bool PeerID::Certificate::checkAltNames(boost::asio::ip::address& address) const
{
GENERAL_NAMES* gens = static_cast<GENERAL_NAMES*>(
X509_get_ext_d2i(x509_, NID_subject_alt_name, 0, 0));
BOOST_SCOPE_EXIT(gens){
GENERAL_NAMES_free(gens);
}BOOST_SCOPE_EXIT_END;
for (int i = 0; i < sk_GENERAL_NAME_num(gens); ++i)
{
GENERAL_NAME* gen = sk_GENERAL_NAME_value(gens, i);
if (gen->type == GEN_IPADD)
{
ASN1_OCTET_STRING* ip = gen->d.iPAddress;
if (ip->type == V_ASN1_OCTET_STRING && ip->data)
{
return (
(address.is_v4() && ip->length == 4 &&
std::memcmp(address.to_v4().to_bytes().data(), ip->data, 4) == 0) ||
(address.is_v6() && ip->length == 16 &&
std::memcmp(address.to_v6().to_bytes().data(), ip->data, 16) == 0)
);
}
}
}
}
void PacketLog::LogPacket(WorldPacket const& packet, Direction direction, boost::asio::ip::address const& addr, uint16 port)
{
std::lock_guard<std::mutex> lock(_logPacketLock);
PacketHeader header;
*reinterpret_cast<uint32*>(header.Direction) = direction == CLIENT_TO_SERVER ? 0x47534d43 : 0x47534d53;
header.ConnectionId = 0;
header.ArrivalTicks = getMSTime();
header.OptionalDataSize = sizeof(header.OptionalData);
memset(header.OptionalData.SocketIPBytes, 0, sizeof(header.OptionalData.SocketIPBytes));
if (addr.is_v4())
{
auto bytes = addr.to_v4().to_bytes();
memcpy(header.OptionalData.SocketIPBytes, bytes.data(), bytes.size());
}
else if (addr.is_v6())
{
auto bytes = addr.to_v6().to_bytes();
memcpy(header.OptionalData.SocketIPBytes, bytes.data(), bytes.size());
}
header.OptionalData.SocketPort = port;
header.Length = packet.size() + sizeof(header.Opcode);
header.Opcode = packet.GetOpcode();
fwrite(&header, sizeof(header), 1, _file);
if (!packet.empty())
fwrite(packet.contents(), 1, packet.size(), _file);
fflush(_file);
}
/// Construct an endpoint using a port number and an IP address. This
/// constructor may be used for accepting connections on a specific interface
/// or for making a connection to a remote endpoint.
basic_endpoint(const boost::asio::ip::address& addr, unsigned short port_num)
: data_()
{
using namespace std; // For memcpy.
if (addr.is_v4())
{
data_.v4.sin_family = AF_INET;
data_.v4.sin_port =
boost::asio::detail::socket_ops::host_to_network_short(port_num);
data_.v4.sin_addr.s_addr =
boost::asio::detail::socket_ops::host_to_network_long(
addr.to_v4().to_ulong());
}
else
{
data_.v6.sin6_family = AF_INET6;
data_.v6.sin6_port =
boost::asio::detail::socket_ops::host_to_network_short(port_num);
data_.v6.sin6_flowinfo = 0;
boost::asio::ip::address_v6 v6_addr = addr.to_v6();
boost::asio::ip::address_v6::bytes_type bytes = v6_addr.to_bytes();
memcpy(data_.v6.sin6_addr.s6_addr, bytes.elems, 16);
data_.v6.sin6_scope_id = v6_addr.scope_id();
}
}
bool contains(const boost::asio::ip::address & addr)
{
if(addr.is_v4() == false)
return false;
hippolib::subnet s(m_network, m_netmask);
return s.containsIp(addr.to_v4());
}
bool IsLoopbackAddress(const boost::asio::ip::address& addr) {
if (addr.is_v6()) {
return addr.to_v6().is_loopback();
} else {
return (addr.to_v4() == boost::asio::ip::address_v4::loopback());
}
}
bool is_allowed(const boost::asio::ip::address &address, std::list<std::string> &errors) {
return (entries_v4.empty()&&entries_v6.empty())
|| (address.is_v4() && is_allowed_v4(address.to_v4().to_bytes(), errors))
|| (address.is_v6() && is_allowed_v6(address.to_v6().to_bytes(), errors))
|| (address.is_v6() && address.to_v6().is_v4_compatible() && is_allowed_v4(address.to_v6().to_v4().to_bytes(), errors))
|| (address.is_v6() && address.to_v6().is_v4_mapped() && is_allowed_v4(address.to_v6().to_v4().to_bytes(), errors))
;
}
bool gateway::address_is_any(const boost::asio::ip::address & addr)
{
if (addr.is_v4())
{
return addr.to_v4() == boost::asio::ip::address_v4::any();
}
return addr.to_v6() == boost::asio::ip::address_v6::any();
}
bool gateway::address_is_multicast(
const boost::asio::ip::address & addr
)
{
if (addr.is_v4())
{
return addr.to_v4().is_multicast();
}
return addr.to_v6().is_multicast();
}
/**
* If true the address is any.
