diff options
author | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-04-28 11:08:57 +0200 |
---|---|---|
committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-05-09 16:45:57 +0200 |
commit | e16be73753d870c5ce77094d3a402bbe8e3bf542 (patch) | |
tree | d5c308bf0f0a9fa660161043edbabb5541e97a6b /src | |
parent | d8642752992799b0695cf97ada03c56d0526830c (diff) |
net: Add CSubNet class for subnet matching
Diffstat (limited to 'src')
-rw-r--r-- | src/netbase.cpp | 123 | ||||
-rw-r--r-- | src/netbase.h | 30 | ||||
-rw-r--r-- | src/test/netbase_tests.cpp | 37 |
3 files changed, 187 insertions, 3 deletions
diff --git a/src/netbase.cpp b/src/netbase.cpp index 4f7e3f6b78..82a681281d 100644 --- a/src/netbase.cpp +++ b/src/netbase.cpp @@ -546,6 +546,22 @@ void CNetAddr::SetIP(const CNetAddr& ipIn) memcpy(ip, ipIn.ip, sizeof(ip)); } +void CNetAddr::SetRaw(Network network, const uint8_t *ip_in) +{ + switch(network) + { + case NET_IPV4: + memcpy(ip, pchIPv4, 12); + memcpy(ip+12, ip_in, 4); + break; + case NET_IPV6: + memcpy(ip, ip_in, 16); + break; + default: + assert(!"invalid network"); + } +} + static const unsigned char pchOnionCat[] = {0xFD,0x87,0xD8,0x7E,0xEB,0x43}; bool CNetAddr::SetSpecial(const std::string &strName) @@ -569,13 +585,12 @@ CNetAddr::CNetAddr() CNetAddr::CNetAddr(const struct in_addr& ipv4Addr) { - memcpy(ip, pchIPv4, 12); - memcpy(ip+12, &ipv4Addr, 4); + SetRaw(NET_IPV4, (const uint8_t*)&ipv4Addr); } CNetAddr::CNetAddr(const struct in6_addr& ipv6Addr) { - memcpy(ip, &ipv6Addr, 16); + SetRaw(NET_IPV6, (const uint8_t*)&ipv6Addr); } CNetAddr::CNetAddr(const char *pszIp, bool fAllowLookup) @@ -1120,3 +1135,105 @@ void CService::SetPort(unsigned short portIn) { port = portIn; } + +CSubNet::CSubNet(): + valid(false) +{ + memset(netmask, 0, sizeof(netmask)); +} + +CSubNet::CSubNet(const std::string &strSubnet, bool fAllowLookup) +{ + size_t slash = strSubnet.find_last_of('/'); + std::vector<CNetAddr> vIP; + + valid = true; + // Default to /32 (IPv4) or /128 (IPv6), i.e. match single address + memset(netmask, 255, sizeof(netmask)); + + std::string strAddress = strSubnet.substr(0, slash); + if (LookupHost(strAddress.c_str(), vIP, 1, fAllowLookup)) + { + network = vIP[0]; + if (slash != strSubnet.npos) + { + std::string strNetmask = strSubnet.substr(slash + 1); + int32_t n; + // IPv4 addresses start at offset 12, and first 12 bytes must match, so just offset n + int noffset = network.IsIPv4() ? (12 * 8) : 0; + if (ParseInt32(strNetmask, &n)) // If valid number, assume /24 symtex + { + if(n >= 0 && n <= (128 - noffset)) // Only valid if in range of bits of address + { + n += noffset; + // Clear bits [n..127] + for (; n < 128; ++n) + netmask[n>>3] &= ~(1<<(n&7)); + } + else + { + valid = false; + } + } + else // If not a valid number, try full netmask syntax + { + if (LookupHost(strNetmask.c_str(), vIP, 1, false)) // Never allow lookup for netmask + { + // Remember: GetByte returns bytes in reversed order + // Copy only the *last* four bytes in case of IPv4, the rest of the mask should stay 1's as + // we don't want pchIPv4 to be part of the mask. + int asize = network.IsIPv4() ? 4 : 16; + for(int x=0; x<asize; ++x) + netmask[15-x] = vIP[0].GetByte(x); + } + else + { + valid = false; + } + } + } + } + else + { + valid = false; + } +} + +bool CSubNet::Match(const CNetAddr &addr) const +{ + if (!valid || !addr.IsValid()) + return false; + for(int x=0; x<16; ++x) + if ((addr.GetByte(x) & netmask[15-x]) != network.GetByte(x)) + return false; + return true; +} + +std::string CSubNet::ToString() const +{ + std::string strNetmask; + if (network.IsIPv4()) + strNetmask = strprintf("%u.%u.%u.%u", netmask[12], netmask[13], netmask[14], netmask[15]); + else + strNetmask = strprintf("%x:%x:%x:%x:%x:%x:%x:%x", + netmask[0] << 8 | netmask[1], netmask[2] << 8 | netmask[3], + netmask[4] << 8 | netmask[5], netmask[6] << 8 | netmask[7], + netmask[8] << 8 | netmask[9], netmask[10] << 8 | netmask[11], + netmask[12] << 8 | netmask[13], netmask[14] << 8 | netmask[15]); + return network.ToString() + "/" + strNetmask; +} + +bool CSubNet::IsValid() const +{ + return valid; +} + +bool operator==(const CSubNet& a, const CSubNet& b) +{ + return a.valid == b.valid && a.network == b.network && !memcmp(a.netmask, b.netmask, 16); +} + +bool operator!