5c3fa98db6
In subsequent commits, calls to if_nametoindex() will be replaced by a wrapper that falls back to alternative name resolution over netlink. netlink support requires libsystemd (for sd-netlink), and we don't want to add any functions that require netlink in basic/. So stuff that calls if_nametoindex() for user supplied interface names, and everything that depends on that, needs to be moved.
715 lines
19 KiB
C
715 lines
19 KiB
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
|
|
#include <arpa/inet.h>
|
|
#include <endian.h>
|
|
#include <errno.h>
|
|
#include <net/if.h>
|
|
#include <stdint.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
#include "alloc-util.h"
|
|
#include "errno-util.h"
|
|
#include "in-addr-util.h"
|
|
#include "macro.h"
|
|
#include "parse-util.h"
|
|
#include "random-util.h"
|
|
#include "strxcpyx.h"
|
|
#include "util.h"
|
|
|
|
bool in4_addr_is_null(const struct in_addr *a) {
|
|
assert(a);
|
|
|
|
return a->s_addr == 0;
|
|
}
|
|
|
|
int in_addr_is_null(int family, const union in_addr_union *u) {
|
|
assert(u);
|
|
|
|
if (family == AF_INET)
|
|
return in4_addr_is_null(&u->in);
|
|
|
|
if (family == AF_INET6)
|
|
return IN6_IS_ADDR_UNSPECIFIED(&u->in6);
|
|
|
|
return -EAFNOSUPPORT;
|
|
}
|
|
|
|
bool in4_addr_is_link_local(const struct in_addr *a) {
|
|
assert(a);
|
|
|
|
return (be32toh(a->s_addr) & UINT32_C(0xFFFF0000)) == (UINT32_C(169) << 24 | UINT32_C(254) << 16);
|
|
}
|
|
|
|
int in_addr_is_link_local(int family, const union in_addr_union *u) {
|
|
assert(u);
|
|
|
|
if (family == AF_INET)
|
|
return in4_addr_is_link_local(&u->in);
|
|
|
|
if (family == AF_INET6)
|
|
return IN6_IS_ADDR_LINKLOCAL(&u->in6);
|
|
|
|
return -EAFNOSUPPORT;
|
|
}
|
|
|
|
int in_addr_is_multicast(int family, const union in_addr_union *u) {
|
|
assert(u);
|
|
|
|
if (family == AF_INET)
|
|
return IN_MULTICAST(be32toh(u->in.s_addr));
|
|
|
|
if (family == AF_INET6)
|
|
return IN6_IS_ADDR_MULTICAST(&u->in6);
|
|
|
|
return -EAFNOSUPPORT;
|
|
}
|
|
|
|
bool in4_addr_is_localhost(const struct in_addr *a) {
|
|
assert(a);
|
|
|
|
/* All of 127.x.x.x is localhost. */
|
|
return (be32toh(a->s_addr) & UINT32_C(0xFF000000)) == UINT32_C(127) << 24;
|
|
}
|
|
|
|
bool in4_addr_is_non_local(const struct in_addr *a) {
|
|
/* Whether the address is not null and not localhost.
