Source File
	private.go

Belonging Package
	github.com/multiformats/go-multiaddr/net

package manet

import (
	"net"
	"strings"

	ma "github.com/multiformats/go-multiaddr"
)

// Private4 and Private6 are well-known private networks
var Private4, Private6 []*net.IPNet
var privateCIDR4 = []string{
	// localhost
	"127.0.0.0/8",
	// private networks
	"10.0.0.0/8",
	"100.64.0.0/10",
	"172.16.0.0/12",
	"192.168.0.0/16",
	// link local
	"169.254.0.0/16",
}
var privateCIDR6 = []string{
	// localhost
	"::1/128",
	// ULA reserved
	"fc00::/7",
	// link local
	"fe80::/10",
}

// Unroutable4 and Unroutable6 are well known unroutable address ranges
var Unroutable4, Unroutable6 []*net.IPNet
var unroutableCIDR4 = []string{
	"0.0.0.0/8",
	"192.0.0.0/26",
	"192.0.2.0/24",
	"192.88.99.0/24",
	"198.18.0.0/15",
	"198.51.100.0/24",
	"203.0.113.0/24",
	"224.0.0.0/4",
	"240.0.0.0/4",
	"255.255.255.255/32",
}
var unroutableCIDR6 = []string{
	"ff00::/8",      // multicast
	"2001:db8::/32", // documentation
}

var globalUnicast []*net.IPNet
var globalUnicastCIDR6 = []string{
	"2000::/3",
}

var nat64CIDRs = []string{
	"64:ff9b:1::/48", // RFC 8215
	"64:ff9b::/96",   // RFC 6052
}

var nat64 []*net.IPNet

// unResolvableDomains do not resolve to an IP address.
// Ref: https://en.wikipedia.org/wiki/Special-use_domain_name#Reserved_domain_names
var unResolvableDomains = []string{
	// Reverse DNS Lookup
	".in-addr.arpa",
	".ip6.arpa",

	// RFC 6761: Users MAY assume that queries for "invalid" names will always return NXDOMAIN
	// responses
	".invalid",
}

// privateUseDomains are reserved for private use and have no central authority for consistent
// address resolution
// Ref: https://en.wikipedia.org/wiki/Special-use_domain_name#Reserved_domain_names
var privateUseDomains = []string{
	// RFC 8375: Reserved for home networks
	".home.arpa",

	// MDNS
	".local",

	// RFC 6761: No central authority for .test names
	".test",
}

// RFC 6761: Users may assume that IPv4 and IPv6 address queries for localhost names will
// always resolve to the respective IP loopback address
const localHostDomain = ".localhost"

func init() {
	Private4 = parseCIDR(privateCIDR4)
	Private6 = parseCIDR(privateCIDR6)
	Unroutable4 = parseCIDR(unroutableCIDR4)
	Unroutable6 = parseCIDR(unroutableCIDR6)
	globalUnicast = parseCIDR(globalUnicastCIDR6)
	nat64 = parseCIDR(nat64CIDRs)
}

func parseCIDR(cidrs []string) []*net.IPNet {
	ipnets := make([]*net.IPNet, len(cidrs))
	for i, cidr := range cidrs {
		_, ipnet, err := net.ParseCIDR(cidr)
		if err != nil {
			panic(err)
		}
		ipnets[i] = ipnet
	}
	return ipnets
}

// IsPublicAddr returns true if the IP part of the multiaddr is a publicly routable address
// or if it's a dns address without a special use domain e.g. .local.
func IsPublicAddr(a ma.Multiaddr) bool {
	isPublic := false
	ma.ForEach(a, func(c ma.Component) bool {
		switch c.Protocol().Code {
		case ma.P_IP6ZONE:
			return true
		case ma.P_IP4:
			ip := net.IP(c.RawValue())
			isPublic = !inAddrRange(ip, Private4) && !inAddrRange(ip, Unroutable4)
		case ma.P_IP6:
			ip := net.IP(c.RawValue())
			// IP6 documentation prefix(part of Unroutable6) is a subset of the ip6
			// global unicast allocation so we ensure that it's not a documentation
			// prefix by diffing with Unroutable6
			isPublicUnicastAddr := inAddrRange(ip, globalUnicast) && !inAddrRange(ip, Unroutable6)
			if isPublicUnicastAddr {
				isPublic = true
				return false
			}
			// The WellKnown NAT64 prefix(RFC 6052) can only reference a public IPv4
			// address.
			// The Local use NAT64 prefix(RFC 8215) can reference private IPv4
			// addresses. But since the translation from Local use NAT64 prefix to IPv4
			// address is left to the user we have no way of knowing which IPv4 address
			// is referenced. We count these as Public addresses because a false
			// negative for this method here is generally worse than a false positive.
			isPublic = inAddrRange(ip, nat64)
			return false
		case ma.P_DNS, ma.P_DNS4, ma.P_DNS6, ma.P_DNSADDR:
			dnsAddr := c.Value()
			isPublic = true
			if isSubdomain(dnsAddr, localHostDomain) {
				isPublic = false
				return false
			}
			for _, ud := range unResolvableDomains {
				if isSubdomain(dnsAddr, ud) {
					isPublic = false
					return false
				}
			}
			for _, pd := range privateUseDomains {
				if isSubdomain(dnsAddr, pd) {
					isPublic = false
					break
				}
			}
		}
		return false
	})
	return isPublic
}

// isSubdomain checks if child is sub domain of parent. It also returns true if child and parent are
// the same domain.
// Parent must have a "." prefix.
func isSubdomain(child, parent string) bool {
	return strings.HasSuffix(child, parent) || child == parent[1:]
}

// IsPrivateAddr returns true if the IP part of the mutiaddr is in a private network
func IsPrivateAddr(a ma.Multiaddr) bool {
	isPrivate := false
	ma.ForEach(a, func(c ma.Component) bool {
		switch c.Protocol().Code {
		case ma.P_IP6ZONE:
			return true
		case ma.P_IP4:
			isPrivate = inAddrRange(net.IP(c.RawValue()), Private4)
		case ma.P_IP6:
			isPrivate = inAddrRange(net.IP(c.RawValue()), Private6)
		case ma.P_DNS, ma.P_DNS4, ma.P_DNS6, ma.P_DNSADDR:
			dnsAddr := c.Value()
			if isSubdomain(dnsAddr, localHostDomain) {
				isPrivate = true
			}
			// We don't check for privateUseDomains because private use domains can
			// resolve to public IP addresses
		}
		return false
	})
	return isPrivate
}

func inAddrRange(ip net.IP, ipnets []*net.IPNet) bool {
	for _, ipnet := range ipnets {
		if ipnet.Contains(ip) {
			return true
		}
	}

	return false
}

The pages are generated with Golds v0.8.2. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds.