1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
11 #include "alloc-util.h"
12 #include "errno-util.h"
13 #include "in-addr-util.h"
14 #include "logarithm.h"
16 #include "parse-util.h"
17 #include "random-util.h"
18 #include "stdio-util.h"
19 #include "string-util.h"
22 bool in4_addr_is_null(const struct in_addr
*a
) {
25 return a
->s_addr
== 0;
28 bool in6_addr_is_null(const struct in6_addr
*a
) {
31 return IN6_IS_ADDR_UNSPECIFIED(a
);
34 int in_addr_is_null(int family
, const union in_addr_union
*u
) {
37 if (family
== AF_INET
)
38 return in4_addr_is_null(&u
->in
);
40 if (family
== AF_INET6
)
41 return in6_addr_is_null(&u
->in6
);
46 bool in4_addr_is_link_local(const struct in_addr
*a
) {
49 return (be32toh(a
->s_addr
) & UINT32_C(0xFFFF0000)) == (UINT32_C(169) << 24 | UINT32_C(254) << 16);
52 bool in4_addr_is_link_local_dynamic(const struct in_addr
*a
) {
55 if (!in4_addr_is_link_local(a
))
58 /* 169.254.0.0/24 and 169.254.255.0/24 must not be used for the dynamic IPv4LL assignment.
59 * See RFC 3927 Section 2.1:
60 * The IPv4 prefix 169.254/16 is registered with the IANA for this purpose. The first 256 and last
61 * 256 addresses in the 169.254/16 prefix are reserved for future use and MUST NOT be selected by a
62 * host using this dynamic configuration mechanism. */
63 return !IN_SET(be32toh(a
->s_addr
) & 0x0000FF00U
, 0x0000U
, 0xFF00U
);
66 bool in6_addr_is_link_local(const struct in6_addr
*a
) {
69 return IN6_IS_ADDR_LINKLOCAL(a
);
72 int in_addr_is_link_local(int family
, const union in_addr_union
*u
) {
75 if (family
== AF_INET
)
76 return in4_addr_is_link_local(&u
->in
);
78 if (family
== AF_INET6
)
79 return in6_addr_is_link_local(&u
->in6
);
84 bool in6_addr_is_link_local_all_nodes(const struct in6_addr
*a
) {
88 return be32toh(a
->s6_addr32
[0]) == UINT32_C(0xff020000) &&
89 a
->s6_addr32
[1] == 0 &&
90 a
->s6_addr32
[2] == 0 &&
91 be32toh(a
->s6_addr32
[3]) == UINT32_C(0x00000001);
94 int in_addr_is_multicast(int family
, const union in_addr_union
*u
) {
97 if (family
== AF_INET
)
98 return IN_MULTICAST(be32toh(u
->in
.s_addr
));
100 if (family
== AF_INET6
)
101 return IN6_IS_ADDR_MULTICAST(&u
->in6
);
103 return -EAFNOSUPPORT
;
106 bool in4_addr_is_local_multicast(const struct in_addr
*a
) {
109 return (be32toh(a
->s_addr
) & UINT32_C(0xffffff00)) == UINT32_C(0xe0000000);
112 bool in4_addr_is_localhost(const struct in_addr
*a
) {
115 /* All of 127.x.x.x is localhost. */
116 return (be32toh(a
->s_addr
) & UINT32_C(0xFF000000)) == UINT32_C(127) << 24;
119 bool in4_addr_is_non_local(const struct in_addr
*a
) {
120 /* Whether the address is not null and not localhost.