|
|
*
|
|
* As such, it is suitable to configure as DNS/NTP server from DHCP. */
|
|
return !in4_addr_is_null(a) &&
|
|
!in4_addr_is_localhost(a);
|
|
}
|
|
|
|
int in_addr_is_localhost(int family, const union in_addr_union *u) {
|
|
assert(u);
|
|
|
|
if (family == AF_INET)
|
|
return in4_addr_is_localhost(&u->in);
|
|
|
|
if (family == AF_INET6)
|
|
return IN6_IS_ADDR_LOOPBACK(&u->in6);
|
|
|
|
return -EAFNOSUPPORT;
|
|
}
|
|
|
|
bool in4_addr_equal(const struct in_addr *a, const struct in_addr *b) {
|
|
assert(a);
|
|
assert(b);
|
|
|
|
return a->s_addr == b->s_addr;
|
|
}
|
|
|
|
int in_addr_equal(int family, const union in_addr_union *a, const union in_addr_union *b) {
|
|
assert(a);
|
|
assert(b);
|
|
|
|
if (family == AF_INET)
|
|
return in4_addr_equal(&a->in, &b->in);
|
|
|
|
if (family == AF_INET6)
|
|
return
|
|
a->in6.s6_addr32[0] == b->in6.s6_addr32[0] &&
|
|
a->in6.s6_addr32[1] == b->in6.s6_addr32[1] &&
|
|
a->in6.s6_addr32[2] == b->in6.s6_addr32[2] &&
|
|
a->in6.s6_addr32[3] == b->in6.s6_addr32[3];
|
|
|
|
return -EAFNOSUPPORT;
|
|
}
|
|
|
|
int in_addr_prefix_intersect(
|
|
int family,
|
|
const union in_addr_union *a,
|
|
unsigned aprefixlen,
|
|
const union in_addr_union *b,
|
|
unsigned bprefixlen) {
|
|
|
|
unsigned m;
|
|
|
|
assert(a);
|
|
assert(b);
|
|
|
|
/* Checks whether there are any addresses that are in both
|
|
* networks */
|
|
|
|
m = MIN(aprefixlen, bprefixlen);
|
|
|
|
if (family == AF_INET) {
|
|
uint32_t x, nm;
|
|
|
|
x = be32toh(a->in.s_addr ^ b->in.s_addr);
|
|
nm = (m == 0) ? 0 : 0xFFFFFFFFUL << (32 - m);
|
|
|
|
return (x & nm) == 0;
|
|
}
|
|
|
|
if (family == AF_INET6) {
|
|
unsigned i;
|
|
|
|
if (m > 128)
|
|
m = 128;
|
|
|
|
for (i = 0; i < 16; i++) {
|
|
uint8_t x, nm;
|
|
|
|
x = a->in6.s6_addr[i] ^ b->in6.s6_addr[i];
|
|
|
|
if (m < 8)
|
|
nm = 0xFF << (8 - m);
|
|
else
|
|
nm = 0xFF;
|
|
|
|
if ((x & nm) != 0)
|
|
return 0;
|
|
|
|
if (m > 8)
|
|
m -= 8;
|
|
else
|
|
m = 0;
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
return -EAFNOSUPPORT;
|
|
}
|
|
|
|
int in_addr_prefix_next(int family, union in_addr_union *u, unsigned prefixlen) {
|
|
assert(u);
|
|
|
|
/* Increases the network part of an address by one. Returns
|
|
* positive it that succeeds, or 0 if this overflows. */
|
|
|
|
if (prefixlen <= 0)
|
|
return 0;
|
|
|
|
if (family == AF_INET) {
|
|
uint32_t c, n;
|
|
|
|
if (prefixlen > 32)
|
|
prefixlen = 32;
|
|
|
|
c = be32toh(u->in.s_addr);
|
|
n = c + (1UL << (32 - prefixlen));
|
|
if (n < c)
|
|
return 0;
|
|
n &= 0xFFFFFFFFUL << (32 - prefixlen);
|
|
|
|
u->in.s_addr = htobe32(n);
|
|
return 1;
|
|
}
|
|
|
|
if (family == AF_INET6) {
|
|
struct in6_addr add = {}, result;
|
|
uint8_t overflow = 0;
|
|
unsigned i;
|
|
|
|
if (prefixlen > 128)
|
|
prefixlen = 128;
|
|
|
|
/* First calculate what we have to add */
|
|
