phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-04-29 23:09:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

net: allow CSubNet of non-IP networks

Browse source 
Allow creation of valid `CSubNet` objects of non-IP networks and only
match the single address they were created from (like /32 for IPv4 or
/128 for IPv6).

This fixes a deficiency in `CConnman::DisconnectNode(const CNetAddr& addr)`
and in `BanMan` which assume that creating a subnet from any address
using the `CSubNet(CNetAddr)` constructor would later match that address
only. Before this change a non-IP subnet would be invalid and would not
match any address.

Github-Pull: #20852
Rebased-From: 94d335da7f
This commit is contained in:
Vasil Dimov 2021-01-04 18:37:52 +01:00 committed by MarcoFalke
parent 15877d160c
commit c33fbab25c
3 changed files with 107 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
src/netaddress.cpp
View file

@ -1063,15 +1063,24 @@ CSubNet::CSubNet(const CNetAddr& addr, const CNetAddr& mask) : CSubNet()
CSubNet::CSubNet(const CNetAddr& addr) : CSubNet() CSubNet::CSubNet(const CNetAddr& addr) : CSubNet()
{ {
valid = addr.IsIPv4() || addr.IsIPv6(); switch (addr.m_net) {
if (!valid) { case NET_IPV4:
case NET_IPV6:
valid = true;
assert(addr.m_addr.size() <= sizeof(netmask));
memset(netmask, 0xFF, addr.m_addr.size());
break;
case NET_ONION:
case NET_I2P:
case NET_CJDNS:
valid = true;
break;
case NET_INTERNAL:
case NET_UNROUTABLE:
case NET_MAX:
return; return;
} }
assert(addr.m_addr.size() <= sizeof(netmask));
memset(netmask, 0xFF, addr.m_addr.size());
network = addr; network = addr;
} }
@ -1083,6 +1092,21 @@ bool CSubNet::Match(const CNetAddr &addr) const
{ {
if (!valid || !addr.IsValid() || network.m_net != addr.m_net) if (!valid || !addr.IsValid() || network.m_net != addr.m_net)
return false; return false;
switch (network.m_net) {
case NET_IPV4:
case NET_IPV6:
break;
case NET_ONION:
case NET_I2P:
case NET_CJDNS:
case NET_INTERNAL:
return addr == network;
case NET_UNROUTABLE:
case NET_MAX:
return false;
}
assert(network.m_addr.size() == addr.m_addr.size()); assert(network.m_addr.size() == addr.m_addr.size());
for (size_t x = 0; x < addr.m_addr.size(); ++x) { for (size_t x = 0; x < addr.m_addr.size(); ++x) {
if ((addr.m_addr[x] & netmask[x]) != network.m_addr[x]) { if ((addr.m_addr[x] & netmask[x]) != network.m_addr[x]) {
@ -1094,6 +1118,11 @@ bool CSubNet::Match(const CNetAddr &addr) const
std::string CSubNet::ToString() const std::string CSubNet::ToString() const
{ {
std::string suffix;
switch (network.m_net) {
case NET_IPV4:
case NET_IPV6: {
assert(network.m_addr.size() <= sizeof(netmask)); assert(network.m_addr.size() <= sizeof(netmask));
uint8_t cidr = 0; uint8_t cidr = 0;
@ -1105,7 +1134,19 @@ std::string CSubNet::ToString() const
cidr += NetmaskBits(netmask[i]); cidr += NetmaskBits(netmask[i]);
} }
return network.ToString() + strprintf("/%u", cidr); suffix = strprintf("/%u", cidr);
break;
}
case NET_ONION:
case NET_I2P:
case NET_CJDNS:
case NET_INTERNAL:
case NET_UNROUTABLE:
case NET_MAX:
break;
}
return network.ToString() + suffix;
} }
bool CSubNet::IsValid() const bool CSubNet::IsValid() const
@ -1115,7 +1156,19 @@ bool CSubNet::IsValid() const
bool CSubNet::SanityCheck() const bool CSubNet::SanityCheck() const
{ {
if (!(network.IsIPv4() || network.IsIPv6())) return false; switch (network.m_net) {
case NET_IPV4:
case NET_IPV6:
break;
case NET_ONION:
case NET_I2P:
case NET_CJDNS:
return true;
case NET_INTERNAL:
case NET_UNROUTABLE:
case NET_MAX:
return false;
}
for (size_t x = 0; x < network.m_addr.size(); ++x) { for (size_t x = 0; x < network.m_addr.size(); ++x) {
if (network.m_addr[x] & ~netmask[x]) return false; if (network.m_addr[x] & ~netmask[x]) return false;

