On Fri, 16 Jul 2021 09:16:23 GMT, Jonathan Dowland <jdowl...@openjdk.org> wrote:
> The tests `test/jdk/java/net/HttpURLConnection/HttpURLConWithProxy.java` uses > the IP address "1.1.1.1" as a value. I think at the time the address was > picked, the assumption was the address was not valid / not routable. Since > April 2018 the address is part of CloudFlare's "Free" DNS product: > <https://en.wikipedia.org/wiki/1.1.1.1>. (this test was originally written in > 2016, before the service was launched) > > I've verified using local packet captures that running the test does result > in IP traffic being sent to 1.1.1.1. (Several other tests in JDK use 1.1.1.1 > as a placeholder IP. I've checked them all and none of the others connect out > to the IP like this one) > > This PR substitutes that IP address value (and two others) for ones from a > reserved IP range (240.0.0.0/4 according to RFC 6761) which will not result > in runners of the test suit inadvertently sending IP packets to the > CloudFlare service. > > This could be invalidated again if that address range is allocated at some > point in the future. A more future-proof fix would be to bind to random ports > on localhost for each dummy proxy (as done for the target HTTP server in the > test already). I can do that if preferred. > > <https://bugs.openjdk.java.net/browse/JDK-8270553> Thanks for suggesting a replacement for the 1.1.1.1 address Jonathan! I have run your patch through our test system and not observed any errors caused by this patch - so from my perspective you're good to go. Could you please add a comment before the line where the `240.*` addresses are used that explains that these addresses are reserved (Class E network) and are not supposed to point to any existing endpoint? ------------- PR: https://git.openjdk.java.net/jdk/pull/4806