122 * As such, it is suitable to configure as DNS/NTP server from DHCP. */
123 return !in4_addr_is_null(a
) &&
124 !in4_addr_is_localhost(a
);
127 int in_addr_is_localhost(int family
, const union in_addr_union
*u
) {
130 if (family
== AF_INET
)
131 return in4_addr_is_localhost(&u
->in
);
133 if (family
== AF_INET6
)
134 return IN6_IS_ADDR_LOOPBACK(&u
->in6
);
136 return -EAFNOSUPPORT
;
139 int in_addr_is_localhost_one(int family
, const union in_addr_union
*u
) {
142 if (family
== AF_INET
)
144 return be32toh(u
->in
.s_addr
) == UINT32_C(0x7F000001);
146 if (family
== AF_INET6
)
147 return IN6_IS_ADDR_LOOPBACK(&u
->in6
);
149 return -EAFNOSUPPORT
;
152 bool in6_addr_is_ipv4_mapped_address(const struct in6_addr
*a
) {
153 return a
->s6_addr32
[0] == 0 &&
154 a
->s6_addr32
[1] == 0 &&
155 a
->s6_addr32
[2] == htobe32(UINT32_C(0x0000ffff));
158 bool in4_addr_equal(const struct in_addr
*a
, const struct in_addr
*b
) {
162 return a
->s_addr
== b
->s_addr
;
165 bool in6_addr_equal(const struct in6_addr
*a
, const struct in6_addr
*b
) {
169 return IN6_ARE_ADDR_EQUAL(a
, b
);
172 int in_addr_equal(int family
, const union in_addr_union
*a
, const union in_addr_union
*b
) {
176 if (family
== AF_INET
)
177 return in4_addr_equal(&a
->in
, &b
->in
);
179 if (family
== AF_INET6
)
180 return in6_addr_equal(&a
->in6
, &b
->in6
);
182 return -EAFNOSUPPORT
;
185 int in_addr_prefix_intersect(
187 const union in_addr_union
*a
,
189 const union in_addr_union
*b
,
190 unsigned bprefixlen
) {
197 /* Checks whether there are any addresses that are in both networks */
199 m
= MIN(aprefixlen
, bprefixlen
);
201 if (family
== AF_INET
) {
204 x
= be32toh(a
->in
.s_addr
^ b
->in
.s_addr
);
205 nm
= m
== 0 ? 0 : 0xFFFFFFFFUL
<< (32 - m
);
207 return (x
& nm
) == 0;
210 if (family
== AF_INET6
) {
216 for (i
= 0; i
< 16; i
++) {
219 x
= a
->in6
.s6_addr
[i
] ^ b
->in6
.s6_addr
[i
];
222 nm
= 0xFF << (8 - m
);
238 return -EAFNOSUPPORT
;
241 int in_addr_prefix_next(int family
, union in_addr_union
*u
, unsigned prefixlen
) {
244 /* Increases the network part of an address by one. Returns 0 if that succeeds, or -ERANGE if
247 return in_addr_prefix_nth(family
, u
, prefixlen
, 1);
251 * Calculates the nth prefix of size prefixlen starting from the address denoted by u.
253 * On success 0 will be returned and the calculated prefix will be available in
254 * u. In case the calculation cannot be performed (invalid prefix length,
255 * overflows would occur) -ERANGE is returned. If the address family given isn't
256 * supported -EAFNOSUPPORT will be returned.