24
src/netaddress.h
View file

@ -462,11 +462,33 @@ class CSubNet
bool SanityCheck() const; bool SanityCheck() const;
public: public:
/**
* Construct an invalid subnet (empty, `Match()` always returns false).
*/
CSubNet(); CSubNet();
/**
* Construct from a given network start and number of bits (CIDR mask).
* @param[in] addr Network start. Must be IPv4 or IPv6, otherwise an invalid subnet is
* created.
* @param[in] mask CIDR mask, must be in [0, 32] for IPv4 addresses and in [0, 128] for
* IPv6 addresses. Otherwise an invalid subnet is created.
*/
CSubNet(const CNetAddr& addr, uint8_t mask); CSubNet(const CNetAddr& addr, uint8_t mask);
/**
* Construct from a given network start and mask.
* @param[in] addr Network start. Must be IPv4 or IPv6, otherwise an invalid subnet is
* created.
* @param[in] mask Network mask, must be of the same type as `addr` and not contain 0-bits
* followed by 1-bits. Otherwise an invalid subnet is created.
*/
CSubNet(const CNetAddr& addr, const CNetAddr& mask); CSubNet(const CNetAddr& addr, const CNetAddr& mask);
//constructor for single ip subnet (<ipv4>/32 or <ipv6>/128) /**
* Construct a single-host subnet.
* @param[in] addr The sole address to be contained in the subnet, can also be non-IPv[46].
*/
explicit CSubNet(const CNetAddr& addr); explicit CSubNet(const CNetAddr& addr);
bool Match(const CNetAddr &addr) const; bool Match(const CNetAddr &addr) const;

21
src/test/netbase_tests.cpp
View file

@ -224,8 +224,22 @@ BOOST_AUTO_TEST_CASE(subnet_test)
// IPv4 address with IPv6 netmask or the other way around. // IPv4 address with IPv6 netmask or the other way around.
BOOST_CHECK(!CSubNet(ResolveIP("1.1.1.1"), ResolveIP("ffff::")).IsValid()); BOOST_CHECK(!CSubNet(ResolveIP("1.1.1.1"), ResolveIP("ffff::")).IsValid());
BOOST_CHECK(!CSubNet(ResolveIP("::1"), ResolveIP("255.0.0.0")).IsValid()); BOOST_CHECK(!CSubNet(ResolveIP("::1"), ResolveIP("255.0.0.0")).IsValid());
// Can't subnet TOR (or any other non-IPv4 and non-IPv6 network).
BOOST_CHECK(!CSubNet(ResolveIP("5wyqrzbvrdsumnok.onion"), ResolveIP("255.0.0.0")).IsValid()); // Create Non-IP subnets.
const CNetAddr tor_addr{
ResolveIP("pg6mmjiyjmcrsslvykfwnntlaru7p5svn6y2ymmju6nubxndf4pscryd.onion")};
subnet = CSubNet(tor_addr);
BOOST_CHECK(subnet.IsValid());
BOOST_CHECK_EQUAL(subnet.ToString(), tor_addr.ToString());
BOOST_CHECK(subnet.Match(tor_addr));
BOOST_CHECK(
!subnet.Match(ResolveIP("kpgvmscirrdqpekbqjsvw5teanhatztpp2gl6eee4zkowvwfxwenqaid.onion")));
BOOST_CHECK(!subnet.Match(ResolveIP("1.2.3.4")));
BOOST_CHECK(!CSubNet(tor_addr, 200).IsValid());
BOOST_CHECK(!CSubNet(tor_addr, ResolveIP("255.0.0.0")).IsValid());
subnet = ResolveSubNet("1.2.3.4/255.255.255.255"); subnet = ResolveSubNet("1.2.3.4/255.255.255.255");
BOOST_CHECK_EQUAL(subnet.ToString(), "1.2.3.4/32"); BOOST_CHECK_EQUAL(subnet.ToString(), "1.2.3.4/32");
@ -440,8 +454,7 @@ BOOST_AUTO_TEST_CASE(netbase_dont_resolve_strings_with_embedded_nul_characters)
BOOST_CHECK(!LookupSubNet(std::string("1.2.3.0/24\0", 11), ret)); BOOST_CHECK(!LookupSubNet(std::string("1.2.3.0/24\0", 11), ret));
BOOST_CHECK(!LookupSubNet(std::string("1.2.3.0/24\0example.com", 22), ret)); BOOST_CHECK(!LookupSubNet(std::string("1.2.3.0/24\0example.com", 22), ret));
BOOST_CHECK(!LookupSubNet(std::string("1.2.3.0/24\0example.com\0", 23), ret)); BOOST_CHECK(!LookupSubNet(std::string("1.2.3.0/24\0example.com\0", 23), ret));
// We only do subnetting for IPv4 and IPv6 BOOST_CHECK(LookupSubNet(std::string("5wyqrzbvrdsumnok.onion", 22), ret));
BOOST_CHECK(!LookupSubNet(std::string("5wyqrzbvrdsumnok.onion", 22), ret));
BOOST_CHECK(!LookupSubNet(std::string("5wyqrzbvrdsumnok.onion\0", 23), ret)); BOOST_CHECK(!LookupSubNet(std::string("5wyqrzbvrdsumnok.onion\0", 23), ret));
BOOST_CHECK(!LookupSubNet(std::string("5wyqrzbvrdsumnok.onion\0example.com", 34), ret)); BOOST_CHECK(!LookupSubNet(std::string("5wyqrzbvrdsumnok.onion\0example.com", 34), ret));
BOOST_CHECK(!LookupSubNet(std::string("5wyqrzbvrdsumnok.onion\0example.com\0", 35), ret)); BOOST_CHECK(!LookupSubNet(std::string("5wyqrzbvrdsumnok.onion\0example.com\0", 35), ret));