Ipv6 from ipv4 transition addresses

[gwarser]

And dang :/ - http://[::ffff:127.0.0.1]:8080/ is also valid https://en.wikipedia.org/wiki/IPv6_address#Transition_from_IPv4. Browser converts this to http://[::ffff:7f00:1]:8080/. It will be ::ffff:0000:0000 to ::ffff:ffff:ffff. Another regex?

It seem unique (has unique application), so maybe ||[::ffff:*]^ will be ok. Maybe not, but this is simple dec to hex translation - should not be hard to create good filter.

10.*
||[::ffff:0a*]^ this is wrong, with short syntax leading 0 is omitted
172.16-31.*
||[::ffff:ac1*]^
192.168.*
||[::ffff:c0a8:*]^
127.*
||[::ffff:7f*]^

[gwarser]

These can be bad:

172.16-31.*
||[::ffff:ac1*]^
127.*
||[::ffff:7f*]^

For example:

::ffff:7f* can be (leading zeros will be removed):

• ::ffff:007f:... 0.127.X.X,
• ::ffff:07fX:... 7.240-255.X.X,
• ::ffff:7fXX:... (this one is good).

[gwarser]

And there is still a chance to match ::ffff:xxxx:xxxx:xxxxx - out of range address.

[gwarser]

https://regex101.com/r/2H0JLC/1

! ———                |127.0-255.   |10.0-255.   |172.16-31.
!                    |             |            |           |192.168.
!                    |             |            |           |    |169.254.
!                    |             |            |           |    |      0-255.0-255
/^\w+:\/\/\[::ffff:(?:7f[0-9a-f]{2}|a[0-9a-f]{2}|ac1[0-9a-f]|c0a8|a9fe):[0-9a-f]{1,4}\][:/]/$third-party,domain=~localhost|~127.0.0.1|~[::1]|~0.0.0.0|~[::]|~local

Test cases:

http://[::ffff:7f00:1]:8080/?http://[::ffff:127.0.0.1]:8080/
http://[::ffff:7f05:12]:8080/?http://[::ffff:127.5.0.18]:8080/
http://[::ffff:7f33:20]:8080/?http://[::ffff:127.51.0.32]:8080/
http://[::ffff:a00:1]:8080/?http://[::ffff:10.0.0.1]:8080/
http://[::ffff:a05:12]:8080/?http://[::ffff:10.5.0.18]:8080/
http://[::ffff:a33:20]:8080/?http://[::ffff:10.51.0.32]:8080/
http://[::ffff:ac10:1]:8080/?http://[::ffff:172.16.0.1]:8080/
http://[::ffff:ac10:12]:8080/?http://[::ffff:172.16.0.18]:8080/
http://[::ffff:ac10:20]:8080/?http://[::ffff:172.16.0.32]:8080/
http://[::ffff:ac1f:1]:8080/?http://[::ffff:172.31.0.1]:8080/
http://[::ffff:ac1f:12]:8080/?http://[::ffff:172.31.0.18]:8080/
http://[::ffff:ac1f:20]:8080/?http://[::ffff:172.31.0.32]:8080/
http://[::ffff:c0a8:1]:8080/?http://[::ffff:192.168.0.1]:8080/
http://[::ffff:c0a8:12]:8080/?http://[::ffff:192.168.0.18]:8080/
http://[::ffff:c0a8:20]:8080/?http://[::ffff:192.168.0.32]:8080/
http://[::ffff:a9fe:101]:8080/?http://[::ffff:169.254.1.1]:8080/
http://[::ffff:a9fe:112]:8080/?http://[::ffff:169.254.1.18]:8080/
http://[::ffff:a9fe:fe20]:8080/?http://[::ffff:169.254.254.32]:8080/
! Reserved / not used according to
! https://en.wikipedia.org/wiki/Private_network?useskin=vector#Link-local_addresses
! https://www.rfc-editor.org/rfc/rfc3927#section-2.1
! filter is matching for simplicity:
http://[::ffff:a9fe:0]:8080/?http://[::ffff:169.254.0.0]:8080/
http://[::ffff:a9fe:ffff]:8080/?http://[::ffff:169.254.255.255]:8080/

Benchmark

Read from bottom to top.

Benchmarked static network filtering engine:
	Evaluated 239734 match calls in 2706 ms
	Average: 0.011 ms per request
	Not blocked: 127067
	Blocked: 110640
	Unblocked: 2027

Benchmarked static network filtering engine:
	Evaluated 239734 match calls in 2765 ms
	Average: 0.012 ms per request
	Not blocked: 127067
	Blocked: 110640
	Unblocked: 2027

Benchmarked static network filtering engine:
	Evaluated 239734 match calls in 2870 ms
	Average: 0.012 ms per request
	Not blocked: 127067
	Blocked: 110640
	Unblocked: 2027

Filter off ^
---

Benchmarked static network filtering engine:
	Evaluated 239734 match calls in 2814 ms
	Average: 0.012 ms per request
	Not blocked: 127067
	Blocked: 110640
	Unblocked: 2027

Benchmarked static network filtering engine:
	Evaluated 239734 match calls in 2841 ms
	Average: 0.012 ms per request
	Not blocked: 127067
	Blocked: 110640
	Unblocked: 2027

Benchmarked static network filtering engine:
	Evaluated 239734 match calls in 2854 ms
	Average: 0.012 ms per request
	Not blocked: 127067
	Blocked: 110640
	Unblocked: 2027

Filter on ^
---

Benchmarked static network filtering engine:
	Evaluated 239734 match calls in 2808 ms
	Average: 0.012 ms per request
	Not blocked: 127067
	Blocked: 110640
	Unblocked: 2027

Benchmarked static network filtering engine:
	Evaluated 239734 match calls in 2662 ms
	Average: 0.011 ms per request
	Not blocked: 127067
	Blocked: 110640
	Unblocked: 2027

Benchmarked static network filtering engine:
	Evaluated 239734 match calls in 2710 ms
	Average: 0.011 ms per request
	Not blocked: 127067
	Blocked: 110640
	Unblocked: 2027

Filter off ^

[JobcenterTycoon]

Why $third-party instead of $3p?

[gwarser]

Because it was supposed to be ABP compatible.

[iam-py-test]

There are other instances of $3p. Do you intend on fixing those too?
Thanks

[gwarser]

What do you mean by other instances? The list in this repo is just a draft for testing, it's already marked for removal. uAssets version is current and maintained by the team. BTW, even my version does not work in ABP, probably because of the header, still no one complains, so nothing to worry about.