259 * - in_addr_prefix_nth(AF_INET, 192.168.0.0, 24, 2), returns 0, writes 192.168.2.0 to u
260 * - in_addr_prefix_nth(AF_INET, 192.168.0.0, 24, 0), returns 0, no data written
261 * - in_addr_prefix_nth(AF_INET, 255.255.255.0, 24, 1), returns -ERANGE, no data written
262 * - in_addr_prefix_nth(AF_INET, 255.255.255.0, 0, 1), returns -ERANGE, no data written
263 * - in_addr_prefix_nth(AF_INET6, 2001:db8, 64, 0xff00) returns 0, writes 2001:0db8:0000:ff00:: to u
265 int in_addr_prefix_nth(int family
, union in_addr_union
*u
, unsigned prefixlen
, uint64_t nth
) {
271 if (family
== AF_INET
) {
277 c
= be32toh(u
->in
.s_addr
);
279 t
= nth
<< (32 - prefixlen
);
282 if (c
> UINT32_MAX
- t
)
287 n
&= UINT32_C(0xFFFFFFFF) << (32 - prefixlen
);
288 u
->in
.s_addr
= htobe32(n
);
292 if (family
== AF_INET6
) {
293 bool overflow
= false;
298 for (unsigned i
= 16; i
> 0; i
--) {
299 unsigned t
, j
= i
- 1, p
= j
* 8;
301 if (p
>= prefixlen
) {
302 u
->in6
.s6_addr
[j
] = 0;
306 if (prefixlen
- p
< 8) {
307 u
->in6
.s6_addr
[j
] &= 0xff << (8 - (prefixlen
- p
));
308 t
= u
->in6
.s6_addr
[j
] + ((nth
& 0xff) << (8 - (prefixlen
- p
)));
309 nth
>>= prefixlen
- p
;
311 t
= u
->in6
.s6_addr
[j
] + (nth
& 0xff) + overflow
;
315 overflow
= t
> UINT8_MAX
;
316 u
->in6
.s6_addr
[j
] = (uint8_t) (t
& 0xff);
319 if (overflow
|| nth
!= 0)
325 return -EAFNOSUPPORT
;
328 int in_addr_random_prefix(
330 union in_addr_union
*u
,
331 unsigned prefixlen_fixed_part
,
332 unsigned prefixlen
) {
336 /* Random network part of an address by one. */
341 if (family
== AF_INET
) {
344 if (prefixlen_fixed_part
> 32)
345 prefixlen_fixed_part
= 32;
348 if (prefixlen_fixed_part
>= prefixlen
)
351 c
= be32toh(u
->in
.s_addr
);
352 c
&= ((UINT32_C(1) << prefixlen_fixed_part
) - 1) << (32 - prefixlen_fixed_part
);
354 random_bytes(&n
, sizeof(n
));
355 n
&= ((UINT32_C(1) << (prefixlen
- prefixlen_fixed_part
)) - 1) << (32 - prefixlen
);
357 u
->in
.s_addr
= htobe32(n
| c
);
361 if (family
== AF_INET6
) {
365 if (prefixlen_fixed_part
> 128)
366 prefixlen_fixed_part
= 128;
369 if (prefixlen_fixed_part
>= prefixlen
)
372 random_bytes(&n
, sizeof(n
));
374 for (i
= 0; i
< 16; i
++) {
375 uint8_t mask_fixed_part
= 0, mask
= 0;
377 if (i
< (prefixlen_fixed_part
+ 7) / 8) {
378 if (i
< prefixlen_fixed_part
/ 8)
379 mask_fixed_part
= 0xffu
;
381 j
= prefixlen_fixed_part
% 8;
382 mask_fixed_part
= ((UINT8_C(1) << (j
+ 1)) - 1) << (8 - j
);
386 if (i
< (prefixlen
+ 7) / 8) {
387 if (i
< prefixlen
/ 8)
388 mask
= 0xffu
^ mask_fixed_part
;
391 mask
= (((UINT8_C(1) << (j
+ 1)) - 1) << (8 - j
)) ^ mask_fixed_part
;
395 u
->in6
.s6_addr
[i
] &= mask_fixed_part
;
396 u
->in6
.s6_addr
[i
] |= n
.s6_addr
[i
] & mask
;
402 return -EAFNOSUPPORT
;
405 int in_addr_prefix_range(
407 const union in_addr_union
*in
,
409 union in_addr_union
*ret_start
,
410 union in_addr_union
*ret_end
) {
412 union in_addr_union start
, end
;
417 if (!IN_SET(family
, AF_INET
, AF_INET6
))
418 return -EAFNOSUPPORT
;
422 r
= in_addr_prefix_nth(family
