-
Notifications
You must be signed in to change notification settings - Fork 46
/
ipfiltering.go
35 lines (30 loc) · 1.06 KB
/
ipfiltering.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
package webconnectivitylte
//
// Filter out IP addresses to which we're not permitted to connect.
//
import (
"errors"
"fmt"
"net"
"github.com/ooni/probe-cli/v3/internal/netxlite"
)
// errNotAllowedToConnect indicates we're not allowed to connect.
var errNotAllowedToConnect = errors.New("webconnectivity: not allowed to connect")
// allowedToConnect returns nil if we can connect to a given endpoint. Otherwise
// it returns an error explaining why we cannot connect.
func allowedToConnect(endpoint string) error {
addr, _, err := net.SplitHostPort(endpoint)
if err != nil {
return fmt.Errorf("%w: %s", errNotAllowedToConnect, err.Error())
}
// Implementation note: we don't remove bogons because accessing
// them can lead us to discover block pages. This may change in
// the future, see https://github.com/ooni/probe/issues/2327.
//
// We prevent connecting to localhost, however, as documented
// inside https://github.com/ooni/probe/issues/2397.
if netxlite.IsLoopback(addr) {
return fmt.Errorf("%w: is loopback", errNotAllowedToConnect)
}
return nil
}