1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "apr_arch_networkio.h"
18 #include "apr_strings.h"
21 #include "apr_strings.h"
22 #include "apr_private.h"
28 #define APR_WANT_STRFUNC
31 struct apr_ipsubnet_t {
34 apr_uint32_t sub[4]; /* big enough for IPv4 and IPv6 addresses */
42 #if !defined(NETWARE) && !defined(WIN32)
43 #ifdef HAVE_SET_H_ERRNO
44 #define SET_H_ERRNO(newval) set_h_errno(newval)
46 #define SET_H_ERRNO(newval) h_errno = (newval)
49 #define SET_H_ERRNO(newval)
52 #if APR_HAS_THREADS && !defined(GETHOSTBYNAME_IS_THREAD_SAFE) && \
53 defined(HAVE_GETHOSTBYNAME_R)
54 /* This is the maximum size that may be returned from the reentrant
55 * gethostbyname_r function. If the system tries to use more, it
56 * should return ERANGE.
58 #define GETHOSTBYNAME_BUFLEN 512
62 /* Some levels of AIX getaddrinfo() don't like servname = "0", so
63 * set servname to "1" when port is 0 and fix it up later.
65 #define AIX_SERVNAME_HACK 1
67 #define AIX_SERVNAME_HACK 0
71 /* XXX: BS solution. Need an HAVE_GETSERVBYNAME and actually
72 * do something here, to provide the obvious proto mappings.
74 static void *getservbyname(const char *name, const char *proto)
80 static apr_status_t get_local_addr(apr_socket_t *sock)
82 sock->local_addr->salen = sizeof(sock->local_addr->sa);
83 if (getsockname(sock->socketdes, (struct sockaddr *)&sock->local_addr->sa,
84 &sock->local_addr->salen) < 0) {
85 return apr_get_netos_error();
88 sock->local_port_unknown = sock->local_interface_unknown = 0;
89 /* XXX assumes sin_port and sin6_port at same offset */
90 sock->local_addr->port = ntohs(sock->local_addr->sa.sin.sin_port);
95 static apr_status_t get_remote_addr(apr_socket_t *sock)
97 sock->remote_addr->salen = sizeof(sock->remote_addr->sa);
98 if (getpeername(sock->socketdes, (struct sockaddr *)&sock->remote_addr->sa,
99 &sock->remote_addr->salen) < 0) {
100 return apr_get_netos_error();
103 sock->remote_addr_unknown = 0;
104 /* XXX assumes sin_port and sin6_port at same offset */
105 sock->remote_addr->port = ntohs(sock->remote_addr->sa.sin.sin_port);
110 APR_DECLARE(apr_status_t) apr_sockaddr_ip_getbuf(char *buf, apr_size_t buflen,
111 apr_sockaddr_t *sockaddr)
113 if (!apr_inet_ntop(sockaddr->family, sockaddr->ipaddr_ptr, buf, buflen)) {
118 if (sockaddr->family == AF_INET6
119 && IN6_IS_ADDR_V4MAPPED((struct in6_addr *)sockaddr->ipaddr_ptr)
120 && buflen > strlen("::ffff:")) {
121 /* This is an IPv4-mapped IPv6 address; drop the leading
122 * part of the address string so we're left with the familiar
125 memmove(buf, buf + strlen("::ffff:"),
126 strlen(buf + strlen("::ffff:"))+1);
129 /* ensure NUL termination if the buffer is too short */
130 buf[buflen-1] = '\0';
134 APR_DECLARE(apr_status_t) apr_sockaddr_ip_get(char **addr,
135 apr_sockaddr_t *sockaddr)
137 *addr = apr_palloc(sockaddr->pool, sockaddr->addr_str_len);
138 return apr_sockaddr_ip_getbuf(*addr, sockaddr->addr_str_len, sockaddr);
141 void apr_sockaddr_vars_set(apr_sockaddr_t *addr, int family, apr_port_t port)
