filter invalid IPv6 (#3026)

* fix: filter invalid IPv6
2 years ago · 7fec17101e
parent 92dfe78d4b
commit 7fec17101e
4 changed files with 121 additions and 81 deletions
--- a/spring-cloud-alibaba-starters/spring-cloud-starter-alibaba-nacos-discovery/pom.xml
+++ b/spring-cloud-alibaba-starters/spring-cloud-starter-alibaba-nacos-discovery/pom.xml
@ -136,6 +136,13 @@
            <version>2.0.0</version>
            <scope>test</scope>
        </dependency>
+
+        <dependency>
+            <groupId>commons-validator</groupId>
+            <artifactId>commons-validator</artifactId>
+            <version>1.7</version>
+            <scope>test</scope>
+        </dependency>
    </dependencies>

 </project>
--- a/spring-cloud-alibaba-starters/spring-cloud-starter-alibaba-nacos-discovery/src/main/java/com/alibaba/cloud/nacos/NacosDiscoveryProperties.java
+++ b/spring-cloud-alibaba-starters/spring-cloud-starter-alibaba-nacos-discovery/src/main/java/com/alibaba/cloud/nacos/NacosDiscoveryProperties.java
@ -169,10 +169,9 @@ public class NacosDiscoveryProperties {
 	private String networkInterface = "";

 	/**
-	 * choose IPv4 or IPv6 or both_IPv4_IPv6. if you don't set it will choose
-	 * both_IPv4_IPv6. When IPv6 is chosen but no IPv6 can be found, system will
-	 * automatically find IPv4 to ensure there is an available service address. If
-	 * both_IPv4_IPv6 is set,both IPv4 and IPv6 will be register.
+	 * choose IPv4 or IPv6,if you don't set it will choose IPv4. When IPv6 is chosen but
+	 * no IPv6 can be found, system will automatically find IPv4 to ensure there is an
+	 * available service address.
 	 */
 	private String ipType;

@ -275,7 +274,10 @@ public class NacosDiscoveryProperties {
 				}
 				else if (ipType == null) {
 					ip = inetUtils.findFirstNonLoopbackHostInfo().getIpAddress();
-					metadata.put(IPV6, inetIPv6Utils.findIPv6Address());
+					String iPv6Address = inetIPv6Utils.findIPv6Address();
+					if (iPv6Address != null) {
+						metadata.put(IPV6, iPv6Address);
+					}
 				}
 				else {
 					throw new IllegalArgumentException(
@ -295,7 +297,7 @@ public class NacosDiscoveryProperties {
 					InetAddress currentAddress = inetAddress.nextElement();
 					if (currentAddress instanceof Inet4Address
 							|| currentAddress instanceof Inet6Address
-									&& !currentAddress.isLoopbackAddress()) {
+							&& !currentAddress.isLoopbackAddress()) {
 						ip = currentAddress.getHostAddress();
 						break;
 					}
--- a/spring-cloud-alibaba-starters/spring-cloud-starter-alibaba-nacos-discovery/src/main/java/com/alibaba/cloud/nacos/util/InetIPv6Utils.java
+++ b/spring-cloud-alibaba-starters/spring-cloud-starter-alibaba-nacos-discovery/src/main/java/com/alibaba/cloud/nacos/util/InetIPv6Utils.java
@ -16,20 +16,14 @@

 package com.alibaba.cloud.nacos.util;

-import java.io.Closeable;
 import java.io.IOException;
 import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.NetworkInterface;
-import java.net.UnknownHostException;
 import java.util.Enumeration;
 import java.util.List;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
-import java.util.concurrent.TimeUnit;

-import com.alibaba.cloud.commons.lang.StringUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

@ -39,64 +33,51 @@ import org.springframework.cloud.commons.util.InetUtilsProperties;
 /**
 * @author HH
 */
-public class InetIPv6Utils implements Closeable {
+public class InetIPv6Utils {

-	private final ExecutorService executorService;
-
-	private final Log log = LogFactory.getLog(InetIPv6Utils.class);
+	private final static Log log = LogFactory.getLog(InetIPv6Utils.class);

 	private final InetUtilsProperties properties;

