1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
|
#!/bin/bash
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[ -n "${network_init-}" ] && return
mac_to_bytes() {
local -n bytes="$1"
local str="$2"
# Verify that the MAC is Valid
[[ "$str" =~ ^[[:xdigit:]]{1,2}(:[[:xdigit:]]{1,2}){5}$ ]] || return
# Split the mac into hex bytes
local oldifs="$IFS"
IFS=:
local byte
for byte in $str; do
bytes+=(0x$byte)
done
IFS="$oldifs"
}
mac_to_eui48() {
local mac_bytes=(0 0 0 0 0 0 0 0 0 0)
mac_to_bytes mac_bytes "$1" || return
# Return the EUI-64 bytes in the IPv6 format
ip_bytes_to_str mac_bytes
}
mac_to_eui64() {
local mac_bytes=()
mac_to_bytes mac_bytes "$1" || return
# Using EUI-64 conversion rules, create the suffix bytes from MAC bytes
# Invert bit-0 of the first byte, and insert 0xfffe in the middle.
local suffix_bytes=(
0 0 0 0 0 0 0 0
$((mac_bytes[0] ^ 1))
${mac_bytes[@]:1:2}
$((0xff)) $((0xfe))
${mac_bytes[@]:3:3}
)
# Return the EUI-64 bytes in the IPv6 format
ip_bytes_to_str suffix_bytes
}
ip_to_bytes() {
local -n bytes_out="$1"
local str="$2"
local bytes=()
local oldifs="$IFS"
# Heuristic for V4 / V6, validity will be checked as it is parsed
if [[ "$str" == *.* ]]; then
# Ensure we don't start or end with IFS
[ "${str:0:1}" != '.' ] || return 1
[ "${str: -1}" != '.' ] || return 1
local v
# Split IPv4 address into octets
IFS=.
for v in $str; do
# IPv4 digits are always decimal numbers
if ! [[ "$v" =~ ^[0-9]+$ ]]; then
IFS="$oldifs"
return 1
fi
# Each octet is a single byte, make sure the number isn't larger
if (( v > 0xff )); then
IFS="$oldifs"
return 1
fi
bytes+=($v)
done
# IPv4 addresses must have all 4 bytes present
if (( "${#bytes[@]}" != 4 )); then
IFS="$oldifs"
return 1
fi
else
# Ensure we bound the padding in an outer byte for
# IFS splitting to work correctly
[ "${str:0:2}" = '::' ] && str="0$str"
[ "${str: -2}" = '::' ] && str="${str}0"
# Ensure we don't start or end with IFS
[ "${str:0:1}" != ':' ] || return 1
[ "${str: -1}" != ':' ] || return 1
# Stores the bytes that come before ::, if it exists
local bytesBeforePad=()
local v
# Split the Address into hextets
IFS=:
for v in $str; do
# Handle ::, which translates to an empty string
if [ -z "$v" ]; then
# Only allow a single :: sequence in an address
if (( "${#bytesBeforePad[@]}" > 0 )); then
IFS="$oldifs"
return 1
fi
# Store the already parsed upper bytes separately
# This allows us to calculate and insert padding
bytesBeforePad=("${bytes[@]}")
bytes=()
continue
fi
# IPv6 digits are always hex
if ! [[ "$v" =~ ^[[:xdigit:]]+$ ]]; then
IFS="$oldifs"
return 1
fi
# Ensure the number is no larger than a hextet
v="0x$v"
if (( v > 0xffff )); then
IFS="$oldifs"
return 1
fi
# Split the hextet into 2 bytes
bytes+=($(( v >> 8 )))
bytes+=($(( v & 0xff )))
done
# If we have ::, add padding
if (( "${#bytesBeforePad[@]}" > 0 )); then
# Fill the middle bytes with padding and store in `bytes`
while (( "${#bytes[@]}" + "${#bytesBeforePad[@]}" < 16 )); do
bytesBeforePad+=(0)
done
bytes=("${bytesBeforePad[@]}" "${bytes[@]}")
fi
# IPv6 addresses must have all 16 bytes present
if (( "${#bytes[@]}" != 16 )); then
IFS="$oldifs"
return 1
fi
fi
IFS="$oldifs"
bytes_out=("${bytes[@]}")
}
ip_bytes_to_str() {
local -n bytes="$1"
if (( "${#bytes[@]}" == 4 )); then
printf '%d.%d.%d.%d\n' "${bytes[@]}"
