core: Add support for IPv6 subnets in Network::isValidCidr
This change effectively adds support for IPv6 subnets in white-/blacklists
of NetworkInterfacePredicate
Change-Id: I1962100329d398b4659c4d1a4a0975fa354af026
Refs: #4546
diff --git a/core/network.cpp b/core/network.cpp
index 19d6f50..7c96ed3 100644
--- a/core/network.cpp
+++ b/core/network.cpp
@@ -1,12 +1,12 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2014-2017, Regents of the University of California,
+ * Copyright (c) 2014-2018, Regents of the University of California,
* Arizona Board of Regents,
* Colorado State University,
* University Pierre & Marie Curie, Sorbonne University,
* Washington University in St. Louis,
* Beijing Institute of Technology,
- * The University of Memphis
+ * The University of Memphis.
*
* This file is part of NFD (Named Data Networking Forwarding Daemon).
* See AUTHORS.md for complete list of NFD authors and contributors.
@@ -28,6 +28,7 @@
#include <ndn-cxx/net/address-converter.hpp>
#include <boost/utility/value_init.hpp>
#include <algorithm>
+#include <cctype>
namespace nfd {
@@ -66,28 +67,13 @@
return false;
}
- boost::system::error_code invalidIp;
- boost::asio::ip::address_v4::from_string(cidr.substr(0, pos), invalidIp);
- if (invalidIp) {
- return false;
- }
-
- auto prefixLenStr = cidr.substr(pos + 1);
- if (!std::all_of(prefixLenStr.begin(), prefixLenStr.end(), ::isdigit)) {
- return false;
- }
- int prefixLen = -1;
try {
- prefixLen = boost::lexical_cast<int>(prefixLenStr);
+ boost::lexical_cast<Network>(cidr);
+ return true;
}
catch (const boost::bad_lexical_cast&) {
return false;
}
- if (prefixLen < 0 || prefixLen > 32) {
- return false;
- }
-
- return true;
}
std::ostream&
@@ -106,14 +92,44 @@
size_t position = networkStr.find('/');
if (position == std::string::npos) {
- network.m_minAddress = ndn::ip::addressFromString(networkStr);
- network.m_maxAddress = ndn::ip::addressFromString(networkStr);
+ try {
+ network.m_minAddress = ndn::ip::addressFromString(networkStr);
+ network.m_maxAddress = ndn::ip::addressFromString(networkStr);
+ }
+ catch (const boost::system::system_error&) {
+ is.setstate(std::ios::failbit);
+ return is;
+ }
}
else {
- ip::address address = ndn::ip::addressFromString(networkStr.substr(0, position));
- size_t mask = boost::lexical_cast<size_t>(networkStr.substr(position+1));
+ boost::system::error_code ec;
+ ip::address address = ndn::ip::addressFromString(networkStr.substr(0, position), ec);
+ if (ec) {
+ is.setstate(std::ios::failbit);
+ return is;
+ }
+
+ auto prefixLenStr = networkStr.substr(position + 1);
+ if (!std::all_of(prefixLenStr.begin(), prefixLenStr.end(),
+ [] (unsigned char c) { return std::isdigit(c); })) {
+ is.setstate(std::ios::failbit);
+ return is;
+ }
+ size_t mask;
+ try {
+ mask = boost::lexical_cast<size_t>(prefixLenStr);
+ }
+ catch (const boost::bad_lexical_cast&) {
+ is.setstate(std::ios::failbit);
+ return is;
+ }
if (address.is_v4()) {
+ if (mask > 32) {
+ is.setstate(std::ios::failbit);
+ return is;
+ }
+
ip::address_v4::bytes_type maskBytes = boost::initialized_value;
for (size_t i = 0; i < mask; i++) {
size_t byteId = i / 8;
@@ -134,6 +150,11 @@
network.m_maxAddress = ip::address_v4(max);
}
else {
+ if (mask > 128) {
+ is.setstate(std::ios::failbit);
+ return is;
+ }
+
ip::address_v6::bytes_type maskBytes = boost::initialized_value;
for (size_t i = 0; i < mask; i++) {
size_t byteId = i / 8;
diff --git a/nfd.conf.sample.in b/nfd.conf.sample.in
index 7ac472b..334bc5a 100644
--- a/nfd.conf.sample.in
+++ b/nfd.conf.sample.in
@@ -139,8 +139,9 @@
; Whitelist and blacklist can contain, in no particular order:
; - interface names, including wildcard patterns (e.g., 'ifname eth0', 'ifname en*', 'ifname wlp?s0')
- ; - mac addresses (e.g., 'ether 85:3b:4d:d3:5f:c2')
- ; - subnets (e.g., 'subnet 192.0.2.0/24', note that only IPv4 is supported here)
+ ; - MAC addresses (e.g., 'ether 85:3b:4d:d3:5f:c2')
+ ; - IPv4 subnets (e.g., 'subnet 192.0.2.0/24')
+ ; - IPv6 subnets (e.g., 'subnet 2001:db8::/32')
; - a single asterisk ('*') that matches all interfaces
; By default, all interfaces are whitelisted.
