[bug#63402] [PATCH v5 2/5] services: wireguard: Implement a dynamic IP monitoring feature.

[Bruno Victal <mirai@makinata.eu>]

Hi Maxim,

On 2023-07-21 04:55, Maxim Cournoyer wrote:
> 
> Bruno Victal <mirai@makinata.eu> writes:
> 
>> On 2023-05-19 02:59, Maxim Cournoyer wrote:
> 
>>> +(define (host-name? name)
>>> +  "Predicate to check whether NAME is a host name, i.e. not an IP address."
>>> +  (not (or (ipv6-address? name) (ipv4-address? name))))
>>
>> I'd craft an artificial uri string and extract this information from a uri
>> record instead, since the above check is likely to reveal insufficient:
>>
>> scheme@(guile-user)> (use-modules (web uri))
>> scheme@(guile-user)> (define s "example.tld:9999")
>> scheme@(guile-user)> (uri-host (string->uri (string-append "dummy://" s)))
>> $5 = "example.tld"
>> scheme@(guile-user)> (define s "[2001:db8::1234]:9999")
>> scheme@(guile-user)> (uri-host (string->uri (string-append "dummy://" s)))
>> $6 = "2001:db8::1234"
> 
> I'm not sure I understand; In the second case, I'd like it to tell me
> it's *not* a host name, but it seems like uri-host happily returns IP
> addresses the same as host names?

Right, I've reread the context of this more carefully and I must have been
under the impression that this was being used to extract the address part of
a "<ADDRESS>:<PORT>" string. You can disregard this.

>>> +(define endpoint-host-names
>>> +  (@@ (gnu services vpn) endpoint-host-names))
>>> +
>>> +(test-begin "vpn-services")
>>> +
>>> +(test-assert "ipv4-address?"
>>> +  (every ipv4-address?
>>> +         (list "192.95.5.67:1234"
>>> +               "10.0.0.1")))
>>> +
>>> +(test-assert "ipv6-address?"
>>> +  (every ipv6-address?
>>> +         (list "[2607:5300:60:6b0::c05f:543]:2468"
>>> +               "2607:5300:60:6b0::c05f:543"
>>> +               "2345:0425:2CA1:0000:0000:0567:5673:23b5"
>>> +               "2345:0425:2CA1::0567:5673:23b5")))
>>
>> Are these addresses special?
>> If not, I'd recommend (properly) generating a random ULA prefix
>> and use it instead.
> 
> They are not!  I derived them from actual IP addresses, adding some
> fuzz.  I've now used unique local IPv6 prefixes.

Actually since these are only used for testing your predicate procedure
it might be better to use the 2001:db8::/32 reserved prefix instead if
I'm interpreting RFC3849 correctly.


-- 
Furthermore, I consider that nonfree software must be eradicated.

Cheers,
Bruno.