shorewall_code/Shorewall-perl/Shorewall/IPAddrs.pm

174 lines
3.9 KiB
Perl
Raw Normal View History

#
# Shorewall-perl 4.0 -- /usr/share/shorewall-perl/Shorewall/IPAddrs.pm
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2007 - Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# This module provides interfaces for dealing with IPv4 addresses.
#
package Shorewall::IPAddrs;
require Exporter;
use Shorewall::Config;
use strict;
our @ISA = qw(Exporter);
our @EXPORT = qw( ALLIPv4
validate_address
validate_net
validate_host
validate_range
ip_range_explicit
allipv4
rfc1918_neworks
);
our @EXPORT_OK = qw( );
our $VERSION = '4.04';
#
# Some IPv4 useful stuff
#
our @allipv4 = ( '0.0.0.0/0' );
use constant { ALLIPv4 => '0.0.0.0/0' };
our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );
sub valid_address( $ ) {
my $address = $_[0];
my @address = split /\./, $address;
return 0 unless @address == 4;
for my $a ( @address ) {
return 0 unless $a =~ /^\d+$/ && $a < 256;
}
1;
}
sub validate_address( $$ ) {
my ( $addr, $allow_name ) = @_;
unless ( valid_address $addr ) {
fatal_error "Invalid IP Address ($addr)" unless $allow_name;
fatal_error "Unknown Host ($addr)" unless defined gethostbyname $addr;
}
}
sub validate_net( $$ ) {
my ($net, $vlsm, $rest) = split( '/', $_[0], 3 );
my $allow_name = $_[1];
fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+';
if ( defined $vlsm ) {
fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 32;
fatal_error "Invalid Network address ($_[0])" if defined $rest;
fatal_error "Invalid IP address ($net)" unless valid_address $net;
} else {
fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/' || ! defined $net;
validate_address $net, $_[1];
}
}
sub decodeaddr( $ ) {
my $address = $_[0];
my @address = split /\./, $address;
my $result = shift @address;
for my $a ( @address ) {
$result = ( $result << 8 ) | $a;
}
$result;
}
sub encodeaddr( $ ) {
my $addr = $_[0];
my $result = $addr & 0xff;
for my $i ( 1..3 ) {
my $a = ($addr = $addr >> 8) & 0xff;
$result = "$a.$result";
}
$result;
}
sub validate_range( $$ ) {
my ( $low, $high ) = @_;
validate_address $low, 0;
validate_address $high, 0;
my $first = decodeaddr $low;
my $last = decodeaddr $high;
fatal_error "Invalid IP Range ($low-$high)" unless $first <= $last;
}
sub ip_range_explicit( $ ) {
my $range = $_[0];
my @result;
my ( $low, $high ) = split /-/, $range;
validate_address $low, 0;
push @result, $low;
if ( defined $high ) {
validate_address $high, 0;
my $first = decodeaddr $low;
my $last = decodeaddr $high;
fatal_error "Invalid IP Range ($range)" unless $first <= $last;
while ( ++$first <= $last ) {
push @result, encodeaddr( $first );
}
}
@result;
}
sub validate_host( $ ) {
my $host = $_[0];
if ( $host =~ /^(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ) {
validate_range $1, $2;
} else {
validate_net( $host, 0 );
}
}
sub allipv4() {
@allipv4;
}
sub rfc1918_networks() {
@rfc1918_networks
}
1;