using System; using System.Collections.Generic; using System.Globalization; using System.Linq; using System.Net; using System.Net.NetworkInformation; using System.Net.Sockets; using System.Threading.Tasks; using Jellyfin.Networking.Configuration; using MediaBrowser.Common.Configuration; using MediaBrowser.Common.Net; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.HttpOverrides; using Microsoft.Extensions.Logging; namespace Jellyfin.Networking.Manager { /// /// Class to take care of network interface management. /// public class NetworkManager : INetworkManager, IDisposable { /// /// Threading lock for network properties. /// private readonly object _initLock; /// /// List of all interface MAC addresses. /// private readonly List _macAddresses; private readonly ILogger _logger; private readonly IConfigurationManager _configurationManager; private readonly object _eventFireLock; /// /// Holds the published server URLs and the IPs to use them on. /// private readonly Dictionary _publishedServerUrls; private List _remoteAddressFilter; /// /// Used to stop "event-racing conditions". /// private bool _eventfire; /// /// Dictionary containing interface addresses and their subnets. /// private List _interfaces; /// /// Unfiltered user defined LAN subnets () /// or internal interface network subnets if undefined by user. /// private List _lanSubnets; /// /// User defined list of subnets to excluded from the LAN. /// private List _excludedSubnets; /// /// True if this object is disposed. /// private bool _disposed; /// /// Initializes a new instance of the class. /// /// IServerConfigurationManager instance. /// Logger to use for messages. #pragma warning disable CS8618 // Non-nullable field is uninitialized. : Values are set in UpdateSettings function. Compiler doesn't yet recognise this. public NetworkManager(IConfigurationManager configurationManager, ILogger logger) { _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _configurationManager = configurationManager ?? throw new ArgumentNullException(nameof(configurationManager)); _initLock = new(); _interfaces = new List(); _macAddresses = new List(); _publishedServerUrls = new Dictionary(); _eventFireLock = new object(); _remoteAddressFilter = new List(); UpdateSettings(_configurationManager.GetNetworkConfiguration()); NetworkChange.NetworkAddressChanged += OnNetworkAddressChanged; NetworkChange.NetworkAvailabilityChanged += OnNetworkAvailabilityChanged; _configurationManager.NamedConfigurationUpdated += ConfigurationUpdated; } #pragma warning restore CS8618 // Non-nullable field is uninitialized. /// /// Event triggered on network changes. /// public event EventHandler? NetworkChanged; /// /// Gets or sets a value indicating whether testing is taking place. /// public static string MockNetworkSettings { get; set; } = string.Empty; /// /// Gets a value indicating whether IP4 is enabled. /// public bool IsIpv4Enabled => _configurationManager.GetNetworkConfiguration().EnableIPV4; /// /// Gets a value indicating whether IP6 is enabled. /// public bool IsIpv6Enabled => _configurationManager.GetNetworkConfiguration().EnableIPV6; /// /// Gets a value indicating whether is all IPv6 interfaces are trusted as internal. /// public bool TrustAllIpv6Interfaces { get; private set; } /// /// Gets the Published server override list. /// public Dictionary PublishedServerUrls => _publishedServerUrls; /// public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } /// /// Handler for network change events. /// /// Sender. /// A containing network availability information. private void OnNetworkAvailabilityChanged(object? sender, NetworkAvailabilityEventArgs e) { _logger.LogDebug("Network availability changed."); OnNetworkChanged(); } /// /// Handler for network change events. /// /// Sender. /// An . private void OnNetworkAddressChanged(object? sender, EventArgs e) { _logger.LogDebug("Network address change detected."); OnNetworkChanged(); } /// /// Triggers our event, and re-loads interface information. /// private void OnNetworkChanged() { lock (_eventFireLock) { if (!