add.s6_addr[(prefixlen-1) / 8] = 1 << (7 - (prefixlen-1) % 8);
|
|
|
|
for (i = 16; i > 0; i--) {
|
|
unsigned j = i - 1;
|
|
|
|
result.s6_addr[j] = u->in6.s6_addr[j] + add.s6_addr[j] + overflow;
|
|
overflow = (result.s6_addr[j] < u->in6.s6_addr[j]);
|
|
}
|
|
|
|
if (overflow)
|
|
return 0;
|
|
|
|
u->in6 = result;
|
|
return 1;
|
|
}
|
|
|
|
return -EAFNOSUPPORT;
|
|
}
|
|
|
|
int in_addr_random_prefix(
|
|
int family,
|
|
union in_addr_union *u,
|
|
unsigned prefixlen_fixed_part,
|
|
unsigned prefixlen) {
|
|
|
|
assert(u);
|
|
|
|
/* Random network part of an address by one. */
|
|
|
|
if (prefixlen <= 0)
|
|
return 0;
|
|
|
|
if (family == AF_INET) {
|
|
uint32_t c, n;
|
|
|
|
if (prefixlen_fixed_part > 32)
|
|
prefixlen_fixed_part = 32;
|
|
if (prefixlen > 32)
|
|
prefixlen = 32;
|
|
if (prefixlen_fixed_part >= prefixlen)
|
|
return -EINVAL;
|
|
|
|
c = be32toh(u->in.s_addr);
|
|
c &= ((UINT32_C(1) << prefixlen_fixed_part) - 1) << (32 - prefixlen_fixed_part);
|
|
|
|
random_bytes(&n, sizeof(n));
|
|
n &= ((UINT32_C(1) << (prefixlen - prefixlen_fixed_part)) - 1) << (32 - prefixlen);
|
|
|
|
u->in.s_addr = htobe32(n | c);
|
|
return 1;
|
|
}
|
|
|
|
if (family == AF_INET6) {
|
|
struct in6_addr n;
|
|
unsigned i, j;
|
|
|
|
if (prefixlen_fixed_part > 128)
|
|
prefixlen_fixed_part = 128;
|
|
if (prefixlen > 128)
|
|
prefixlen = 128;
|
|
if (prefixlen_fixed_part >= prefixlen)
|
|
return -EINVAL;
|
|
|
|
random_bytes(&n, sizeof(n));
|
|
|
|
for (i = 0; i < 16; i++) {
|
|
uint8_t mask_fixed_part = 0, mask = 0;
|
|
|
|
if (i < (prefixlen_fixed_part + 7) / 8) {
|
|
if (i < prefixlen_fixed_part / 8)
|
|
mask_fixed_part = 0xffu;
|
|
else {
|
|
j = prefixlen_fixed_part % 8;
|
|
mask_fixed_part = ((UINT8_C(1) << (j + 1)) - 1) << (8 - j);
|
|
}
|
|
}
|
|
|
|
if (i < (prefixlen + 7) / 8) {
|
|
if (i < prefixlen / 8)
|
|
mask = 0xffu ^ mask_fixed_part;
|
|
else {
|
|
j = prefixlen % 8;
|
|
mask = (((UINT8_C(1) << (j + 1)) - 1) << (8 - j)) ^ mask_fixed_part;
|
|
}
|
|
}
|
|
|
|
u->in6.s6_addr[i] &= mask_fixed_part;
|
|
u->in6.s6_addr[i] |= n.s6_addr[i] & mask;
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
return -EAFNOSUPPORT;
|
|
}
|
|
|
|
int in_addr_to_string(int family, const union in_addr_union *u, char **ret) {
|
|
_cleanup_free_ char *x = NULL;
|
|
size_t l;
|
|
|
|
assert(u);
|
|
assert(ret);
|
|
|
|
if (family == AF_INET)
|
|
l = INET_ADDRSTRLEN;
|
|
else if (family == AF_INET6)
|
|
l = INET6_ADDRSTRLEN;
|
|
else
|
|
return -EAFNOSUPPORT;
|
|
|
|
x = new(char, l);
|
|
if (!x)
|
|
return -ENOMEM;
|
|
|
|
errno = 0;
|
|
if (!inet_ntop(family, u, x, l))
|
|
return errno_or_else(EINVAL);
|
|
|
|
*ret = TAKE_PTR(x);
|
|
return 0;
|
|
}
|
|
|
|
int in_addr_prefix_to_string(int family, const union in_addr_union *u, unsigned prefixlen, char **ret) {
|
|
_cleanup_free_ char *x = NULL;
|
|
char *p;
|
|
size_t l;
|
|
|
|
assert(u);
|
|
assert(ret);
