forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathip_address.cc
460 lines (385 loc) · 14.3 KB
/
ip_address.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
// Copyright (c) 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/base/ip_address.h"
#include <algorithm>
#include <climits>
#include "base/containers/stack_container.h"
#include "base/strings/string_piece.h"
#include "base/strings/string_split.h"
#include "base/strings/stringprintf.h"
#include "net/base/parse_number.h"
#include "url/gurl.h"
#include "url/url_canon_ip.h"
namespace net {
namespace {
// The prefix for IPv6 mapped IPv4 addresses.
// https://tools.ietf.org/html/rfc4291#section-2.5.5.2
const uint8_t kIPv4MappedPrefix[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xFF, 0xFF};
// Note that this function assumes:
// * |ip_address| is at least |prefix_length_in_bits| (bits) long;
// * |ip_prefix| is at least |prefix_length_in_bits| (bits) long.
bool IPAddressPrefixCheck(const IPAddressBytes& ip_address,
const uint8_t* ip_prefix,
size_t prefix_length_in_bits) {
// Compare all the bytes that fall entirely within the prefix.
size_t num_entire_bytes_in_prefix = prefix_length_in_bits / 8;
for (size_t i = 0; i < num_entire_bytes_in_prefix; ++i) {
if (ip_address[i] != ip_prefix[i])
return false;
}
// In case the prefix was not a multiple of 8, there will be 1 byte
// which is only partially masked.
size_t remaining_bits = prefix_length_in_bits % 8;
if (remaining_bits != 0) {
uint8_t mask = 0xFF << (8 - remaining_bits);
size_t i = num_entire_bytes_in_prefix;
if ((ip_address[i] & mask) != (ip_prefix[i] & mask))
return false;
}
return true;
}
// Returns true if |ip_address| matches any of the reserved IPv4 ranges. This
// method operates on a blacklist of reserved IPv4 ranges. Some ranges are
// consolidated.
// Sources for info:
// www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
// www.iana.org/assignments/iana-ipv4-special-registry/
// iana-ipv4-special-registry.xhtml
bool IsReservedIPv4(const IPAddressBytes& ip_address) {
// Different IP versions have different range reservations.
DCHECK_EQ(IPAddress::kIPv4AddressSize, ip_address.size());
struct {
const uint8_t address[4];
size_t prefix_length_in_bits;
} static const kReservedIPv4Ranges[] = {
{{0, 0, 0, 0}, 8}, {{10, 0, 0, 0}, 8}, {{100, 64, 0, 0}, 10},
{{127, 0, 0, 0}, 8}, {{169, 254, 0, 0}, 16}, {{172, 16, 0, 0}, 12},
{{192, 0, 2, 0}, 24}, {{192, 88, 99, 0}, 24}, {{192, 168, 0, 0}, 16},
{{198, 18, 0, 0}, 15}, {{198, 51, 100, 0}, 24}, {{203, 0, 113, 0}, 24},
{{224, 0, 0, 0}, 3}};
for (const auto& range : kReservedIPv4Ranges) {
if (IPAddressPrefixCheck(ip_address, range.address,
range.prefix_length_in_bits)) {
return true;
}
}
return false;
}
// Returns true if |ip_address| matches any of the reserved IPv6 ranges. This
// method operates on a whitelist of non-reserved IPv6 ranges. All IPv6
// addresses outside these ranges are reserved.
// Sources for info:
// www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
bool IsReservedIPv6(const IPAddressBytes& ip_address) {
// Different IP versions have different range reservations.
