gh-151749: Add 5f00::/16 (RFC 9602) and 100:0:0:1::/64 (RFC 9780) to ipaddress IPv6 private networks#151764
Open
tonghuaroot wants to merge 2 commits into
Open
gh-151749: Add 5f00::/16 (RFC 9602) and 100:0:0:1::/64 (RFC 9780) to ipaddress IPv6 private networks#151764tonghuaroot wants to merge 2 commits into
tonghuaroot wants to merge 2 commits into
Conversation
…0) to ipaddress IPv6 private networks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add the
5f00::/16(RFC 9602) and100:0:0:1::/64(RFC 9780) special-purpose IPv6 ranges toipaddress's_private_networkssois_global/is_privatematch the IANA registry.Fixes #151749
Problem
Both ranges are listed in the IANA IPv6 Special-Purpose Address Registry with Globally Reachable = False, but
ipaddresscurrently reports them as globally reachable:5f00::/16— SRv6 SIDs, defined in RFC 9602 (Globally Reachable: False).100:0:0:1::/64— Dummy IPv6 Prefix, defined in RFC 9780 (Globally Reachable: False). Note this block is disjoint from the already-listed100::/64(RFC 6666 Discard-Only), so it is not currently covered.Before this change
IPv6Address.is_globalreturnsTrue(andis_privatereturnsFalse) for addresses in both blocks, which is incorrect.Fix
Adds the two networks to
_IPv6Constants._private_networks, alongside the existing not-globally-reachable IPv6 entries. This follows the precedent set by CVE-2024-4032 / gh-113171 and gh-124217 (3fff::/20, RFC 9637), which added sibling ranges to these same tables.Scope: This PR is intentionally limited to
_private_networks. It does not touch_private_networks_exceptions; the related2001:1::3/128(RFC 9665) exception is handled separately in #151050 and is deliberately left unchanged here.Behaviour (stock vs. patched)
is_globalis_globalis_private5f00::5f00::15f00:ffff:ffff:ffff:ffff:ffff:ffff:ffff100:0:0:1::100:0:0:1:ffff:ffff:ffff:ffff5eff:ffff:ffff:ffff:ffff:ffff:ffff:ffff(adjacent below)5f01::(adjacent above)100:0:0:2::(adjacent)Addresses immediately adjacent to each new block are unchanged. A regression test covering both the changed and adjacent addresses is added to
testReservedIpv6, and aMisc/NEWS.dentry is included.