1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
11 #include "alloc-util.h"
12 #include "errno-util.h"
13 #include "in-addr-util.h"
14 #include "logarithm.h"
16 #include "parse-util.h"
17 #include "random-util.h"
18 #include "stdio-util.h"
19 #include "string-util.h"
22 bool in4_addr_is_null(const struct in_addr
*a
) {
25 return a
->s_addr
== 0;
28 bool in6_addr_is_null(const struct in6_addr
*a
) {
31 return IN6_IS_ADDR_UNSPECIFIED(a
);
34 int in_addr_is_null(int family
, const union in_addr_union
*u
) {
37 if (family
== AF_INET
)
38 return in4_addr_is_null(&u
->in
);
40 if (family
== AF_INET6
)
41 return in6_addr_is_null(&u
->in6
);
46 bool in4_addr_is_link_local(const struct in_addr
*a
) {
49 return (be32toh(a
->s_addr
) & UINT32_C(0xFFFF0000)) == (UINT32_C(169) << 24 | UINT32_C(254) << 16);
52 bool in4_addr_is_link_local_dynamic(const struct in_addr
*a
) {
55 if (!in4_addr_is_link_local(a
))
58 /* 169.254.0.0/24 and 169.254.255.0/24 must not be used for the dynamic IPv4LL assignment.
59 * See RFC 3927 Section 2.1:
60 * The IPv4 prefix 169.254/16 is registered with the IANA for this purpose. The first 256 and last
61 * 256 addresses in the 169.254/16 prefix are reserved for future use and MUST NOT be selected by a
62 * host using this dynamic configuration mechanism. */
63 return !IN_SET(be32toh(a
->s_addr
) & 0x0000FF00U
, 0x0000U
, 0xFF00U
);
66 bool in6_addr_is_link_local(const struct in6_addr
*a
) {
69 return IN6_IS_ADDR_LINKLOCAL(a
);
72 int in_addr_is_link_local(int family
, const union in_addr_union
*u
) {
75 if (family
== AF_INET
)
76 return in4_addr_is_link_local(&u
->in
);
78 if (family
== AF_INET6
)
79 return in6_addr_is_link_local(&u
->in6
);
84 bool in6_addr_is_link_local_all_nodes(const struct in6_addr
*a
) {
88 return be32toh(a
->s6_addr32
[0]) == UINT32_C(0xff020000) &&
89 a
->s6_addr32
[1] == 0 &&
90 a
->s6_addr32
[2] == 0 &&
91 be32toh(a
->s6_addr32
[3]) == UINT32_C(0x00000001);
94 bool in4_addr_is_multicast(const struct in_addr
*a
) {
97 return IN_MULTICAST(be32toh(a
->s_addr
));
100 bool in6_addr_is_multicast(const struct in6_addr
*a
) {
103 return IN6_IS_ADDR_MULTICAST(a
);
106 int in_addr_is_multicast(int family
, const union in_addr_union
*u
) {
109 if (family
== AF_INET
)
110 return in4_addr_is_multicast(&u
->in
);
112 if (family
== AF_INET6
)
113 return in6_addr_is_multicast(&u
->in6
);
115 return -EAFNOSUPPORT
;
118 bool in4_addr_is_local_multicast(const struct in_addr
*a
) {
121 return (be32toh(a
->s_addr
) & UINT32_C(0xffffff00)) == UINT32_C(0xe0000000);
124 bool in4_addr_is_localhost(const struct in_addr
*a
) {
127 /* All of 127.x.x.x is localhost. */
128 return (be32toh(a
->s_addr
) & UINT32_C(0xFF000000)) == UINT32_C(127) << 24;
131 bool in4_addr_is_non_local(const struct in_addr
*a
) {
132 /* Whether the address is not null and not localhost.
