From 6ceea60c9203af4dc18a6502ca7e0fe69db0a446 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Sun, 12 May 2013 00:24:01 +0000
Subject: [PATCH] addresses: - blocklist 192.88.88.0/24 6to4 anycast -
 invalidate 2002::/16

---
 core/java/src/net/i2p/util/Addresses.java                   | 2 +-
 installer/resources/blocklist.txt                           | 1 +
 router/java/src/net/i2p/router/transport/TransportUtil.java | 3 +++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/core/java/src/net/i2p/util/Addresses.java b/core/java/src/net/i2p/util/Addresses.java
index e54f93a02a..14c8549e07 100644
--- a/core/java/src/net/i2p/util/Addresses.java
+++ b/core/java/src/net/i2p/util/Addresses.java
@@ -34,7 +34,7 @@ public abstract class Addresses {
         return !getAddresses(true, false, false).isEmpty();
     }
 
-    /** @return the first non-local address it finds, or null */
+    /** @return the first non-local address IPv4 address it finds, or null */
     public static String getAnyAddress() {
         SortedSet<String> a = getAddresses();
         if (!a.isEmpty())
diff --git a/installer/resources/blocklist.txt b/installer/resources/blocklist.txt
index 9f9dde18fb..02440c58ee 100644
--- a/installer/resources/blocklist.txt
+++ b/installer/resources/blocklist.txt
@@ -46,6 +46,7 @@ Friend of the Chinese Floodfill Flooder:159.226.40.3
 <a href="http://www.team-cymru.org/Services/Bogons/http.html">The Team Cymru Bogon List v6.8 03 FEB 2011</a>:172.16.0.0/12
 <a href="http://www.team-cymru.org/Services/Bogons/http.html">The Team Cymru Bogon List v6.8 03 FEB 2011</a>:192.0.0.0/24
 <a href="http://www.team-cymru.org/Services/Bogons/http.html">The Team Cymru Bogon List v6.8 03 FEB 2011</a>:192.0.2.0/24
+<a href="http://tools.ietf.org/html/rfc3068">6to4 Anycast</a>:192.88.99.0/24
 <a href="http://www.team-cymru.org/Services/Bogons/http.html">The Team Cymru Bogon List v6.8 03 FEB 2011</a>:192.168.0.0/16
 <a href="http://www.team-cymru.org/Services/Bogons/http.html">The Team Cymru Bogon List v6.8 03 FEB 2011</a>:198.18.0.0/15
 <a href="http://www.team-cymru.org/Services/Bogons/http.html">The Team Cymru Bogon List v6.8 03 FEB 2011</a>:198.51.100.0/24
diff --git a/router/java/src/net/i2p/router/transport/TransportUtil.java b/router/java/src/net/i2p/router/transport/TransportUtil.java
index ab15c1f2a2..86f081daa4 100644
--- a/router/java/src/net/i2p/router/transport/TransportUtil.java
+++ b/router/java/src/net/i2p/router/transport/TransportUtil.java
@@ -111,6 +111,9 @@ public abstract class TransportUtil {
             return true; // or at least possible to be true
         } else if (addr.length == 16) {
             if (allowIPv6) {
+                // disallow 2002::/16 (6to4 RFC 3056)
+                if (addr[0] == 0x20 && addr[1] == 0x02)
+                    return false;
                 try {
                     InetAddress ia = InetAddress.getByAddress(addr);
                     return