry"`
+}
+
+func GetReservedIP6(appCacheDir string) (*nradix.Tree, error) {
+	tree := nradix.NewTree(0)
+
+	ianaIP6File := sources.MustBasename(sources.IANA_IP6)
+	xmlPath := filepath.Join(appCacheDir, ianaIP6File)
+	f, err := os.Open(xmlPath)
+	if err != nil {
+		return tree, err
+	}
+	defer f.Close()
+
+	dec := xml.NewDecoder(f)
+	res := new(IANAIP6Info)
+	err = dec.Decode(res)
+	if err != nil {
+		return tree, err
+	}
+
+	for _, rec := range res.Registry.Records {
+		switch rec.Description {
+		case "Reserved by IETF":
+			fallthrough
+		case "Link-Scoped Unicast":
+			fallthrough
+		case "Unique Local Unicast":
+			tree.AddCIDR(rec.Prefix, 0)
+		default:
+		}
+	}
+
+	return tree, nil
+}
diff --git a/iana/ip6_test.go b/iana/ip6_test.go
@@ -0,0 +1,53 @@
+package iana
+
+import (
+	"path"
+	"runtime"
+	"testing"
+
+	"github.com/rspamd/goasn/log"
+)
+
+var (
+	expectedEntries6 = []string{
+		"100::1/128",
+		"600:803:29c::/48", // 0400::/6
+		"fe80::943d:77d1:97a4:dacc/128",
+	}
+	unexpectedEntries6 = []string{
+		"2001:1af8:4700::1/128",
+	}
+)
+
+func TestIANAIP6(t *testing.T) {
+	log.SetupLogger(false)
+
+	_, ourFile, _, _ := runtime.Caller(0)
+	testDataDir := path.Join(path.Dir(ourFile), "testdata")
+
+	tree, err := GetReservedIP6(testDataDir)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, e := range expectedEntries6 {
+		inf, err := tree.FindCIDR(e)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if inf == nil {
+			t.Fatalf("didn't find expected entry %s", e)
+		}
+	}
+
+	for _, e := range unexpectedEntries6 {
+		inf, err := tree.FindCIDR(e)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if inf != nil {
+			t.Fatalf("found unexpected entry %s", e)
+		}
+	}
+
+}