*/
static bool address_is_any(const boost::asio::ip::address & addr)
{
if (addr.is_v4())
{
return addr.to_v4() == boost::asio::ip::address_v4::any();
}
else
{
return addr.to_v6() == boost::asio::ip::address_v6::any();
}
}
bool prefix_match(const boost::asio::ip::address& addr,
uint32_t srcPfxLen,
const boost::asio::ip::address& targetAddr,
uint32_t tgtPfxLen,
bool &is_exact_match) {
if (addr.is_v4()) {
if (srcPfxLen > 32) srcPfxLen = 32;
uint32_t mask = get_subnet_mask_v4(srcPfxLen);
uint32_t netAddr = addr.to_v4().to_ulong() & mask;
uint32_t rtAddr = targetAddr.to_v4().to_ulong() & mask;
if ((netAddr == rtAddr) &&
(srcPfxLen <= tgtPfxLen)) {
if(srcPfxLen == tgtPfxLen)
is_exact_match=true;
return true;
}
} else {
if (srcPfxLen > 128) srcPfxLen = 128;
struct in6_addr mask;
struct in6_addr netAddr;
struct in6_addr rtAddr;
memcpy(&rtAddr, targetAddr.to_v6().to_bytes().data(),
sizeof(rtAddr));
network::compute_ipv6_subnet(addr.to_v6(), srcPfxLen,
&mask, &netAddr);
((uint64_t*)&rtAddr)[0] &= ((uint64_t*)&mask)[0];
((uint64_t*)&rtAddr)[1] &= ((uint64_t*)&mask)[1];
if ((((uint64_t*)&rtAddr)[0] == ((uint64_t*)&netAddr)[0]) &&
(((uint64_t*)&rtAddr)[1] == ((uint64_t*)&netAddr)[1]) &&
(srcPfxLen <= tgtPfxLen)) {
if(srcPfxLen == tgtPfxLen)
is_exact_match=true;
return true;
}
}
return false;
}
/**
* If true the address is multicast.