143 addr->family = family;
144 addr->sa.sin.sin_family = family;
146 /* XXX IPv6: assumes sin_port and sin6_port at same offset */
147 addr->sa.sin.sin_port = htons(port);
150 #if AIX_SERVNAME_HACK
152 addr->sa.sin.sin_port = htons(port);
156 if (family == APR_INET) {
157 addr->salen = sizeof(struct sockaddr_in);
158 addr->addr_str_len = 16;
159 addr->ipaddr_ptr = &(addr->sa.sin.sin_addr);
160 addr->ipaddr_len = sizeof(struct in_addr);
163 else if (family == APR_INET6) {
164 addr->salen = sizeof(struct sockaddr_in6);
165 addr->addr_str_len = 46;
166 addr->ipaddr_ptr = &(addr->sa.sin6.sin6_addr);
167 addr->ipaddr_len = sizeof(struct in6_addr);
172 APR_DECLARE(apr_status_t) apr_socket_addr_get(apr_sockaddr_t **sa,
173 apr_interface_e which,
176 if (which == APR_LOCAL) {
177 if (sock->local_interface_unknown || sock->local_port_unknown) {
178 apr_status_t rv = get_local_addr(sock);
180 if (rv != APR_SUCCESS) {
184 *sa = sock->local_addr;
186 else if (which == APR_REMOTE) {
187 if (sock->remote_addr_unknown) {
188 apr_status_t rv = get_remote_addr(sock);
190 if (rv != APR_SUCCESS) {
194 *sa = sock->remote_addr;
203 APR_DECLARE(apr_status_t) apr_parse_addr_port(char **addr,
209 const char *ch, *lastchar;
213 *addr = NULL; /* assume not specified */
214 *scope_id = NULL; /* assume not specified */
215 *port = 0; /* assume not specified */
217 /* First handle the optional port number. That may be all that
218 * is specified in the string.
220 ch = lastchar = str + strlen(str) - 1;
221 while (ch >= str && apr_isdigit(*ch)) {
225 if (ch < str) { /* Entire string is the port. */
226 big_port = atoi(str);
227 if (big_port < 1 || big_port > 65535) {
234 if (*ch == ':' && ch < lastchar) { /* host and port number specified */
235 if (ch == str) { /* string starts with ':' -- bad */
238 big_port = atoi(ch + 1);
239 if (big_port < 1 || big_port > 65535) {
246 /* now handle the hostname */
247 addrlen = lastchar - str + 1;
249 /* XXX we don't really have to require APR_HAVE_IPV6 for this;
250 * just pass char[] for ipaddr (so we don't depend on struct in6_addr)
251 * and always define APR_INET6
255 const char *end_bracket = memchr(str, ']', addrlen);
256 struct in6_addr ipaddr;
257 const char *scope_delim;
259 if (!end_bracket || end_bracket != lastchar) {
264 /* handle scope id; this is the only context where it is allowed */
265 scope_delim = memchr(str, '%', addrlen);
267 if (scope_delim == end_bracket - 1) { /* '%' without scope id */
271 addrlen = scope_delim - str - 1;
272 *scope_id = apr_palloc(p, end_bracket - scope_delim);
273 memcpy(*scope_id, scope_delim + 1, end_bracket - scope_delim - 1);
274 (*scope_id)[end_bracket - scope_delim - 1] = '\0';
277 addrlen = addrlen - 2; /* minus 2 for '[' and ']' */
280 *addr = apr_palloc(p, addrlen + 1);
284 (*addr)[addrlen] = '\0';
285 if (apr_inet_pton(AF_INET6, *addr, &ipaddr) != 1) {
295 /* XXX If '%' is not a valid char in a DNS name, we *could* check
296 * for bogus scope ids first.