, &start
, prefixlen
, 0);
429 r
= in_addr_prefix_nth(family
, &end
, prefixlen
, 1);
442 int in_addr_to_string(int family
, const union in_addr_union
*u
, char **ret
) {
443 _cleanup_free_
char *x
= NULL
;
449 if (family
== AF_INET
)
451 else if (family
== AF_INET6
)
452 l
= INET6_ADDRSTRLEN
;
454 return -EAFNOSUPPORT
;
461 if (!typesafe_inet_ntop(family
, u
, x
, l
))
462 return errno_or_else(EINVAL
);
468 int in_addr_prefix_to_string(
470 const union in_addr_union
*u
,
478 if (!IN_SET(family
, AF_INET
, AF_INET6
))
479 return -EAFNOSUPPORT
;
482 if (!typesafe_inet_ntop(family
, u
, buf
, buf_len
))
483 return errno_or_else(ENOSPC
);
485 size_t l
= strlen(buf
);
486 if (!snprintf_ok(buf
+ l
, buf_len
- l
, "/%u", prefixlen
))
491 int in_addr_port_ifindex_name_to_string(int family
, const union in_addr_union
*u
, uint16_t port
, int ifindex
, const char *server_name
, char **ret
) {
492 _cleanup_free_
char *ip_str
= NULL
, *x
= NULL
;
495 assert(IN_SET(family
, AF_INET
, AF_INET6
));
499 /* Much like in_addr_to_string(), but optionally appends the zone interface index to the address, to properly
500 * handle IPv6 link-local addresses. */
502 r
= in_addr_to_string(family
, u
, &ip_str
);
506 if (family
== AF_INET6
) {
507 r
= in_addr_is_link_local(family
, u
);
513 ifindex
= 0; /* For IPv4 address, ifindex is always ignored. */
515 if (port
== 0 && ifindex
== 0 && isempty(server_name
)) {
516 *ret
= TAKE_PTR(ip_str
);
520 const char *separator
= isempty(server_name
) ? "" : "#";
521 server_name
= strempty(server_name
);
524 if (family
== AF_INET6
) {
526 r
= asprintf(&x
, "[%s]:%"PRIu16
"%%%i%s%s", ip_str
, port
, ifindex
, separator
, server_name
);
528 r
= asprintf(&x
, "[%s]:%"PRIu16
"%s%s", ip_str
, port
, separator
, server_name
);
530 r
= asprintf(&x
, "%s:%"PRIu16
"%s%s", ip_str
, port
, separator
, server_name
);
533 r
= asprintf(&x
, "%s%%%i%s%s", ip_str
, ifindex
, separator
, server_name
);
535 x
= strjoin(ip_str
, separator
, server_name
);
546 int in_addr_from_string(int family
, const char *s
, union in_addr_union
*ret
) {
547 union in_addr_union buffer
;
550 if (!IN_SET(family
, AF_INET
, AF_INET6
))
551 return -EAFNOSUPPORT
;
554 if (inet_pton(family
, s
, ret
?: &buffer
) <= 0)
555 return errno_or_else(EINVAL
);
560 int in_addr_from_string_auto(const char *s
, int *ret_family
, union in_addr_union
*ret
) {
565 r
= in_addr_from_string(AF_INET
, s
, ret
);
568 *ret_family
= AF_INET
;
572 r
= in_addr_from_string(AF_INET6
, s
, ret
);
575 *ret_family
= AF_INET6
;
582 unsigned char in4_addr_netmask_to_prefixlen(const struct in_addr
*addr
) {
585 return 32U - u32ctz(be32toh(addr
->s_addr
));
588 /* Calculate an IPv4 netmask from prefix length, for example /8 -> 255.0.0.0. */
589 struct in_addr
* in4_addr_prefixlen_to_netmask(struct in_addr
*addr
, unsigned char prefixlen
) {
591 assert(prefixlen
<= 32);
593 /* Shifting beyond 32 is not defined, handle this specially. */
597 addr
->s_addr
= htobe32((0xffffffff << (32 - prefixlen
)) & 0xffffffff);
