Cutlery/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2025-05-24 02:02:29 -04:00
Code Issues Packages Projects Releases Wiki Activity

Properly handle IPs with subnetmasks

Browse Source
This commit is contained in:
Shadowghost 2022-10-17 15:38:42 +02:00
parent 26d79a5ce3
commit f6d6f0367b
4 changed files with 81 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
Jellyfin.Networking/Manager/NetworkManager.cs
View File

@ -295,8 +295,8 @@ namespace Jellyfin.Networking.Manager
// Get configuration options
string[] subnets = config.LocalNetworkSubnets;
_ = NetworkExtensions.TryParseSubnets(subnets, out _lanSubnets, false);
_ = NetworkExtensions.TryParseSubnets(subnets, out _excludedSubnets, true);
_ = NetworkExtensions.TryParseToSubnets(subnets, out _lanSubnets, false);
_ = NetworkExtensions.TryParseToSubnets(subnets, out _excludedSubnets, true);
if (_lanSubnets.Count == 0)
{
@ -336,8 +336,8 @@ namespace Jellyfin.Networking.Manager
var localNetworkAddresses = config.LocalNetworkAddresses;
if (localNetworkAddresses.Length > 0 && !string.IsNullOrWhiteSpace(localNetworkAddresses.First()))
{
var bindAddresses = localNetworkAddresses.Select(p => IPAddress.TryParse(p, out var addresses)
? addresses
var bindAddresses = localNetworkAddresses.Select(p => NetworkExtensions.TryParseToSubnet(p, out var network)
? network.Prefix
: (_interfaces.Where(x => x.Name.Equals(p, StringComparison.OrdinalIgnoreCase))
.Select(x => x.Address)
.FirstOrDefault() ?? IPAddress.None))
@ -401,7 +401,7 @@ namespace Jellyfin.Networking.Manager
if (remoteIPFilter.Any() && !string.IsNullOrWhiteSpace(remoteIPFilter.First()))
{
// Parse all IPs with netmask to a subnet
_ = NetworkExtensions.TryParseSubnets(remoteIPFilter.Where(x => x.Contains('/', StringComparison.OrdinalIgnoreCase)).ToArray(), out _remoteAddressFilter, false);
_ = NetworkExtensions.TryParseToSubnets(remoteIPFilter.Where(x => x.Contains('/', StringComparison.OrdinalIgnoreCase)).ToArray(), out _remoteAddressFilter, false);
// Parse everything else as an IP and construct subnet with a single IP
var ips = remoteIPFilter.Where(x => !x.Contains('/', StringComparison.OrdinalIgnoreCase));
@ -440,17 +440,17 @@ namespace Jellyfin.Networking.Manager
else
{
var replacement = parts[1].Trim();
var ipParts = parts[0].Split("/");
if (string.Equals(parts[0], "all", StringComparison.OrdinalIgnoreCase))
var identifier = parts[0];
if (string.Equals(identifier, "all", StringComparison.OrdinalIgnoreCase))
{
_publishedServerUrls[new IPData(IPAddress.Broadcast, null)] = replacement;
}
else if (string.Equals(parts[0], "external", StringComparison.OrdinalIgnoreCase))
else if (string.Equals(identifier, "external", StringComparison.OrdinalIgnoreCase))
{
_publishedServerUrls[new IPData(IPAddress.Any, new IPNetwork(IPAddress.Any, 0))] = replacement;
_publishedServerUrls[new IPData(IPAddress.IPv6Any, new IPNetwork(IPAddress.IPv6Any, 0))] = replacement;
}
else if (string.Equals(parts[0], "internal", StringComparison.OrdinalIgnoreCase))
else if (string.Equals(identifier, "internal", StringComparison.OrdinalIgnoreCase))
{
foreach (var lan in _lanSubnets)
{
@ -458,17 +458,12 @@ namespace Jellyfin.Networking.Manager
_publishedServerUrls[new IPData(lanPrefix, new IPNetwork(lanPrefix, lan.PrefixLength))] = replacement;
}
}
else if (IPAddress.TryParse(ipParts[0], out IPAddress? result))
else if (NetworkExtensions.TryParseToSubnet(identifier, out var result) && result != null)
{
var data = new IPData(result, null);
if (ipParts.Length > 1 && int.TryParse(ipParts[1], out var netmask))
{
data.Subnet = new IPNetwork(result, netmask);
}
var data = new IPData(result.Prefix, result);
_publishedServerUrls[data] = replacement;
}
else if (TryParseInterface(ipParts[0], out var ifaces))
else if (TryParseInterface(identifier, out var ifaces))
{
foreach (var iface in ifaces)
{
@ -516,15 +511,20 @@ namespace Jellyfin.Networking.Manager
foreach (var details in interfaceList)
{
var parts = details.Split(',');
var split = parts[0].Split("/");
var address = IPAddress.Parse(split[0]);
var network = new IPNetwork(address, int.Parse(split[1], CultureInfo.InvariantCulture));
var index = int.Parse(parts[1], CultureInfo.InvariantCulture);
if (address.AddressFamily == AddressFamily.InterNetwork || address.AddressFamily == AddressFamily.InterNetworkV6)
if (NetworkExtensions.TryParseToSubnet(parts[0], out var subnet))
{
var data = new IPData(address, network, parts[2]);
data.Index = index;
_interfaces.Add(data);
var address = subnet.Prefix;
var index = int.Parse(parts[1], CultureInfo.InvariantCulture);
if (address.AddressFamily == AddressFamily.InterNetwork || address.AddressFamily == AddressFamily.InterNetworkV6)
{
var data = new IPData(address, subnet, parts[2]);
data.Index = index;
_interfaces.Add(data);
}
}
else
{
_logger.LogWarning("Could not parse mock interface settings: {Part}", details);
}
}
}
@ -799,9 +799,9 @@ namespace Jellyfin.Networking.Manager
/// <inheritdoc/>
public bool IsInLocalNetwork(string address)
{
if (IPAddress.TryParse(address, out var ep))
if (NetworkExtensions.TryParseToSubnet(address, out var subnet))
{
return IPAddress.IsLoopback(ep) || (_lanSubnets.Any(x => x.Contains(ep)) && !_excludedSubnets.Any(x => x.Contains(ep)));
return IPAddress.IsLoopback(subnet.Prefix) || (_lanSubnets.Any(x => x.Contains(subnet.Prefix)) && !_excludedSubnets.Any(x => x.Contains(subnet.Prefix)));
}
if (NetworkExtensions.TryParseHost(address, out var addresses, IsIpv4Enabled, IsIpv6Enabled))