298 *addr = apr_palloc(p, addrlen + 1);
299 memcpy(*addr, str, addrlen);
300 (*addr)[addrlen] = '\0';
305 #if defined(HAVE_GETADDRINFO)
307 static apr_status_t call_resolver(apr_sockaddr_t **sa,
308 const char *hostname, apr_int32_t family,
309 apr_port_t port, apr_int32_t flags,
312 struct addrinfo hints, *ai, *ai_list;
313 apr_sockaddr_t *prev_sa;
315 char *servname = NULL;
317 memset(&hints, 0, sizeof(hints));
318 hints.ai_family = family;
319 hints.ai_socktype = SOCK_STREAM;
320 #ifdef HAVE_GAI_ADDRCONFIG
321 if (family == APR_UNSPEC) {
322 /* By default, only look up addresses using address types for
323 * which a local interface is configured, i.e. no IPv6 if no
324 * IPv6 interfaces configured. */
325 hints.ai_flags = AI_ADDRCONFIG;
328 if(hostname == NULL) {
330 /* If hostname is NULL, assume we are trying to bind to all
332 hints.ai_flags |= AI_PASSIVE;
334 /* getaddrinfo according to RFC 2553 must have either hostname
335 * or servname non-NULL.
338 /* The Tru64 5.0 getaddrinfo() can only resolve services given
339 * by the name listed in /etc/services; a numeric or unknown
340 * servname gets an EAI_SERVICE error. So just resolve the
341 * appropriate anyaddr and fill in the port later. */
342 hostname = family == AF_INET6 ? "::" : "0.0.0.0";
344 #ifdef AI_NUMERICHOST
345 hints.ai_flags |= AI_NUMERICHOST;
348 #if AIX_SERVNAME_HACK
353 #endif /* AIX_SERVNAME_HACK */
354 servname = apr_itoa(p, port);
357 error = getaddrinfo(hostname, servname, &hints, &ai_list);
358 #ifdef HAVE_GAI_ADDRCONFIG
360 * Using AI_ADDRCONFIG involves some unfortunate guesswork because it
361 * does not consider loopback addresses when trying to determine if
362 * IPv4 or IPv6 is configured on a system (see RFC 3493).
363 * This is a problem if one actually wants to listen on or connect to
364 * the loopback address of a protocol family that is not otherwise
365 * configured on the system. See PR 52709.
366 * To work around some of the problems, retry without AI_ADDRCONFIG
367 * in case of EAI_ADDRFAMILY.
368 * XXX: apr_sockaddr_info_get() should really accept a flag to determine
369 * XXX: if AI_ADDRCONFIG's guesswork is wanted and if the address is
370 * XXX: to be used for listen() or connect().
372 * In case of EAI_BADFLAGS, AI_ADDRCONFIG is not supported.
374 if ((family == APR_UNSPEC) && (error == EAI_BADFLAGS
375 #ifdef EAI_ADDRFAMILY
376 || error == EAI_ADDRFAMILY
379 hints.ai_flags &= ~AI_ADDRCONFIG;
380 error = getaddrinfo(hostname, servname, &hints, &ai_list);
385 return apr_get_netos_error();
387 if (error == EAI_SYSTEM) {
388 return errno ? errno : APR_EGENERAL;
392 /* issues with representing this with APR's error scheme:
393 * glibc uses negative values for these numbers, perhaps so
394 * they don't conflict with h_errno values... Tru64 uses
395 * positive values which conflict with h_errno values
397 #if defined(NEGATIVE_EAI)
400 return error + APR_OS_START_EAIERR;
407 while (ai) { /* while more addresses to report */
408 apr_sockaddr_t *new_sa;
410 /* Ignore anything bogus: getaddrinfo in some old versions of
411 * glibc will return AF_UNIX entries for APR_UNSPEC+AI_PASSIVE
414 if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) {
416 if (ai->ai_family != AF_INET) {
422 new_sa = apr_pcalloc(p, sizeof(apr_sockaddr_t));
425 memcpy(&new_sa->sa, ai->ai_addr, ai->ai_addrlen);
426 apr_sockaddr_vars_set(new_sa, ai->ai_family, port);
428 if (!prev_sa) { /* first element in new list */
430 new_sa->hostname = apr_pstrdup(p, hostname);
435 new_sa->hostname = prev_sa->hostname;
436 prev_sa->next = new_sa;
442 freeaddrinfo(ai_list);
444 if (prev_sa == NULL) {
446 * getaddrinfo returned only useless entries and *sa is still empty.