134 * As such, it is suitable to configure as DNS/NTP server from DHCP. */
135 return !in4_addr_is_null(a
) &&
136 !in4_addr_is_localhost(a
);
139 int in_addr_is_localhost(int family
, const union in_addr_union
*u
) {
142 if (family
== AF_INET
)
143 return in4_addr_is_localhost(&u
->in
);
145 if (family
== AF_INET6
)
146 return IN6_IS_ADDR_LOOPBACK(&u
->in6
);
148 return -EAFNOSUPPORT
;
151 int in_addr_is_localhost_one(int family
, const union in_addr_union
*u
) {
154 if (family
== AF_INET
)
156 return be32toh(u
->in
.s_addr
) == UINT32_C(0x7F000001);
158 if (family
== AF_INET6
)
159 return IN6_IS_ADDR_LOOPBACK(&u
->in6
);
161 return -EAFNOSUPPORT
;
164 bool in6_addr_is_ipv4_mapped_address(const struct in6_addr
*a
) {
165 return a
->s6_addr32
[0] == 0 &&
166 a
->s6_addr32
[1] == 0 &&
167 a
->s6_addr32
[2] == htobe32(UINT32_C(0x0000ffff));
170 bool in4_addr_equal(const struct in_addr
*a
, const struct in_addr
*b
) {
174 return a
->s_addr
== b
->s_addr
;
177 bool in6_addr_equal(const struct in6_addr
*a
, const struct in6_addr
*b
) {
181 return IN6_ARE_ADDR_EQUAL(a
, b
);
184 int in_addr_equal(int family
, const union in_addr_union
*a
, const union in_addr_union
*b
) {
188 if (family
== AF_INET
)
189 return in4_addr_equal(&a
->in
, &b
->in
);
191 if (family
== AF_INET6
)
192 return in6_addr_equal(&a
->in6
, &b
->in6
);
194 return -EAFNOSUPPORT
;
197 int in_addr_prefix_intersect(
199 const union in_addr_union
*a
,
201 const union in_addr_union
*b
,
202 unsigned bprefixlen
) {
209 /* Checks whether there are any addresses that are in both networks */
211 m
= MIN(aprefixlen
, bprefixlen
);
213 if (family
== AF_INET
) {
216 x
= be32toh(a
->in
.s_addr
^ b
->in
.s_addr
);
217 nm
= m
== 0 ? 0 : 0xFFFFFFFFUL
<< (32 - m
);
219 return (x
& nm
) == 0;
222 if (family
== AF_INET6
) {
228 for (i
= 0; i
< 16; i
++) {
231 x
= a
->in6
.s6_addr
[i
] ^ b
->in6
.s6_addr
[i
];
234 nm
= 0xFF << (8 - m
);
250 return -EAFNOSUPPORT
;
253 int in_addr_prefix_next(int family
, union in_addr_union
*u
, unsigned prefixlen
) {
256 /* Increases the network part of an address by one. Returns 0 if that succeeds, or -ERANGE if
259 return in_addr_prefix_nth(family
, u
, prefixlen
, 1);
263 * Calculates the nth prefix of size prefixlen starting from the address denoted by u.
265 * On success 0 will be returned and the calculated prefix will be available in
266 * u. In case the calculation cannot be performed (invalid prefix length,
267 * overflows would occur) -ERANGE is returned. If the address family given isn't
268 * supported -EAFNOSUPPORT will be returned.
