From b65b53b0df79a8913367a07919cba52ca1d1185e Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Sun, 8 Mar 2015 20:05:50 +0000
Subject: [PATCH] Transport: Add missing bogons to IP validity check 192.0.0.2
 seen out there (RFC 6333)

---
 .../i2p/router/transport/TransportUtil.java   | 34 +++++++++++++++----
 1 file changed, 27 insertions(+), 7 deletions(-)

diff --git a/router/java/src/net/i2p/router/transport/TransportUtil.java b/router/java/src/net/i2p/router/transport/TransportUtil.java
index ef8a7786fe..650a9656f3 100644
--- a/router/java/src/net/i2p/router/transport/TransportUtil.java
+++ b/router/java/src/net/i2p/router/transport/TransportUtil.java
@@ -102,6 +102,8 @@ public abstract class TransportUtil {
     }
 
     /**
+     *  Ref: RFC 5735
+     *
      *  @param addr non-null
      *  @since IPv6
      */
@@ -110,22 +112,40 @@ public abstract class TransportUtil {
             if (!allowIPv4)
                 return false;
             int a0 = addr[0] & 0xFF;
-            if (a0 == 127) return false;
-            if (a0 == 10) return false;
-            int a1 = addr[1] & 0xFF;
-            if (a0 == 172 && a1 >= 16 && a1 <= 31) return false;
-            if (a0 == 192 && a1 == 168) return false;
-            if (a0 >= 224) return false; // no multicast
+            // please keep sorted by IP
             if (a0 == 0) return false;
-            if (a0 == 169 && a1 == 254) return false;
+            if (a0 == 10) return false;
             // 5/8 allocated to RIPE (30 November 2010)
             //if ((addr[0]&0xFF) == 5) return false;  // Hamachi
             // Hamachi moved to 25/8 Nov. 2012
             // Assigned to UK Ministry of Defence
             // http://blog.logmein.com/products/changes-to-hamachi-on-november-19th
             if (a0 == 25) return false;
+            if (a0 == 127) return false;
+            int a1 = addr[1] & 0xFF;
             // Carrier Grade NAT RFC 6598
             if (a0 == 100 && a1 >= 64 && a1 <= 127) return false;
+            if (a0 == 169 && a1 == 254) return false;
+            if (a0 == 172 && a1 >= 16 && a1 <= 31) return false;
+            if (a0 == 192) {
+                if (a1 == 168) return false;
+                if (a1 == 0) {
+                    int a2 = addr[2] & 0xFF;
+                    // protocol assignment, documentation
+                    // 192.0.0.2 seen in the wild, RFC 6333 "Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion"
+                    if (a2 == 0 || a2 == 2) return false;
+                }
+                // 6to4 anycast
+                if (a1 == 88 && (addr[2] & 0xff) == 99) return false;
+            }
+            if (a0 == 198) {
+                // tests
+                if (a1 == 18 || a1 == 19) return false;
+                if (a1 == 51 && (addr[2] & 0xff) == 100) return false;
+            }
+            // test
+            if (a0 == 203 && a1 == 0 && (addr[2] & 0xff) == 113) return false;
+            if (a0 >= 224) return false; // no multicast
             return true; // or at least possible to be true
         } else if (addr.length == 16) {
             if (allowIPv6) {
-- 
GitLab