447 * This should be treated as an error.
455 static apr_status_t find_addresses(apr_sockaddr_t **sa,
456 const char *hostname, apr_int32_t family,
457 apr_port_t port, apr_int32_t flags,
460 if (flags & APR_IPV4_ADDR_OK) {
461 apr_status_t error = call_resolver(sa, hostname, AF_INET, port, flags, p);
465 family = AF_INET6; /* try again */
472 else if (flags & APR_IPV6_ADDR_OK) {
473 apr_status_t error = call_resolver(sa, hostname, AF_INET6, port, flags, p);
476 family = AF_INET; /* try again */
484 return call_resolver(sa, hostname, family, port, flags, p);
487 #else /* end of HAVE_GETADDRINFO code */
489 static apr_status_t find_addresses(apr_sockaddr_t **sa,
490 const char *hostname, apr_int32_t family,
491 apr_port_t port, apr_int32_t flags,
495 apr_sockaddr_t *prev_sa;
497 #if APR_HAS_THREADS && !defined(GETHOSTBYNAME_IS_THREAD_SAFE) && \
498 defined(HAVE_GETHOSTBYNAME_R) && !defined(BEOS)
499 #ifdef GETHOSTBYNAME_R_HOSTENT_DATA
500 struct hostent_data hd;
502 /* If you see ERANGE, that means GETHOSBYNAME_BUFLEN needs to be
504 char tmp[GETHOSTBYNAME_BUFLEN];
509 struct in_addr ipaddr;
511 const char *orig_hostname = hostname;
513 if (hostname == NULL) {
514 /* if we are given a NULL hostname, assume '0.0.0.0' */
515 hostname = "0.0.0.0";
518 if (*hostname >= '0' && *hostname <= '9' &&
519 strspn(hostname, "0123456789.") == strlen(hostname)) {
521 ipaddr.s_addr = inet_addr(hostname);
522 addr_list[0] = (char *)&ipaddr;
523 addr_list[1] = NULL; /* just one IP in list */
524 hs.h_addr_list = (char **)addr_list;
528 #if APR_HAS_THREADS && !defined(GETHOSTBYNAME_IS_THREAD_SAFE) && \
529 defined(HAVE_GETHOSTBYNAME_R) && !defined(BEOS)
530 #if defined(GETHOSTBYNAME_R_HOSTENT_DATA)
531 /* AIX, HP/UX, D/UX et alia */
532 gethostbyname_r(hostname, &hs, &hd);
535 #if defined(GETHOSTBYNAME_R_GLIBC2)
537 gethostbyname_r(hostname, &hs, tmp, GETHOSTBYNAME_BUFLEN - 1,
540 /* Solaris, Irix et alia */
541 hp = gethostbyname_r(hostname, &hs, tmp, GETHOSTBYNAME_BUFLEN - 1,
543 #endif /* !defined(GETHOSTBYNAME_R_GLIBC2) */
545 return (hosterror + APR_OS_START_SYSERR);
547 #endif /* !defined(GETHOSTBYNAME_R_HOSTENT_DATA) */
549 hp = gethostbyname(hostname);
554 return apr_get_netos_error();
556 return (h_errno + APR_OS_START_SYSERR);
563 while (hp->h_addr_list[curaddr]) {
564 apr_sockaddr_t *new_sa = apr_pcalloc(p, sizeof(apr_sockaddr_t));
567 new_sa->sa.sin.sin_addr = *(struct in_addr *)hp->h_addr_list[curaddr];
568 apr_sockaddr_vars_set(new_sa, AF_INET, port);
570 if (!prev_sa) { /* first element in new list */
572 new_sa->hostname = apr_pstrdup(p, orig_hostname);
