diff --git a/inc/lib/IP/LICENSE b/inc/lib/IP/LICENSE new file mode 100755 index 00000000..fb315548 --- /dev/null +++ b/inc/lib/IP/LICENSE @@ -0,0 +1,20 @@ +Copyright (c) 2013 Jason Morriss + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + diff --git a/inc/lib/IP/Lifo/IP/BC.php b/inc/lib/IP/Lifo/IP/BC.php new file mode 100755 index 00000000..545fe372 --- /dev/null +++ b/inc/lib/IP/Lifo/IP/BC.php @@ -0,0 +1,293 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ +namespace Lifo\IP; + +/** + * BCMath helper class. + * + * Provides a handful of BCMath routines that are not included in the native + * PHP library. + * + * Note: The Bitwise functions operate on fixed byte boundaries. For example, + * comparing the following numbers uses X number of bits: + * 0xFFFF and 0xFF will result in comparison of 16 bits. + * 0xFFFFFFFF and 0xF will result in comparison of 32 bits. + * etc... + * + */ +abstract class BC +{ + // Some common (maybe useless) constants + const MAX_INT_32 = '2147483647'; // 7FFFFFFF + const MAX_UINT_32 = '4294967295'; // FFFFFFFF + const MAX_INT_64 = '9223372036854775807'; // 7FFFFFFFFFFFFFFF + const MAX_UINT_64 = '18446744073709551615'; // FFFFFFFFFFFFFFFF + const MAX_INT_96 = '39614081257132168796771975167'; // 7FFFFFFFFFFFFFFFFFFFFFFF + const MAX_UINT_96 = '79228162514264337593543950335'; // FFFFFFFFFFFFFFFFFFFFFFFF + const MAX_INT_128 = '170141183460469231731687303715884105727'; // 7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + const MAX_UINT_128 = '340282366920938463463374607431768211455'; // FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF + + /** + * BC Math function to convert a HEX string into a DECIMAL + */ + public static function bchexdec($hex) + { + if (strlen($hex) == 1) { + return hexdec($hex); + } + + $remain = substr($hex, 0, -1); + $last = substr($hex, -1); + return bcadd(bcmul(16, self::bchexdec($remain), 0), hexdec($last), 0); + } + + /** + * BC Math function to convert a DECIMAL string into a BINARY string + */ + public static function bcdecbin($dec, $pad = null) + { + $bin = ''; + while ($dec) { + $m = bcmod($dec, 2); + $dec = bcdiv($dec, 2, 0); + $bin = abs($m) . $bin; + } + return $pad ? sprintf("%0{$pad}s", $bin) : $bin; + } + + /** + * BC Math function to convert a BINARY string into a DECIMAL string + */ + public static function bcbindec($bin) + { + $dec = '0'; + for ($i=0, $j=strlen($bin); $i<$j; $i++) { + $dec = bcmul($dec, '2', 0); + $dec = bcadd($dec, $bin[$i], 0); + } + return $dec; + } + + /** + * BC Math function to convert a BINARY string into a HEX string + */ + public static function bcbinhex($bin, $pad = 0) + { + return self::bcdechex(self::bcbindec($bin)); + } + + /** + * BC Math function to convert a DECIMAL into a HEX string + */ + public static function bcdechex($dec) + { + $last = bcmod($dec, 16); + $remain = bcdiv(bcsub($dec, $last, 0), 16, 0); + return $remain == 0 ? dechex($last) : self::bcdechex($remain) . dechex($last); + } + + /** + * Bitwise AND two arbitrarily large numbers together. + */ + public static function bcand($left, $right) + { + $len = self::_bitwise($left, $right); + + $value = ''; + for ($i=0; $i<$len; $i++) { + $value .= (($left{$i} + 0) & ($right{$i} + 0)) ? '1' : '0'; + } + return self::bcbindec($value != '' ? $value : '0'); + } + + /** + * Bitwise OR two arbitrarily large numbers together. + */ + public static function bcor($left, $right) + { + $len = self::_bitwise($left, $right); + + $value = ''; + for ($i=0; $i<$len; $i++) { + $value .= (($left{$i} + 0) | ($right{$i} + 0)) ? '1' : '0'; + } + return self::bcbindec($value != '' ? $value : '0'); + } + + /** + * Bitwise XOR two arbitrarily large numbers together. + */ + public static function bcxor($left, $right) + { + $len = self::_bitwise($left, $right); + + $value = ''; + for ($i=0; $i<$len; $i++) { + $value .= (($left{$i} + 0) ^ ($right{$i} + 0)) ? '1' : '0'; + } + return self::bcbindec($value != '' ? $value : '0'); + } + + /** + * Bitwise NOT two arbitrarily large numbers together. + */ + public static function bcnot($left, $bits = null) + { + $right = 0; + $len = self::_bitwise($left, $right, $bits); + $value = ''; + for ($i=0; $i<$len; $i++) { + $value .