2
Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
View File

@ -348,7 +348,7 @@ namespace Jellyfin.Server.Extensions
{
AddIpAddress(config, options, addr, addr.AddressFamily == AddressFamily.InterNetwork ? 32 : 128);
}
else if (NetworkExtensions.TryParseSubnet(allowedProxies[i], out var subnet))
else if (NetworkExtensions.TryParseToSubnet(allowedProxies[i], out var subnet))
{
if (subnet != null)
{

26
MediaBrowser.Common/Net/NetworkExtensions.cs
View File

@ -152,13 +152,14 @@ namespace MediaBrowser.Common.Net
}
/// <summary>
/// Try parsing an array of strings into subnets, respecting exclusions.
/// Try parsing an array of strings into <see cref="IPNetwork"/> objects, respecting exclusions.
/// Elements without a subnet mask will be represented as <see cref="IPNetwork"/> with a single IP.
/// </summary>
/// <param name="values">Input string array to be parsed.</param>
/// <param name="result">Collection of <see cref="IPNetwork"/>.</param>
/// <param name="negated">Boolean signaling if negated or not negated values should be parsed.</param>
/// <returns><c>True</c> if parsing was successful.</returns>
public static bool TryParseSubnets(string[] values, out List<IPNetwork> result, bool negated = false)
public static bool TryParseToSubnets(string[] values, out List<IPNetwork> result, bool negated = false)
{
result = new List<IPNetwork>();
@ -183,10 +184,14 @@ namespace MediaBrowser.Common.Net
if (address != IPAddress.None && address != null)
{
if (int.TryParse(v[1], out var netmask))
if (v.Length > 1 && int.TryParse(v[1], out var netmask))
{
result.Add(new IPNetwork(address, netmask));
}
else if (v.Length > 1 && IPAddress.TryParse(v[1], out var netmaskAddress))
{
result.Add(new IPNetwork(address, NetworkExtensions.MaskToCidr(netmaskAddress)));
}
else if (address.AddressFamily == AddressFamily.InterNetwork)
{
result.Add(new IPNetwork(address, 32));
@ -207,15 +212,16 @@ namespace MediaBrowser.Common.Net
}
/// <summary>
/// Try parsing a string into a subnet, respecting exclusions.
/// Try parsing a string into an <see cref="IPNetwork"/>, respecting exclusions.
/// Inputs without a subnet mask will be represented as <see cref="IPNetwork"/> with a single IP.
/// </summary>
/// <param name="value">Input string to be parsed.</param>
/// <param name="result">An <see cref="IPNetwork"/>.</param>
/// <param name="negated">Boolean signaling if negated or not negated values should be parsed.</param>
/// <returns><c>True</c> if parsing was successful.</returns>
public static bool TryParseSubnet(string value, out IPNetwork? result, bool negated = false)
public static bool TryParseToSubnet(string value, out IPNetwork result, bool negated = false)
{
result = null;
result = new IPNetwork(IPAddress.None, 32);
if (string.IsNullOrEmpty(value))
{
@ -236,10 +242,14 @@ namespace MediaBrowser.Common.Net
if (address != IPAddress.None && address != null)
{
if (int.TryParse(v[1], out var netmask))
if (v.Length > 1 && int.TryParse(v[1], out var netmask))
{
result = new IPNetwork(address, netmask);
}
else if (v.Length > 1 && IPAddress.TryParse(v[1], out var netmaskAddress))
{
result = new IPNetwork(address, NetworkExtensions.MaskToCidr(netmaskAddress));
}
else if (address.AddressFamily == AddressFamily.InterNetwork)
{
result = new IPNetwork(address, 32);
@ -250,7 +260,7 @@ namespace MediaBrowser.Common.Net
}
}
if (result != null)
if (!result.Prefix.Equals(IPAddress.None))
{
return true;
}