577 new_sa->hostname = prev_sa->hostname;
578 prev_sa->next = new_sa;
585 if (prev_sa == NULL) {
586 /* this should not happen but no result should be treated as error */
593 #endif /* end of !HAVE_GETADDRINFO code */
595 APR_DECLARE(apr_status_t) apr_sockaddr_info_get(apr_sockaddr_t **sa,
596 const char *hostname,
597 apr_int32_t family, apr_port_t port,
598 apr_int32_t flags, apr_pool_t *p)
603 if ((masked = flags & (APR_IPV4_ADDR_OK | APR_IPV6_ADDR_OK))) {
605 family != APR_UNSPEC ||
606 masked == (APR_IPV4_ADDR_OK | APR_IPV6_ADDR_OK)) {
610 if (flags & APR_IPV6_ADDR_OK) {
616 /* What may happen is that APR is not IPv6-enabled, but we're still
617 * going to call getaddrinfo(), so we have to tell the OS we only
618 * want IPv4 addresses back since we won't know what to do with
621 if (family == APR_UNSPEC) {
626 return find_addresses(sa, hostname, family, port, flags, p);
629 APR_DECLARE(apr_status_t) apr_getnameinfo(char **hostname,
630 apr_sockaddr_t *sockaddr,
633 #if defined(HAVE_GETNAMEINFO)
635 #if defined(NI_MAXHOST)
636 char tmphostname[NI_MAXHOST];
638 char tmphostname[256];
641 /* don't know if it is portable for getnameinfo() to set h_errno;
642 * clear it then see if it was set */
645 /* default flags are NI_NAMREQD; otherwise, getnameinfo() will return
646 * a numeric address string if it fails to resolve the host name;
647 * that is *not* what we want here
649 * For IPv4-mapped IPv6 addresses, drop down to IPv4 before calling
650 * getnameinfo() to avoid getnameinfo bugs (MacOS X, glibc).
653 if (sockaddr->family == AF_INET6 &&
654 IN6_IS_ADDR_V4MAPPED(&sockaddr->sa.sin6.sin6_addr)) {
655 struct sockaddr_in tmpsa;
656 tmpsa.sin_family = AF_INET;
658 tmpsa.sin_addr.s_addr = ((apr_uint32_t *)sockaddr->ipaddr_ptr)[3];
660 tmpsa.sin_len = sizeof(tmpsa);
663 rc = getnameinfo((const struct sockaddr *)&tmpsa, sizeof(tmpsa),
664 tmphostname, sizeof(tmphostname), NULL, 0,
665 flags != 0 ? flags : NI_NAMEREQD);
669 rc = getnameinfo((const struct sockaddr *)&sockaddr->sa, sockaddr->salen,
670 tmphostname, sizeof(tmphostname), NULL, 0,
671 flags != 0 ? flags : NI_NAMEREQD);
676 /* something went wrong. Look at the EAI_ error code */
677 if (rc == EAI_SYSTEM) {
678 /* EAI_SYSTEM System error returned in errno. */
679 /* IMHO, Implementations that set h_errno a simply broken. */
680 if (h_errno) { /* for broken implementations which set h_errno */
681 return h_errno + APR_OS_START_SYSERR;
683 else { /* "normal" case */
684 return errno + APR_OS_START_SYSERR;
690 #if defined(NEGATIVE_EAI)
691 if (rc < 0) rc = -rc;
693 return rc + APR_OS_START_EAIERR; /* return the EAI_ error */