|
|
|
|
if (family == AF_INET)
|
|
l = INET_ADDRSTRLEN + 3;
|
|
else if (family == AF_INET6)
|
|
l = INET6_ADDRSTRLEN + 4;
|
|
else
|
|
return -EAFNOSUPPORT;
|
|
|
|
if (prefixlen > FAMILY_ADDRESS_SIZE(family) * 8)
|
|
return -EINVAL;
|
|
|
|
x = new(char, l);
|
|
if (!x)
|
|
return -ENOMEM;
|
|
|
|
errno = 0;
|
|
if (!inet_ntop(family, u, x, l))
|
|
return errno_or_else(EINVAL);
|
|
|
|
p = x + strlen(x);
|
|
l -= strlen(x);
|
|
(void) strpcpyf(&p, l, "/%u", prefixlen);
|
|
|
|
*ret = TAKE_PTR(x);
|
|
return 0;
|
|
}
|
|
|
|
int in_addr_ifindex_to_string(int family, const union in_addr_union *u, int ifindex, char **ret) {
|
|
_cleanup_free_ char *x = NULL;
|
|
size_t l;
|
|
int r;
|
|
|
|
assert(u);
|
|
assert(ret);
|
|
|
|
/* Much like in_addr_to_string(), but optionally appends the zone interface index to the address, to properly
|
|
* handle IPv6 link-local addresses. */
|
|
|
|
if (family != AF_INET6)
|
|
goto fallback;
|
|
if (ifindex <= 0)
|
|
goto fallback;
|
|
|
|
r = in_addr_is_link_local(family, u);
|
|
if (r < 0)
|
|
return r;
|
|
if (r == 0)
|
|
goto fallback;
|
|
|
|
l = INET6_ADDRSTRLEN + 1 + DECIMAL_STR_MAX(ifindex) + 1;
|
|
x = new(char, l);
|
|
if (!x)
|
|
return -ENOMEM;
|
|
|
|
errno = 0;
|
|
if (!inet_ntop(family, u, x, l))
|
|
return errno_or_else(EINVAL);
|
|
|
|
sprintf(strchr(x, 0), "%%%i", ifindex);
|
|
|
|
*ret = TAKE_PTR(x);
|
|
return 0;
|
|
|
|
fallback:
|
|
return in_addr_to_string(family, u, ret);
|
|
}
|
|
|
|
int in_addr_from_string(int family, const char *s, union in_addr_union *ret) {
|
|
union in_addr_union buffer;
|
|
assert(s);
|
|
|
|
if (!IN_SET(family, AF_INET, AF_INET6))
|
|
return -EAFNOSUPPORT;
|
|
|
|
errno = 0;
|
|
if (inet_pton(family, s, ret ?: &buffer) <= 0)
|
|
return errno_or_else(EINVAL);
|
|
|
|
return 0;
|
|
}
|
|
|
|
int in_addr_from_string_auto(const char *s, int *ret_family, union in_addr_union *ret) {
|
|
int r;
|
|
|
|
assert(s);
|
|
|
|
r = in_addr_from_string(AF_INET, s, ret);
|
|
if (r >= 0) {
|
|
if (ret_family)
|
|
*ret_family = AF_INET;
|
|
return 0;
|
|
}
|
|
|
|
r = in_addr_from_string(AF_INET6, s, ret);
|
|
if (r >= 0) {
|
|
if (ret_family)
|
|
*ret_family = AF_INET6;
|
|
return 0;
|
|
}
|
|
|
|
return -EINVAL;
|
|
}
|
|
|
|
unsigned char in4_addr_netmask_to_prefixlen(const struct in_addr *addr) {
|
|
assert(addr);
|
|
|
|
return 32U - u32ctz(be32toh(addr->s_addr));
|
|
}
|
|
|
|
struct in_addr* in4_addr_prefixlen_to_netmask(struct in_addr *addr, unsigned char prefixlen) {
|
|
assert(addr);
|
|
assert(prefixlen <= 32);
|
|
|
|
/* Shifting beyond 32 is not defined, handle this specially. */
|
|
if (prefixlen == 0)
|
|
addr->s_addr = 0;
|
|
else
|
|
addr->s_addr = htobe32((0xffffffff << (32 - prefixlen)) & 0xffffffff);
|
|
|
|
return addr;
|
|
}
|
|
|
|
int in4_addr_default_prefixlen(const struct in_addr *addr, unsigned char *prefixlen) {
|
|