65
tests/Jellyfin.Networking.Tests/NetworkParseTests.cs
View File

@ -1,13 +1,11 @@
using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Net;
using Jellyfin.Networking.Configuration;
using Jellyfin.Networking.Manager;
using MediaBrowser.Common.Configuration;
using MediaBrowser.Common.Net;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.Logging.Abstractions;
using Moq;
using Xunit;
@ -37,6 +35,8 @@ namespace Jellyfin.Networking.Tests
[InlineData("192.168.1.208/24,-16,eth16|200.200.200.200/24,11,eth11", "192.168.1.0/24;200.200.200.0/24", "[192.168.1.208/24,200.200.200.200/24]")]
// eth16 only
[InlineData("192.168.1.208/24,-16,eth16|200.200.200.200/24,11,eth11", "192.168.1.0/24", "[192.168.1.208/24]")]
// eth16 only without mask
[InlineData("192.168.1.208,-16,eth16|200.200.200.200,11,eth11", "192.168.1.0/24", "[192.168.1.208/32]")]
// All interfaces excluded. (including loopbacks)
[InlineData("192.168.1.208/24,-16,vEthernet1|192.168.2.208/24,-16,vEthernet212|200.200.200.200/24,11,eth11", "192.168.1.0/24", "[]")]
// vEthernet1 and vEthernet212 should be excluded.
@ -65,66 +65,79 @@ namespace Jellyfin.Networking.Tests
/// <param name="address">IP Address.</param>
[Theory]
[InlineData("127.0.0.1")]
[InlineData("127.0.0.1/8")]
[InlineData("192.168.1.2")]
[InlineData("192.168.1.2/24")]
[InlineData("192.168.1.2/255.255.255.0")]
[InlineData("fd23:184f:2029:0:3139:7386:67d7:d517")]
[InlineData("[fd23:184f:2029:0:3139:7386:67d7:d517]")]
[InlineData("fe80::7add:12ff:febb:c67b%16")]
[InlineData("[fe80::7add:12ff:febb:c67b%16]:123")]
[InlineData("fe80::7add:12ff:febb:c67b%16:123")]
[InlineData("[fe80::7add:12ff:febb:c67b%16]")]
[InlineData("192.168.1.2")]
[InlineData("fd23:184f:2029:0:3139:7386:67d7:d517/56")]
public static void TryParseValidIPStringsTrue(string address)
=> Assert.True(IPAddress.TryParse(address, out _));
=> Assert.True(NetworkExtensions.TryParseToSubnet(address, out _));
/// <summary>
/// Checks invalid IP address formats.
/// </summary>
/// <param name="address">IP Address.</param>
[Theory]
[InlineData("192.168.1.2/255.255.255.0")]
[InlineData("192.168.1.2/24")]
[InlineData("127.0.0.1/8")]
[InlineData("127.0.0.1#")]
[InlineData("localhost!")]
[InlineData("256.128.0.0.0.1")]
[InlineData("fd23:184f:2029:0:3139:7386:67d7:d517/56")]
[InlineData("fd23:184f:2029:0:3139:7386:67d7:d517:1231")]
[InlineData("[fd23:184f:2029:0:3139:7386:67d7:d517:1231]")]
public static void TryParseInvalidIPStringsFalse(string address)
=> Assert.False(IPAddress.TryParse(address, out _));
=> Assert.False(NetworkExtensions.TryParseToSubnet(address, out _));
/// <summary>
/// Checks if IPv4 address is within a defined subnet.
/// </summary>
/// <param name="netMask">Network mask.</param>
/// <param name="ipAddress">IP Address.</param>
[Theory]
[InlineData("192.168.5.85/24", "192.168.5.1")]
[InlineData("192.168.5.85/24", "192.168.5.254")]
[InlineData("192.168.5.85/255.255.255.0", "192.168.5.254")]
[InlineData("10.128.240.50/30", "10.128.240.48")]
[InlineData("10.128.240.50/30", "10.128.240.49")]
[InlineData("10.128.240.50/30", "10.128.240.50")]
[InlineData("10.128.240.50/30", "10.128.240.51")]
[InlineData("10.128.240.50/255.255.255.252", "10.128.240.51")]
[InlineData("127.0.0.1/8", "127.0.0.1")]