= $left{$i} == '1' ? '0' : '1'; + } + return self::bcbindec($value); + } + + /** + * Shift number to the left + * + * @param integer $bits Total bits to shift + */ + public static function bcleft($num, $bits) { + return bcmul($num, bcpow('2', $bits)); + } + + /** + * Shift number to the right + * + * @param integer $bits Total bits to shift + */ + public static function bcright($num, $bits) { + return bcdiv($num, bcpow('2', $bits)); + } + + /** + * Determine how many bits are needed to store the number rounded to the + * nearest bit boundary. + */ + public static function bits_needed($num, $boundary = 4) + { + $bits = 0; + while ($num > 0) { + $num = bcdiv($num, '2', 0); + $bits++; + } + // round to nearest boundrary + return $boundary ? ceil($bits / $boundary) * $boundary : $bits; + } + + /** + * BC Math function to return an arbitrarily large random number. + */ + public static function bcrand($min, $max = null) + { + if ($max === null) { + $max = $min; + $min = 0; + } + + // swap values if $min > $max + if (bccomp($min, $max) == 1) { + list($min,$max) = array($max,$min); + } + + return bcadd( + bcmul( + bcdiv( + mt_rand(0, mt_getrandmax()), + mt_getrandmax(), + strlen($max) + ), + bcsub( + bcadd($max, '1'), + $min + ) + ), + $min + ); + } + + /** + * Computes the natural logarithm using a series. + * @author Thomas Oldbury. + * @license Public domain. + */ + public static function bclog($num, $iter = 10, $scale = 100) + { + $log = "0.0"; + for($i = 0; $i < $iter; $i++) { + $pow = 1 + (2 * $i); + $mul = bcdiv("1.0", $pow, $scale); + $fraction = bcmul($mul, bcpow(bcsub($num, "1.0", $scale) / bcadd($num, "1.0", $scale), $pow, $scale), $scale); + $log = bcadd($fraction, $log, $scale); + } + return bcmul("2.0", $log, $scale); + } + + /** + * Computes the base2 log using baseN log. + */ + public static function bclog2($num, $iter = 10, $scale = 100) + { + return bcdiv(self::bclog($num, $iter, $scale), self::bclog("2", $iter, $scale), $scale); + } + + public static function bcfloor($num) + { + if (substr($num, 0, 1) == '-') { + return bcsub($num, 1, 0); + } + return bcadd($num, 0, 0); + } + + public static function bcceil($num) + { + if (substr($num, 0, 1) == '-') { + return bcsub($num, 0, 0); + } + return bcadd($num, 1, 0); + } + + /** + * Compare two numbers and return -1, 0, 1 depending if the LEFT number is + * < = > the RIGHT. + * + * @param string|integer $left Left side operand + * @param string|integer $right Right side operand + * @return integer Return -1,0,1 for <=> comparison + */ + public static function cmp($left, $right) + { + // @todo could an optimization be done to determine if a normal 32bit + // comparison could be done instead of using bccomp? But would + // the number verification cause too much overhead to be useful? + return bccomp($left, $right, 0); + } + + /** + * Internal function to prepare for bitwise operations + */ + private static function _bitwise(&$left, &$right, $bits = null) + { + if ($bits === null) { + $bits = max(self::bits_needed($left), self::bits_needed($right)); + } + + $left = self::bcdecbin($left); + $right = self::bcdecbin($right); + + $len = max(strlen($left), strlen($right), (int)$bits); + + $left = sprintf("%0{$len}s", $left); + $right = sprintf("%0{$len}s", $right); + + return $len; + } + +} diff --git a/inc/lib/IP/Lifo/IP/CIDR.php b/inc/lib/IP/Lifo/IP/CIDR.php new file mode 100755 index 00000000..e8fe32ce --- /dev/null +++ b/inc/lib/IP/Lifo/IP/CIDR.php @@ -0,0 +1,706 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ +namespace Lifo\IP; + +/** + * CIDR Block helper class. + * + * Most routines can be used statically or by instantiating an object and + * calling its methods. + * + * Provides routines to do various calculations on IP addresses and ranges. + * Convert to/from CIDR to ranges, etc. + */ +class CIDR +{ + const INTERSECT_NO = 0; + const INTERSECT_YES = 1; + const INTERSECT_LOW = 2; + const INTERSECT_HIGH = 3; + + protected $start; + protected $end; + protected $prefix; + protected $version; + protected $istart; + protected $iend; + + private $cache; + + /** + * Create a new CIDR object. + * + * The IP range can be arbitrary and does not have to fall on a valid CIDR + * range. Some methods will return different values depending if you ignore + * the prefix or not. By default all prefix sensitive methods will assume + * the prefix is used. + * + * @param string $cidr An IP address (1.2.3.4), CIDR block (1.2.3.4/24), + * or range "1.2.3.4-1.2.3.10" + * @param string $end Ending IP in range if no cidr/prefix is given + */ + public function __construct($cidr, $end = null) + { + if ($end !