=(const CSubNet& a, const CSubNet& b) +{ + return !(a==b); +} diff --git a/src/netbase.h b/src/netbase.h index 95b1795767..118f866d6c 100644 --- a/src/netbase.h +++ b/src/netbase.h @@ -49,6 +49,13 @@ class CNetAddr explicit CNetAddr(const std::string &strIp, bool fAllowLookup = false); void Init(); void SetIP(const CNetAddr& ip); + + /** + * Set raw IPv4 or IPv6 address (in network byte order) + * @note Only NET_IPV4 and NET_IPV6 are allowed for network. + */ + void SetRaw(Network network, const uint8_t *data); + bool SetSpecial(const std::string &strName); // for Tor addresses bool IsIPv4() const; // IPv4 mapped address (::FFFF:0:0/96, 0.0.0.0/0) bool IsIPv6() const; // IPv6 address (not mapped IPv4, not Tor) @@ -90,6 +97,29 @@ class CNetAddr ) }; +class CSubNet +{ + protected: + /// Network (base) address + CNetAddr network; + /// Netmask, in network byte order + uint8_t netmask[16]; + /// Is this value valid? (only used to signal parse errors) + bool valid; + + public: + CSubNet(); + explicit CSubNet(const std::string &strSubnet, bool fAllowLookup = false); + + bool Match(const CNetAddr &addr) const; + + std::string ToString() const; + bool IsValid() const; + + friend bool operator==(const CSubNet& a, const CSubNet& b); + friend bool operator!=(const CSubNet& a, const CSubNet& b); +}; + /** A combination of a network address (CNetAddr) and a (TCP) port */ class CService : public CNetAddr { diff --git a/src/test/netbase_tests.cpp b/src/test/netbase_tests.cpp index 4321852d11..c26e738384 100644 --- a/src/test/netbase_tests.cpp +++ b/src/test/netbase_tests.cpp @@ -102,4 +102,41 @@ BOOST_AUTO_TEST_CASE(onioncat_test) BOOST_CHECK(addr1.IsRoutable()); } +BOOST_AUTO_TEST_CASE(subnet_test) +{ + BOOST_CHECK(CSubNet("1.2.3.0/24") == CSubNet("1.2.3.0/255.255.255.0")); + BOOST_CHECK(CSubNet("1.2.3.0/24") != CSubNet("1.2.4.0/255.255.255.0")); + BOOST_CHECK(CSubNet("1.2.3.0/24").Match(CNetAddr("1.2.3.4"))); + BOOST_CHECK(!CSubNet("1.2.2.0/24").Match(CNetAddr("1.2.3.4"))); + BOOST_CHECK(CSubNet("1.2.3.4").Match(CNetAddr("1.2.3.4"))); + BOOST_CHECK(CSubNet("1.2.3.4/32").Match(CNetAddr("1.2.3.4"))); + BOOST_CHECK(!CSubNet("1.2.3.4").Match(CNetAddr("5.6.7.8"))); + BOOST_CHECK(!CSubNet("1.2.3.4/32").Match(CNetAddr("5.6.7.8"))); + BOOST_CHECK(CSubNet("::ffff:127.0.0.1").Match(CNetAddr("127.0.0.1"))); + BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:8").Match(CNetAddr("1:2:3:4:5:6:7:8"))); + BOOST_CHECK(!CSubNet("1:2:3:4:5:6:7:8").Match(CNetAddr("1:2:3:4:5:6:7:9"))); + BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:0/112").Match(CNetAddr("1:2:3:4:5:6:7:1234"))); + // All-Matching IPv6 Matches arbitrary IPv4 and IPv6 + BOOST_CHECK(CSubNet("::/0").Match(CNetAddr("1:2:3:4:5:6:7:1234"))); + BOOST_CHECK(CSubNet("::/0").Match(CNetAddr("1.2.3.4"))); + // All-Matching IPv4 does not Match IPv6 + BOOST_CHECK(!CSubNet("0.0.0.0/0").Match(CNetAddr("1:2:3:4:5:6:7:1234"))); + // Invalid subnets Match nothing (not even invalid addresses) + BOOST_CHECK(!CSubNet().Match(CNetAddr("1.2.3.4"))); + BOOST_CHECK(!CSubNet("").Match(CNetAddr("4.5.6.7"))); + BOOST_CHECK(!CSubNet("bloop").Match(CNetAddr("0.0.0.0"))); + BOOST_CHECK(!CSubNet("bloop").Match(CNetAddr("hab"))); + // Check valid/invalid + BOOST_CHECK(CSubNet("1.2.3.0/0").IsValid()); + BOOST_CHECK(!CSubNet("1.2.3.0/-1").IsValid()); + BOOST_CHECK(CSubNet("1.2.3.0/32").IsValid()); + BOOST_CHECK(!CSubNet("1.2.3.0/33").IsValid()); + BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:8/0").IsValid()); + BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:8/33").IsValid()); + BOOST_CHECK(!CSubNet("1:2:3:4:5:6:7:8/-1").IsValid()); + BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:8/128").IsValid()); + BOOST_CHECK(!CSubNet("1:2:3:4:5:6:7:8/129").IsValid()); + BOOST_CHECK(!CSubNet("fuzzy").IsValid()); +} + BOOST_AUTO_TEST_SUITE_END() |