DCHECK_EQ(IPAddress::kIPv6AddressSize, ip_address.size());
struct {
const uint8_t address_prefix[2];
size_t prefix_length_in_bits;
} static const kPublicIPv6Ranges[] = {
// 2000::/3 -- Global Unicast
{{0x20, 0}, 3},
// ff00::/8 -- Multicast
{{0xff, 0}, 8},
};
for (const auto& range : kPublicIPv6Ranges) {
if (IPAddressPrefixCheck(ip_address, range.address_prefix,
range.prefix_length_in_bits)) {
return false;
}
}
return true;
}
bool ParseIPLiteralToBytes(const base::StringPiece& ip_literal,
IPAddressBytes* bytes) {
// |ip_literal| could be either an IPv4 or an IPv6 literal. If it contains
// a colon however, it must be an IPv6 address.
if (ip_literal.find(':') != base::StringPiece::npos) {
// GURL expects IPv6 hostnames to be surrounded with brackets.
std::string host_brackets = "[";
ip_literal.AppendToString(&host_brackets);
host_brackets.push_back(']');
url::Component host_comp(0, host_brackets.size());
// Try parsing the hostname as an IPv6 literal.
bytes->Resize(16); // 128 bits.
return url::IPv6AddressToNumber(host_brackets.data(), host_comp,
bytes->data());
}
// Otherwise the string is an IPv4 address.
bytes->Resize(4); // 32 bits.
url::Component host_comp(0, ip_literal.size());
int num_components;
url::CanonHostInfo::Family family = url::IPv4AddressToNumber(
ip_literal.data(), host_comp, bytes->data(), &num_components);
return family == url::CanonHostInfo::IPV4;
}
} // namespace
IPAddressBytes::IPAddressBytes() : size_(0) {}
IPAddressBytes::IPAddressBytes(const uint8_t* data, size_t data_len) {
Assign(data, data_len);
}
IPAddressBytes::~IPAddressBytes() = default;
IPAddressBytes::IPAddressBytes(IPAddressBytes const& other) = default;
void IPAddressBytes::Assign(const uint8_t* data, size_t data_len) {
size_ = data_len;
CHECK_GE(16u, data_len);
std::copy_n(data, data_len, bytes_.data());
}
bool IPAddressBytes::operator<(const IPAddressBytes& other) const {
if (size_ == other.size_)
return std::lexicographical_compare(begin(), end(), other.begin(),
other.end());
return size_ < other.size_;
}
bool IPAddressBytes::operator==(const IPAddressBytes& other) const {
return size_ == other.size_ && std::equal(begin(), end(), other.begin());
}
bool IPAddressBytes::operator!=(const IPAddressBytes& other) const {
return !(*this == other);
}
IPAddress::IPAddress() = default;
IPAddress::IPAddress(const IPAddress& other) = default;
IPAddress::IPAddress(const IPAddressBytes& address) : ip_address_(address) {}
IPAddress::IPAddress(const uint8_t* address, size_t address_len)
: ip_address_(address, address_len) {}
IPAddress::IPAddress(uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3) {
ip_address_.push_back(b0);
ip_address_.push_back(b1);
ip_address_.push_back(b2);
ip_address_.push_back(b3);
}
IPAddress::IPAddress(uint8_t b0,
uint8_t b1,
uint8_t b2,
uint8_t b3,
uint8_t b4,
uint8_t b5,
uint8_t b6,
uint8_t b7,
uint8_t b8,
uint8_t b9,
uint8_t b10,
uint8_t b11,
uint8_t b12,
uint8_t b13,
uint8_t b14,
uint8_t b15) {
ip_address_.push_back(b0);
ip_address_.push_back(b1);
ip_address_.push_back(b2);
ip_address_.push_back(b3);
ip_address_.push_back(b4);
ip_address_.push_back(b5);
ip_address_.push_back(b6);
ip_address_.push_back(b7);
ip_address_.push_back(b8);
ip_address_.push_back(b9);
ip_address_.push_back(b10);
ip_address_.push_back(b11);
ip_address_.push_back(b12);
ip_address_.push_back(b13);
ip_address_.push_back(b14);
ip_address_.push_back(b15);
}
IPAddress::~IPAddress() = default;
bool IPAddress::IsIPv4() const {
return ip_address_.size() == kIPv4AddressSize;
}
bool IPAddress::IsIPv6() const {
return ip_address_.size() == kIPv6AddressSize;
}
bool IPAddress::IsValid() const {
return IsIPv4() || IsIPv6();
}
bool IPAddress::IsReserved() const {
if (IsIPv4()) {
return IsReservedIPv4(ip_address_);
} else if (IsIPv6()) {
return IsReservedIPv6(ip_address_);
}
return false;
}
bool IPAddress::IsZero() const {
for (auto x : ip_address_) {
if (x != 0)
return false;
}
return !empty();
}
bool IPAddress::IsIPv4MappedIPv6() const {
return IsIPv6() && IPAddressStartsWith(*this, kIPv4MappedPrefix);
}
bool IPAddress::AssignFromIPLiteral(const base::StringPiece& ip_literal) {
IPAddressBytes number;
// TODO(rch): change the contract so ip_address_ is cleared on failure,
// to avoid needing this temporary at all.