271 * - in_addr_prefix_nth(AF_INET, 192.168.0.0, 24, 2), returns 0, writes 192.168.2.0 to u
272 * - in_addr_prefix_nth(AF_INET, 192.168.0.0, 24, 0), returns 0, no data written
273 * - in_addr_prefix_nth(AF_INET, 255.255.255.0, 24, 1), returns -ERANGE, no data written
274 * - in_addr_prefix_nth(AF_INET, 255.255.255.0, 0, 1), returns -ERANGE, no data written
275 * - in_addr_prefix_nth(AF_INET6, 2001:db8, 64, 0xff00) returns 0, writes 2001:0db8:0000:ff00:: to u
277 int in_addr_prefix_nth(int family
, union in_addr_union
*u
, unsigned prefixlen
, uint64_t nth
) {
283 if (family
== AF_INET
) {
289 c
= be32toh(u
->in
.s_addr
);
291 t
= nth
<< (32 - prefixlen
);
294 if (c
> UINT32_MAX
- t
)
299 n
&= UINT32_C(0xFFFFFFFF) << (32 - prefixlen
);
300 u
->in
.s_addr
= htobe32(n
);
304 if (family
== AF_INET6
) {
305 bool overflow
= false;
310 for (unsigned i
= 16; i
> 0; i
--) {
311 unsigned t
, j
= i
- 1, p
= j
* 8;
313 if (p
>= prefixlen
) {
314 u
->in6
.s6_addr
[j
] = 0;
318 if (prefixlen
- p
< 8) {
319 u
->in6
.s6_addr
[j
] &= 0xff << (8 - (prefixlen
- p
));
320 t
= u
->in6
.s6_addr
[j
] + ((nth
& 0xff) << (8 - (prefixlen
- p
)));
321 nth
>>= prefixlen
- p
;
323 t
= u
->in6
.s6_addr
[j
] + (nth
& 0xff) + overflow
;
327 overflow
= t
> UINT8_MAX
;
328 u
->in6
.s6_addr
[j
] = (uint8_t) (t
& 0xff);
331 if (overflow
|| nth
!= 0)
337 return -EAFNOSUPPORT
;
340 int in_addr_random_prefix(
342 union in_addr_union
*u
,
343 unsigned prefixlen_fixed_part
,
344 unsigned prefixlen
) {
348 /* Random network part of an address by one. */
353 if (family
== AF_INET
) {
356 if (prefixlen_fixed_part
> 32)
357 prefixlen_fixed_part
= 32;
360 if (prefixlen_fixed_part
>= prefixlen
)
363 c
= be32toh(u
->in
.s_addr
);
364 c
&= ((UINT32_C(1) << prefixlen_fixed_part
) - 1) << (32 - prefixlen_fixed_part
);
366 random_bytes(&n
, sizeof(n
));
367 n
&= ((UINT32_C(1) << (prefixlen
- prefixlen_fixed_part
)) - 1) << (32 - prefixlen
);
369 u
->in
.s_addr
= htobe32(n
| c
);
373 if (family
== AF_INET6
) {
377 if (prefixlen_fixed_part
> 128)
378 prefixlen_fixed_part
= 128;
381 if (prefixlen_fixed_part
>= prefixlen
)
384 random_bytes(&n
, sizeof(n
));
386 for (i
= 0; i
< 16; i
++) {
387 uint8_t mask_fixed_part
= 0, mask
= 0;
389 if (i
< (prefixlen_fixed_part
+ 7) / 8) {
390 if (i
< prefixlen_fixed_part
/ 8)
391 mask_fixed_part
= 0xffu
;
393 j
= prefixlen_fixed_part
% 8;
394 mask_fixed_part
= ((UINT8_C(1) << (j
+ 1)) - 1) << (8 - j
);
398 if (i
< (prefixlen
+ 7) / 8) {
399 if (i
< prefixlen
/ 8)
400 mask
= 0xffu
^ mask_fixed_part
;
403 mask
= (((UINT8_C(1) << (j
+ 1)) - 1) << (8 - j
)) ^ mask_fixed_part
;
407 u
->in6
.s6_addr
[i
] &= mask_fixed_part
;
408 u
->in6
.s6_addr
[i
] |= n
.s6_addr
[i
] & mask
;
414 return -EAFNOSUPPORT
;
417 int in_addr_prefix_range(
419 const union in_addr_union
*in
,
421 union in_addr_union
*ret_start
,
422 union in_addr_union
*ret_end
) {
424 union in_addr_union start
, end
;
429 if (!IN_SET(family
, AF_INET
, AF_INET6
))
430 return -EAFNOSUPPORT
;
434 r
= in_addr_prefix_nth(family
