From 558b448ab2c553c5fa791bf4d0ef2cc0bc84e4ed Mon Sep 17 00:00:00 2001 From: Daniele Sluijters Date: Thu, 1 Dec 2022 20:34:55 +0100 Subject: [PATCH] [chore] Remove duplicate prefixes from sanitizer (#1195) In the previous changes that expanded the IPv4 and IPv6 deny lists based on the IANA registries we inadvertently added a number of duplicates. This is unnecessary as they're already caught by larger prefixes and means there's less entries to scan. This change removes all prefixes that are subnets of other prefixes. --- internal/netutil/validate.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/internal/netutil/validate.go b/internal/netutil/validate.go index d6b99e70d..888830106 100644 --- a/internal/netutil/validate.go +++ b/internal/netutil/validate.go @@ -33,14 +33,6 @@ netip.MustParsePrefix("64:ff9b:1::/48"), // IPv4/IPv6 translation, RFC 8215 netip.MustParsePrefix("100::/64"), // Discard prefix, RFC 6666 netip.MustParsePrefix("2001::/23"), // IETF Protocol Assignments, RFC 2928 - netip.MustParsePrefix("2001::/32"), // Teredo - netip.MustParsePrefix("2001:1::1/128"), // Port Control Protocol Anycast, RFC 7723 - netip.MustParsePrefix("2001:1::2/128"), // Traversal Using Relays around NAT Anycast, RFC 8155 - netip.MustParsePrefix("2001:2::/48"), // Benchmarking, RFC 5180 - netip.MustParsePrefix("2001:3::/32"), // AMT, RFC 7450 - netip.MustParsePrefix("2001:4:112::/48"), // AS112-v6, RFC 7535 - netip.MustParsePrefix("2001:10::/28"), // ORCHID, deprecated - netip.MustParsePrefix("2001:20::/28"), // ORCHIDv2 netip.MustParsePrefix("2001:db8::/32"), // Test, doc, examples netip.MustParsePrefix("2002::/16"), // 6to4 netip.MustParsePrefix("2620:4f:8000::/48"), // Direct Delegation AS112 Service, RFC 7534 @@ -60,7 +52,6 @@ netip.MustParsePrefix("169.254.0.0/16"), // Link-local netip.MustParsePrefix("172.16.0.0/12"), // Private netip.MustParsePrefix("192.0.0.0/24"), // RFC6890 - netip.MustParsePrefix("192.0.0.0/29"), // IPv4 Service Continuity Prefix, RFC 7335 netip.MustParsePrefix("192.0.2.0/24"), // Test, doc, examples netip.MustParsePrefix("192.31.196.0/24"), // AS112-v4, RFC 7535 netip.MustParsePrefix("192.52.193.0/24"), // AMT, RFC 7450