696 *hostname = sockaddr->hostname = apr_pstrdup(sockaddr->pool,
700 #if APR_HAS_THREADS && !defined(GETHOSTBYADDR_IS_THREAD_SAFE) && \
701 defined(HAVE_GETHOSTBYADDR_R) && !defined(BEOS)
702 #ifdef GETHOSTBYNAME_R_HOSTENT_DATA
703 struct hostent_data hd;
705 char tmp[GETHOSTBYNAME_BUFLEN];
708 struct hostent hs, *hptr;
710 #if defined(GETHOSTBYNAME_R_HOSTENT_DATA)
711 /* AIX, HP/UX, D/UX et alia */
712 gethostbyaddr_r((char *)&sockaddr->sa.sin.sin_addr,
713 sizeof(struct in_addr), AF_INET, &hs, &hd);
716 #if defined(GETHOSTBYNAME_R_GLIBC2)
718 gethostbyaddr_r((char *)&sockaddr->sa.sin.sin_addr,
719 sizeof(struct in_addr), AF_INET,
720 &hs, tmp, GETHOSTBYNAME_BUFLEN - 1, &hptr, &hosterror);
722 /* Solaris, Irix et alia */
723 hptr = gethostbyaddr_r((char *)&sockaddr->sa.sin.sin_addr,
724 sizeof(struct in_addr), AF_INET,
725 &hs, tmp, GETHOSTBYNAME_BUFLEN, &hosterror);
726 #endif /* !defined(GETHOSTBYNAME_R_GLIBC2) */
729 return hosterror + APR_OS_START_SYSERR;
731 #endif /* !defined(GETHOSTBYNAME_R_HOSTENT_DATA) */
733 struct hostent *hptr;
734 hptr = gethostbyaddr((char *)&sockaddr->sa.sin.sin_addr,
735 sizeof(struct in_addr), AF_INET);
739 *hostname = sockaddr->hostname = apr_pstrdup(sockaddr->pool, hptr->h_name);
744 return apr_get_netos_error();
748 return h_errno + APR_OS_START_SYSERR;
753 APR_DECLARE(apr_status_t) apr_getservbyname(apr_sockaddr_t *sockaddr,
754 const char *servname)
756 #if APR_HAS_THREADS && !defined(GETSERVBYNAME_IS_THREAD_SAFE) && \
757 defined(HAVE_GETSERVBYNAME_R) && \
758 (defined(GETSERVBYNAME_R_GLIBC2) || defined(GETSERVBYNAME_R_SOLARIS) || \
759 defined(GETSERVBYNAME_R_OSF1))
761 #if defined(GETSERVBYNAME_R_OSF1)
762 struct servent_data sed;
764 memset(&sed, 0, sizeof(sed)); /* must zero fill before use */
766 #if defined(GETSERVBYNAME_R_GLIBC2)
775 if (servname == NULL)
778 #if APR_HAS_THREADS && !defined(GETSERVBYNAME_IS_THREAD_SAFE) && \
779 defined(HAVE_GETSERVBYNAME_R) && \
780 (defined(GETSERVBYNAME_R_GLIBC2) || defined(GETSERVBYNAME_R_SOLARIS) || \
781 defined(GETSERVBYNAME_R_OSF1))
782 #if defined(GETSERVBYNAME_R_GLIBC2)
783 if (getservbyname_r(servname, NULL,
784 &se, buf, sizeof(buf), &res) == 0 && res != NULL) {
785 sockaddr->port = ntohs(res->s_port);
786 sockaddr->servname = apr_pstrdup(sockaddr->pool, servname);
787 sockaddr->sa.sin.sin_port = res->s_port;
790 #elif defined(GETSERVBYNAME_R_SOLARIS)
791 if (getservbyname_r(servname, NULL, &se, buf, sizeof(buf)) != NULL) {
792 sockaddr->port = ntohs(se.s_port);
793 sockaddr->servname = apr_pstrdup(sockaddr->pool, servname);