, &start
, prefixlen
, 0);
441 r
= in_addr_prefix_nth(family
, &end
, prefixlen
, 1);
454 int in_addr_to_string(int family
, const union in_addr_union
*u
, char **ret
) {
455 _cleanup_free_
char *x
= NULL
;
461 if (family
== AF_INET
)
463 else if (family
== AF_INET6
)
464 l
= INET6_ADDRSTRLEN
;
466 return -EAFNOSUPPORT
;
473 if (!typesafe_inet_ntop(family
, u
, x
, l
))
474 return errno_or_else(EINVAL
);
480 int in_addr_prefix_to_string(
482 const union in_addr_union
*u
,
490 if (!IN_SET(family
, AF_INET
, AF_INET6
))
491 return -EAFNOSUPPORT
;
494 if (!typesafe_inet_ntop(family
, u
, buf
, buf_len
))
495 return errno_or_else(ENOSPC
);
497 size_t l
= strlen(buf
);
498 if (!snprintf_ok(buf
+ l
, buf_len
- l
, "/%u", prefixlen
))
503 int in_addr_port_ifindex_name_to_string(int family
, const union in_addr_union
*u
, uint16_t port
, int ifindex
, const char *server_name
, char **ret
) {
504 _cleanup_free_
char *ip_str
= NULL
, *x
= NULL
;
507 assert(IN_SET(family
, AF_INET
, AF_INET6
));
511 /* Much like in_addr_to_string(), but optionally appends the zone interface index to the address, to properly
512 * handle IPv6 link-local addresses. */
514 r
= in_addr_to_string(family
, u
, &ip_str
);
518 if (family
== AF_INET6
) {
519 r
= in_addr_is_link_local(family
, u
);
525 ifindex
= 0; /* For IPv4 address, ifindex is always ignored. */
527 if (port
== 0 && ifindex
== 0 && isempty(server_name
)) {
528 *ret
= TAKE_PTR(ip_str
);
532 const char *separator
= isempty(server_name
) ? "" : "#";
533 server_name
= strempty(server_name
);
536 if (family
== AF_INET6
) {
538 r
= asprintf(&x
, "[%s]:%"PRIu16
"%%%i%s%s", ip_str
, port
, ifindex
, separator
, server_name
);
540 r
= asprintf(&x
, "[%s]:%"PRIu16
"%s%s", ip_str
, port
, separator
, server_name
);
542 r
= asprintf(&x
, "%s:%"PRIu16
"%s%s", ip_str
, port
, separator
, server_name
);
545 r
= asprintf(&x
, "%s%%%i%s%s", ip_str
, ifindex
, separator
, server_name
);
547 x
= strjoin(ip_str
, separator
, server_name
);
558 int in_addr_from_string(int family
, const char *s
, union in_addr_union
*ret
) {
559 union in_addr_union buffer
;
562 if (!IN_SET(family
, AF_INET
, AF_INET6
))
563 return -EAFNOSUPPORT
;
566 if (inet_pton(family
, s
, ret
?: &buffer
) <= 0)
567 return errno_or_else(EINVAL
);
572 int in_addr_from_string_auto(const char *s
, int *ret_family
, union in_addr_union
*ret
) {
577 r
= in_addr_from_string(AF_INET
, s
, ret
);
580 *ret_family
= AF_INET
;
584 r
= in_addr_from_string(AF_INET6
, s
, ret
);
587 *ret_family
= AF_INET6
;
594 unsigned char in4_addr_netmask_to_prefixlen(const struct in_addr
*addr
) {
597 return 32U - u32ctz(be32toh(addr
->s_addr
));
600 /* Calculate an IPv4 netmask from prefix length, for example /8 -> 255.0.0.0. */
601 struct in_addr
* in4_addr_prefixlen_to_netmask(struct in_addr
*addr
, unsigned char prefixlen
) {
603 assert(prefixlen
<= 32);
605 /* Shifting beyond 32 is not defined, handle this specially. */
609 addr
->s_addr
= htobe32((0xffffffff << (32 - prefixlen
)) & 0xffffffff);
