From f6d6f0367bf62435dfaf7d122415d31977f889aa Mon Sep 17 00:00:00 2001 From: Shadowghost Date: Mon, 17 Oct 2022 15:38:42 +0200 Subject: [PATCH] Properly handle IPs with subnetmasks --- Jellyfin.Networking/Manager/NetworkManager.cs | 54 +++++++-------- .../ApiServiceCollectionExtensions.cs | 2 +- MediaBrowser.Common/Net/NetworkExtensions.cs | 26 +++++--- .../NetworkParseTests.cs | 65 ++++++++++--------- 4 files changed, 81 insertions(+), 66 deletions(-) diff --git a/Jellyfin.Networking/Manager/NetworkManager.cs b/Jellyfin.Networking/Manager/NetworkManager.cs index 7e9fb4df71..4a32423e5e 100644 --- a/Jellyfin.Networking/Manager/NetworkManager.cs +++ b/Jellyfin.Networking/Manager/NetworkManager.cs @@ -295,8 +295,8 @@ namespace Jellyfin.Networking.Manager // Get configuration options string[] subnets = config.LocalNetworkSubnets; - _ = NetworkExtensions.TryParseSubnets(subnets, out _lanSubnets, false); - _ = NetworkExtensions.TryParseSubnets(subnets, out _excludedSubnets, true); + _ = NetworkExtensions.TryParseToSubnets(subnets, out _lanSubnets, false); + _ = NetworkExtensions.TryParseToSubnets(subnets, out _excludedSubnets, true); if (_lanSubnets.Count == 0) { @@ -336,8 +336,8 @@ namespace Jellyfin.Networking.Manager var localNetworkAddresses = config.LocalNetworkAddresses; if (localNetworkAddresses.Length > 0 && !string.IsNullOrWhiteSpace(localNetworkAddresses.First())) { - var bindAddresses = localNetworkAddresses.Select(p => IPAddress.TryParse(p, out var addresses) - ? addresses + var bindAddresses = localNetworkAddresses.Select(p => NetworkExtensions.TryParseToSubnet(p, out var network) + ? network.Prefix : (_interfaces.Where(x => x.Name.Equals(p, StringComparison.OrdinalIgnoreCase)) .Select(x => x.Address) .FirstOrDefault() ?? IPAddress.None)) @@ -401,7 +401,7 @@ namespace Jellyfin.Networking.Manager if (remoteIPFilter.Any() && !string.IsNullOrWhiteSpace(remoteIPFilter.First())) { // Parse all IPs with netmask to a subnet - _ = NetworkExtensions.TryParseSubnets(remoteIPFilter.Where(x => x.Contains('/', StringComparison.OrdinalIgnoreCase)).ToArray(), out _remoteAddressFilter, false); + _ = NetworkExtensions.TryParseToSubnets(remoteIPFilter.Where(x => x.Contains('/', StringComparison.OrdinalIgnoreCase)).ToArray(), out _remoteAddressFilter, false); // Parse everything else as an IP and construct subnet with a single IP var ips = remoteIPFilter.Where(x => !x.Contains('/', StringComparison.OrdinalIgnoreCase)); @@ -440,17 +440,17 @@ namespace Jellyfin.Networking.Manager else { var replacement = parts[1].Trim(); - var ipParts = parts[0].Split("/"); - if (string.Equals(parts[0], "all", StringComparison.OrdinalIgnoreCase)) + var identifier = parts[0]; + if (string.Equals(identifier, "all", StringComparison.OrdinalIgnoreCase)) { _publishedServerUrls[new IPData(IPAddress.Broadcast, null)] = replacement; } - else if (string.Equals(parts[0], "external", StringComparison.OrdinalIgnoreCase)) + else if (string.Equals(identifier, "external", StringComparison.OrdinalIgnoreCase)) { _publishedServerUrls[new IPData(IPAddress.Any, new IPNetwork(IPAddress.Any, 0))] = replacement; _publishedServerUrls[new IPData(IPAddress.IPv6Any, new IPNetwork(IPAddress.IPv6Any, 0))] = replacement; } - else if (string.Equals(parts[0], "internal", StringComparison.OrdinalIgnoreCase)) + else if (string.Equals(identifier, "internal", StringComparison.OrdinalIgnoreCase)) { foreach (var lan in _lanSubnets) { @@ -458,17 +458,12 @@ namespace Jellyfin.Networking.Manager _publishedServerUrls[new IPData(lanPrefix, new IPNetwork(lanPrefix, lan.PrefixLength))] = replacement; } } - else if (IPAddress.TryParse(ipParts[0], out IPAddress? result)) + else if (NetworkExtensions.TryParseToSubnet(identifier, out var result) && result != null) { - var data = new IPData(result, null); - if (ipParts.Length > 1 && int.TryParse(ipParts[1], out var netmask)) - { - data.Subnet = new IPNetwork(result, netmask); - } - + var data = new IPData(result.Prefix, result); _publishedServerUrls[data] = replacement; } - else if (TryParseInterface(ipParts[0], out var ifaces)) + else if (TryParseInterface(identifier, out var ifaces)) { foreach (var iface in ifaces) { @@ -516,15 +511,20 @@ namespace Jellyfin.Networking.Manager foreach (var details in interfaceList) { var parts = details.Split(','); - var split = parts[0].Split("/"); - var address = IPAddress.Parse(split[0]); - var network = new IPNetwork(address, int.Parse(split[1], CultureInfo.InvariantCulture)); - var index = int.Parse(parts[1], CultureInfo.InvariantCulture); - if (address.AddressFamily == AddressFamily.InterNetwork || address.AddressFamily == AddressFamily.InterNetworkV6) + if (NetworkExtensions.TryParseToSubnet(parts[0], out var subnet)) + { + var address = subnet.Prefix; + var index = int.Parse(parts[1], CultureInfo.InvariantCulture); + if (address.AddressFamily == AddressFamily.InterNetwork || address.AddressFamily == AddressFamily.InterNetworkV6) + { + var data = new IPData(address, subnet, parts[2]); + data.Index = index; + _interfaces.Add(data); + } + } + else { - var data = new IPData(address, network, parts[2]); - data.Index = index; - _interfaces.Add(data); + _logger.LogWarning("Could not parse mock interface settings: {Part}", details); } } } @@ -799,9 +799,9 @@ namespace Jellyfin.Networking.Manager /// public bool IsInLocalNetwork(string address) { - if (IPAddress.TryParse(address, out var ep)) + if (NetworkExtensions.TryParseToSubnet(address, out var subnet)) { - return IPAddress.IsLoopback(ep) || (_lanSubnets.Any(x => x.Contains(ep)) && !_excludedSubnets.Any(x => x.Contains(ep))); + return IPAddress.IsLoopback(subnet.Prefix) || (_lanSubnets.Any(x => x.Contains(subnet.Prefix)) && !_excludedSubnets.Any(x => x.Contains(subnet.Prefix))); } if (NetworkExtensions.TryParseHost(address, out var addresses, IsIpv4Enabled, IsIpv6Enabled)) diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs index a1adddcbb3..439147bfd9 100644 --- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs +++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs @@ -348,7 +348,7 @@ namespace Jellyfin.Server.Extensions { AddIpAddress(config, options, addr, addr.AddressFamily == AddressFamily.InterNetwork ? 32 : 128); } - else if (NetworkExtensions.TryParseSubnet(allowedProxies[i], out var subnet)) + else if (NetworkExtensions.TryParseToSubnet(allowedProxies[i], out var subnet)) { if (subnet != null) { diff --git a/MediaBrowser.Common/Net/NetworkExtensions.cs b/MediaBrowser.Common/Net/NetworkExtensions.cs index 1c2b65346c..e37a5dc6bc 100644 --- a/MediaBrowser.Common/Net/NetworkExtensions.cs +++ b/MediaBrowser.Common/Net/NetworkExtensions.cs @@ -152,13 +152,14 @@ namespace MediaBrowser.Common.Net } /// - /// Try parsing an array of strings into subnets, respecting exclusions. + /// Try parsing an array of strings into objects, respecting exclusions. + /// Elements without a subnet mask will be represented as with a single IP. /// /// Input string array to be parsed. /// Collection of . /// Boolean signaling if negated or not negated values should be parsed. /// True if parsing was successful. - public static bool TryParseSubnets(string[] values, out List result, bool negated = false) + public static bool TryParseToSubnets(string[] values, out List result, bool negated = false) { result = new List(); @@ -183,10 +184,14 @@ namespace MediaBrowser.Common.Net if (address != IPAddress.None && address != null) { - if (int.TryParse(v[1], out var netmask)) + if (v.Length > 1 && int.TryParse(v[1], out var netmask)) { result.Add(new IPNetwork(address, netmask)); } + else if (v.Length > 1 && IPAddress.TryParse(v[1], out var netmaskAddress)) + { + result.Add(new IPNetwork(address, NetworkExtensions.MaskToCidr(netmaskAddress))); + } else if (address.AddressFamily == AddressFamily.InterNetwork) { result.Add(new IPNetwork(address, 32)); @@ -207,15 +212,16 @@ namespace MediaBrowser.Common.Net } /// - /// Try parsing a string into a subnet, respecting exclusions. + /// Try parsing a string into an , respecting exclusions. + /// Inputs without a subnet mask will be represented as with a single IP. /// /// Input string to be parsed. /// An . /// Boolean signaling if negated or not negated values should be parsed. /// True if parsing was successful. - public static bool TryParseSubnet(string value, out IPNetwork? result, bool negated = false) + public static bool TryParseToSubnet(string value, out IPNetwork result, bool negated = false) { - result = null; + result = new IPNetwork(IPAddress.None, 32); if (string.IsNullOrEmpty(value)) { @@ -236,10 +242,14 @@ namespace MediaBrowser.Common.Net if (address != IPAddress.None && address != null) { - if (int.TryParse(v[1], out var netmask)) + if (v.Length > 1 && int.TryParse(v[1], out var netmask)) { result = new IPNetwork(address, netmask); } + else if (v.Length > 1 && IPAddress.TryParse(v[1], out var netmaskAddress)) + { + result = new IPNetwork(address, NetworkExtensions.MaskToCidr(netmaskAddress)); + } else if (address.AddressFamily == AddressFamily.InterNetwork) { result = new IPNetwork(address, 32); @@ -250,7 +260,7 @@ namespace MediaBrowser.Common.Net } } - if (result != null) + if (!result.Prefix.Equals(IPAddress.None)) { return true; } diff --git a/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs b/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs index d492b64393..86b2ab21a3 100644 --- a/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs +++ b/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs @@ -1,13 +1,11 @@ using System; using System.Collections.Generic; -using System.Globalization; using System.Linq; using System.Net; using Jellyfin.Networking.Configuration; using Jellyfin.Networking.Manager; using MediaBrowser.Common.Configuration; using MediaBrowser.Common.Net; -using Microsoft.AspNetCore.HttpOverrides; using Microsoft.Extensions.Logging.Abstractions; using Moq; using Xunit; @@ -37,6 +35,8 @@ namespace Jellyfin.Networking.Tests [InlineData("192.168.1.208/24,-16,eth16|200.200.200.200/24,11,eth11", "192.168.1.0/24;200.200.200.0/24", "[192.168.1.208/24,200.200.200.200/24]")] // eth16 only [InlineData("192.168.1.208/24,-16,eth16|200.200.200.200/24,11,eth11", "192.168.1.0/24", "[192.168.1.208/24]")] + // eth16 only without mask + [InlineData("192.168.1.208,-16,eth16|200.200.200.200,11,eth11", "192.168.1.0/24", "[192.168.1.208/32]")] // All interfaces excluded. (including loopbacks) [InlineData("192.168.1.208/24,-16,vEthernet1|192.168.2.208/24,-16,vEthernet212|200.200.200.200/24,11,eth11", "192.168.1.0/24", "[]")] // vEthernet1 and vEthernet212 should be excluded. @@ -65,66 +65,79 @@ namespace Jellyfin.Networking.Tests /// IP Address. [Theory] [InlineData("127.0.0.1")] + [InlineData("127.0.0.1/8")] + [InlineData("192.168.1.2")] + [InlineData("192.168.1.2/24")] + [InlineData("192.168.1.2/255.255.255.0")] [InlineData("fd23:184f:2029:0:3139:7386:67d7:d517")] [InlineData("[fd23:184f:2029:0:3139:7386:67d7:d517]")] [InlineData("fe80::7add:12ff:febb:c67b%16")] [InlineData("[fe80::7add:12ff:febb:c67b%16]:123")] [InlineData("fe80::7add:12ff:febb:c67b%16:123")] [InlineData("[fe80::7add:12ff:febb:c67b%16]")] - [InlineData("192.168.1.2")] + [InlineData("fd23:184f:2029:0:3139:7386:67d7:d517/56")] public static void TryParseValidIPStringsTrue(string address) - => Assert.True(IPAddress.TryParse(address, out _)); + => Assert.True(NetworkExtensions.TryParseToSubnet(address, out _)); /// /// Checks invalid IP address formats. /// /// IP Address. [Theory] - [InlineData("192.168.1.2/255.255.255.0")] - [InlineData("192.168.1.2/24")] - [InlineData("127.0.0.1/8")] [InlineData("127.0.0.1#")] [InlineData("localhost!")] [InlineData("256.128.0.0.0.1")] - [InlineData("fd23:184f:2029:0:3139:7386:67d7:d517/56")] [InlineData("fd23:184f:2029:0:3139:7386:67d7:d517:1231")] [InlineData("[fd23:184f:2029:0:3139:7386:67d7:d517:1231]")] public