mirror of
https://github.com/dashpay/dash.git
synced 2024-12-27 13:03:17 +01:00
net: Add CSubNet class for subnet matching
This commit is contained in:
parent
d864275299
commit
e16be73753
123
src/netbase.cpp
123
src/netbase.cpp
@ -546,6 +546,22 @@ void CNetAddr::SetIP(const CNetAddr& ipIn)
|
|||||||
memcpy(ip, ipIn.ip, sizeof(ip));
|
memcpy(ip, ipIn.ip, sizeof(ip));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void CNetAddr::SetRaw(Network network, const uint8_t *ip_in)
|
||||||
|
{
|
||||||
|
switch(network)
|
||||||
|
{
|
||||||
|
case NET_IPV4:
|
||||||
|
memcpy(ip, pchIPv4, 12);
|
||||||
|
memcpy(ip+12, ip_in, 4);
|
||||||
|
break;
|
||||||
|
case NET_IPV6:
|
||||||
|
memcpy(ip, ip_in, 16);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
assert(!"invalid network");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static const unsigned char pchOnionCat[] = {0xFD,0x87,0xD8,0x7E,0xEB,0x43};
|
static const unsigned char pchOnionCat[] = {0xFD,0x87,0xD8,0x7E,0xEB,0x43};
|
||||||
|
|
||||||
bool CNetAddr::SetSpecial(const std::string &strName)
|
bool CNetAddr::SetSpecial(const std::string &strName)
|
||||||
@ -569,13 +585,12 @@ CNetAddr::CNetAddr()
|
|||||||
|
|
||||||
CNetAddr::CNetAddr(const struct in_addr& ipv4Addr)
|
CNetAddr::CNetAddr(const struct in_addr& ipv4Addr)
|
||||||
{
|
{
|
||||||
memcpy(ip, pchIPv4, 12);
|
SetRaw(NET_IPV4, (const uint8_t*)&ipv4Addr);
|
||||||
memcpy(ip+12, &ipv4Addr, 4);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
CNetAddr::CNetAddr(const struct in6_addr& ipv6Addr)
|
CNetAddr::CNetAddr(const struct in6_addr& ipv6Addr)
|
||||||
{
|
{
|
||||||
memcpy(ip, &ipv6Addr, 16);
|
SetRaw(NET_IPV6, (const uint8_t*)&ipv6Addr);
|
||||||
}
|
}
|
||||||
|
|
||||||
CNetAddr::CNetAddr(const char *pszIp, bool fAllowLookup)
|
CNetAddr::CNetAddr(const char *pszIp, bool fAllowLookup)
|
||||||
@ -1120,3 +1135,105 @@ void CService::SetPort(unsigned short portIn)
|
|||||||
{
|
{
|
||||||
port = portIn;
|
port = portIn;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
CSubNet::CSubNet():
|
||||||
|
valid(false)
|
||||||
|
{
|
||||||
|
memset(netmask, 0, sizeof(netmask));
|
||||||
|
}
|
||||||
|
|
||||||
|
CSubNet::CSubNet(const std::string &strSubnet, bool fAllowLookup)
|
||||||
|
{
|
||||||
|
size_t slash = strSubnet.find_last_of('/');
|
||||||
|
std::vector<CNetAddr> vIP;
|
||||||
|
|
||||||
|
valid = true;
|
||||||
|
// Default to /32 (IPv4) or /128 (IPv6), i.e. match single address
|
||||||
|
memset(netmask, 255, sizeof(netmask));
|
||||||
|
|
||||||
|
std::string strAddress = strSubnet.substr(0, slash);
|
||||||
|
if (LookupHost(strAddress.c_str(), vIP, 1, fAllowLookup))
|
||||||
|
{
|
||||||
|
network = vIP[0];
|
||||||
|
if (slash != strSubnet.npos)
|
||||||
|
{
|
||||||
|
std::string strNetmask = strSubnet.substr(slash + 1);
|
||||||
|
int32_t n;
|
||||||
|
// IPv4 addresses start at offset 12, and first 12 bytes must match, so just offset n
|
||||||
|
int noffset = network.IsIPv4() ? (12 * 8) : 0;
|
||||||
|
if (ParseInt32(strNetmask, &n)) // If valid number, assume /24 symtex
|
||||||
|
{
|
||||||
|
if(n >= 0 && n <= (128 - noffset)) // Only valid if in range of bits of address
|
||||||
|
{
|
||||||
|
n += noffset;
|
||||||
|
// Clear bits [n..127]
|
||||||
|
for (; n < 128; ++n)
|
||||||
|
netmask[n>>3] &= ~(1<<(n&7));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
valid = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else // If not a valid number, try full netmask syntax
|
||||||
|
{
|
||||||
|
if (LookupHost(strNetmask.c_str(), vIP, 1, false)) // Never allow lookup for netmask
|
||||||
|
{
|
||||||
|
// Remember: GetByte returns bytes in reversed order
|
||||||
|
// Copy only the *last* four bytes in case of IPv4, the rest of the mask should stay 1's as
|
||||||
|
// we don't want pchIPv4 to be part of the mask.