794 sockaddr->sa.sin.sin_port = se.s_port;
797 #elif defined(GETSERVBYNAME_R_OSF1)
798 if (getservbyname_r(servname, NULL, &se, &sed) == 0) {
799 sockaddr->port = ntohs(se.s_port);
800 sockaddr->servname = apr_pstrdup(sockaddr->pool, servname);
801 sockaddr->sa.sin.sin_port = se.s_port;
806 if ((se = getservbyname(servname, NULL)) != NULL){
807 sockaddr->port = ntohs(se->s_port);
808 sockaddr->servname = apr_pstrdup(sockaddr->pool, servname);
809 sockaddr->sa.sin.sin_port = se->s_port;
816 #define V4MAPPED_EQUAL(a,b) \
817 ((a)->sa.sin.sin_family == AF_INET && \
818 (b)->sa.sin.sin_family == AF_INET6 && \
819 IN6_IS_ADDR_V4MAPPED((struct in6_addr *)(b)->ipaddr_ptr) && \
820 !memcmp((a)->ipaddr_ptr, \
821 &((struct in6_addr *)(b)->ipaddr_ptr)->s6_addr[12], \
824 APR_DECLARE(int) apr_sockaddr_equal(const apr_sockaddr_t *addr1,
825 const apr_sockaddr_t *addr2)
827 if (addr1->ipaddr_len == addr2->ipaddr_len &&
828 !memcmp(addr1->ipaddr_ptr, addr2->ipaddr_ptr, addr1->ipaddr_len)) {
832 if (V4MAPPED_EQUAL(addr1, addr2)) {
835 if (V4MAPPED_EQUAL(addr2, addr1)) {
839 return 0; /* not equal */
842 static apr_status_t parse_network(apr_ipsubnet_t *ipsub, const char *network)
844 /* legacy syntax for ip addrs: a.b.c. ==> a.b.c.0/24 for example */
848 char buf[sizeof "255.255.255.255"];
850 if (strlen(network) < sizeof buf) {
851 strcpy(buf, network);
857 /* parse components */
864 if (!apr_isdigit(*t)) {
867 while (apr_isdigit(*t)) {
880 if (octet < 0 || octet > 255) {
883 ipsub->sub[0] |= octet << shift;
884 ipsub->mask[0] |= 0xFFUL << shift;
888 ipsub->sub[0] = ntohl(ipsub->sub[0]);
889 ipsub->mask[0] = ntohl(ipsub->mask[0]);
890 ipsub->family = AF_INET;
895 * APR_EINVAL not an IP address; caller should see if it is something else
896 * APR_BADIP IP address portion is is not valid
897 * APR_BADMASK mask portion is not valid
900 static apr_status_t parse_ip(apr_ipsubnet_t *ipsub, const char *ipstr, int network_allowed)
902 /* supported flavors of IP:
904 * . IPv6 numeric address string (e.g., "fe80::1")
906 * IMPORTANT: Don't store IPv4-mapped IPv6 address as an IPv6 address.
908 * . IPv4 numeric address string (e.g., "127.0.0.1")
910 * . IPv4 network string (e.g., "9.67")
912 * IMPORTANT: This network form is only allowed if network_allowed is on.
917 rc = apr_inet_pton(AF_INET6, ipstr, ipsub->sub);
919 if (IN6_IS_ADDR_V4MAPPED((struct in6_addr *)ipsub->sub)) {
920 /* apr_ipsubnet_test() assumes that we don't create IPv4-mapped IPv6
921 * addresses; this of course forces the user to specify IPv4 addresses
922 * in a.b.c.d style instead of ::ffff:a.b.c.d style.
