2007-03-22 01:14:56 +01:00
|
|
|
#
|
2007-06-11 21:39:30 +02:00
|
|
|
# Shorewall-perl 4.0 -- /usr/share/shorewall-perl/Shorewall/IPAddrs.pm
|
2007-03-22 01:14:56 +01:00
|
|
|
#
|
2007-09-08 18:09:51 +02:00
|
|
|
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
2007-03-22 01:14:56 +01:00
|
|
|
#
|
|
|
|
# (c) 2007 - Tom Eastep (teastep@shorewall.net)
|
|
|
|
#
|
|
|
|
# Complete documentation is available at http://shorewall.net
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify
|
|
|
|
# it under the terms of Version 2 of the GNU General Public License
|
|
|
|
# as published by the Free Software Foundation.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, write to the Free Software
|
2007-09-08 18:09:51 +02:00
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
2007-03-22 01:14:56 +01:00
|
|
|
#
|
2007-07-26 20:36:18 +02:00
|
|
|
# This module provides interfaces for dealing with IPv4 addresses.
|
|
|
|
#
|
2007-03-22 01:14:56 +01:00
|
|
|
package Shorewall::IPAddrs;
|
|
|
|
require Exporter;
|
2007-03-29 19:36:04 +02:00
|
|
|
use Shorewall::Config;
|
2007-03-22 01:14:56 +01:00
|
|
|
|
|
|
|
use strict;
|
|
|
|
|
|
|
|
our @ISA = qw(Exporter);
|
2007-05-11 17:39:11 +02:00
|
|
|
our @EXPORT = qw( ALLIPv4
|
|
|
|
|
2007-05-08 21:05:25 +02:00
|
|
|
validate_address
|
2007-05-08 20:25:16 +02:00
|
|
|
validate_net
|
2007-07-02 01:37:45 +02:00
|
|
|
validate_host
|
2007-05-08 20:25:16 +02:00
|
|
|
validate_range
|
2007-03-23 22:24:28 +01:00
|
|
|
ip_range_explicit
|
2007-09-10 17:52:57 +02:00
|
|
|
allipv4
|
|
|
|
rfc1918_neworks
|
2007-03-22 01:14:56 +01:00
|
|
|
);
|
|
|
|
our @EXPORT_OK = qw( );
|
2007-09-21 18:55:28 +02:00
|
|
|
our $VERSION = '4.04';
|
2007-03-22 01:14:56 +01:00
|
|
|
|
2007-05-11 17:39:11 +02:00
|
|
|
#
|
|
|
|
# Some IPv4 useful stuff
|
|
|
|
#
|
|
|
|
our @allipv4 = ( '0.0.0.0/0' );
|
|
|
|
|
|
|
|
use constant { ALLIPv4 => '0.0.0.0/0' };
|
|
|
|
|
|
|
|
our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );
|
|
|
|
|
2007-03-22 01:14:56 +01:00
|
|
|
sub valid_address( $ ) {
|
|
|
|
my $address = $_[0];
|
|
|
|
|
|
|
|
my @address = split /\./, $address;
|
|
|
|
return 0 unless @address == 4;
|
|
|
|
for my $a ( @address ) {
|
|
|
|
return 0 unless $a =~ /^\d+$/ && $a < 256;
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|
|
|
|
}
|
|
|
|
|
2007-09-21 18:55:28 +02:00
|
|
|
sub validate_address( $$ ) {
|
|
|
|
my ( $addr, $allow_name ) = @_;
|
2007-05-15 22:02:42 +02:00
|
|
|
|
|
|
|
unless ( valid_address $addr ) {
|
2007-09-21 18:55:28 +02:00
|
|
|
fatal_error "Invalid IP Address ($addr)" unless $allow_name;
|
2007-05-15 22:02:42 +02:00
|
|
|
fatal_error "Unknown Host ($addr)" unless defined gethostbyname $addr;
|
2007-05-08 21:05:25 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-09-21 18:55:28 +02:00
|
|
|
sub validate_net( $$ ) {
|
2007-05-20 17:14:40 +02:00
|
|
|
my ($net, $vlsm, $rest) = split( '/', $_[0], 3 );
|
2007-09-21 18:55:28 +02:00
|
|
|
my $allow_name = $_[1];
|
2007-05-08 20:25:16 +02:00
|
|
|
|
2007-08-26 17:12:04 +02:00
|
|
|
fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+';
|
|
|
|
|
2007-05-08 20:25:16 +02:00
|
|
|
if ( defined $vlsm ) {