_eventfire) { _logger.LogDebug("Network Address Change Event."); // As network events tend to fire one after the other only fire once every second. _eventfire = true; OnNetworkChangeAsync().GetAwaiter().GetResult(); } } } /// /// Async task that waits for 2 seconds before re-initialising the settings, as typically these events fire multiple times in succession. /// /// A representing the asynchronous operation. private async Task OnNetworkChangeAsync() { try { await Task.Delay(2000).ConfigureAwait(false); var networkConfig = _configurationManager.GetNetworkConfiguration(); InitialiseLan(networkConfig); InitialiseInterfaces(); EnforceBindRestrictions(networkConfig); NetworkChanged?.Invoke(this, EventArgs.Empty); } finally { _eventfire = false; } } /// /// Generate a list of all the interface ip addresses and submasks where that are in the active/unknown state. /// Generate a list of all active mac addresses that aren't loopback addresses. /// private void InitialiseInterfaces() { lock (_initLock) { _logger.LogDebug("Refreshing interfaces."); _interfaces.Clear(); _macAddresses.Clear(); try { var nics = NetworkInterface.GetAllNetworkInterfaces() .Where(i => i.SupportsMulticast && i.OperationalStatus == OperationalStatus.Up); foreach (NetworkInterface adapter in nics) { try { var ipProperties = adapter.GetIPProperties(); var mac = adapter.GetPhysicalAddress(); // Populate MAC list if (adapter.NetworkInterfaceType != NetworkInterfaceType.Loopback && PhysicalAddress.None.Equals(mac)) { _macAddresses.Add(mac); } // Populate interface list foreach (var info in ipProperties.UnicastAddresses) { if (IsIpv4Enabled && info.Address.AddressFamily == AddressFamily.InterNetwork) { var interfaceObject = new IPData(info.Address, new IPNetwork(info.Address, info.PrefixLength), adapter.Name); interfaceObject.Index = ipProperties.GetIPv4Properties().Index; interfaceObject.Name = adapter.Name.ToLowerInvariant(); _interfaces.Add(interfaceObject); } else if (IsIpv6Enabled && info.Address.AddressFamily == AddressFamily.InterNetworkV6) { var interfaceObject = new IPData(info.Address, new IPNetwork(info.Address, info.PrefixLength), adapter.Name); interfaceObject.Index = ipProperties.GetIPv6Properties().Index; interfaceObject.Name = adapter.Name.ToLowerInvariant(); _interfaces.Add(interfaceObject); } } } #pragma warning disable CA1031 // Do not catch general exception types catch (Exception ex) #pragma warning restore CA1031 // Do not catch general exception types { // Ignore error, and attempt to continue. _logger.LogError(ex, "Error encountered parsing interfaces."); } } } #pragma warning disable CA1031 // Do not catch general exception types catch (Exception ex) #pragma warning restore CA1031 // Do not catch general exception types { _logger.LogError(ex, "Error obtaining interfaces."); } _logger.LogWarning("No interfaces information available. Using loopback."); if (IsIpv4Enabled && !IsIpv6Enabled) { _interfaces.Add(new IPData(IPAddress.Loopback, new IPNetwork(IPAddress.Loopback, 8), "lo")); } if (!IsIpv4Enabled && IsIpv6Enabled) { _interfaces.Add(new IPData(IPAddress.IPv6Loopback, new IPNetwork(IPAddress.IPv6Loopback, 128), "lo")); } _logger.LogDebug("Discovered {0} interfaces.", _interfaces.Count); _logger.LogDebug("Interfaces addresses : {0}", _interfaces.Select(s => s.Address).ToString()); } } /// /// Initialises internal LAN cache. /// private void InitialiseLan(NetworkConfiguration config) { lock (_initLock) { _logger.LogDebug("Refreshing LAN information."); // Get configuration options string[] subnets = config.LocalNetworkSubnets; _ = NetworkExtensions.TryParseSubnets(subnets, out _lanSubnets, false); _ = NetworkExtensions.TryParseSubnets(subnets, out _excludedSubnets, true); if (_lanSubnets.Count == 0) { // If no LAN addresses are specified, all private subnets are deemed to be the LAN _logger.LogDebug("Using LAN interface addresses as user provided no LAN details."); if (IsIpv6Enabled) { _lanSubnets.Add(new IPNetwork(IPAddress.Parse("fc00::"), 7)); // ULA _lanSubnets.Add(new IPNetwork(IPAddress.Parse("fe80::"), 10)); // Site local } if (IsIpv4Enabled) { _lanSubnets.Add(new IPNetwork(IPAddress.Parse("10.0.0.0"), 8)); _lanSubnets.Add(new IPNetwork(IPAddress.Parse("172.16.0.0"), 12)); _lanSubnets.Add(new IPNetwork(IPAddress.Parse("192.168.0.0"), 16)); } } _logger.LogInformation("Defined LAN addresses : {0}", _lanSubnets.Select(s => s.Prefix + "/" + s.PrefixLength)); _logger.LogInformation("Defined LAN exclusions : {0}", _excludedSubnets.Select(s => s.Prefix + "/" + s.PrefixLength)); _logger.LogInformation("Using LAN addresses: {0}", _lanSubnets.Where(s => !_excludedSubnets.Contains(s)).Select(s => s.Prefix + "/" + s.PrefixLength)); } } /// /// Enforce bind addresses and exclusions on available interfaces. /// private void EnforceBindRestrictions(NetworkConfiguration config) { lock (_initLock) { // Respect explicit bind addresses var localNetworkAddresses = config.LocalNetworkAddresses; if (localNetworkAddresses.Length > 0 && !string.IsNullOrWhiteSpace(localNetworkAddresses.First())) { var bindAddresses = config.LocalNetworkAddresses.Select(p => IPAddress.TryParse(p, out var addresses) ? addresses : (_interfaces.Where(x => x.Name.Equals(p, StringComparison.OrdinalIgnoreCase)) .Select(x => x.Address) .FirstOrDefault() ?? IPAddress.None)) .ToList(); bindAddresses.RemoveAll(x => x == IPAddress.None); _interfaces = _interfaces.Where(x => bindAddresses.Contains(x.Address)).ToList(); } // Remove all interfaces matching any virtual machine interface prefix if (config.IgnoreVirtualInterfaces) { // Remove potentially exisiting * and split config string into prefixes var virtualInterfacePrefixes = config.VirtualInterfaceNames .Replace("*", string.Empty, StringComparison.OrdinalIgnoreCase) .ToLowerInvariant() .Split(','); // Check all interfaces for matches against the prefixes and remove them if (_interfaces.Count > 0 && virtualInterfacePrefixes.Length > 0) { foreach (var virtualInterfacePrefix in virtualInterfacePrefixes) { _interfaces.RemoveAll(x => x.Name.StartsWith(virtualInterfacePrefix, StringComparison.OrdinalIgnoreCase)); } } } _logger.LogInformation("Using bind addresses: {0}", _interfaces.Select(x => x.Address)); } } /// /// Initialises the remote address values. /// private void InitialiseRemote(NetworkConfiguration config) { lock (_initLock) { // Parse config values into filter collection var remoteIPFilter = config.RemoteIPFilter; if (remoteIPFilter.Any() && !string.IsNullOrWhiteSpace(remoteIPFilter.First())) { // Parse all IPs with netmask to a subnet _ = NetworkExtensions.TryParseSubnets(remoteIPFilter.Where(x => x.Contains('/', StringComparison.OrdinalIgnoreCase)).ToArray(), out _remoteAddressFilter, false); // Parse everything else as an IP and construct subnet with a single IP var ips = remoteIPFilter.Where(x => !x.Contains('/', StringComparison.OrdinalIgnoreCase)); foreach (var ip in ips) { if (IPAddress.TryParse(ip, out var ipp)) { _remoteAddressFilter.Add(new IPNetwork(ipp, ipp.AddressFamily == AddressFamily.InterNetwork ? 