== null) { + $this->setRange($cidr, $end); + } else { + $this->setCidr($cidr); + } + } + + /** + * Returns the string representation of the CIDR block. + */ + public function __toString() + { + // do not include the prefix if its a single IP + try { + if ($this->isTrueCidr() && ( + ($this->version == 4 and $this->prefix != 32) || + ($this->version == 6 and $this->prefix != 128) + ) + ) { + return $this->start . '/' . $this->prefix; + } + } catch (\Exception $e) { + // isTrueCidr() calls getRange which can throw an exception + } + if (strcmp($this->start, $this->end) == 0) { + return $this->start; + } + return $this->start . ' - ' . $this->end; + } + + public function __clone() + { + // do not clone the cache. No real reason why. I just want to keep the + // memory foot print as low as possible, even though this is trivial. + $this->cache = array(); + } + + /** + * Set an arbitrary IP range. + * The closest matching prefix will be calculated but the actual range + * stored in the object can be arbitrary. + * @param string $start Starting IP or combination "start-end" string. + * @param string $end Ending IP or null. + */ + public function setRange($ip, $end = null) + { + if (strpos($ip, '-') !== false) { + list($ip, $end) = array_map('trim', explode('-', $ip, 2)); + } + + if (false === filter_var($ip, FILTER_VALIDATE_IP) || + false === filter_var($end, FILTER_VALIDATE_IP)) { + throw new \InvalidArgumentException("Invalid IP range \"$ip-$end\""); + } + + // determine version (4 or 6) + $this->version = (false === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ? 6 : 4; + + $this->istart = IP::inet_ptod($ip); + $this->iend = IP::inet_ptod($end); + + // fix order + if (bccomp($this->istart, $this->iend) == 1) { + list($this->istart, $this->iend) = array($this->iend, $this->istart); + list($ip, $end) = array($end, $ip); + } + + $this->start = $ip; + $this->end = $end; + + // calculate real prefix + $len = $this->version == 4 ? 32 : 128; + $this->prefix = $len - strlen(BC::bcdecbin(BC::bcxor($this->istart, $this->iend))); + } + + /** + * Returns true if the current IP is a true cidr block + */ + public function isTrueCidr() + { + return $this->start == $this->getNetwork() && $this->end == $this->getBroadcast(); + } + + /** + * Set the CIDR block. + * + * The prefix length is optional and will default to 32 ot 128 depending on + * the version detected. + * + * @param string $cidr CIDR block string, eg: "192.168.0.0/24" or "2001::1/64" + * @throws \InvalidArgumentException If the CIDR block is invalid + */ + public function setCidr($cidr) + { + if (strpos($cidr, '-') !== false) { + return $this->setRange($cidr); + } + + list($ip, $bits) = array_pad(array_map('trim', explode('/', $cidr, 2)), 2, null); + if (false === filter_var($ip, FILTER_VALIDATE_IP)) { + throw new \InvalidArgumentException("Invalid IP address \"$cidr\""); + } + + // determine version (4 or 6) + $this->version = (false === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ? 6 : 4; + + $this->start = $ip; + $this->istart = IP::inet_ptod($ip); + + if ($bits !== null and $bits !== '') { + $this->prefix = $bits; + } else { + $this->prefix = $this->version == 4 ? 32 : 128; + } + + if (($this->prefix < 0) + || ($this->prefix > 32 and $this->version == 4) + || ($this->prefix > 128 and $this->version == 6)) { + throw new \InvalidArgumentException("Invalid IP address \"$cidr\""); + } + + $this->end = $this->getBroadcast(); + $this->iend = IP::inet_ptod($this->end); + + $this->cache = array(); + } + + /** + * Get the IP version. 