[New-bugs-announce] [issue44167] ipaddress.IPv6Address.is_private makes redundant checks

Martijn Pieters report at bugs.python.org
Tue May 18 05:07:36 EDT 2021

New submission from Martijn Pieters <mj at python.org>:

ipaddress.IPv6Address.is_private uses a hard-coded list of `IPv6Network` objects that cover private networks to test against.

This list contains two networks that are subnets of a 3rd network in the list. IP addresses that are not private are tested against all 3 networks where only a single test is needed.

The networks in question are:

        IPv6Network('2001:2::/48'),  # within 2001::/23
        IPv6Network('2001:10::/28'), # within 2001::/23

The first is a supernet of the other two, so any IP address that is tested against the first and is not part of that network, will also not be part of the other two networks:

>>> from ipaddress import IPv6Network
>>> sub_tla_id = IPv6Network('2001::/23')
>>> sub_tla_id.supernet_of(IPv6Network('2001:2::/48'))
>>> sub_tla_id.supernet_of(IPv6Network('2001:10::/28'))

We can safely drop these two network entries from the list.

On a separate note: the definition here is inconsistent with IPv4Address's list of private networks. 2001::/23 is the whole subnet reserved for special purpose addresses (RFC 2928), regardless of what ranges have actually been assigned. The IPv4 list on the other hand only contains _actual assignments within the reserved subnet_, not the whole reserved block (RFC 5736 / RFC 6890, reserving, IPv4Address only considers and I'll file a separate issue for that if not already reported.

components: Library (Lib)
messages: 393860
nosy: mjpieters
priority: normal
severity: normal
status: open
title: ipaddress.IPv6Address.is_private makes redundant checks
type: performance
versions: Python 3.10, Python 3.11, Python 3.8, Python 3.9

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list