602 /* Calculate an IPv6 netmask from prefix length, for example /16 -> ffff::. */
603 struct in6_addr
* in6_addr_prefixlen_to_netmask(struct in6_addr
*addr
, unsigned char prefixlen
) {
605 assert(prefixlen
<= 128);
607 for (unsigned i
= 0; i
< 16; i
++) {
610 if (prefixlen
>= 8) {
613 } else if (prefixlen
> 0) {
614 mask
= 0xFF << (8 - prefixlen
);
617 assert(prefixlen
== 0);
621 addr
->s6_addr
[i
] = mask
;
627 /* Calculate an IPv4 or IPv6 netmask from prefix length, for example /8 -> 255.0.0.0 or /16 -> ffff::. */
628 int in_addr_prefixlen_to_netmask(int family
, union in_addr_union
*addr
, unsigned char prefixlen
) {
633 in4_addr_prefixlen_to_netmask(&addr
->in
, prefixlen
);
636 in6_addr_prefixlen_to_netmask(&addr
->in6
, prefixlen
);
639 return -EAFNOSUPPORT
;
643 int in4_addr_default_prefixlen(const struct in_addr
*addr
, unsigned char *prefixlen
) {
644 uint8_t msb_octet
= *(uint8_t*) addr
;
646 /* addr may not be aligned, so make sure we only access it byte-wise */
652 /* class A, leading bits: 0 */
654 else if (msb_octet
< 192)
655 /* class B, leading bits 10 */
657 else if (msb_octet
< 224)
658 /* class C, leading bits 110 */
661 /* class D or E, no default prefixlen */
667 int in4_addr_default_subnet_mask(const struct in_addr
*addr
, struct in_addr
*mask
) {
668 unsigned char prefixlen
;
674 r
= in4_addr_default_prefixlen(addr
, &prefixlen
);
678 in4_addr_prefixlen_to_netmask(mask
, prefixlen
);
682 int in4_addr_mask(struct in_addr
*addr
, unsigned char prefixlen
) {
687 if (!in4_addr_prefixlen_to_netmask(&mask
, prefixlen
))
690 addr
->s_addr
&= mask
.s_addr
;
694 int in6_addr_mask(struct in6_addr
*addr
, unsigned char prefixlen
) {
697 for (i
= 0; i
< 16; i
++) {
700 if (prefixlen
>= 8) {
703 } else if (prefixlen
> 0) {
704 mask
= 0xFF << (8 - prefixlen
);
707 assert(prefixlen
== 0);
711 addr
->s6_addr
[i
] &= mask
;
717 int in_addr_mask(int family
, union in_addr_union
*addr
, unsigned char prefixlen
) {
722 return in4_addr_mask(&addr
->in
, prefixlen
);
724 return in6_addr_mask(&addr
->in6
, prefixlen
);
726 return -EAFNOSUPPORT
;
730 int in4_addr_prefix_covers_full(
731 const struct in_addr
*prefix
,
732 unsigned char prefixlen
,
733 const struct in_addr
*address
,
734 unsigned char address_prefixlen
) {
736 struct in_addr masked_prefix
, masked_address
;
742 if (prefixlen
> address_prefixlen
)
745 masked_prefix
= *prefix
;
746 r
= in4_addr_mask(&masked_prefix
, prefixlen
);
750 masked_address
= *address
;
751 r
= in4_addr_mask(&masked_address
, prefixlen
);
755 return in4_addr_equal(&masked_prefix
, &masked_address
);
758 int in6_addr_prefix_covers_full(
759 const struct in6_addr
*prefix
,
760 unsigned char prefixlen
,
761 const struct in6_addr
*address
,
762 unsigned char address_prefixlen
) {
764 struct in6_addr masked_prefix
, masked_address
;
770 if (prefixlen
> address_prefixlen
)
773 masked_prefix
= *prefix
;
774 r
= in6_addr_mask(&masked_prefix
, prefixlen
);
778 masked_address
= *address
;
779 r
= in6_addr_mask(&masked_address