if (!ParseIPLiteralToBytes(ip_literal, &number))
return false;
ip_address_ = number;
return true;
}
std::vector<uint8_t> IPAddress::CopyBytesToVector() const {
return std::vector<uint8_t>(ip_address_.begin(), ip_address_.end());
}
// static
IPAddress IPAddress::IPv4Localhost() {
static const uint8_t kLocalhostIPv4[] = {127, 0, 0, 1};
return IPAddress(kLocalhostIPv4);
}
// static
IPAddress IPAddress::IPv6Localhost() {
static const uint8_t kLocalhostIPv6[] = {0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 1};
return IPAddress(kLocalhostIPv6);
}
// static
IPAddress IPAddress::AllZeros(size_t num_zero_bytes) {
CHECK_LE(num_zero_bytes, 16u);
IPAddress result;
for (size_t i = 0; i < num_zero_bytes; ++i)
result.ip_address_.push_back(0u);
return result;
}
// static
IPAddress IPAddress::IPv4AllZeros() {
return AllZeros(kIPv4AddressSize);
}
// static
IPAddress IPAddress::IPv6AllZeros() {
return AllZeros(kIPv6AddressSize);
}
bool IPAddress::operator==(const IPAddress& that) const {
return ip_address_ == that.ip_address_;
}
bool IPAddress::operator!=(const IPAddress& that) const {
return ip_address_ != that.ip_address_;
}
bool IPAddress::operator<(const IPAddress& that) const {
// Sort IPv4 before IPv6.
if (ip_address_.size() != that.ip_address_.size()) {
return ip_address_.size() < that.ip_address_.size();
}
return ip_address_ < that.ip_address_;
}
std::string IPAddress::ToString() const {
std::string str;
url::StdStringCanonOutput output(&str);
if (IsIPv4()) {
url::AppendIPv4Address(ip_address_.data(), &output);
} else if (IsIPv6()) {
url::AppendIPv6Address(ip_address_.data(), &output);
}
output.Complete();
return str;
}
std::string IPAddressToStringWithPort(const IPAddress& address, uint16_t port) {
std::string address_str = address.ToString();
if (address_str.empty())
return address_str;
if (address.IsIPv6()) {
// Need to bracket IPv6 addresses since they contain colons.
return base::StringPrintf("[%s]:%d", address_str.c_str(), port);
}
return base::StringPrintf("%s:%d", address_str.c_str(), port);
}
std::string IPAddressToPackedString(const IPAddress& address) {
return std::string(reinterpret_cast<const char*>(address.bytes().data()),
address.size());
}
IPAddress ConvertIPv4ToIPv4MappedIPv6(const IPAddress& address) {
DCHECK(address.IsIPv4());
// IPv4-mapped addresses are formed by:
// <80 bits of zeros> + <16 bits of ones> + <32-bit IPv4 address>.