|
||||||
|
int asize = network.IsIPv4() ? 4 : 16;
|
||||||
|
for(int x=0; x<asize; ++x)
|
||||||
|
netmask[15-x] = vIP[0].GetByte(x);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
valid = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
valid = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
bool CSubNet::Match(const CNetAddr &addr) const
|
||||||
|
{
|
||||||
|
if (!valid || !addr.IsValid())
|
||||||
|
return false;
|
||||||
|
for(int x=0; x<16; ++x)
|
||||||
|
if ((addr.GetByte(x) & netmask[15-x]) != network.GetByte(x))
|
||||||
|
return false;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
std::string CSubNet::ToString() const
|
||||||
|
{
|
||||||
|
std::string strNetmask;
|
||||||
|
if (network.IsIPv4())
|
||||||
|
strNetmask = strprintf("%u.%u.%u.%u", netmask[12], netmask[13], netmask[14], netmask[15]);
|
||||||
|
else
|
||||||
|
strNetmask = strprintf("%x:%x:%x:%x:%x:%x:%x:%x",
|
||||||
|
netmask[0] << 8 | netmask[1], netmask[2] << 8 | netmask[3],
|
||||||
|
netmask[4] << 8 | netmask[5], netmask[6] << 8 | netmask[7],
|
||||||
|
netmask[8] << 8 | netmask[9], netmask[10] << 8 | netmask[11],
|
||||||
|
netmask[12] << 8 | netmask[13], netmask[14] << 8 | netmask[15]);
|
||||||
|
return network.ToString() + "/" + strNetmask;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool CSubNet::IsValid() const
|
||||||
|
{
|
||||||
|
return valid;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool operator==(const CSubNet& a, const CSubNet& b)
|
||||||
|
{
|
||||||
|
return a.valid == b.valid && a.network == b.network && !memcmp(a.netmask, b.netmask, 16);
|
||||||
|
}
|
||||||
|
|
||||||
|
bool operator!=(const CSubNet& a, const CSubNet& b)
|
||||||
|
{
|
||||||
|
return !(a==b);
|
||||||
|
}
|
||||||
|
@ -49,6 +49,13 @@ class CNetAddr
|
|||||||
explicit CNetAddr(const std::string &strIp, bool fAllowLookup = false);
|
explicit CNetAddr(const std::string &strIp, bool fAllowLookup = false);
|
||||||
void Init();
|
void Init();
|
||||||
void SetIP(const CNetAddr& ip);
|
void SetIP(const CNetAddr& ip);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set raw IPv4 or IPv6 address (in network byte order)
|
||||||
|
* @note Only NET_IPV4 and NET_IPV6 are allowed for network.
|
||||||
|
*/
|
||||||
|
void SetRaw(Network network, const uint8_t *data);
|
||||||
|
|
||||||
bool SetSpecial(const std::string &strName); // for Tor addresses
|
bool SetSpecial(const std::string &strName); // for Tor addresses
|
||||||
bool IsIPv4() const; // IPv4 mapped address (::FFFF:0:0/96, 0.0.0.0/0)
|
bool IsIPv4() const; // IPv4 mapped address (::FFFF:0:0/96, 0.0.0.0/0)
|
||||||
bool IsIPv6() const; // IPv6 address (not mapped IPv4, not Tor)
|
bool IsIPv6() const; // IPv6 address (not mapped IPv4, not Tor)
|
||||||
@ -90,6 +97,29 @@ class CNetAddr
|
|||||||
)
|
)
|
||||||
};
|
};
|
||||||
|
|
||||||
|
class CSubNet
|
||||||
|
{
|
||||||
|
protected:
|
||||||
|
/// Network (base) address
|
||||||
|
CNetAddr network;
|
||||||
|
/// Netmask, in network byte order
|
||||||
|
uint8_t netmask[16];
|
||||||
|
/// Is this value valid? (only used to signal parse errors)
|
||||||
|
bool valid;
|
||||||
|
|
||||||
|
public:
|
||||||
|
CSubNet();
|
||||||
|
explicit CSubNet(const std::string &strSubnet, bool fAllowLookup = false);
|
||||||
|
|
||||||
|