whitelist
@@ -193,8 +194,9 @@
@IF_HAVE_LIBPCAP@
@IF_HAVE_LIBPCAP@ ; Whitelist and blacklist can contain, in no particular order:
@IF_HAVE_LIBPCAP@ ; - interface names, including wildcard patterns (e.g., 'ifname eth0', 'ifname en*', 'ifname wlp?s0')
- @IF_HAVE_LIBPCAP@ ; - mac addresses (e.g., 'ether 85:3b:4d:d3:5f:c2')
- @IF_HAVE_LIBPCAP@ ; - subnets (e.g., 'subnet 192.0.2.0/24', note that only IPv4 is supported here)
+ @IF_HAVE_LIBPCAP@ ; - MAC addresses (e.g., 'ether 85:3b:4d:d3:5f:c2')
+ @IF_HAVE_LIBPCAP@ ; - IPv4 subnets (e.g., 'subnet 192.0.2.0/24')
+ @IF_HAVE_LIBPCAP@ ; - IPv6 subnets (e.g., 'subnet 2001:db8::/32')
@IF_HAVE_LIBPCAP@ ; - a single asterisk ('*') that matches all interfaces
@IF_HAVE_LIBPCAP@ ; By default, all interfaces are whitelisted.
@IF_HAVE_LIBPCAP@ whitelist
diff --git a/tests/core/network-interface-predicate.t.cpp b/tests/core/network-interface-predicate.t.cpp
index 9ae6c44..7e6a1bf 100644
--- a/tests/core/network-interface-predicate.t.cpp
+++ b/tests/core/network-interface-predicate.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2014-2017, Regents of the University of California,
+ * Copyright (c) 2014-2018, Regents of the University of California,
* Arizona Board of Regents,
* Colorado State University,
* University Pierre & Marie Curie, Sorbonne University,
@@ -51,6 +51,9 @@
netifs.back()->addNetworkAddress(NetworkAddress(AddressFamily::V4,
address_v4::from_string("129.82.100.1"), address_v4::from_string("129.82.255.255"),
16, AddressScope::GLOBAL, 0));
+ netifs.back()->addNetworkAddress(NetworkAddress(AddressFamily::V4,
+ address_v6::from_string("2001:db8:1::1"), address_v6::from_string("2001:db8:1::ffff:ffff:ffff:ffff"),
+ 64, AddressScope::GLOBAL, 0));
netifs.back()->setFlags(IFF_UP);
netifs.push_back(NetworkMonitorStub::makeNetworkInterface());
@@ -60,6 +63,9 @@
netifs.back()->addNetworkAddress(NetworkAddress(AddressFamily::V4,
address_v4::from_string("192.168.2.1"), address_v4::from_string("192.168.2.255"),
24, AddressScope::GLOBAL, 0));
+ netifs.back()->addNetworkAddress(NetworkAddress(AddressFamily::V4,
+ address_v6::from_string("2001:db8:2::1"), address_v6::from_string("2001:db8:2::ffff:ffff:ffff:ffff"),
+ 64, AddressScope::GLOBAL, 0));
netifs.back()->setFlags(IFF_UP);
netifs.push_back(NetworkMonitorStub::makeNetworkInterface());
@@ -284,7 +290,7 @@
ConfigFile::Error);
}
-BOOST_AUTO_TEST_CASE(SubnetWhitelist)
+BOOST_AUTO_TEST_CASE(Subnet4Whitelist)
{
parseConfig("whitelist\n"
"{\n"
@@ -297,7 +303,7 @@
BOOST_CHECK_EQUAL(predicate(*netifs[3]), true);
}
-BOOST_AUTO_TEST_CASE(SubnetBlacklist)
+BOOST_AUTO_TEST_CASE(Subnet4Blacklist)
{
parseConfig("blacklist\n"
"{\n"
@@ -310,6 +316,32 @@
BOOST_CHECK_EQUAL(predicate(*netifs[3]), false);