elif (( "${#bytes[@]}" == 16 )); then
# Track the starting position of the longest run of 0 hextets (2 bytes)
local longest_i=0
# Track the size of the longest run of 0 hextets
local longest_s=0
# The index of the first 0 byte in the current run of zeros
local first_zero=0
local i
# Find the location of the longest run of zero hextets, preferring same
# size runs later in the address.
for (( i=0; i<=16; i+=2 )); do
# Terminate the run of zeros if we are at the end of the array or
# have a non-zero hextet
if (( i == 16 || bytes[$i] != 0 || bytes[$((i+1))] != 0 )); then
local s=$((i - first_zero))
if (( s >= longest_s )); then
longest_i=$first_zero
longest_s=$s
fi
first_zero=$((i+2))
fi
done
# Build the address string by each hextet
for (( i=0; i<16; i+=2 )); do
# If we encountered a run of zeros, add the necessary :: at the end
# of the string. If not at the end, a single : is added since : is
# printed to subsequent hextets already.
if (( i == longest_i )); then
(( i += longest_s-2 ))
printf ':'
# End of string needs to be ::
if (( i == 14 )); then
printf ':'
fi
else
# Prepend : to all hextets except the first for separation
if (( i != 0 )); then
printf ':'
fi
printf '%x' $(( (bytes[$i]<<8) | bytes[$(($i+1))]))
fi
done
printf '\n'
else
echo "Invalid IP Bytes: ${bytes[*]}" >&2
return 1
fi
}
ip_pfx_concat() {
local pfx="$1"
local sfx="$2"
# Parse the prefix
if ! [[ "$pfx" =~ ^([0-9a-fA-F:.]+)/([0-9]+)$ ]]; then
echo "Invalid IP prefix: $pfx" >&2
return 1
fi
local addr="${BASH_REMATCH[1]}"
local cidr="${BASH_REMATCH[2]}"
# Ensure prefix doesn't have too many bytes
local pfx_bytes=()
if ! ip_to_bytes pfx_bytes "$addr"; then
echo "Invalid IP prefix: $pfx" >&2
return 1
fi
if (( ${#pfx_bytes[@]}*8 < cidr )); then
echo "Prefix CIDR too large" >&2
return 1
fi
# CIDR values might partially divide a byte so we need to mask out
# only the part of the byte we want to check for emptiness
if (( (pfx_bytes[cidr/8] & ~(~0 << (8-cidr%8))) != 0 )); then
echo "Invalid byte $((cidr/8)): $pfx" >&2
return 1
fi
local i
# Check the rest of the whole bytes to make sure they are empty
for (( i=cidr/8+1; i<${#pfx_bytes[@]}; i++ )); do
if (( pfx_bytes[$i] != 0 )); then
echo "Byte $i not 0: $pfx" >&2
return 1
fi
done
# Validate the suffix
local sfx_bytes=()
if ! ip_to_bytes sfx_bytes "$sfx"; then
echo "Invalid IPv6 suffix: $sfx" >&2
return 1
fi
if (( "${#sfx_bytes[@]}" != "${#pfx_bytes[@]}" )); then
echo "Suffix not the same family as prefix: $pfx $sfx" >&2
return 1
fi
# Check potential partially divided bytes for emptiness in the upper part
# based on the division specified in CIDR.
if (( (sfx_bytes[cidr/8] & (~0 << (8-cidr%8))) != 0 )); then
echo "Invalid byte $((cidr/8)): $sfx" >&2
return 1
fi
local i
# Check the bytes before the CIDR for emptiness to ensure they don't overlap
for (( i=0; i<cidr/8; i++ )); do
if (( sfx_bytes[$i] != 0 )); then
echo "Byte $i not 0: $sfx" >&2
return 1
fi
done
out_bytes=()
for (( i=0; i<${#pfx_bytes[@]}; i++ )); do
out_bytes+=($(( pfx_bytes[$i] | sfx_bytes[$i] )))
done
echo "$(ip_bytes_to_str out_bytes)/$cidr"
}
ip_pfx_to_cidr() {
[[ "$1" =~ ^[0-9a-fA-F:.]+/([0-9]+)$ ]] || return
echo "${BASH_REMATCH[1]}"
}
normalize_ip() {
local ip_bytes=()
ip_to_bytes ip_bytes "$1" || return
ip_bytes_to_str ip_bytes
}
network_init=1
return 0 2>/dev/null
echo "network is a library, not executed directly" >&2
exit 1
|