base::StackVector<uint8_t, 16> bytes;
bytes->insert(bytes->end(), std::begin(kIPv4MappedPrefix),
std::end(kIPv4MappedPrefix));
bytes->insert(bytes->end(), address.bytes().begin(), address.bytes().end());
return IPAddress(bytes->data(), bytes->size());
}
IPAddress ConvertIPv4MappedIPv6ToIPv4(const IPAddress& address) {
DCHECK(address.IsIPv4MappedIPv6());
base::StackVector<uint8_t, 16> bytes;
bytes->insert(bytes->end(),
address.bytes().begin() + arraysize(kIPv4MappedPrefix),
address.bytes().end());
return IPAddress(bytes->data(), bytes->size());
}
bool IPAddressMatchesPrefix(const IPAddress& ip_address,
const IPAddress& ip_prefix,
size_t prefix_length_in_bits) {
// Both the input IP address and the prefix IP address should be either IPv4
// or IPv6.
DCHECK(ip_address.IsValid());
DCHECK(ip_prefix.IsValid());
DCHECK_LE(prefix_length_in_bits, ip_prefix.size() * 8);
// In case we have an IPv6 / IPv4 mismatch, convert the IPv4 addresses to
// IPv6 addresses in order to do the comparison.
if (ip_address.size() != ip_prefix.size()) {
if (ip_address.IsIPv4()) {
return IPAddressMatchesPrefix(ConvertIPv4ToIPv4MappedIPv6(ip_address),
ip_prefix, prefix_length_in_bits);
}
return IPAddressMatchesPrefix(ip_address,
ConvertIPv4ToIPv4MappedIPv6(ip_prefix),
96 + prefix_length_in_bits);
}
return IPAddressPrefixCheck(ip_address.bytes(), ip_prefix.bytes().data(),
prefix_length_in_bits);
}
bool ParseCIDRBlock(const std::string& cidr_literal,
IPAddress* ip_address,
size_t* prefix_length_in_bits) {
// We expect CIDR notation to match one of these two templates:
// <IPv4-literal> "/" <number of bits>
// <IPv6-literal> "/" <number of bits>
std::vector<base::StringPiece> parts = base::SplitStringPiece(
cidr_literal, "/", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
if (parts.size() != 2)
return false;
// Parse the IP address.
if (!ip_address->AssignFromIPLiteral(parts[0]))
return false;
// Parse the prefix length.
uint32_t number_of_bits;
if (!ParseUint32(parts[1], &number_of_bits))
return false;
// Make sure the prefix length is in a valid range.
if (number_of_bits > ip_address->size() * 8)
return false;
*prefix_length_in_bits = number_of_bits;
return true;
}
bool ParseURLHostnameToAddress(const base::StringPiece& hostname,
IPAddress* ip_address) {
if (hostname.size() >= 2 && hostname.front() == '[' &&
hostname.back() == ']') {
// Strip the square brackets that surround IPv6 literals.
auto ip_literal =
base::StringPiece(hostname).substr(1, hostname.size() - 2);
return ip_address->AssignFromIPLiteral(ip_literal) && ip_address->IsIPv6();
}
return ip_address->AssignFromIPLiteral(hostname) && ip_address->IsIPv4();
}
unsigned CommonPrefixLength(const IPAddress& a1, const IPAddress& a2) {
DCHECK_EQ(a1.size(), a2.size());
for (size_t i = 0; i < a1.size(); ++i) {
unsigned diff = a1.bytes()[i] ^ a2.bytes()[i];
if (!diff)
continue;
for (unsigned j = 0; j < CHAR_BIT; ++j) {
if (diff & (1 << (CHAR_BIT - 1)))
return i * CHAR_BIT + j;
diff <<= 1;
}
NOTREACHED();
}
return a1.size() * CHAR_BIT;
}
unsigned MaskPrefixLength(const IPAddress& mask) {
base::StackVector<uint8_t, 16> all_ones;
all_ones->resize(mask.size(), 0xFF);
return CommonPrefixLength(mask,
IPAddress(all_ones->data(), all_ones->size()));
}
} // namespace net