}
+BOOST_AUTO_TEST_CASE(Subnet6Whitelist)
+{
+ parseConfig("whitelist\n"
+ "{\n"
+ " subnet 2001:db8:2::1/120\n"
+ "}");
+
+ BOOST_CHECK_EQUAL(predicate(*netifs[0]), false);
+ BOOST_CHECK_EQUAL(predicate(*netifs[1]), true);
+ BOOST_CHECK_EQUAL(predicate(*netifs[2]), false);
+ BOOST_CHECK_EQUAL(predicate(*netifs[3]), false);
+}
+
+BOOST_AUTO_TEST_CASE(Subnet6Blacklist)
+{
+ parseConfig("blacklist\n"
+ "{\n"
+ " subnet 2001:db8:2::1/120\n"
+ "}");
+
+ BOOST_CHECK_EQUAL(predicate(*netifs[0]), true);
+ BOOST_CHECK_EQUAL(predicate(*netifs[1]), false);
+ BOOST_CHECK_EQUAL(predicate(*netifs[2]), true);
+ BOOST_CHECK_EQUAL(predicate(*netifs[3]), true);
+}
+
BOOST_AUTO_TEST_CASE(SubnetMalformed)
{
BOOST_CHECK_THROW(
diff --git a/tests/core/network.t.cpp b/tests/core/network.t.cpp
index 76555a8..62eabde 100644
--- a/tests/core/network.t.cpp
+++ b/tests/core/network.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2014-2016, Regents of the University of California,
+/*
+ * Copyright (c) 2014-2018, Regents of the University of California,
* Arizona Board of Regents,
* Colorado State University,
* University Pierre & Marie Curie, Sorbonne University,
@@ -69,6 +69,9 @@
Network n = boost::lexical_cast<Network>("192.0.2.0/24");
BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(n), "192.0.2.0 <-> 192.0.2.255");
+ BOOST_CHECK_THROW(boost::lexical_cast<Network>("192.0.2.0/255"), boost::bad_lexical_cast);
+ BOOST_CHECK_THROW(boost::lexical_cast<Network>("256.0.2.0/24"), boost::bad_lexical_cast);
+
BOOST_CHECK_EQUAL(n.doesContain(address::from_string("192.0.2.1")), true);
BOOST_CHECK_EQUAL(n.doesContain(address::from_string("192.0.2.254")), true);
BOOST_CHECK_EQUAL(n.doesContain(address::from_string("192.0.1.255")), false);
@@ -106,6 +109,10 @@
BOOST_CHECK_EQUAL(boost::lexical_cast<std::string>(n),
"2001:db8:3f9:1:: <-> 2001:db8:3f9:1:ffff:ffff:ffff:ffff");
+ BOOST_CHECK_THROW(boost::lexical_cast<Network>("2001:db8:3f9:1::/129"), boost::bad_lexical_cast);
+ BOOST_CHECK_THROW(boost::lexical_cast<Network>("200x:db8:3f9:1::/64"), boost::bad_lexical_cast);
+ BOOST_CHECK_THROW(boost::lexical_cast<Network>("2001:db8:3f9::1::/64"), boost::bad_lexical_cast);
+
BOOST_CHECK_EQUAL(n.doesContain(address::from_string("192.0.2.1")), false);
BOOST_CHECK_EQUAL(n.doesContain(address::from_string("2001:db8:3f9:1:3025:ccc5:eeeb:86d3")),
true);
@@ -167,6 +174,9 @@
BOOST_CHECK_EQUAL(Network::isValidCidr("foo/"), false);
BOOST_CHECK_EQUAL(Network::isValidCidr("foo"), false);
BOOST_CHECK_EQUAL(Network::isValidCidr("256.0.256.0/24"), false);
+
+ BOOST_CHECK_EQUAL(Network::isValidCidr("::1"), false);
+ BOOST_CHECK_EQUAL(Network::isValidCidr("::1/128"), true);
}
BOOST_AUTO_TEST_SUITE_END() // TestNetwork