-	@Override
-	public void close() {
-		this.executorService.shutdown();
-	}
-
 	public InetIPv6Utils(final InetUtilsProperties properties) {
 		this.properties = properties;
-		this.executorService = Executors.newSingleThreadExecutor((r) -> {
-			Thread thread = new Thread(r);
-			thread.setName("spring.cloud.alibaba.inetutilsIPV6");
-			thread.setDaemon(true);
-			return thread;
-		});
 	}

-	public InetUtils.HostInfo findFirstNonLoopbackHostInfo() {
-		InetAddress address = this.findFirstNonLoopbackIPv6Address();
-		if (address != null) {
-			return this.convertAddress(address);
-		}
-		return null;
+	private InetUtils.HostInfo findFirstValidHostInfo() {
+		InetAddress address = this.findFirstValidIPv6Address();
+		return address != null ? this.getHostInfo(address) : null;
 	}

-	public InetAddress findFirstNonLoopbackIPv6Address() {
+	private InetAddress findFirstValidIPv6Address() {
 		InetAddress address = null;

 		try {
-			int lowest = Integer.MAX_VALUE;
 			for (Enumeration<NetworkInterface> nics = NetworkInterface
 					.getNetworkInterfaces(); nics.hasMoreElements(); ) {
 				NetworkInterface ifc = nics.nextElement();
-				if (ifc.isUp()) {
-					log.trace("Testing interface:" + ifc.getDisplayName());
-					if (ifc.getIndex() < lowest || address == null) {
-						lowest = ifc.getIndex();
+				if (ifc.isUp() || !ifc.isVirtual() || !ifc.isLoopback()) {
+					if (address != null) {
+						break;
 					}
-					else if (address != null) {
-						continue;
-					}
-
 					if (!ignoreInterface(ifc.getDisplayName())) {
 						for (Enumeration<InetAddress> addrs = ifc
 								.getInetAddresses(); addrs.hasMoreElements(); ) {
 							InetAddress inetAddress = addrs.nextElement();
 							if (inetAddress instanceof Inet6Address
+									// filter ::1
 									&& !inetAddress.isLoopbackAddress()
+									// filter fe80::/10
+									&& !inetAddress.isLinkLocalAddress()
+									// filter ::/128
+									&& !inetAddress.isAnyLocalAddress()
+									// filter fec0::/10,which was discarded,but some
+									// address may be deployed.
+									&& !inetAddress.isSiteLocalAddress()
+									// filter fd00::/8
+									&& !isUniqueLocalAddress(inetAddress)
 									&& isPreferredAddress(inetAddress)) {
-								log.trace("Found non-loopback interface: "
-										+ ifc.getDisplayName());
 								address = inetAddress;
+								break;
 							}
 						}
 					}
@ -106,37 +87,19 @@ public class InetIPv6Utils implements Closeable {
 		catch (IOException e) {
 			log.error("Cannot get first non-loopback address", e);
 		}
-		if (address == null) {
-			try {
-				InetAddress localHost = InetAddress.getLocalHost();
-				if (localHost instanceof Inet6Address && !localHost.isLoopbackAddress()
-						&& isPreferredAddress(localHost)) {
-					address = localHost;
-				}
-			}
-			catch (UnknownHostException e) {
-				log.warn("Unable to retrieve localhost");
-			}
-		}
 		return address;
 	}

 	public String findIPv6Address() {
-		InetUtils.HostInfo hostInfo = findFirstNonLoopbackHostInfo();
-		String ip = hostInfo != null ? hostInfo.getIpAddress() : "";
-		if (!StringUtils.isEmpty(ip)) {
-			int index = ip.indexOf('%');
-			ip = index > 0 ? ip.substring(0, index) : ip;
-			return iPv6Format(ip);
-		}
-		return ip;
+		InetUtils.HostInfo hostInfo = findFirstValidHostInfo();
+		return hostInfo != null ? normalizeIPv6(hostInfo.getIpAddress()) : null;
 	}

-	public String iPv6Format(String ip) {
+	private String normalizeIPv6(String ip) {
 		return "[" + ip + "]";
 	}