926 ipsub->family = AF_INET6;
931 rc = apr_inet_pton(AF_INET, ipstr, ipsub->sub);
933 ipsub->family = AF_INET;
937 if (network_allowed) {
938 return parse_network(ipsub, ipstr);
947 static int looks_like_ip(const char *ipstr)
949 if (strchr(ipstr, ':')) {
950 /* definitely not a hostname; assume it is intended to be an IPv6 address */
954 /* simple IPv4 address string check */
955 while ((*ipstr == '.') || apr_isdigit(*ipstr))
957 return (*ipstr == '\0');
960 static void fix_subnet(apr_ipsubnet_t *ipsub)
962 /* in case caller specified more bits in network address than are
963 * valid according to the mask, turn off the extra bits
967 for (i = 0; i < sizeof ipsub->mask / sizeof(apr_int32_t); i++) {
968 ipsub->sub[i] &= ipsub->mask[i];
972 /* be sure not to store any IPv4 address as a v4-mapped IPv6 address */
973 APR_DECLARE(apr_status_t) apr_ipsubnet_create(apr_ipsubnet_t **ipsub, const char *ipstr,
974 const char *mask_or_numbits, apr_pool_t *p)
978 long bits, maxbits = 32;
980 /* filter out stuff which doesn't look remotely like an IP address; this helps
981 * callers like mod_access which have a syntax allowing hostname or IP address;
982 * APR_EINVAL tells the caller that it was probably not intended to be an IP
985 if (!looks_like_ip(ipstr)) {
989 *ipsub = apr_pcalloc(p, sizeof(apr_ipsubnet_t));
991 /* assume ipstr is an individual IP address, not a subnet */
992 memset((*ipsub)->mask, 0xFF, sizeof (*ipsub)->mask);
994 rv = parse_ip(*ipsub, ipstr, mask_or_numbits == NULL);
995 if (rv != APR_SUCCESS) {
999 if (mask_or_numbits) {
1001 if ((*ipsub)->family == AF_INET6) {
1005 bits = strtol(mask_or_numbits, &endptr, 10);
1006 if (*endptr == '\0' && bits > 0 && bits <= maxbits) {
1007 /* valid num-bits string; fill in mask appropriately */
1009 apr_int32_t cur_bit_value;
1011 memset((*ipsub)->mask, 0, sizeof (*ipsub)->mask);
1013 (*ipsub)->mask[cur_entry] = 0xFFFFFFFF; /* all 32 bits */
1017 cur_bit_value = 0x80000000;
1019 (*ipsub)->mask[cur_entry] |= cur_bit_value;
1023 (*ipsub)->mask[cur_entry] = htonl((*ipsub)->mask[cur_entry]);
1025 else if (apr_inet_pton(AF_INET, mask_or_numbits, (*ipsub)->mask) == 1 &&
1026 (*ipsub)->family == AF_INET) {
1027 /* valid IPv4 netmask */
1030 return APR_EBADMASK;
1039 APR_DECLARE(int) apr_ipsubnet_test(apr_ipsubnet_t *ipsub, apr_sockaddr_t *sa)
1042 /* XXX This line will segv on Win32 build with APR_HAVE_IPV6,
1043 * but without the IPV6 drivers installed.
1045 if (sa->family == AF_INET) {
1046 if (ipsub->family == AF_INET &&
1047 ((sa->sa.sin.sin_addr.s_addr & ipsub->mask[0]) == ipsub->sub[0])) {
1051 else if (IN6_IS_ADDR_V4MAPPED((struct in6_addr *)sa->ipaddr_ptr)) {
1052 if (ipsub->family == AF_INET &&
1053 (((apr_uint32_t *)sa->ipaddr_ptr)[3] & ipsub->mask[0]) == ipsub->sub[0]) {
1057 else if (sa->family == AF_INET6 && ipsub->family == AF_INET6) {
1058 apr_uint32_t *addr = (apr_uint32_t *)sa->ipaddr_ptr;
1060 if ((addr[0] & ipsub->mask[0]) == ipsub->sub[0] &&
1061 (addr[1] & ipsub->mask[1]) == ipsub->sub[1] &&
1062 (addr[2] & ipsub->mask[2]) == ipsub->sub[2] &&
1063 (addr[3] & ipsub->mask[3]) == ipsub->sub[3]) {
1068 if ((sa->sa.sin.sin_addr.s_addr & ipsub->mask[0]) == ipsub->sub[0]) {
1071 #endif /* APR_HAVE_IPV6 */
1072 return 0; /* no match */