public static boolean isValidCidrList(final String cidrList) { for (final String guestCidr : cidrList.split(",")) { if (!isValidIp4Cidr(guestCidr)) { return false; } } return true; }
public static boolean is31PrefixCidr(final String cidr) { final boolean isValidCird = isValidIp4Cidr(cidr); if (isValidCird) { final String[] cidrPair = cidr.split("\\/"); final String cidrSize = cidrPair[1]; final int cidrSizeNum = Integer.parseInt(cidrSize); if (cidrSizeNum == RFC_3021_31_BIT_CIDR) { return true; } } return false; }
public static boolean validateGuestCidr(final String cidr) { // RFC 1918 - The Internet Assigned Numbers Authority (IANA) has reserved the // following three blocks of the IP address space for private internets: // 10.0.0.0 - 10.255.255.255 (10/8 prefix) // 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) // 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) // RFC 6598 - The IETF detailed shared address space for use in ISP CGN // deployments and NAT devices that can handle the same addresses occurring both on inbound and outbound interfaces. // ARIN returned space to the IANA as needed for this allocation. // The allocated address block is 100.64.0.0/10 final String[] allowedNetBlocks = {"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "100.64.0.0/10"}; if (!isValidIp4Cidr(cidr)) { s_logger.warn("Cidr " + cidr + " is not valid"); return false; } for (String block: allowedNetBlocks) { if (isNetworkAWithinNetworkB(cidr, block)) { return true; } } // not in allowedNetBlocks - return false s_logger.warn("cidr " + cidr + " is not RFC 1918 or 6598 compliant"); return false; }
/** * Validates all of the CIDRs in the {@link NetworkACLItemVO#getSourceCidrList()}. * If the list is empty we do not execute any validation. Otherwise, all of the CIDRs are validated using {@link NetUtils#isValidIp4Cidr(String)}. */ protected void validateSourceCidrList(NetworkACLItemVO networkACLItemVO) { List<String> sourceCidrList = networkACLItemVO.getSourceCidrList(); if (CollectionUtils.isNotEmpty(sourceCidrList)) { for (String cidr : sourceCidrList) { if (!NetUtils.isValidIp4Cidr(cidr)) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Source cidrs formatting error " + cidr); } } } }
public static boolean isSameIpRange(final String cidrA, final String cidrB) { if (!NetUtils.isValidIp4Cidr(cidrA)) { s_logger.info("Invalid value of cidr " + cidrA); return false; } if (!NetUtils.isValidIp4Cidr(cidrB)) { s_logger.info("Invalid value of cidr " + cidrB); return false; } final String[] cidrPairFirst = cidrA.split("\\/"); final String[] cidrPairSecond = cidrB.split("\\/"); final Long networkSizeFirst = Long.valueOf(cidrPairFirst[1]); final Long networkSizeSecond = Long.valueOf(cidrPairSecond[1]); final String ipRangeFirst[] = NetUtils.getIpRangeFromCidr(cidrPairFirst[0], networkSizeFirst); final String ipRangeSecond[] = NetUtils.getIpRangeFromCidr(cidrPairFirst[0], networkSizeSecond); final long startIpFirst = NetUtils.ip2Long(ipRangeFirst[0]); final long endIpFirst = NetUtils.ip2Long(ipRangeFirst[1]); final long startIpSecond = NetUtils.ip2Long(ipRangeSecond[0]); final long endIpSecond = NetUtils.ip2Long(ipRangeSecond[1]); if (startIpFirst == startIpSecond && endIpFirst == endIpSecond) { return true; } return false; }
@Test public void testIsValidCIDR() throws Exception { //Test to check IP Range of 2 CIDR final String cidrFirst = "10.0.144.0/20"; final String cidrSecond = "10.0.151.0/20"; final String cidrThird = "10.0.144.0/21"; assertTrue(NetUtils.isValidIp4Cidr(cidrFirst)); assertTrue(NetUtils.isValidIp4Cidr(cidrSecond)); assertTrue(NetUtils.isValidIp4Cidr(cidrThird));; }
public static boolean isIpInCidrList(final InetAddress address, final String[] cidrlist) { boolean match = false; for (String cidr: cidrlist) { try { if (address instanceof Inet6Address && isValidIp6Cidr(cidr)) { if (isIp6InNetwork(IPv6Address.fromInetAddress(address), IPv6Network.fromString(cidr))) { match = true; break; } } else if (address instanceof Inet4Address && isValidIp4Cidr(cidr)) { if (NetUtils.isIpWithInCidrRange(address.getHostAddress(), cidr)) { match = true; break; } } } catch (IllegalArgumentException e) { continue; } } return match; }