, prefixlen
);
783 return in6_addr_equal(&masked_prefix
, &masked_address
);
786 int in_addr_prefix_covers_full(
788 const union in_addr_union
*prefix
,
789 unsigned char prefixlen
,
790 const union in_addr_union
*address
,
791 unsigned char address_prefixlen
) {
798 return in4_addr_prefix_covers_full(&prefix
->in
, prefixlen
, &address
->in
, address_prefixlen
);
800 return in6_addr_prefix_covers_full(&prefix
->in6
, prefixlen
, &address
->in6
, address_prefixlen
);
802 return -EAFNOSUPPORT
;
806 int in_addr_parse_prefixlen(int family
, const char *p
, unsigned char *ret
) {
810 if (!IN_SET(family
, AF_INET
, AF_INET6
))
811 return -EAFNOSUPPORT
;
813 r
= safe_atou8(p
, &u
);
817 if (u
> FAMILY_ADDRESS_SIZE(family
) * 8)
824 int in_addr_prefix_from_string(
827 union in_addr_union
*ret_prefix
,
828 unsigned char *ret_prefixlen
) {
830 _cleanup_free_
char *str
= NULL
;
831 union in_addr_union buffer
;
838 if (!IN_SET(family
, AF_INET
, AF_INET6
))
839 return -EAFNOSUPPORT
;
843 str
= strndup(p
, e
- p
);
851 r
= in_addr_from_string(family
, l
, &buffer
);
856 r
= in_addr_parse_prefixlen(family
, e
+1, &k
);
860 k
= FAMILY_ADDRESS_SIZE(family
) * 8;
863 *ret_prefix
= buffer
;
870 int in_addr_prefix_from_string_auto_internal(
872 InAddrPrefixLenMode mode
,
874 union in_addr_union
*ret_prefix
,
875 unsigned char *ret_prefixlen
) {
877 _cleanup_free_
char *str
= NULL
;
878 union in_addr_union buffer
;
887 str
= strndup(p
, e
- p
);
895 r
= in_addr_from_string_auto(l
, &family
, &buffer
);
900 r
= in_addr_parse_prefixlen(family
, e
+1, &k
);
906 k
= FAMILY_ADDRESS_SIZE(family
) * 8;
908 case PREFIXLEN_REFUSE
:
909 return -ENOANO
; /* To distinguish this error from others. */
911 assert_not_reached();
915 *ret_family
= family
;
917 *ret_prefix
= buffer
;
925 void in_addr_hash_func(const union in_addr_union
*u
, int family
, struct siphash
*state
) {
929 siphash24_compress(u
->bytes
, FAMILY_ADDRESS_SIZE(family
), state
);
932 void in_addr_data_hash_func(const struct in_addr_data
*a
, struct siphash
*state
) {
936 siphash24_compress_typesafe(a
->family
, state
);
937 in_addr_hash_func(&a
->address
, a
->family
, state
);
940 int in_addr_data_compare_func(const struct in_addr_data
*x
, const struct in_addr_data
*y
) {
946 r
= CMP(x
->family
, y
->family
);
950 return memcmp(&x
->address
, &y
->address
, FAMILY_ADDRESS_SIZE(x
->family
));
954 in_addr_data_hash_ops
,
956 in_addr_data_hash_func
,
957 in_addr_data_compare_func
);
959 DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(
960 in_addr_data_hash_ops_free
,
962 in_addr_data_hash_func
,
963 in_addr_data_compare_func
,
966 void in6_addr_hash_func(const struct in6_addr
*addr
, struct siphash
*state
) {
970 siphash24_compress_typesafe(*addr
, state
);
973 int in6_addr_compare_func(const struct in6_addr
*a
, const struct in6_addr
*b
) {
977 return memcmp(a
, b
, sizeof(*a
));
984 in6_addr_compare_func
);
986 DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(
987 in6_addr_hash_ops_free
,
990 in6_addr_compare_func
,