Oskar Sandberg <oskar at freenetproject.org> writes: > I also did some further work on the sanity checking of node addresses. > If "localIsOK" is not set in the configuration, it will not reference > single level hostnames, or IP addresses that are plainly wrong or refer > to loopback or RFC1597 addresses. If people would look at: > > http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/freenet/freenet/src/freenet/transport/tcpTransport.java?rev=1.2&content-type=text/vnd.viewcvs-markup > > to see if I am being overly strict or missing cases I would be > happy.
There are a few more classes of unroutable blocks (source: rfc3330): (a) 0/8 - "this" network (you only check 0.0.0.0/32) (b) 127/8 - loopback (you only check 127.0.0.1/32) (c) 169.254/16 - link local, DHCP ad-hoc addresses fall in here (d) 192.0.2/24 - "test-net" I've never seen any of these used on Freenet, so there's not much win in checking for them. But since (a) and (b) are already half-covered, and giving them full coverage is actually less code, I'm going to extend that to the whole ranges. [ah, I see (b) is already done] > A question is whether we should try to resolve DNS addresses to see > if they are real. It should suffice to drop these on the first connect attempt. Obviously we have to resolve anyway at that time. > I'm somewhat concerned about revealing too much about the > network if nodes immediately resolve addresses on announcements. How > much can people see by a DNS query? Will they see my IP address, or only > that there is a query from my ISPs DNS server? Only your DN server's address, which in my case -- I run my own -- is the same. -- Robbe -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.ng Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021105/aa48f440/attachment.pgp>