static void TryParseInvalidIPStringsFalse(string address) - => Assert.False(IPAddress.TryParse(address, out _)); + => Assert.False(NetworkExtensions.TryParseToSubnet(address, out _)); + /// + /// Checks if IPv4 address is within a defined subnet. + /// + /// Network mask. + /// IP Address. [Theory] [InlineData("192.168.5.85/24", "192.168.5.1")] [InlineData("192.168.5.85/24", "192.168.5.254")] + [InlineData("192.168.5.85/255.255.255.0", "192.168.5.254")] [InlineData("10.128.240.50/30", "10.128.240.48")] [InlineData("10.128.240.50/30", "10.128.240.49")] [InlineData("10.128.240.50/30", "10.128.240.50")] [InlineData("10.128.240.50/30", "10.128.240.51")] + [InlineData("10.128.240.50/255.255.255.252", "10.128.240.51")] [InlineData("127.0.0.1/8", "127.0.0.1")] public void IpV4SubnetMaskMatchesValidIpAddress(string netMask, string ipAddress) { - var split = netMask.Split("/"); - var mask = int.Parse(split[1], CultureInfo.InvariantCulture); - var ipa = IPAddress.Parse(split[0]); - var ipn = new IPNetwork(ipa, mask); - Assert.True(ipn.Contains(IPAddress.Parse(ipAddress))); + var ipa = IPAddress.Parse(ipAddress); + Assert.True(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress))); } + /// + /// Checks if IPv4 address is not within a defined subnet. + /// + /// Network mask. + /// IP Address. [Theory] [InlineData("192.168.5.85/24", "192.168.4.254")] [InlineData("192.168.5.85/24", "191.168.5.254")] + [InlineData("192.168.5.85/255.255.255.252", "192.168.4.254")] [InlineData("10.128.240.50/30", "10.128.240.47")] [InlineData("10.128.240.50/30", "10.128.240.52")] [InlineData("10.128.240.50/30", "10.128.239.50")] [InlineData("10.128.240.50/30", "10.127.240.51")] + [InlineData("10.128.240.50/255.255.255.252", "10.127.240.51")] public void IpV4SubnetMaskDoesNotMatchInvalidIpAddress(string netMask, string ipAddress) { - var split = netMask.Split("/"); - var mask = int.Parse(split[1], CultureInfo.InvariantCulture); - var ipa = IPAddress.Parse(split[0]); - var ipn = new IPNetwork(ipa, mask); - Assert.False(ipn.Contains(IPAddress.Parse(ipAddress))); + var ipa = IPAddress.Parse(ipAddress); + Assert.False(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress))); } + /// + /// Checks if IPv6 address is within a defined subnet. + /// + /// Network mask. + /// IP Address. [Theory] [InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0012:0000:0000:0000:0000")] [InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0012:FFFF:FFFF:FFFF:FFFF")] @@ -133,11 +146,7 @@ namespace Jellyfin.Networking.Tests [InlineData("2001:db8:abcd:0012::0/128", "2001:0DB8:ABCD:0012:0000:0000:0000:0000")] public void IpV6SubnetMaskMatchesValidIpAddress(string netMask, string ipAddress) { - var split = netMask.Split("/"); - var mask = int.Parse(split[1], CultureInfo.InvariantCulture); - var ipa = IPAddress.Parse(split[0]); - var ipn = new IPNetwork(ipa, mask); - Assert.True(ipn.Contains(IPAddress.Parse(ipAddress))); + Assert.True(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress))); } [Theory] @@ -148,11 +157,7 @@ namespace Jellyfin.Networking.Tests [InlineData("2001:db8:abcd:0012::0/128", "2001:0DB8:ABCD:0012:0000:0000:0000:0001")] public void IpV6SubnetMaskDoesNotMatchInvalidIpAddress(string netMask, string ipAddress) { - var split = netMask.Split("/"); - var mask = int.Parse(split[1], CultureInfo.InvariantCulture); - var ipa = IPAddress.Parse(split[0]); - var ipn = new IPNetwork(ipa, mask); - Assert.False(ipn.Contains(IPAddress.Parse(ipAddress))); + Assert.False(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress))); } [Theory] @@ -262,7 +267,7 @@ namespace Jellyfin.Networking.Tests if (nm.TryParseInterface(result, out List? resultObj) && resultObj != null) { - // Parse out IPAddresses so we can do a string comparison. (Ignore subnet masks). + // Parse out IPAddresses so we can do a string comparison (ignore subnet masks). result = resultObj.First().Address.ToString(); }