614 /* Calculate an IPv6 netmask from prefix length, for example /16 -> ffff::. */
615 struct in6_addr
* in6_addr_prefixlen_to_netmask(struct in6_addr
*addr
, unsigned char prefixlen
) {
617 assert(prefixlen
<= 128);
619 for (unsigned i
= 0; i
< 16; i
++) {
622 if (prefixlen
>= 8) {
625 } else if (prefixlen
> 0) {
626 mask
= 0xFF << (8 - prefixlen
);
629 assert(prefixlen
== 0);
633 addr
->s6_addr
[i
] = mask
;
639 /* Calculate an IPv4 or IPv6 netmask from prefix length, for example /8 -> 255.0.0.0 or /16 -> ffff::. */
640 int in_addr_prefixlen_to_netmask(int family
, union in_addr_union
*addr
, unsigned char prefixlen
) {
645 in4_addr_prefixlen_to_netmask(&addr
->in
, prefixlen
);
648 in6_addr_prefixlen_to_netmask(&addr
->in6
, prefixlen
);
651 return -EAFNOSUPPORT
;
655 int in4_addr_default_prefixlen(const struct in_addr
*addr
, unsigned char *prefixlen
) {
656 uint8_t msb_octet
= *(uint8_t*) addr
;
658 /* addr may not be aligned, so make sure we only access it byte-wise */
664 /* class A, leading bits: 0 */
666 else if (msb_octet
< 192)
667 /* class B, leading bits 10 */
669 else if (msb_octet
< 224)
670 /* class C, leading bits 110 */
673 /* class D or E, no default prefixlen */
679 int in4_addr_default_subnet_mask(const struct in_addr
*addr
, struct in_addr
*mask
) {
680 unsigned char prefixlen
;
686 r
= in4_addr_default_prefixlen(addr
, &prefixlen
);
690 in4_addr_prefixlen_to_netmask(mask
, prefixlen
);
694 int in4_addr_mask(struct in_addr
*addr
, unsigned char prefixlen
) {
699 if (!in4_addr_prefixlen_to_netmask(&mask
, prefixlen
))
702 addr
->s_addr
&= mask
.s_addr
;
706 int in6_addr_mask(struct in6_addr
*addr
, unsigned char prefixlen
) {
709 for (i
= 0; i
< 16; i
++) {
712 if (prefixlen
>= 8) {
715 } else if (prefixlen
> 0) {
716 mask
= 0xFF << (8 - prefixlen
);
719 assert(prefixlen
== 0);
723 addr
->s6_addr
[i
] &= mask
;
729 int in_addr_mask(int family
, union in_addr_union
*addr
, unsigned char prefixlen
) {
734 return in4_addr_mask(&addr
->in
, prefixlen
);
736 return in6_addr_mask(&addr
->in6
, prefixlen
);
738 return -EAFNOSUPPORT
;
742 int in4_addr_prefix_covers_full(
743 const struct in_addr
*prefix
,
744 unsigned char prefixlen
,
745 const struct in_addr
*address
,
746 unsigned char address_prefixlen
) {
748 struct in_addr masked_prefix
, masked_address
;
754 if (prefixlen
> address_prefixlen
)
757 masked_prefix
= *prefix
;
758 r
= in4_addr_mask(&masked_prefix
, prefixlen
);
762 masked_address
= *address
;
763 r
= in4_addr_mask(&masked_address
, prefixlen
);
767 return in4_addr_equal(&masked_prefix
, &masked_address
);
770 int in6_addr_prefix_covers_full(
771 const struct in6_addr
*prefix
,
772 unsigned char prefixlen
,
773 const struct in6_addr
*address
,
774 unsigned char address_prefixlen
) {
776 struct in6_addr masked_prefix
, masked_address
;
782 if (prefixlen
> address_prefixlen
)
785 masked_prefix
= *prefix
;
786 r
= in6_addr_mask(&masked_prefix
, prefixlen
);
790 masked_address
= *address
;
791 r
= in6_addr_mask(&masked_address
, prefixlen
