From 632182d1a9cfa3cf5f030ff7d7dd1555fba04e7c Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <grigorescu@gmail.com>
Date: Wed, 7 Jul 2021 14:41:31 -0500
Subject: [PATCH] Update Site::private_address_space to latest IANA networks

---
 scripts/base/utils/site.zeek | 58 ++++++++++++++++++++++++++++++++----
 1 file changed, 52 insertions(+), 6 deletions(-)

diff --git a/scripts/base/utils/site.zeek b/scripts/base/utils/site.zeek
index 94c487f7a3..b2e41cac59 100644
--- a/scripts/base/utils/site.zeek
+++ b/scripts/base/utils/site.zeek
@@ -5,16 +5,62 @@
 module Site;
 
 export {
-	## Address space that is considered private and unrouted.
-	## By default it has RFC defined non-routable IPv4 address space.
+	## A list of subnets that are considered private address space.
+	##
+	## By default, it has address blocks defined by IANA as not being routable over the Internet.
+	##
+	## See the `IPv4 Special-Purpose Address Registry <https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml>`_
+	## and the `IPv6 Special-Purpose Address Registry <https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml>`_
 	option private_address_space: set[subnet] = {
+		## "This network", see :rfc:`791`
+		0.0.0.0/8,
+		## Private-Use, see :rfc:`1918`
 		10.0.0.0/8,
-		192.168.0.0/16,
-		172.16.0.0/12,
-		100.64.0.0/10,  # RFC6598 Carrier Grade NAT
+		## Shared Address Space (also known as Carrier-grade NAT), see :rfc:`6598`
+		100.64.0.0/10,
+		## Loopback, see :rfc:`1122`
 		127.0.0.0/8,
-		[fe80::]/10,
+		## Link Local, see :rfc:`3927`
+		169.254.0.0/16,
+		## Private-Use, see :rfc:`1918`
+		172.16.0.0/12,
+		## IETF Protocol Assignments, see :rfc:`6890`
+		192.0.0.0/24,
+		## Documentation (TEST-NET-1), see :rfc:`5737`
+		192.0.2.0/24,
+		## Private-Use, see :rfc:`1918`
+		192.168.0.0/16,
+		## Benchmarking, see :rfc:`2544`
+		198.18.0.0/15,
+		## Documentation (TEST-NET-2), see :rfc:`5737`
+		198.51.100.0/24,
+		## Documentation (TEST-NET-3), see :rfc:`5737`
+		203.0.113.0/24,
+		## Reserved, see :rfc:`1112`
+		240.0.0.0/4,
+		## Limited Broadcast, see :rfc:`919` and :rfc:`8190`
+		255.255.255.255/32,
+		
+		## Unspecified Address, see :rfc:`4291`
+		[::]/128,
+		## Loopback Address, see :rfc:`4291`
 		[::1]/128,
+		## IPv4-mapped Address, see :rfc:`4291`
+		[::ffff:0:0]/96,
+		## IPv4-IPv6 Translation, see :rfc:`8215`
+		[64:ff9b:1::]/48,
+		## Discard-Only Address Block, see :rfc:`6666`
+		[100::]/64,
+		## IETF Protocol Assignments, see :rfc:`2928`
+		[2001::]/23,
+		## Benchmarking, see :rfc:`5180`
+		[2001:2::]/48,
+		## Documentation, see :rfc:`3849`
+		[2001:db8::]/32,
+		## Unique-Local, see :rfc:`4193` and :rfc:`8190`
+		[fc00::]/7,
+		## Link-Local Unicast, see :rfc:`4291`
+		[fe80::]/10,
 	};
 
 	## Networks that are considered "local".  Note that ZeekControl sets