prepare for ipv6 on android

* remove 21/8 from ipv4 bogon ranges as it is being sold by DoD * start adding ipv6 bogon ranges
3 years ago · d750f68328
parent 3e7137ad96
commit d750f68328
2 changed files with 53 additions and 42 deletions
--- a/android/src/network/loki/lokinet/LokinetDaemon.java
+++ b/android/src/network/loki/lokinet/LokinetDaemon.java
@ -114,11 +114,17 @@ public class LokinetDaemon extends VpnService
      builder.setMtu(1500);

      String[] parts = ourRange.split("/");
-      String ourIP = parts[0];
+      String ourIPv4 = parts[0];
      int ourMask = Integer.parseInt(parts[1]);

-      builder.addAddress(ourIP, ourMask);
+      // set ip4
+      builder.addAddress(ourIPv4, ourMask);
      builder.addRoute("0.0.0.0", 0);
+      // set ip6
+      // TODO: convert ipv4 to fd00::/8 range for ipv6
+      // builder.addAddress(ourIPv6, ourMask + 96);
+      // builder.addRoute("::", 0);
+
      builder.addDnsServer(upstreamDNS);
      builder.setSession("Lokinet");
      builder.setConfigureIntent(null);
@ -134,24 +140,10 @@ public class LokinetDaemon extends VpnService

      InjectVPNFD();

-      if (!Configure(config))
-      {
-        //TODO: close vpn FD if this fails, either on native side, or here if possible
-        Log.e(LOG_TAG, "failed to configure daemon");
-        return START_NOT_STICKY;
-      }
-
-      m_UDPSocket = GetUDPSocket();
-
-      if (m_UDPSocket <= 0)
-      {
-        Log.e(LOG_TAG, "failed to get proper UDP handle from daemon, aborting.");
-        return START_NOT_STICKY;
-      }
-
-      protect(m_UDPSocket);
-
      new Thread(() -> {
+          Configure(config);
+          m_UDPSocket = GetUDPSocket();
+          protect(m_UDPSocket);
          Mainloop();
          }).start();

--- a/llarp/net/net.cpp
+++ b/llarp/net/net.cpp
@ -600,6 +600,40 @@ namespace llarp
    return false;
  }

+#if !defined(TESTNET)
+  static constexpr std::array bogonRanges_v6 = {
+      // zero
+      IPRange{huint128_t{0}, netmask_ipv6_bits(128)},
+      // loopback
+      IPRange{huint128_t{1}, netmask_ipv6_bits(128)},
+      // yggdrasil
+      IPRange{huint128_t{uint128_t{0x0200'0000'0000'0000UL, 0UL}}, netmask_ipv6_bits(7)},
+      // multicast
+      IPRange{huint128_t{uint128_t{0xff00'0000'0000'0000UL, 0UL}}, netmask_ipv6_bits(8)},
+      // local
+      IPRange{huint128_t{uint128_t{0xfc00'0000'0000'0000UL, 0UL}}, netmask_ipv6_bits(8)},
+      // local
+      IPRange{huint128_t{uint128_t{0xf800'0000'0000'0000UL, 0UL}}, netmask_ipv6_bits(8)}};
+
+  static constexpr std::array bogonRanges_v4 = {
+      IPRange::FromIPv4(0, 0, 0, 0, 8),
+      IPRange::FromIPv4(10, 0, 0, 0, 8),
+      IPRange::FromIPv4(100, 64, 0, 0, 10),
+      IPRange::FromIPv4(127, 0, 0, 0, 8),
+      IPRange::FromIPv4(169, 254, 0, 0, 16),
+      IPRange::FromIPv4(172, 16, 0, 0, 12),
+      IPRange::FromIPv4(192, 0, 0, 0, 24),
+      IPRange::FromIPv4(192, 0, 2, 0, 24),
+      IPRange::FromIPv4(192, 88, 99, 0, 24),
+      IPRange::FromIPv4(192, 168, 0, 0, 16),
+      IPRange::FromIPv4(198, 18, 0, 0, 15),
+      IPRange::FromIPv4(198, 51, 100, 0, 24),
+      IPRange::FromIPv4(203, 0, 113, 0, 24),
+      IPRange::FromIPv4(224, 0, 0, 0, 4),
+      IPRange::FromIPv4(240, 0, 0, 0, 4)};
+
+#endif
+
  bool
  IsBogon(const in6_addr& addr)
  {
@ -607,11 +641,14 @@ namespace llarp
    (void)addr;
    return false;
 #else
-    if (!ipv6_is_mapped_ipv4(addr))
+    if (not ipv6_is_mapped_ipv4(addr))
    {
-      static in6_addr zero = {};
-      if (addr == zero)
-        return true;
+      const auto ip = net::In6ToHUInt(addr);
+      for (const auto& range : bogonRanges_v6)
+      {
+        if (range.Contains(ip))
+          return true;
+      }
      return false;
    }
    return IsIPv4Bogon(
@ -636,28 +673,10 @@ namespace llarp
  }

 #if !defined(TESTNET)
-  static constexpr std::array bogonRanges = {
-      IPRange::FromIPv4(0, 0, 0, 0, 8),
-      IPRange::FromIPv4(10, 0, 0, 0, 8),
-      IPRange::FromIPv4(21, 0, 0, 0, 8),
-      IPRange::FromIPv4(100, 64, 0, 0, 10),
-      IPRange::FromIPv4(127, 0, 0, 0, 8),
-      IPRange::FromIPv4(169, 254, 0, 0, 16),
-      IPRange::FromIPv4(172, 16, 0, 0, 12),
-      IPRange::FromIPv4(192, 0, 0, 0, 24),
-      IPRange::FromIPv4(192, 0, 2, 0, 24),
-      IPRange::FromIPv4(192, 88, 99, 0, 24),
-      IPRange::FromIPv4(192, 168, 0, 0, 16),
-      IPRange::FromIPv4(198, 18, 0, 0, 15),
-      IPRange::FromIPv4(198, 51, 100, 0, 24),
-      IPRange::FromIPv4(203, 0, 113, 0, 24),
-      IPRange::FromIPv4(224, 0, 0, 0, 4),
-      IPRange::FromIPv4(240, 0, 0, 0, 4)};
-
  bool
  IsIPv4Bogon(const huint32_t& addr)
  {
-    for (const auto& bogon : bogonRanges)
+    for (const auto& bogon : bogonRanges_v4)
    {
      if (bogon.Contains(addr))
      {