public void IpV4SubnetMaskMatchesValidIpAddress(string netMask, string ipAddress)
{
var split = netMask.Split("/");
var mask = int.Parse(split[1], CultureInfo.InvariantCulture);
var ipa = IPAddress.Parse(split[0]);
var ipn = new IPNetwork(ipa, mask);
Assert.True(ipn.Contains(IPAddress.Parse(ipAddress)));
var ipa = IPAddress.Parse(ipAddress);
Assert.True(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress)));
}
/// <summary>
/// Checks if IPv4 address is not within a defined subnet.
/// </summary>
/// <param name="netMask">Network mask.</param>
/// <param name="ipAddress">IP Address.</param>
[Theory]
[InlineData("192.168.5.85/24", "192.168.4.254")]
[InlineData("192.168.5.85/24", "191.168.5.254")]
[InlineData("192.168.5.85/255.255.255.252", "192.168.4.254")]
[InlineData("10.128.240.50/30", "10.128.240.47")]
[InlineData("10.128.240.50/30", "10.128.240.52")]
[InlineData("10.128.240.50/30", "10.128.239.50")]
[InlineData("10.128.240.50/30", "10.127.240.51")]
[InlineData("10.128.240.50/255.255.255.252", "10.127.240.51")]
public void IpV4SubnetMaskDoesNotMatchInvalidIpAddress(string netMask, string ipAddress)
{
var split = netMask.Split("/");
var mask = int.Parse(split[1], CultureInfo.InvariantCulture);
var ipa = IPAddress.Parse(split[0]);
var ipn = new IPNetwork(ipa, mask);
Assert.False(ipn.Contains(IPAddress.Parse(ipAddress)));
var ipa = IPAddress.Parse(ipAddress);
Assert.False(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress)));
}
/// <summary>
/// Checks if IPv6 address is within a defined subnet.
/// </summary>
/// <param name="netMask">Network mask.</param>
/// <param name="ipAddress">IP Address.</param>
[Theory]
[InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0012:0000:0000:0000:0000")]
[InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0012:FFFF:FFFF:FFFF:FFFF")]
@ -133,11 +146,7 @@ namespace Jellyfin.Networking.Tests
[InlineData("2001:db8:abcd:0012::0/128", "2001:0DB8:ABCD:0012:0000:0000:0000:0000")]
public void IpV6SubnetMaskMatchesValidIpAddress(string netMask, string ipAddress)
{
var split = netMask.Split("/");
var mask = int.Parse(split[1], CultureInfo.InvariantCulture);
var ipa = IPAddress.Parse(split[0]);
var ipn = new IPNetwork(ipa, mask);
Assert.True(ipn.Contains(IPAddress.Parse(ipAddress)));
Assert.True(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress)));
}
[Theory]
@ -148,11 +157,7 @@ namespace Jellyfin.Networking.Tests
[InlineData("2001:db8:abcd:0012::0/128", "2001:0DB8:ABCD:0012:0000:0000:0000:0001")]
public void IpV6SubnetMaskDoesNotMatchInvalidIpAddress(string netMask, string ipAddress)
{
var split = netMask.Split("/");
var mask = int.Parse(split[1], CultureInfo.InvariantCulture);
var ipa = IPAddress.Parse(split[0]);
var ipn = new IPNetwork(ipa, mask);
Assert.False(ipn.Contains(IPAddress.Parse(ipAddress)));
Assert.False(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress)));
}
[Theory]
@ -262,7 +267,7 @@ namespace Jellyfin.Networking.Tests
if (nm.TryParseInterface(result, out List<IPData>? resultObj) && resultObj != null)
{
// Parse out IPAddresses so we can do a string comparison. (Ignore subnet masks).
// Parse out IPAddresses so we can do a string comparison (ignore subnet masks).
result = resultObj.First().Address.ToString();
}