From d750f683285d28ba8a074dbcecc09461fc12ff99 Mon Sep 17 00:00:00 2001
From: Jeff Becker <jeff@i2p.rocks>
Date: Mon, 26 Apr 2021 10:40:10 -0400
Subject: [PATCH] prepare for ipv6 on android

* remove 21/8 from ipv4 bogon ranges as it is being sold by DoD
* start adding ipv6 bogon ranges
---
 .../network/loki/lokinet/LokinetDaemon.java   | 30 ++++-----
 llarp/net/net.cpp                             | 65 ++++++++++++-------
 2 files changed, 53 insertions(+), 42 deletions(-)

diff --git a/android/src/network/loki/lokinet/LokinetDaemon.java b/android/src/network/loki/lokinet/LokinetDaemon.java
index ed808d7a5..072d21ab4 100644
--- a/android/src/network/loki/lokinet/LokinetDaemon.java
+++ b/android/src/network/loki/lokinet/LokinetDaemon.java
@@ -114,11 +114,17 @@ public class LokinetDaemon extends VpnService
       builder.setMtu(1500);
 
       String[] parts = ourRange.split("/");
-      String ourIP = parts[0];
+      String ourIPv4 = parts[0];
       int ourMask = Integer.parseInt(parts[1]);
 
-      builder.addAddress(ourIP, ourMask);
+      // set ip4
+      builder.addAddress(ourIPv4, ourMask);
       builder.addRoute("0.0.0.0", 0);
+      // set ip6
+      // TODO: convert ipv4 to fd00::/8 range for ipv6
+      // builder.addAddress(ourIPv6, ourMask + 96);
+      // builder.addRoute("::", 0);
+
       builder.addDnsServer(upstreamDNS);
       builder.setSession("Lokinet");
       builder.setConfigureIntent(null);
@@ -134,24 +140,10 @@ public class LokinetDaemon extends VpnService
 
       InjectVPNFD();
 
-      if (!Configure(config))
-      {
-        //TODO: close vpn FD if this fails, either on native side, or here if possible
-        Log.e(LOG_TAG, "failed to configure daemon");
-        return START_NOT_STICKY;
-      }
-
-      m_UDPSocket = GetUDPSocket();
-
-      if (m_UDPSocket <= 0)
-      {
-        Log.e(LOG_TAG, "failed to get proper UDP handle from daemon, aborting.");
-        return START_NOT_STICKY;
-      }
-
-      protect(m_UDPSocket);
-
       new Thread(() -> {
+          Configure(config);
+          m_UDPSocket = GetUDPSocket();
+          protect(m_UDPSocket);
           Mainloop();
           }).start();
 
diff --git a/llarp/net/net.cpp b/llarp/net/net.cpp
index 48c886fef..05479d8dd 100644
--- a/llarp/net/net.cpp
+++ b/llarp/net/net.cpp
@@ -600,6 +600,40 @@ namespace llarp
     return false;
   }
 
+#if !defined(TESTNET)
+  static constexpr std::array bogonRanges_v6 = {
+      // zero
+      IPRange{huint128_t{0}, netmask_ipv6_bits(128)},
+      // loopback
+      IPRange{huint128_t{1}, netmask_ipv6_bits(128)},
+      // yggdrasil
+      IPRange{huint128_t{uint128_t{0x0200'0000'0000'0000UL, 0UL}}, netmask_ipv6_bits(7)},
+      // multicast
+      IPRange{huint128_t{uint128_t{0xff00'0000'0000'0000UL, 0UL}}, netmask_ipv6_bits(8)},
+      // local
+      IPRange{huint128_t{uint128_t{0xfc00'0000'0000'0000UL, 0UL}}, netmask_ipv6_bits(8)},
+      // local
+      IPRange{huint128_t{uint128_t{0xf800'0000'0000'0000UL, 0UL}}, netmask_ipv6_bits(8)}};
+
+  static constexpr std::array bogonRanges_v4 = {
+      IPRange::FromIPv4(0, 0, 0, 0, 8),
+      IPRange::FromIPv4(10, 0, 0, 0, 8),
+      IPRange::FromIPv4(100, 64, 0, 0, 10),
+      IPRange::FromIPv4(127, 0, 0, 0, 8),
+      IPRange::FromIPv4(169, 254, 0, 0, 16),
+      IPRange::FromIPv4(172, 16, 0, 0, 12),
+      IPRange::FromIPv4(192, 0, 0, 0, 24),
+      IPRange::FromIPv4(192, 0, 2, 0, 24),
+      IPRange::FromIPv4(192, 88, 99, 0, 24),
+      IPRange::FromIPv4(192, 168, 0, 0, 16),
+      IPRange::FromIPv4(198, 18, 0, 0, 15),
+      IPRange::FromIPv4(198, 51, 100, 0, 24),
+      IPRange::FromIPv4(203, 0, 113, 0, 24),
+      IPRange::FromIPv4(224, 0, 0, 0, 4),
+      IPRange::FromIPv4(240, 0, 0, 0, 4)};
+
+#endif
+
   bool
   IsBogon(const in6_addr& addr)
   {
@@ -607,11 +641,14 @@ namespace llarp
     (void)addr;
     return false;
 #else
-    if (!ipv6_is_mapped_ipv4(addr))
+    if (not ipv6_is_mapped_ipv4(addr))
     {
-      static in6_addr zero = {};
-      if (addr == zero)
-        return true;
+      const auto ip = net::In6ToHUInt(addr);
+      for (const auto& range : bogonRanges_v6)
+      {
+        if (range.Contains(ip))
+          return true;
+      }
       return false;
     }
     return IsIPv4Bogon(
@@ -636,28 +673,10 @@ namespace llarp
   }
 
 #if !defined(TESTNET)
-  static constexpr std::array bogonRanges = {
-      IPRange::FromIPv4(0, 0, 0, 0, 8),
-      IPRange::FromIPv4(10, 0, 0, 0, 8),
-      IPRange::FromIPv4(21, 0, 0, 0, 8),
-      IPRange::FromIPv4(100, 64, 0, 0, 10),
-      IPRange::FromIPv4(127, 0, 0, 0, 8),
-      IPRange::FromIPv4(169, 254, 0, 0, 16),
-      IPRange::FromIPv4(172, 16, 0, 0, 12),
-      IPRange::FromIPv4(192, 0, 0, 0, 24),
-      IPRange::FromIPv4(192, 0, 2, 0, 24),
-      IPRange::FromIPv4(192, 88, 99, 0, 24),
-      IPRange::FromIPv4(192, 168, 0, 0, 16),
-      IPRange::FromIPv4(198, 18, 0, 0, 15),
-      IPRange::FromIPv4(198, 51, 100, 0, 24),
-      IPRange::FromIPv4(203, 0, 113, 0, 24),
-      IPRange::FromIPv4(224, 0, 0, 0, 4),
-      IPRange::FromIPv4(240, 0, 0, 0, 4)};
-
   bool
   IsIPv4Bogon(const huint32_t& addr)
   {
-    for (const auto& bogon : bogonRanges)
+    for (const auto& bogon : bogonRanges_v4)
     {
       if (bogon.Contains(addr))
       {