The InspIRCd Project
Home | Developers | Wiki | Forums | Bug Tracker | SVN | Download
Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | Directories | File List | Namespace Members | Class Members | File Members
home » brain » inspircd-cvs » inspircd » src

cidr.cpp

Go to the documentation of this file.
00001 /*       +------------------------------------+
00002  *       | Inspire Internet Relay Chat Daemon |
00003  *       +------------------------------------+
00004  *
00005  *  InspIRCd: (C) 2002-2008 InspIRCd Development Team
00006  * See: http://www.inspircd.org/wiki/index.php/Credits
00007  *
00008  * This program is free but copyrighted software; see
00009  *            the file COPYING for details.
00010  *
00011  * ---------------------------------------------------
00012  */
00013 
00014 /* $Core */
00015 
00016 #include "inspircd.h"
00017 
00018 /* Used when comparing CIDR masks for the modulus bits left over.
00019  * A lot of ircd's seem to do this:
00020  * ((-1) << (8 - (mask % 8)))
00021  * But imho, it sucks in comparison to a nice neat lookup table.
00022  */
00023 const unsigned char inverted_bits[8] = {        0x00, /* 00000000 - 0 bits - never actually used */
00024                                 0x80, /* 10000000 - 1 bits */
00025                                 0xC0, /* 11000000 - 2 bits */
00026                                 0xE0, /* 11100000 - 3 bits */
00027                                 0xF0, /* 11110000 - 4 bits */
00028                                 0xF8, /* 11111000 - 5 bits */
00029                                 0xFC, /* 11111100 - 6 bits */
00030                                 0xFE  /* 11111110 - 7 bits */
00031 };
00032 
00033 
00034 /* Match raw bytes using CIDR bit matching, used by higher level MatchCIDR() */
00035 bool irc::sockets::MatchCIDRBits(const unsigned char* address, const unsigned char* mask, unsigned int mask_bits)
00036 {
00037         unsigned int divisor = mask_bits / 8; /* Number of whole bytes in the mask */
00038         unsigned int modulus = mask_bits % 8; /* Remaining bits in the mask after whole bytes are dealt with */
00039 
00040         /* First (this is faster) compare the odd bits with logic ops */
00041         if (modulus)
00042                 if ((address[divisor] & inverted_bits[modulus]) != (mask[divisor] & inverted_bits[modulus]))
00043                         /* If they dont match, return false */
00044                         return false;
00045 
00046         /* Secondly (this is slower) compare the whole bytes */
00047         if (memcmp(address, mask, divisor))
00048                 return false;
00049 
00050         /* The address matches the mask, to mask_bits bits of mask */
00051         return true;
00052 }
00053 
00054 /* Match CIDR, but dont attempt to match() against leading *!*@ sections */
00055 bool irc::sockets::MatchCIDR(const std::string &address, const std::string &cidr_mask)
00056 {
00057         return MatchCIDR(address, cidr_mask, false);
00058 }
00059 
00060 /* Match CIDR strings, e.g. 127.0.0.1 to 127.0.0.0/8 or 3ffe:1:5:6::8 to 3ffe:1::0/32
00061  * If you have a lot of hosts to match, youre probably better off building your mask once
00062  * and then using the lower level MatchCIDRBits directly.
00063  *
00064  * This will also attempt to match any leading usernames or nicknames on the mask, using
00065  * match(), when match_with_username is true.
00066  */
00067 bool irc::sockets::MatchCIDR(const std::string &address, const std::string &cidr_mask, bool match_with_username)
00068 {
00069         unsigned char addr_raw[16];
00070         unsigned char mask_raw[16];
00071         unsigned int bits = 0;
00072 
00073         std::string address_copy;
00074         std::string cidr_copy;
00075 
00076         /* The caller is trying to match ident@<mask>/bits.
00077          * Chop off the ident@ portion, use match() on it
00078          * seperately.
00079          */
00080         if (match_with_username)
00081         {
00082                 /* Use strchr not strrchr, because its going to be nearer to the left */
00083                 std::string::size_type username_mask_pos = cidr_mask.rfind('@');
00084                 std::string::size_type username_addr_pos = address.rfind('@');
00085 
00086                 /* Both strings have an @ symbol in them */
00087                 if (username_mask_pos != std::string::npos && username_addr_pos != std::string::npos)
00088                 {
00089                         /* Try and match() the strings before the @
00090                          * symbols, and recursively call MatchCIDR without
00091                          * username matching enabled to match the host part.
00092                          */
00093                         return (InspIRCd::Match(address.substr(0, username_addr_pos), cidr_mask.substr(0, username_mask_pos), NULL) &&
00094                                         MatchCIDR(address.substr(username_addr_pos + 1), cidr_mask.substr(username_mask_pos + 1), false));
00095                 }
00096                 else
00097                 {
00098                         address_copy = address.substr(username_addr_pos + 1);
00099                         cidr_copy = cidr_mask.substr(username_mask_pos + 1);
00100                 }
00101         }
00102         else
00103         {
00104                 address_copy.assign(address);
00105                 cidr_copy.assign(cidr_mask);
00106         }
00107 
00108         in_addr  address_in4;
00109         in_addr  mask_in4;
00110 
00111         std::string::size_type bits_chars = cidr_copy.rfind('/');
00112 
00113         if (bits_chars != std::string::npos)
00114         {
00115                 bits = atoi(cidr_copy.substr(bits_chars + 1).c_str());
00116                 cidr_copy.erase(bits_chars, cidr_copy.length() - bits_chars);
00117         }
00118         else
00119         {
00120                 /* No 'number of bits' field! */
00121                 return false;
00122         }
00123 
00124 #ifdef SUPPORT_IP6LINKS
00125         in6_addr address_in6;
00126         in6_addr mask_in6;
00127 
00128         if (inet_pton(AF_INET6, address_copy.c_str(), &address_in6) > 0)
00129         {
00130                 if (inet_pton(AF_INET6, cidr_copy.c_str(), &mask_in6) > 0)
00131                 {
00132                         memcpy(&addr_raw, &address_in6.s6_addr, 16);
00133                         memcpy(&mask_raw, &mask_in6.s6_addr, 16);
00134 
00135                         if (bits > 128)
00136                                 bits = 128;
00137                 }
00138                 else
00139                 {
00140                         /* The address was valid ipv6, but the mask
00141                          * that goes with it wasnt.
00142                          */
00143                         return false;
00144                 }
00145         }
00146         else
00147 #endif
00148         if (inet_pton(AF_INET, address_copy.c_str(), &address_in4) > 0)
00149         {
00150                 if (inet_pton(AF_INET, cidr_copy.c_str(), &mask_in4) > 0)
00151                 {
00152                         memcpy(&addr_raw, &address_in4.s_addr, 4);
00153                         memcpy(&mask_raw, &mask_in4.s_addr, 4);
00154 
00155                         if (bits > 32)
00156                                 bits = 32;
00157                 }
00158                 else
00159                 {
00160                         /* The address was valid ipv4,
00161                          * but the mask that went with it wasnt.
00162                          */
00163                         return false;
00164                 }
00165         }
00166         else
00167         {
00168                 /* The address was neither ipv4 or ipv6 */
00169                 return false;
00170         }
00171 
00172         /* Low-level-match the bits in the raw data */
00173         return MatchCIDRBits(addr_raw, mask_raw, bits);
00174 }
00175 
00176