*/
static bool address_is_multicast(
const boost::asio::ip::address & addr
)
{
if (addr.is_v4())
{
return addr.to_v4().is_multicast();
}
else
{
return addr.to_v6().is_multicast();
}
}
static void addMatchSubnet(struct match* match,
const boost::asio::ip::address& ip,
uint8_t prefixLen, bool src,
uint16_t& ethType) {
if (ip.is_v4()) {
switch (ethType) {
case 0:
ethType = eth::type::IP;
/* fall through */
case eth::type::IP:
case eth::type::ARP:
break;
default:
return;
}
if (prefixLen > 32) prefixLen = 32;
uint32_t mask = (prefixLen != 0)
? (~((uint32_t)0) << (32 - prefixLen))
: 0;
uint32_t addr = ip.to_v4().to_ulong() & mask;
match_set_dl_type(match, htons(ethType));
if (src)
match_set_nw_src_masked(match, htonl(addr), htonl(mask));
else
match_set_nw_dst_masked(match, htonl(addr), htonl(mask));
} else {
switch (ethType) {
case 0:
ethType = eth::type::IPV6;
/* fall through */
case eth::type::IPV6:
break;
default:
return;
}
if (prefixLen > 128) prefixLen = 128;
struct in6_addr mask;
struct in6_addr addr;
network::compute_ipv6_subnet(ip.to_v6(), prefixLen, &mask, &addr);
match_set_dl_type(match, htons(ethType));
if (src)
match_set_ipv6_src_masked(match, &addr, &mask);
else
match_set_ipv6_dst_masked(match, &addr, &mask);
}
}
bool subsumes( Entry other )
{
if ( addr.is_v6() != other.addr.is_v6() )
{
// jeden adres jest v6, drugi v4
// zwracamy zawsze false
return false;
}
if ( addr.is_v6() )
{
boost::asio::ip::address_v6::bytes_type a1 = addr.to_v6().to_bytes();
boost::asio::ip::address_v6::bytes_type a2 = other.addr.to_v6().to_bytes();
int mask_left = mask;
for(unsigned int i = 0; i < a1.size(); i++)
{
int tmp = (1 << std::max(0,std::min(mask_left,8)))-1;
unsigned char apply_mask = tmp;
mask_left -= 8;
a1[i] &= apply_mask;
a2[i] &= apply_mask;
}
bool val = boost::asio::ip::address_v6(a1) == boost::asio::ip::address_v6(a2);
return val;
}
else
{
boost::asio::ip::address_v4::bytes_type a1 = addr.to_v4().to_bytes();
boost::asio::ip::address_v4::bytes_type a2 = other.addr.to_v4().to_bytes();
int mask_left = mask;
for(unsigned int i = 0; i < a1.size(); i++)
{
int tmp = (1 << std::max(0,std::min(mask_left,8)))-1;
unsigned char apply_mask = tmp;
mask_left -= 8;
a1[i] &= apply_mask;
a2[i] &= apply_mask;
}
bool val = boost::asio::ip::address_v4(a1) == boost::asio::ip::address_v4(a2);
return val;
}
return false;
}
/**
* If true the address is private.
*/
static bool address_is_private(
const boost::asio::ip::address & addr
)
{
if (addr.is_v6())
{
return addr.to_v6().is_link_local();
}
else
{
std::uint32_t ip = addr.to_v4().to_ulong();
return (
(ip & 0xff000000) == 0x0a000000 ||
(ip & 0xfff00000) == 0xac100000 ||
(ip & 0xffff0000) == 0xc0a80000
);
}
return false;
}
bool ClientAllowed(const boost::asio::ip::address& address)
{
// Make sure that IPv4-compatible and IPv4-mapped IPv6 addresses are treated as IPv4 addresses
if (address.is_v6()
&& (address.to_v6().is_v4_compatible()
|| address.to_v6().is_v4_mapped()))
return ClientAllowed(address.to_v6().to_v4());
if (address == asio::ip::address_v4::loopback()
|| address == asio::ip::address_v6::loopback()
|| (address.is_v4()
// Check whether IPv4 addresses match 127.0.0.0/8 (loopback subnet)
&& (address.to_v4().to_ulong() & 0xff000000) == 0x7f000000))
return true;
const string strAddress = address.to_string();
const vector<string>& vAllow = SysCfg().GetMultiArgs("-rpcallowip");
for (auto strAllow : vAllow)
if (WildcardMatch(strAddress, strAllow))
return true;
return false;
}
bool is_allowed(const boost::asio::ip::address &address, std::list<std::string> &errors) {
return (address.is_v4() && is_allowed_v4(address.to_v4().to_ulong(), errors))
|| (address.is_v6() && address.to_v6().is_v4_compatible() && is_allowed_v4(address.to_v6().to_v4().to_ulong(), errors))
|| (address.is_v6() && address.to_v6().is_v4_mapped() && is_allowed_v4(address.to_v6().to_v4().to_ulong(), errors));
}
// ////////////////////////////////////////////////////////////////////////////
HostEntry HostAddressToEntry(const boost::asio::ip::address &host_address)
{
return((host_address.is_v6()) ?
HostAddressToEntry(host_address.to_v6()) :
HostAddressToEntry(host_address.to_v4()));
}