Simplify privateIP detection

oskarszoon · oskarszoon · commit 1891521e57ea · 2025-11-13T10:53:45.000+01:00
diff --git a/client.go b/client.go
@@ -966,42 +966,11 @@ func filterPrivateAddrs(addrs []multiaddr.Multiaddr) []multiaddr.Multiaddr {
 	return filtered
 }
 
-// isPrivateIP checks if an IP address is private or local.
+// isPrivateIP checks if an IP address is private or local using Go's standard library.
 // Returns true for:
-// - RFC1918 private networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
-// - Link-local addresses (169.254.0.0/16)
-// - Loopback addresses (127.0.0.0/8)
-// - IPv6 unique local addresses (fc00::/7)
-// - IPv6 link-local addresses (fe80::/10)
+// - RFC1918 private networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) via IP.IsPrivate()
+// - Link-local, loopback, and multicast addresses via built-in methods
+// - IPv6 unique local addresses (fc00::/7) via IP.IsPrivate()
 func isPrivateIP(ip net.IP) bool {
-	if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
-		return true
-	}
-
-	// Check for private IPv4 ranges
-	if ip4 := ip.To4(); ip4 != nil {
-		// 10.0.0.0/8
-		if ip4[0] == 10 {
-			return true
-		}
-		// 172.16.0.0/12
-		if ip4[0] == 172 && ip4[1] >= 16 && ip4[1] <= 31 {
-			return true
-		}
-		// 192.168.0.0/16
-		if ip4[0] == 192 && ip4[1] == 168 {
-			return true
-		}
-		// 169.254.0.0/16 (link-local)
-		if ip4[0] == 169 && ip4[1] == 254 {
-			return true
-		}
-	}
-
-	// Check for IPv6 unique local addresses (fc00::/7)
-	if len(ip) == net.IPv6len && ip[0]&0xfe == 0xfc {
-		return true
-	}
-
-	return false
+	return ip.IsPrivate() || ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast()
 }
diff --git a/client_filter_private_addrs_test.go b/client_filter_private_addrs_test.go
@@ -0,0 +1,261 @@
+package p2p
+
+import (
+	"net"
+	"testing"
+
+	"github.com/multiformats/go-multiaddr"
+)
+
+func TestFilterPrivateAddrs(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    []string
+		expected []string
+	}{
+		{
+			name: "filter_out_private_ipv4",
+			input: []string{
+				"/ip4/10.0.0.1/tcp/4001",
+				"/ip4/8.8.8.8/tcp/4001",
+				"/ip4/172.16.0.1/tcp/4001",
+				"/ip4/1.1.1.1/tcp/4001",
+			},
+			expected: []string{
+				"/ip4/8.8.8.8/tcp/4001",
+				"/ip4/1.1.1.1/tcp/4001",
+			},
+		},
+		{
+			name: "filter_out_localhost",
+			input: []string{
+				"/ip4/127.0.0.1/tcp/4001",
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+			expected: []string{
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+		},
+		{
+			name: "filter_out_link_local",
+			input: []string{
+				"/ip4/169.254.1.1/tcp/4001",
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+			expected: []string{
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+		},
+		{
+			name: "filter_out_192_168",
+			input: []string{
+				"/ip4/192.168.1.1/tcp/4001",
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+			expected: []string{
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+		},
+		{
+			name: "filter_out_ipv6_private",
+			input: []string{
+				"/ip6/fc00::1/tcp/4001",
+				"/ip6/2001:4860:4860::8888/tcp/4001",
+			},
+			expected: []string{
+				"/ip6/2001:4860:4860::8888/tcp/4001",
+			},
+		},
+		{
+			name: "filter_out_ipv6_link_local",
+			input: []string{
+				"/ip6/fe80::1/tcp/4001",
+				"/ip6/2001:4860:4860::8888/tcp/4001",
+			},
+			expected: []string{
+				"/ip6/2001:4860:4860::8888/tcp/4001",
+			},
+		},
+		{
+			name: "all_private_returns_empty",
+			input: []string{
+				"/ip4/10.0.0.1/tcp/4001",
+				"/ip4/192.168.1.1/tcp/4001",
+				"/ip4/127.0.0.1/tcp/4001",
+			},
+			expected: []string{},
+		},
+		{
+			name: "all_public_returns_all",
+			input: []string{
+				"/ip4/8.8.8.8/tcp/4001",
+				"/ip4/1.1.1.1/tcp/4001",
+				"/ip6/2001:4860:4860::8888/tcp/4001",
+			},
+			expected: []string{
+				"/ip4/8.8.8.8/tcp/4001",
+				"/ip4/1.1.1.1/tcp/4001",
+				"/ip6/2001:4860:4860::8888/tcp/4001",
+			},
+		},
+		{
+			name:     "empty_input_returns_empty",