bool Match(const CNetAddr &addr) const;
|
||||||
|
|
||||||
|
std::string ToString() const;
|
||||||
|
bool IsValid() const;
|
||||||
|
|
||||||
|
friend bool operator==(const CSubNet& a, const CSubNet& b);
|
||||||
|
friend bool operator!=(const CSubNet& a, const CSubNet& b);
|
||||||
|
};
|
||||||
|
|
||||||
/** A combination of a network address (CNetAddr) and a (TCP) port */
|
/** A combination of a network address (CNetAddr) and a (TCP) port */
|
||||||
class CService : public CNetAddr
|
class CService : public CNetAddr
|
||||||
{
|
{
|
||||||
|
@ -102,4 +102,41 @@ BOOST_AUTO_TEST_CASE(onioncat_test)
|
|||||||
BOOST_CHECK(addr1.IsRoutable());
|
BOOST_CHECK(addr1.IsRoutable());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
BOOST_AUTO_TEST_CASE(subnet_test)
|
||||||
|
{
|
||||||
|
BOOST_CHECK(CSubNet("1.2.3.0/24") == CSubNet("1.2.3.0/255.255.255.0"));
|
||||||
|
BOOST_CHECK(CSubNet("1.2.3.0/24") != CSubNet("1.2.4.0/255.255.255.0"));
|
||||||
|
BOOST_CHECK(CSubNet("1.2.3.0/24").Match(CNetAddr("1.2.3.4")));
|
||||||
|
BOOST_CHECK(!CSubNet("1.2.2.0/24").Match(CNetAddr("1.2.3.4")));
|
||||||
|
BOOST_CHECK(CSubNet("1.2.3.4").Match(CNetAddr("1.2.3.4")));
|
||||||
|
BOOST_CHECK(CSubNet("1.2.3.4/32").Match(CNetAddr("1.2.3.4")));
|
||||||
|
BOOST_CHECK(!CSubNet("1.2.3.4").Match(CNetAddr("5.6.7.8")));
|
||||||
|
BOOST_CHECK(!CSubNet("1.2.3.4/32").Match(CNetAddr("5.6.7.8")));
|
||||||
|
BOOST_CHECK(CSubNet("::ffff:127.0.0.1").Match(CNetAddr("127.0.0.1")));
|
||||||
|
BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:8").Match(CNetAddr("1:2:3:4:5:6:7:8")));
|
||||||
|
BOOST_CHECK(!CSubNet("1:2:3:4:5:6:7:8").Match(CNetAddr("1:2:3:4:5:6:7:9")));
|
||||||
|
BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:0/112").Match(CNetAddr("1:2:3:4:5:6:7:1234")));
|
||||||
|
// All-Matching IPv6 Matches arbitrary IPv4 and IPv6
|
||||||
|
BOOST_CHECK(CSubNet("::/0").Match(CNetAddr("1:2:3:4:5:6:7:1234")));
|
||||||
|
BOOST_CHECK(CSubNet("::/0").Match(CNetAddr("1.2.3.4")));
|
||||||
|
// All-Matching IPv4 does not Match IPv6
|
||||||
|
BOOST_CHECK(!CSubNet("0.0.0.0/0").Match(CNetAddr("1:2:3:4:5:6:7:1234")));
|
||||||
|
// Invalid subnets Match nothing (not even invalid addresses)
|
||||||
|
BOOST_CHECK(!CSubNet().Match(CNetAddr("1.2.3.4")));
|
||||||
|
BOOST_CHECK(!CSubNet("").Match(CNetAddr("4.5.6.7")));
|
||||||
|
BOOST_CHECK(!CSubNet("bloop").Match(CNetAddr("0.0.0.0")));
|
||||||
|
BOOST_CHECK(!CSubNet("bloop").Match(CNetAddr("hab")));
|
||||||
|
// Check valid/invalid
|
||||||
|
BOOST_CHECK(CSubNet("1.2.3.0/0").IsValid());
|
||||||
|
BOOST_CHECK(!CSubNet("1.2.3.0/-1").IsValid());
|
||||||
|
BOOST_CHECK(CSubNet("1.2.3.0/32").IsValid());
|
||||||
|
BOOST_CHECK(!CSubNet("1.2.3.0/33").IsValid());
|
||||||
|
BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:8/0").IsValid());
|
||||||
|
BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:8/33").IsValid());
|
||||||
|
BOOST_CHECK(!CSubNet("1:2:3:4:5:6:7:8/-1").IsValid());
|
||||||
|
BOOST_CHECK(CSubNet("1:2:3:4:5:6:7:8/128").IsValid());
|
||||||
|
BOOST_CHECK(!CSubNet("1:2:3:4:5:6:7:8/129").IsValid());
|
||||||
|
BOOST_CHECK(!CSubNet("fuzzy").IsValid());
|
||||||
|
}
|
||||||
|
|
||||||
BOOST_AUTO_TEST_SUITE_END()
|
BOOST_AUTO_TEST_SUITE_END()
|
||||||
|
Loading…
Reference in New Issue
Block a user