uint8_t msb_octet = *(uint8_t*) addr;
|
|
|
|
/* addr may not be aligned, so make sure we only access it byte-wise */
|
|
|
|
assert(addr);
|
|
assert(prefixlen);
|
|
|
|
if (msb_octet < 128)
|
|
/* class A, leading bits: 0 */
|
|
*prefixlen = 8;
|
|
else if (msb_octet < 192)
|
|
/* class B, leading bits 10 */
|
|
*prefixlen = 16;
|
|
else if (msb_octet < 224)
|
|
/* class C, leading bits 110 */
|
|
*prefixlen = 24;
|
|
else
|
|
/* class D or E, no default prefixlen */
|
|
return -ERANGE;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int in4_addr_default_subnet_mask(const struct in_addr *addr, struct in_addr *mask) {
|
|
unsigned char prefixlen;
|
|
int r;
|
|
|
|
assert(addr);
|
|
assert(mask);
|
|
|
|
r = in4_addr_default_prefixlen(addr, &prefixlen);
|
|
if (r < 0)
|
|
return r;
|
|
|
|
in4_addr_prefixlen_to_netmask(mask, prefixlen);
|
|
return 0;
|
|
}
|
|
|
|
int in_addr_mask(int family, union in_addr_union *addr, unsigned char prefixlen) {
|
|
assert(addr);
|
|
|
|
if (family == AF_INET) {
|
|
struct in_addr mask;
|
|
|
|
if (!in4_addr_prefixlen_to_netmask(&mask, prefixlen))
|
|
return -EINVAL;
|
|
|
|
addr->in.s_addr &= mask.s_addr;
|
|
return 0;
|
|
}
|
|
|
|
if (family == AF_INET6) {
|
|
unsigned i;
|
|
|
|
for (i = 0; i < 16; i++) {
|
|
uint8_t mask;
|
|
|
|
if (prefixlen >= 8) {
|
|
mask = 0xFF;
|
|
prefixlen -= 8;
|
|
} else {
|
|
mask = 0xFF << (8 - prefixlen);
|
|
prefixlen = 0;
|
|
}
|
|
|
|
addr->in6.s6_addr[i] &= mask;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
return -EAFNOSUPPORT;
|
|
}
|
|
|
|
int in_addr_prefix_covers(int family,
|
|
const union in_addr_union *prefix,
|
|
unsigned char prefixlen,
|
|
const union in_addr_union *address) {
|
|
|
|
union in_addr_union masked_prefix, masked_address;
|
|
int r;
|
|
|
|
assert(prefix);
|
|
assert(address);
|
|
|
|
masked_prefix = *prefix;
|
|
r = in_addr_mask(family, &masked_prefix, prefixlen);
|
|
if (r < 0)
|
|
return r;
|
|
|
|
masked_address = *address;
|
|
r = in_addr_mask(family, &masked_address, prefixlen);
|
|
if (r < 0)
|
|
return r;
|
|
|
|
return in_addr_equal(family, &masked_prefix, &masked_address);
|
|
}
|
|
|
|
int in_addr_parse_prefixlen(int family, const char *p, unsigned char *ret) {
|
|
uint8_t u;
|
|
int r;
|
|
|
|
if (!IN_SET(family, AF_INET, AF_INET6))
|
|
return -EAFNOSUPPORT;
|
|
|
|
r = safe_atou8(p, &u);
|
|
if (r < 0)
|
|
return r;
|
|
|
|
if (u > FAMILY_ADDRESS_SIZE(family) * 8)
|
|
return -ERANGE;
|
|
|
|
*ret = u;
|
|
return 0;
|
|
}
|
|
|
|
int in_addr_prefix_from_string(
|
|
const char *p,
|
|
int family,
|
|
union in_addr_union *ret_prefix,
|
|
unsigned char *ret_prefixlen) {
|
|
|
|
_cleanup_free_ char *str = NULL;
|
|
union in_addr_union buffer;
|
|
const char *e, *l;
|
|
unsigned char k;
|
|
int r;
|
|
|
|
assert(p);
|
|
|
|
if (!IN_SET(family, AF_INET, AF_INET6))
|
|
return -EAFNOSUPPORT;
|
|
|
|