);
795 return in6_addr_equal(&masked_prefix
, &masked_address
);
798 int in_addr_prefix_covers_full(
800 const union in_addr_union
*prefix
,
801 unsigned char prefixlen
,
802 const union in_addr_union
*address
,
803 unsigned char address_prefixlen
) {
810 return in4_addr_prefix_covers_full(&prefix
->in
, prefixlen
, &address
->in
, address_prefixlen
);
812 return in6_addr_prefix_covers_full(&prefix
->in6
, prefixlen
, &address
->in6
, address_prefixlen
);
814 return -EAFNOSUPPORT
;
818 int in_addr_parse_prefixlen(int family
, const char *p
, unsigned char *ret
) {
822 if (!IN_SET(family
, AF_INET
, AF_INET6
))
823 return -EAFNOSUPPORT
;
825 r
= safe_atou8(p
, &u
);
829 if (u
> FAMILY_ADDRESS_SIZE(family
) * 8)
836 int in_addr_prefix_from_string(
839 union in_addr_union
*ret_prefix
,
840 unsigned char *ret_prefixlen
) {
842 _cleanup_free_
char *str
= NULL
;
843 union in_addr_union buffer
;
850 if (!IN_SET(family
, AF_INET
, AF_INET6
))
851 return -EAFNOSUPPORT
;
855 str
= strndup(p
, e
- p
);
863 r
= in_addr_from_string(family
, l
, &buffer
);
868 r
= in_addr_parse_prefixlen(family
, e
+1, &k
);
872 k
= FAMILY_ADDRESS_SIZE(family
) * 8;
875 *ret_prefix
= buffer
;
882 int in_addr_prefix_from_string_auto_internal(
884 InAddrPrefixLenMode mode
,
886 union in_addr_union
*ret_prefix
,
887 unsigned char *ret_prefixlen
) {
889 _cleanup_free_
char *str
= NULL
;
890 union in_addr_union buffer
;
899 str
= strndup(p
, e
- p
);
907 r
= in_addr_from_string_auto(l
, &family
, &buffer
);
912 r
= in_addr_parse_prefixlen(family
, e
+1, &k
);
918 k
= FAMILY_ADDRESS_SIZE(family
) * 8;
920 case PREFIXLEN_REFUSE
:
921 return -ENOANO
; /* To distinguish this error from others. */
923 assert_not_reached();
927 *ret_family
= family
;
929 *ret_prefix
= buffer
;
937 void in_addr_hash_func(const union in_addr_union
*u
, int family
, struct siphash
*state
) {
941 siphash24_compress(u
->bytes
, FAMILY_ADDRESS_SIZE(family
), state
);
944 void in_addr_data_hash_func(const struct in_addr_data
*a
, struct siphash
*state
) {
948 siphash24_compress_typesafe(a
->family
, state
);
949 in_addr_hash_func(&a
->address
, a
->family
, state
);
952 int in_addr_data_compare_func(const struct in_addr_data
*x
, const struct in_addr_data
*y
) {
958 r
= CMP(x
->family
, y
->family
);
962 return memcmp(&x
->address
, &y
->address
, FAMILY_ADDRESS_SIZE(x
->family
));
966 in_addr_data_hash_ops
,
968 in_addr_data_hash_func
,
969 in_addr_data_compare_func
);
971 DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(
972 in_addr_data_hash_ops_free
,
974 in_addr_data_hash_func
,
975 in_addr_data_compare_func
,
978 void in6_addr_hash_func(const struct in6_addr
*addr
, struct siphash
*state
) {
982 siphash24_compress_typesafe(*addr
, state
);
985 int in6_addr_compare_func(const struct in6_addr
*a
, const struct in6_addr
*b
) {
989 return memcmp(a
, b
, sizeof(*a
));
996 in6_addr_compare_func
);
998 DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(
999 in6_addr_hash_ops_free
,
1002 in6_addr_compare_func
,