-	boolean isPreferredAddress(InetAddress address) {
+	private boolean isPreferredAddress(InetAddress address) {
 		if (this.properties.isUseOnlySiteLocalInterfaces()) {
 			final boolean siteLocalAddress = address.isSiteLocalAddress();
 			if (!siteLocalAddress) {
@ -154,35 +117,43 @@ public class InetIPv6Utils implements Closeable {
 				return true;
 			}
 		}
-		log.trace("Ignoring address: " + address.getHostAddress());
 		return false;
 	}

 	boolean ignoreInterface(String interfaceName) {
 		for (String regex : this.properties.getIgnoredInterfaces()) {
 			if (interfaceName.matches(regex)) {
-				log.trace("Ignoring interface: " + interfaceName);
 				return true;
 			}
 		}
 		return false;
 	}

-	public InetUtils.HostInfo convertAddress(final InetAddress address) {
+	private InetUtils.HostInfo getHostInfo(final InetAddress address) {
 		InetUtils.HostInfo hostInfo = new InetUtils.HostInfo();
-		Future<String> result = this.executorService.submit(address::getHostName);
-
-		String hostname;
-		try {
-			hostname = result.get(this.properties.getTimeoutSeconds(), TimeUnit.SECONDS);
+		String hostName = address.getHostName();
+		if (hostName == null) {
+			hostName = "localhost";
+		}
+		hostInfo.setHostname(hostName);
+		if (StringUtils.isNotEmpty(address.getHostAddress())) {
+			hostInfo.setIpAddress(address.getHostAddress());
 		}
-		catch (Exception e) {
-			log.info("Cannot determine local hostname");
-			hostname = "localhost";
+		else {
+			hostInfo.setIpAddress(StringUtils.EMPTY);
 		}
-		hostInfo.setHostname(hostname);
-		hostInfo.setIpAddress(address.getHostAddress());
 		return hostInfo;
 	}

+	/**
+	 * If the address is Unique Local Address.
+	 *
+	 * @param inetAddress {@link InetAddress}
+	 * @return {@code true} if the address is Unique Local Address,otherwise {@code false}
+	 */
+	private boolean isUniqueLocalAddress(InetAddress inetAddress) {
+		byte[] ip = inetAddress.getAddress();
+		return (ip[0] & 0xff) == 0xfd;
+	}
+
 }
--- a/spring-cloud-alibaba-starters/spring-cloud-starter-alibaba-nacos-discovery/src/test/java/com/alibaba/cloud/nacos/util/InetIPv6UtilsTest.java
+++ b/spring-cloud-alibaba-starters/spring-cloud-starter-alibaba-nacos-discovery/src/test/java/com/alibaba/cloud/nacos/util/InetIPv6UtilsTest.java
@ -0,0 +1,60 @@
+/*
+ * Copyright 2013-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.alibaba.cloud.nacos.util;
+
+import com.alibaba.cloud.nacos.NacosDiscoveryProperties;
+import com.alibaba.cloud.nacos.discovery.NacosDiscoveryClientConfiguration;
+import org.apache.commons.validator.routines.InetAddressValidator;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.powermock.modules.junit4.PowerMockRunner;
+import org.powermock.modules.junit4.PowerMockRunnerDelegate;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.RANDOM_PORT;
+
+@RunWith(PowerMockRunner.class)
+@PowerMockRunnerDelegate(SpringRunner.class)
+@SpringBootTest(
+		classes = InetIPv6UtilsTest.TestConfig.class,
+		properties = {"spring.cloud.nacos.discovery.ipType=IPv6"},
+		webEnvironment = RANDOM_PORT)
+public class InetIPv6UtilsTest {
+	@Autowired
+	NacosDiscoveryProperties properties;
+
+	@Test
+	public void getIPv6() {
+		String ip = properties.getIp();
+		ip = ip.substring(1, ip.length() - 1);
+		assert (InetAddressValidator.getInstance().isValidInet6Address(ip));
+	}
+
+	@Configuration
+	@EnableAutoConfiguration
+	@ImportAutoConfiguration(
+			NacosDiscoveryClientConfiguration.class)
+	public static class TestConfig {
+
+	}
+}