32 : 128)); } } } } } /// /// Parses the user defined overrides into the dictionary object. /// Overrides are the equivalent of localised publishedServerUrl, enabling /// different addresses to be advertised over different subnets. /// format is subnet=ipaddress|host|uri /// when subnet = 0.0.0.0, any external address matches. /// private void InitialiseOverrides(NetworkConfiguration config) { lock (_initLock) { _publishedServerUrls.Clear(); string[] overrides = config.PublishedServerUriBySubnet; foreach (var entry in overrides) { var parts = entry.Split('='); if (parts.Length != 2) { _logger.LogError("Unable to parse bind override: {Entry}", entry); } else { var replacement = parts[1].Trim(); var ipParts = parts[0].Split("/"); if (string.Equals(parts[0], "all", StringComparison.OrdinalIgnoreCase)) { _publishedServerUrls[new IPData(IPAddress.Broadcast, null)] = replacement; } else if (string.Equals(parts[0], "external", StringComparison.OrdinalIgnoreCase)) { _publishedServerUrls[new IPData(IPAddress.Any, new IPNetwork(IPAddress.Any, 0))] = replacement; _publishedServerUrls[new IPData(IPAddress.IPv6Any, new IPNetwork(IPAddress.IPv6Any, 0))] = replacement; } else if (IPAddress.TryParse(ipParts[0], out IPAddress? result)) { var data = new IPData(result, null); if (ipParts.Length > 1 && int.TryParse(ipParts[1], out var netmask)) { data.Subnet = new IPNetwork(result, netmask); } _publishedServerUrls[data] = replacement; } else if (TryParseInterface(ipParts[0], out var ifaces)) { foreach (var iface in ifaces) { _publishedServerUrls[iface] = replacement; } } else { _logger.LogError("Unable to parse bind ip address. {Parts}", parts[1]); } } } } } private void ConfigurationUpdated(object? sender, ConfigurationUpdateEventArgs evt) { if (evt.Key.Equals("network", StringComparison.Ordinal)) { UpdateSettings((NetworkConfiguration)evt.NewConfiguration); } } /// /// Reloads all settings and re-initialises the instance. /// /// The to use. public void UpdateSettings(object configuration) { NetworkConfiguration config = (NetworkConfiguration)configuration ?? throw new ArgumentNullException(nameof(configuration)); InitialiseLan(config); InitialiseRemote(config); if (string.IsNullOrEmpty(MockNetworkSettings)) { InitialiseInterfaces(); } else // Used in testing only. { // Format is ,,: . Set index to -ve to simulate a gateway. var interfaceList = MockNetworkSettings.Split('|'); foreach (var details in interfaceList) { var parts = details.Split(','); var split = parts[0].Split("/"); var address = IPAddress.Parse(split[0]); var network = new IPNetwork(address, int.Parse(split[1], CultureInfo.InvariantCulture)); var index = int.Parse(parts[1], CultureInfo.InvariantCulture); if (address.AddressFamily == AddressFamily.InterNetwork || address.AddressFamily == AddressFamily.InterNetworkV6) { var data = new IPData(address, network, parts[2]); data.Index = index; _interfaces.Add(data); } } } EnforceBindRestrictions(config); InitialiseOverrides(config); } /// /// Protected implementation of Dispose pattern. /// /// True to dispose the managed state. protected virtual void Dispose(bool disposing) { if (!_disposed) { if (disposing) { _configurationManager.NamedConfigurationUpdated -= ConfigurationUpdated; NetworkChange.NetworkAddressChanged -= OnNetworkAddressChanged; NetworkChange.NetworkAvailabilityChanged -= OnNetworkAvailabilityChanged; } _disposed = true; } } /// public bool TryParseInterface(string intf, out List result) { result = new List(); if (string.IsNullOrEmpty(intf)) { return false; } if (_interfaces != null) { // Match all interfaces starting with names starting with token var matchedInterfaces = _interfaces.Where(s => s.Name.Equals(intf.ToLowerInvariant(), StringComparison.OrdinalIgnoreCase)).OrderBy(x => x.Index); if (matchedInterfaces.Any()) { _logger.LogInformation("Interface {Token} used in settings. Using its interface addresses.", intf); // Use interface IP instead of name foreach (IPData iface in matchedInterfaces) { if ((IsIpv4Enabled && iface.Address.AddressFamily == AddressFamily.InterNetwork) || (IsIpv6Enabled && iface.Address.AddressFamily == AddressFamily.InterNetworkV6)) { result.Add(iface); } } return true; } } return false; } /// public bool HasRemoteAccess(IPAddress remoteIp) { var config = _configurationManager.GetNetworkConfiguration(); if (config.EnableRemoteAccess) { // Comma separated list of IP addresses or IP/netmask entries for networks that will be allowed to connect remotely. // If left blank, all remote addresses will be allowed. if (_remoteAddressFilter.Any() && !