e = strchr(p, '/');
|
|
if (e) {
|
|
str = strndup(p, e - p);
|
|
if (!str)
|
|
return -ENOMEM;
|
|
|
|
l = str;
|
|
} else
|
|
l = p;
|
|
|
|
r = in_addr_from_string(family, l, &buffer);
|
|
if (r < 0)
|
|
return r;
|
|
|
|
if (e) {
|
|
r = in_addr_parse_prefixlen(family, e+1, &k);
|
|
if (r < 0)
|
|
return r;
|
|
} else
|
|
k = FAMILY_ADDRESS_SIZE(family) * 8;
|
|
|
|
if (ret_prefix)
|
|
*ret_prefix = buffer;
|
|
if (ret_prefixlen)
|
|
*ret_prefixlen = k;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int in_addr_prefix_from_string_auto_internal(
|
|
const char *p,
|
|
InAddrPrefixLenMode mode,
|
|
int *ret_family,
|
|
union in_addr_union *ret_prefix,
|
|
unsigned char *ret_prefixlen) {
|
|
|
|
_cleanup_free_ char *str = NULL;
|
|
union in_addr_union buffer;
|
|
const char *e, *l;
|
|
unsigned char k;
|
|
int family, r;
|
|
|
|
assert(p);
|
|
|
|
e = strchr(p, '/');
|
|
if (e) {
|
|
str = strndup(p, e - p);
|
|
if (!str)
|
|
return -ENOMEM;
|
|
|
|
l = str;
|
|
} else
|
|
l = p;
|
|
|
|
r = in_addr_from_string_auto(l, &family, &buffer);
|
|
if (r < 0)
|
|
return r;
|
|
|
|
if (e) {
|
|
r = in_addr_parse_prefixlen(family, e+1, &k);
|
|
if (r < 0)
|
|
return r;
|
|
} else
|
|
switch (mode) {
|
|
case PREFIXLEN_FULL:
|
|
k = FAMILY_ADDRESS_SIZE(family) * 8;
|
|
break;
|
|
case PREFIXLEN_REFUSE:
|
|
return -ENOANO; /* To distinguish this error from others. */
|
|
case PREFIXLEN_LEGACY:
|
|
if (family == AF_INET) {
|
|
r = in4_addr_default_prefixlen(&buffer.in, &k);
|
|
if (r < 0)
|
|
return r;
|
|
} else
|
|
k = 0;
|
|
break;
|
|
default:
|
|
assert_not_reached("Invalid prefixlen mode");
|
|
}
|
|
|
|
if (ret_family)
|
|
*ret_family = family;
|
|
if (ret_prefix)
|
|
*ret_prefix = buffer;
|
|
if (ret_prefixlen)
|
|
*ret_prefixlen = k;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
static void in_addr_data_hash_func(const struct in_addr_data *a, struct siphash *state) {
|
|
siphash24_compress(&a->family, sizeof(a->family), state);
|
|
siphash24_compress(&a->address, FAMILY_ADDRESS_SIZE(a->family), state);
|
|
}
|
|
|
|
static int in_addr_data_compare_func(const struct in_addr_data *x, const struct in_addr_data *y) {
|
|
int r;
|
|
|
|
r = CMP(x->family, y->family);
|
|
if (r != 0)
|
|
return r;
|
|
|
|
return memcmp(&x->address, &y->address, FAMILY_ADDRESS_SIZE(x->family));
|
|
}
|
|
|
|
DEFINE_HASH_OPS(in_addr_data_hash_ops, struct in_addr_data, in_addr_data_hash_func, in_addr_data_compare_func);
|
|
|
|
static void in6_addr_hash_func(const struct in6_addr *addr, struct siphash *state) {
|
|
assert(addr);
|
|
|
|
siphash24_compress(addr, sizeof(*addr), state);
|
|
}
|
|
|
|
static int in6_addr_compare_func(const struct in6_addr *a, const struct in6_addr *b) {
|
|
return memcmp(a, b, sizeof(*a));
|
|
}
|
|
|
|
DEFINE_HASH_OPS(in6_addr_hash_ops, struct in6_addr, in6_addr_hash_func, in6_addr_compare_func);
|