+			input:    []string{},
+			expected: []string{},
+		},
+		{
+			name: "mixed_valid_and_invalid",
+			input: []string{
+				"/ip4/8.8.8.8/tcp/4001",
+				"invalid-addr",
+				"/ip4/10.0.0.1/tcp/4001",
+			},
+			expected: []string{
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+		},
+		{
+			name: "edge_case_172_15_not_filtered",
+			input: []string{
+				"/ip4/172.15.0.1/tcp/4001", // Not in 172.16-31 range
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+			expected: []string{
+				"/ip4/172.15.0.1/tcp/4001",
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+		},
+		{
+			name: "edge_case_172_32_not_filtered",
+			input: []string{
+				"/ip4/172.32.0.1/tcp/4001", // Not in 172.16-31 range
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+			expected: []string{
+				"/ip4/172.32.0.1/tcp/4001",
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+		},
+		{
+			name: "edge_case_172_16_filtered",
+			input: []string{
+				"/ip4/172.16.0.1/tcp/4001",
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+			expected: []string{
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+		},
+		{
+			name: "edge_case_172_31_filtered",
+			input: []string{
+				"/ip4/172.31.255.255/tcp/4001",
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+			expected: []string{
+				"/ip4/8.8.8.8/tcp/4001",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Convert string multiaddrs to multiaddr.Multiaddr
+			inputAddrs := make([]multiaddr.Multiaddr, 0, len(tt.input))
+			for _, addrStr := range tt.input {
+				addr, err := multiaddr.NewMultiaddr(addrStr)
+				if err != nil {
+					// Skip invalid addresses in input
+					continue
+				}
+				inputAddrs = append(inputAddrs, addr)
+			}
+
+			// Call filterPrivateAddrs
+			result := filterPrivateAddrs(inputAddrs)
+
+			// Convert result back to strings for comparison
+			resultStrs := make([]string, 0, len(result))
+			for _, addr := range result {
+				resultStrs = append(resultStrs, addr.String())
+			}
+
+			// Check length
+			if len(resultStrs) != len(tt.expected) {
+				t.Errorf("Expected %d addresses, got %d.\nExpected: %v\nGot: %v",
+					len(tt.expected), len(resultStrs), tt.expected, resultStrs)
+				return
+			}
+
+			// Check each address
+			for i, expectedAddr := range tt.expected {
+				if resultStrs[i] != expectedAddr {
+					t.Errorf("Address %d: expected %s, got %s", i, expectedAddr, resultStrs[i])
+				}
+			}
+		})
+	}
+}
+
+func TestIsPrivateIP(t *testing.T) {
+	tests := []struct {
+		name     string
+		ip       string
+		expected bool
+	}{
+		// RFC1918 private networks
+		{"10.0.0.1", "10.0.0.1", true},
+		{"10.255.255.255", "10.255.255.255", true},
+		{"172.16.0.1", "172.16.0.1", true},
+		{"172.31.255.255", "172.31.255.255", true},
+		{"192.168.1.1", "192.168.1.1", true},
+		{"192.168.255.255", "192.168.255.255", true},
+
+		// Edge cases for 172.x range
+		{"172.15.0.1_not_private", "172.15.0.1", false},
+		{"172.32.0.1_not_private", "172.32.0.1", false},
+
+		// Link-local
+		{"169.254.1.1", "169.254.1.1", true},
+
+		// Loopback
+		{"127.0.0.1", "127.0.0.1", true},
+		{"127.255.255.255", "127.255.255.255", true},
+
+		// Public IPs
+		{"8.8.8.8", "8.8.8.8", false},
+		{"1.1.1.1", "1.1.1.1", false},
+		{"208.67.222.222", "208.67.222.222", false},
+
+		// IPv6 unique local (fc00::/7)
+		{"fc00::1", "fc00::1", true},
+		{"fd00::1", "fd00::1", true},
+
+		// IPv6 link-local (fe80::/10)
+		{"fe80::1", "fe80::1", true},
+
+		// IPv6 loopback
+		{"::1", "::1", true},
+
+		// IPv6 public
+		{"2001:4860:4860::8888", "2001:4860:4860::8888", false},
+		{"2606:4700:4700::1111", "2606:4700:4700::1111", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ip := parseIP(tt.ip)
+			if ip == nil {
+				t.Fatalf("Failed to parse IP: %s", tt.ip)
+			}
+			result := isPrivateIP(ip)
+			if result != tt.expected {
+				t.Errorf("isPrivateIP(%s) = %v, want %v", tt.ip, result, tt.expected)
+			}
+		})
+	}
+}
+
+func parseIP(s string) net.IP {
+	return net.ParseIP(s)
+}