|
2007-05-20 17:14:40 +02:00
|
|
|
fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 32;
|
|
|
|
fatal_error "Invalid Network address ($_[0])" if defined $rest;
|
|
|
|
fatal_error "Invalid IP address ($net)" unless valid_address $net;
|
2007-05-08 21:05:25 +02:00
|
|
|
} else {
|
2007-05-20 17:14:40 +02:00
|
|
|
fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/' || ! defined $net;
|
2007-09-21 18:55:28 +02:00
|
|
|
validate_address $net, $_[1];
|
2007-05-08 20:25:16 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-03-22 01:14:56 +01:00
|
|
|
sub decodeaddr( $ ) {
|
|
|
|
my $address = $_[0];
|
|
|
|
|
|
|
|
my @address = split /\./, $address;
|
|
|
|
|
|
|
|
my $result = shift @address;
|
2007-03-27 01:17:46 +02:00
|
|
|
|
2007-03-22 01:14:56 +01:00
|
|
|
for my $a ( @address ) {
|
|
|
|
$result = ( $result << 8 ) | $a;
|
|
|
|
}
|
|
|
|
|
|
|
|
$result;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub encodeaddr( $ ) {
|
|
|
|
my $addr = $_[0];
|
|
|
|
my $result = $addr & 0xff;
|
|
|
|
|
|
|
|
for my $i ( 1..3 ) {
|
|
|
|
my $a = ($addr = $addr >> 8) & 0xff;
|
|
|
|
$result = "$a.$result";
|
|
|
|
}
|
|
|
|
|
|
|
|
$result;
|
|
|
|
}
|
|
|
|
|
2007-05-08 20:25:16 +02:00
|
|
|
sub validate_range( $$ ) {
|
|
|
|
my ( $low, $high ) = @_;
|
|
|
|
|
2007-09-21 18:55:28 +02:00
|
|
|
validate_address $low, 0;
|
|
|
|
validate_address $high, 0;
|
2007-05-08 20:25:16 +02:00
|
|
|
|
|
|
|
my $first = decodeaddr $low;
|
|
|
|
my $last = decodeaddr $high;
|
|
|
|
|
2007-06-16 23:08:12 +02:00
|
|
|
fatal_error "Invalid IP Range ($low-$high)" unless $first <= $last;
|
2007-07-26 20:36:18 +02:00
|
|
|
}
|
2007-05-08 20:25:16 +02:00
|
|
|
|
2007-03-22 01:14:56 +01:00
|
|
|
sub ip_range_explicit( $ ) {
|
|
|
|
my $range = $_[0];
|
|
|
|
my @result;
|
|
|
|
|
|
|
|
my ( $low, $high ) = split /-/, $range;
|
|
|
|
|
2007-09-21 18:55:28 +02:00
|
|
|
validate_address $low, 0;
|
2007-03-22 01:14:56 +01:00
|
|
|
|
|
|
|
push @result, $low;
|
|
|
|
|
|
|
|
if ( defined $high ) {
|
2007-09-21 18:55:28 +02:00
|
|
|
validate_address $high, 0;
|
2007-03-27 01:17:46 +02:00
|
|
|
|
2007-03-22 01:14:56 +01:00
|
|
|
my $first = decodeaddr $low;
|
|
|
|
my $last = decodeaddr $high;
|
2007-03-27 01:17:46 +02:00
|
|
|
|
2007-06-16 23:08:12 +02:00
|
|
|
fatal_error "Invalid IP Range ($range)" unless $first <= $last;
|
2007-03-22 01:14:56 +01:00
|
|
|
|
|
|
|
while ( ++$first <= $last ) {
|
|
|
|
push @result, encodeaddr( $first );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
@result;
|
|
|
|
}
|
|
|
|
|
2007-07-02 01:37:45 +02:00
|
|
|
sub validate_host( $ ) {
|
|
|
|
my $host = $_[0];
|
2007-07-26 20:36:18 +02:00
|
|
|
|
2007-07-02 01:37:45 +02:00
|
|
|
if ( $host =~ /^(\d+\.\d+\.\d+\.\d+)-(\d+\.\d+\.\d+\.\d+)$/ ) {
|
|
|
|
validate_range $1, $2;
|
|
|
|
} else {
|
2007-09-21 18:55:28 +02:00
|
|
|
validate_net( $host, 0 );
|
2007-07-02 01:37:45 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-09-10 17:52:57 +02:00
|
|
|
sub allipv4() {
|
|
|
|
@allipv4;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub rfc1918_networks() {
|
|
|
|
@rfc1918_networks
|
|
|
|
}
|
|
|
|
|
2007-03-22 01:14:56 +01:00
|
|
|
1;
|