_lanSubnets.Any(x => x.Contains(remoteIp))) { // remoteAddressFilter is a whitelist or blacklist. var matches = _remoteAddressFilter.Count(remoteNetwork => remoteNetwork.Contains(remoteIp)); if ((!config.IsRemoteIPFilterBlacklist && matches > 0) || (config.IsRemoteIPFilterBlacklist && matches == 0)) { return true; } return false; } } else if (!_lanSubnets.Where(x => x.Contains(remoteIp)).Any()) { // Remote not enabled. So everyone should be LAN. return false; } return true; } /// public IReadOnlyList GetMacAddresses() { // Populated in construction - so always has values. return _macAddresses; } /// public IReadOnlyList GetLoopbacks() { var loopbackNetworks = new List(); if (IsIpv4Enabled) { loopbackNetworks.Add(new IPData(IPAddress.Loopback, new IPNetwork(IPAddress.Loopback, 8), "lo")); } if (IsIpv6Enabled) { loopbackNetworks.Add(new IPData(IPAddress.IPv6Loopback, new IPNetwork(IPAddress.IPv6Loopback, 128), "lo")); } return loopbackNetworks; } /// public IReadOnlyList GetAllBindInterfaces(bool individualInterfaces = false) { if (_interfaces.Count == 0) { // No bind address and no exclusions, so listen on all interfaces. var result = new List(); if (individualInterfaces) { foreach (var iface in _interfaces) { result.Add(iface); } return result; } if (IsIpv4Enabled && IsIpv6Enabled) { // Kestrel source code shows it uses Sockets.DualMode - so this also covers IPAddress.Any by default result.Add(new IPData(IPAddress.IPv6Any, new IPNetwork(IPAddress.IPv6Any, 0))); } else if (IsIpv4Enabled) { result.Add(new IPData(IPAddress.Any, new IPNetwork(IPAddress.Any, 0))); } else if (IsIpv6Enabled) { // Cannot use IPv6Any as Kestrel will bind to IPv4 addresses too. foreach (var iface in _interfaces) { if (iface.AddressFamily == AddressFamily.InterNetworkV6) { result.Add(iface); } } } return result; } return _interfaces; } /// public string GetBindInterface(string source, out int? port) { _ = NetworkExtensions.TryParseHost(source, out var address, IsIpv4Enabled, IsIpv6Enabled); var result = GetBindInterface(address.FirstOrDefault(), out port); return result; } /// public string GetBindInterface(HttpRequest source, out int? port) { string result; _ = NetworkExtensions.TryParseHost(source.Host.Host, out var addresses, IsIpv4Enabled, IsIpv6Enabled); result = GetBindInterface(addresses.FirstOrDefault(), out port); port ??= source.Host.Port; return result; } /// public string GetBindInterface(IPAddress? source, out int? port) { port = null; string result; if (source != null) { if (IsIpv4Enabled && !IsIpv6Enabled && source.AddressFamily == AddressFamily.InterNetworkV6) { _logger.LogWarning("IPv6 is disabled in Jellyfin, but enabled in the OS. This may affect how the interface is selected."); } if (!IsIpv4Enabled && IsIpv6Enabled && source.AddressFamily == AddressFamily.InterNetwork) { _logger.LogWarning("IPv4 is disabled in Jellyfin, but enabled in the OS. This may affect how the interface is selected."); } bool isExternal = !_lanSubnets.Any(network => network.Contains(source)); _logger.LogDebug("GetBindInterface with source. External: {IsExternal}:", isExternal); if (MatchesPublishedServerUrl(source, isExternal, out string res, out port)) { _logger.LogInformation("{Source}: Using BindAddress {Address}:{Port}", source, res, port); return res; } // No preference given, so move on to bind addresses. if (MatchesBindInterface(source, isExternal, out result)) { return result; } if (isExternal && MatchesExternalInterface(source, out result)) { return result; } } // Get the first LAN interface address that's not excluded and not a loopback address. var availableInterfaces = _interfaces.Where(x => !IPAddress.IsLoopback(x.Address)) .OrderByDescending(x => IsInLocalNetwork(x.Address)) .ThenBy(x => x.Index); if (availableInterfaces.Any()) { if (source != null) { foreach (var intf in availableInterfaces) { if (intf.Address.Equals(source)) { result = NetworkExtensions.FormatIpString(intf.Address); _logger.LogDebug("{Source}: GetBindInterface: Has found matching interface. {Result}", source, result); return result; } } // Does the request originate in one of the interface subnets? // (For systems with multiple internal network cards, and multiple subnets) foreach (var intf in availableInterfaces) { if (intf.Subnet.Contains(source)) { result = NetworkExtensions.FormatIpString(intf.Address); _logger.LogDebug("{Source}: GetBindInterface: Has source, matched best internal interface on range. {Result}", source, result); return result; } } } result = NetworkExtensions.FormatIpString(availableInterfaces.First().Address); _logger.LogDebug("{Source}: GetBindInterface: Matched first internal interface. {Result}", source, result); return result; } // There isn't any others, so we'll use the loopback. result = IsIpv4Enabled && !IsIpv6Enabled ? "127.0.0.1" : "::1"; _logger.LogWarning("{Source}: GetBindInterface: Loopback {Result} returned.", source, result); return result; } /// public IReadOnlyList GetInternalBindAddresses() { // Select all local bind addresses return _interfaces.Where(x => IsInLocalNetwork(x.Address)) .OrderBy(x => x.Index) .ToList(); } /// public bool IsInLocalNetwork(string address) { if (IPAddress.TryParse(address, out var ep)) { return IPAddress.IsLoopback(ep) || (_lanSubnets.Any(x => x.Contains(ep)) && !_excludedSubnets.Any(x => x.Contains(ep))); } if (NetworkExtensions.TryParseHost(address, out var addresses, IsIpv4Enabled, IsIpv6Enabled)) { bool match = false; foreach (var ept in addresses) { match |= IPAddress.IsLoopback(ept) || (_lanSubnets.Any(x => x.Contains(ept)) && !_excludedSubnets.Any(x => x.Contains(ept))); } return match; } return false; } /// public bool IsInLocalNetwork(IPAddress address) { if (address == null) { throw new ArgumentNullException(nameof(address)); } // See conversation at https://github.com/jellyfin/jellyfin/pull/3515. if (TrustAllIpv6Interfaces && address.AddressFamily == AddressFamily.InterNetworkV6) { return true; } // As private addresses can be redefined by Configuration.LocalNetworkAddresses var match = CheckIfLanAndNotExcluded(address); return address.Equals(IPAddress.Loopback) || address.Equals(IPAddress.IPv6Loopback) || match; } private bool CheckIfLanAndNotExcluded(IPAddress address) { bool match = false; foreach (var lanSubnet in _lanSubnets) { match |= lanSubnet.Contains(address); } foreach (var excludedSubnet in _excludedSubnets) { match &= !excludedSubnet.Contains(address); } NetworkExtensions.IsIPv6LinkLocal(address); return match; } /// /// Attempts to match the source against the published server URL overrides. /// /// IP source address to use. /// True if the source is in an external subnet. /// The published server URL that matches the source address. /// The resultant port, if one exists. /// true if a match is found, false otherwise. private bool MatchesPublishedServerUrl(IPAddress source, bool isInExternalSubnet, out string bindPreference, out int? port) { bindPreference = string.Empty; port = null; var validPublishedServerUrls = _publishedServerUrls.Where(x => x.Key.Address.Equals(IPAddress.Any)).ToList(); validPublishedServerUrls.AddRange(_publishedServerUrls.Where(x => x.Key.Address.Equals(IPAddress.IPv6Any))); validPublishedServerUrls.AddRange(_publishedServerUrls.Where(x => x.Key.Subnet.Contains(source))); validPublishedServerUrls = validPublishedServerUrls.GroupBy(x => x.Key).Select(y => y.First()).ToList(); // Check for user override. foreach (var data in validPublishedServerUrls) { // Get address interface var intf = _interfaces.OrderBy(x => x.Index).FirstOrDefault(s => s.Subnet.Contains(data.Key.Address)); // Remaining. Match anything. if (data.Key.Address.Equals(IPAddress.Broadcast)) { bindPreference = data.Value; break; } else if ((data.Key.Address.Equals(IPAddress.Any) || data.Key.Address.Equals(IPAddress.IPv6Any)) && isInExternalSubnet) { // External. bindPreference = data.Value; break; } else if (intf?.Address != null) { // Match ip address. bindPreference = data.Value; break; } } if (string.IsNullOrEmpty(bindPreference)) { return false; } // Has it got a port defined? var parts = bindPreference.Split(':'); if (parts.Length > 1) { if (int.TryParse(parts[1], out int p)) { bindPreference = parts[0]; port = p; } } return true; } /// /// Attempts to match the source against a user defined bind interface. /// /// IP source address to use. /// True if the source is in the external subnet. /// The result, if a match is found. /// true if a match is found, false otherwise. private bool MatchesBindInterface(IPAddress source, bool isInExternalSubnet, out string result) { result = string.Empty; int count = _interfaces.Count(); if (count == 1 && (_interfaces[0].Equals(IPAddress.Any) || _interfaces[0].Equals(IPAddress.IPv6Any))) { // Ignore IPAny addresses. count = 0; } if (count > 0) { IPAddress? bindAddress = null; var externalInterfaces = _interfaces.Where(x => !IsInLocalNetwork(x.Address)) .OrderBy(x => x.Index) .ToList(); if (isInExternalSubnet && externalInterfaces.Any()) { // Check to see if any of the external bind interfaces are in the same subnet as the source. // If none exists, this will select the first external interface if there is one. bindAddress = externalInterfaces .OrderByDescending(x => x.Subnet.Contains(source)) .ThenBy(x => x.Index) .Select(x => x.Address) .FirstOrDefault(); if (bindAddress != null) { result = NetworkExtensions.FormatIpString(bindAddress); _logger.LogDebug("{Source}: GetBindInterface: Has source, found a matching external bind interface. {Result}", source, result); return true; } } else { // Check to see if any of the internal bind interfaces are in the same subnet as the source. // If none exists, this will select the first internal interface if there is one. bindAddress = _interfaces.Where(x => IsInLocalNetwork(x.Address)) .OrderByDescending(x => x.Subnet.Contains(source)) .ThenBy(x => x.Index) .Select(x => x.Address) .FirstOrDefault(); if (bindAddress != null) { result = NetworkExtensions.FormatIpString(bindAddress); _logger.LogWarning("{Source}: External request received, only an internal interface bind found. {Result}", source, result); return true; } } } return false; } /// /// Attempts to match the source against an external interface. /// /// IP source address to use. /// The result, if a match is found. /// true if a match is found, false otherwise. private bool MatchesExternalInterface(IPAddress source, out string result) { result = string.Empty; // Get the first WAN interface address that isn't a loopback. var extResult = _interfaces.Where(p => !IsInLocalNetwork(p.Address)).OrderBy(x => x.Index); IPAddress? hasResult = null; // Does the request originate in one of the interface subnets? // (For systems with multiple internal network cards, and multiple subnets) foreach (var intf in extResult) { hasResult ??= intf.Address; if (!IsInLocalNetwork(intf.Address) && intf.Subnet.Contains(source)) { result = NetworkExtensions.FormatIpString(intf.Address); _logger.LogDebug("{Source}: GetBindInterface: Selected best external on interface on range. {Result}", source, result); return true; } } if (hasResult != null) { result = NetworkExtensions.FormatIpString(hasResult); _logger.LogDebug("{Source}: GetBindInterface: Selected first external interface. {Result}", source, result); return true; } _logger.LogDebug("{Source}: External request received, but no WAN interface found. Need to route through internal network.", source); return false; } } }