addons/block: teach block about IPv6 scope suffixes

Fixes #3160
2024-11-23 00:01:36 +00:00 · 2018-05-27 10:46:38 +12:00 · 2018-05-27 10:46:38 +12:00 · a38d2d7b0e
commit a38d2d7b0e
parent ec2ae19e22
2 changed files with 13 additions and 7 deletions
--- a/mitmproxy/addons/block.py
+++ b/mitmproxy/addons/block.py
@ -21,17 +21,19 @@ class Block:
        )

    def clientconnect(self, layer):
-        address = ipaddress.ip_address(layer.client_conn.address[0])
+        astr = layer.client_conn.address[0]
+
+        parts = astr.rsplit("%", 1)
+        address = ipaddress.ip_address(parts[0])
        if isinstance(address, ipaddress.IPv6Address):
            address = address.ipv4_mapped or address

-        ipa = ipaddress.ip_address(address)
-        if ipa.is_loopback:
+        if address.is_loopback:
            return

-        if ctx.options.block_private and ipa.is_private:
-            ctx.log.warn("Client connection from %s killed by block_private" % address)
+        if ctx.options.block_private and address.is_private:
+            ctx.log.warn("Client connection from %s killed by block_private" % astr)
            layer.reply.kill()
-        if ctx.options.block_global and ipa.is_global:
-            ctx.log.warn("Client connection from %s killed by block_global" % address)
+        if ctx.options.block_global and address.is_global:
+            ctx.log.warn("Client connection from %s killed by block_global" % astr)
            layer.reply.kill()
--- a/test/mitmproxy/addons/test_block.py
+++ b/test/mitmproxy/addons/test_block.py
@ -17,6 +17,7 @@ from mitmproxy.test import taddons
    (True, False, False, ("::ffff:172.20.0.1",)),
    (True, False, False, ("::ffff:192.168.1.1",)),
    (True, False, False, ("fe80::",)),
+    (True, False, False, (r"::ffff:192.168.1.1%scope",)),
    # block_global: global
    (True, False, True, ("1.1.1.1",)),
    (True, False, True, ("8.8.8.8",)),
@ -25,6 +26,7 @@ from mitmproxy.test import taddons
    (True, False, True, ("::ffff:8.8.8.8",)),
    (True, False, True, ("::ffff:216.58.207.174",)),
    (True, False, True, ("2001:4860:4860::8888",)),
+    (True, False, True, (r"2001:4860:4860::8888%scope",)),


    # block_private: loopback
@ -37,6 +39,7 @@ from mitmproxy.test import taddons
    (False, True, True, ("::ffff:10.0.0.1",)),
    (False, True, True, ("::ffff:172.20.0.1",)),
    (False, True, True, ("::ffff:192.168.1.1",)),
+    (False, True, True, (r"::ffff:192.168.1.1%scope",)),
    (False, True, True, ("fe80::",)),
    # block_private: global
    (False, True, False, ("1.1.1.1",)),
@ -45,6 +48,7 @@ from mitmproxy.test import taddons
    (False, True, False, ("::ffff:1.1.1.1",)),
    (False, True, False, ("::ffff:8.8.8.8",)),
    (False, True, False, ("::ffff:216.58.207.174",)),
+    (False, True, False, (r"::ffff:216.58.207.174%scope",)),
    (False, True, False, ("2001:4860:4860::8888",)),
 ])
@pytest.mark.asyncio