if (route != null) { final String routeToVerify = route.trim(); if (!NetUtils.isValidIp4Cidr(routeToVerify)) { throw new InvalidParameterValueException("Invalid value for blacklisted route: " + route + ". Valid format is list" + " of cidrs separated by coma. Example: 10.1.1.0/24,192.168.0.0/24");
if (NetUtils.isValidIp4Cidr(mgmt_cidr)) { buf.append(" mgmtcidr=").append(mgmt_cidr);
return; if (!NetUtils.isValidIp4(destIpOrCidr) && !NetUtils.isValidIp4Cidr(destIpOrCidr)) { s_logger.warn(" destIp is not a valid ip address or cidr destIp=" + destIpOrCidr); return;
public static boolean isIpWithInCidrRange(final String ipAddress, final String cidr) { if (!isValidIp4(ipAddress)) { return false; } if (!isValidIp4Cidr(cidr)) { return false; } // check if the gatewayip is the part of the ip range being added. // RFC 3021 - 31-Bit Prefixes on IPv4 Point-to-Point Links // GW Netmask Stat IP End IP // 192.168.24.0 - 255.255.255.254 - 192.168.24.0 - 192.168.24.1 // https://tools.ietf.org/html/rfc3021 // Added by Wilder Rodrigues final SubnetUtils subnetUtils = new SubnetUtils(cidr); subnetUtils.setInclusiveHostCount(true); final boolean isInRange = subnetUtils.getInfo().isInRange(ipAddress); return isInRange; }
return; if (!NetUtils.isValidIp4(destIpOrCidr) && !NetUtils.isValidIp4Cidr(destIpOrCidr)) { s_logger.warn(" destIp is not a valid ip address or cidr destIp=" + destIpOrCidr); return;
if (NetUtils.isValidIp4Cidr(_mgmtCidr)) { buf.append(" mgmtcidr=").append(_mgmtCidr); buf.append(" localgw=").append(dest.getPod().getGateway());
if (NetUtils.isValidIp4Cidr(cidr)) { cidrAddress = getCidrAddress(cidr); cidrSize = getCidrSize(cidr);
@Override public void create() { if (getSourceCidrList() != null) { for (String cidr : getSourceCidrList()) { if (!NetUtils.isValidIp4Cidr(cidr) && !NetUtils.isValidIp6Cidr(cidr)) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Source CIDRs formatting error " + cidr); } } } try { FirewallRule result = _firewallService.createIngressFirewallRule(this); if (result != null) { setEntityId(result.getId()); setEntityUuid(result.getUuid()); } } catch (NetworkRuleConflictException ex) { s_logger.trace("Network Rule Conflict: ", ex); throw new ServerApiException(ApiErrorCode.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage(), ex); } }
if (!NetUtils.isValidIp4Cidr(cidr) && !NetUtils.isValidIp6Cidr(cidr)) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Source cidrs formatting error " + cidr); if(!NetUtils.isValidIp4Cidr(cidr) && !NetUtils.isValidIp6Cidr(cidr)) { throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Destination cidrs formatting error" + cidr);
if (!NetUtils.isValidIp4Cidr(cidr) && !NetUtils.isValidIp6Cidr(cidr)) { throw new InvalidParameterValueException("Invalid cidr " + cidr);
@DB protected Vpc createVpc(final Boolean displayVpc, final VpcVO vpc) { final String cidr = vpc.getCidr(); // Validate CIDR if (!NetUtils.isValidIp4Cidr(cidr)) { throw new InvalidParameterValueException("Invalid CIDR specified " + cidr); } // cidr has to be RFC 1918 complient if (!NetUtils.validateGuestCidr(cidr)) { throw new InvalidParameterValueException("Guest Cidr " + cidr + " is not RFC1918 compliant"); } // validate network domain if (!NetUtils.verifyDomainName(vpc.getNetworkDomain())) { throw new InvalidParameterValueException("Invalid network domain. Total length shouldn't exceed 190 chars. Each domain " + "label must be between 1 and 63 characters long, can contain ASCII letters 'a' through 'z', " + "the digits '0' through '9', " + "and the hyphen ('-'); can't start or end with \"-\""); } return Transaction.execute(new TransactionCallback<VpcVO>() { @Override public VpcVO doInTransaction(final TransactionStatus status) { if (displayVpc != null) { vpc.setDisplay(displayVpc); } final VpcVO persistedVpc = _vpcDao.persist(vpc, finalizeServicesAndProvidersForVpc(vpc.getZoneId(), vpc.getVpcOfferingId())); _resourceLimitMgr.incrementResourceCount(vpc.getAccountId(), ResourceType.vpc); s_logger.debug("Created VPC " + persistedVpc); return persistedVpc; } }); }
if(!NetUtils.isValidIp4Cidr(cidr)) { throw new InvalidParameterValueException("The CIDR is invalid " + cidr);
if (!NetUtils.isValidIp4Cidr(cidr)) { throw new InvalidParameterValueException("Invalid format for cidr " + cidr);