1 /* +------------------------------------+
2 * | Inspire Internet Relay Chat Daemon |
3 * +------------------------------------+
5 * InspIRCd: (C) 2002-2008 InspIRCd Development Team
6 * See: http://www.inspircd.org/wiki/index.php/Credits
8 * This program is free but copyrighted software; see
9 * the file COPYING for details.
11 * ---------------------------------------------------
14 /* $Core: libIRCDcidr */
19 /* Used when comparing CIDR masks for the modulus bits left over.
20 * A lot of ircd's seem to do this:
21 * ((-1) << (8 - (mask % 8)))
22 * But imho, it sucks in comparison to a nice neat lookup table.
24 const unsigned char inverted_bits[8] = { 0x00, /* 00000000 - 0 bits - never actually used */
25 0x80, /* 10000000 - 1 bits */
26 0xC0, /* 11000000 - 2 bits */
27 0xE0, /* 11100000 - 3 bits */
28 0xF0, /* 11110000 - 4 bits */
29 0xF8, /* 11111000 - 5 bits */
30 0xFC, /* 11111100 - 6 bits */
31 0xFE /* 11111110 - 7 bits */
35 /* Match raw bytes using CIDR bit matching, used by higher level MatchCIDR() */
36 bool irc::sockets::MatchCIDRBits(unsigned char* address, unsigned char* mask, unsigned int mask_bits)
38 unsigned int divisor = mask_bits / 8; /* Number of whole bytes in the mask */
39 unsigned int modulus = mask_bits % 8; /* Remaining bits in the mask after whole bytes are dealt with */
41 /* First (this is faster) compare the odd bits with logic ops */
43 if ((address[divisor] & inverted_bits[modulus]) != (mask[divisor] & inverted_bits[modulus]))
44 /* If they dont match, return false */
47 /* Secondly (this is slower) compare the whole bytes */
48 if (memcmp(address, mask, divisor))
51 /* The address matches the mask, to mask_bits bits of mask */
55 /* Match CIDR, but dont attempt to match() against leading *!*@ sections */
56 bool irc::sockets::MatchCIDR(const char* address, const char* cidr_mask)
58 return MatchCIDR(address, cidr_mask, false);
61 /* Match CIDR strings, e.g. 127.0.0.1 to 127.0.0.0/8 or 3ffe:1:5:6::8 to 3ffe:1::0/32
62 * If you have a lot of hosts to match, youre probably better off building your mask once
63 * and then using the lower level MatchCIDRBits directly.
65 * This will also attempt to match any leading usernames or nicknames on the mask, using
66 * match(), when match_with_username is true.
68 bool irc::sockets::MatchCIDR(const char* address, const char* cidr_mask, bool match_with_username)
70 unsigned char addr_raw[16];
71 unsigned char mask_raw[16];
72 unsigned int bits = 0;
75 /* The caller is trying to match ident@<mask>/bits.
76 * Chop off the ident@ portion, use match() on it
79 if (match_with_username)
81 /* Duplicate the strings, and try to find the position
82 * of the @ symbol in each
84 char* address_dupe = strdup(address);
85 char* cidr_dupe = strdup(cidr_mask);
87 /* Use strchr not strrchr, because its going to be nearer to the left */
88 char* username_mask_pos = strrchr(cidr_dupe, '@');
89 char* username_addr_pos = strrchr(address_dupe, '@');
91 /* Both strings have an @ symbol in them */
92 if (username_mask_pos && username_addr_pos)
94 /* Zero out the location of the @ symbol */
95 *username_mask_pos = *username_addr_pos = 0;
97 /* Try and match() the strings before the @
98 * symbols, and recursively call MatchCIDR without
99 * username matching enabled to match the host part.
101 bool result = (match(address_dupe, cidr_dupe) && MatchCIDR(username_addr_pos + 1, username_mask_pos + 1, false));
103 /* Free the stuff we created */
107 /* Return a result */
112 /* One or both didnt have an @ in,
117 mask = strdup(cidr_mask);
122 /* Make a copy of the cidr mask string,
123 * we're going to change it
125 mask = strdup(cidr_mask);
132 /* Use strrchr for this, its nearer to the right */
133 char* bits_chars = strrchr(mask,'/');
137 bits = atoi(bits_chars + 1);
142 /* No 'number of bits' field! */
147 #ifdef SUPPORT_IP6LINKS
148 in6_addr address_in6;
151 if (inet_pton(AF_INET6, address, &address_in6) > 0)
153 if (inet_pton(AF_INET6, mask, &mask_in6) > 0)
155 memcpy(&addr_raw, &address_in6.s6_addr, 16);
156 memcpy(&mask_raw, &mask_in6.s6_addr, 16);
163 /* The address was valid ipv6, but the mask
164 * that goes with it wasnt.
172 if (inet_pton(AF_INET, address, &address_in4) > 0)
174 if (inet_pton(AF_INET, mask, &mask_in4) > 0)
176 memcpy(&addr_raw, &address_in4.s_addr, 4);
177 memcpy(&mask_raw, &mask_in4.s_addr, 4);
184 /* The address was valid ipv4,
185 * but the mask that went with it wasnt.
193 /* The address was neither ipv4 or ipv6 */
198 /* Low-level-match the bits in the raw data */
200 return MatchCIDRBits(addr_raw, mask_raw, bits);