4 or 6. + * + * @return integer + */ + public function getVersion() + { + return $this->version; + } + + /** + * Get the prefix. + * + * Always returns the "proper" prefix, even if the IP range is arbitrary. + * + * @return integer + */ + public function getPrefix() + { + return $this->prefix; + } + + /** + * Return the starting presentational IP or Decimal value. + * + * Ignores prefix + */ + public function getStart($decimal = false) + { + return $decimal ? $this->istart : $this->start; + } + + /** + * Return the ending presentational IP or Decimal value. + * + * Ignores prefix + */ + public function getEnd($decimal = false) + { + return $decimal ? $this->iend : $this->end; + } + + /** + * Return the next presentational IP or Decimal value (following the + * broadcast address of the current CIDR block). + */ + public function getNext($decimal = false) + { + $next = bcadd($this->getEnd(true), '1'); + return $decimal ? $next : new self(IP::inet_dtop($next)); + } + + /** + * Returns true if the IP is an IPv4 + * + * @return boolean + */ + public function isIPv4() + { + return $this->version == 4; + } + + /** + * Returns true if the IP is an IPv6 + * + * @return boolean + */ + public function isIPv6() + { + return $this->version == 6; + } + + /** + * Get the cidr notation for the subnet block. + * + * This is useful for when you want a string representation of the IP/prefix + * and the starting IP is not on a valid network boundrary (eg: Displaying + * an IP from an interface). + * + * @return string IP in CIDR notation "ipaddr/prefix" + */ + public function getCidr() + { + return $this->start . '/' . $this->prefix; + } + + /** + * Get the [low,high] range of the CIDR block + * + * Prefix sensitive. + * + * @param boolean $ignorePrefix If true the arbitrary start-end range is + * returned. default=false. + */ + public function getRange($ignorePrefix = false) + { + $range = $ignorePrefix + ? array($this->start, $this->end) + : self::cidr_to_range($this->start, $this->prefix); + // watch out for IP '0' being converted to IPv6 '::' + if ($range[0] == '::' and strpos($range[1], ':') == false) { + $range[0] = '0.0.0.0'; + } + return $range; + } + + /** + * Return the IP in its fully expanded form. + * + * For example: 2001::1 == 2007:0000:0000:0000:0000:0000:0000:0001 + * + * @see IP::inet_expand + */ + public function getExpanded() + { + return IP::inet_expand($this->start); + } + + /** + * Get network IP of the CIDR block + * + * Prefix sensitive. + * + * @param boolean $ignorePrefix If true the arbitrary start-end range is + * returned. default=false. + */ + public function getNetwork($ignorePrefix = false) + { + // micro-optimization to prevent calling getRange repeatedly + $k = $ignorePrefix ? 1 : 0; + if (!isset($this->cache['range'][$k])) { + $this->cache['range'][$k] = $this->getRange($ignorePrefix); + } + return $this->cache['range'][$k][0]; + } + + /** + * Get broadcast IP of the CIDR block + * + * Prefix sensitive. + * + * @param boolean $ignorePrefix If true the arbitrary start-end range is + * returned. default=false. + */ + public function getBroadcast($ignorePrefix = false) + { + // micro-optimization to prevent calling getRange repeatedly + $k = $ignorePrefix ? 1 : 0; + if (!isset($this->cache['range'][$k])) { + $this->cache['range'][$k] = $this->getRange($ignorePrefix); + } + return $this->cache['range'][$k][1]; + } + + /** + * Get the network mask based on the prefix. + * + */ + public function getMask() + { + return self::prefix_to_mask($this->prefix, $this->version); + } + + /** + * Get total hosts within CIDR range + * + * Prefix sensitive. + * + * @param boolean $ignorePrefix If true the arbitrary start-end range is + * returned. default=false. + */ + public function getTotal($ignorePrefix = false) + { + // micro-optimization to prevent calling getRange repeatedly + $k = $ignorePrefix ? 1 : 0; + if (!isset($this->cache['range'][$k])) { + $this->cache['range'][$k] = $this->getRange($ignorePrefix); + } + return bcadd(bcsub(IP::inet_ptod($this->cache['range'][$k][1]), + IP::inet_ptod($this->cache['range'][$k][0])), '1'); + } + + public function intersects($cidr) + { + return self::cidr_intersect((string)$this, $cidr); + } + + /** + * Determines the intersection between an IP (with optional prefix) and a + * CIDR block. + * + * The IP will be checked against the CIDR block given and will either be + * inside or outside the CIDR completely, or partially. + * + * NOTE: The caller should explicitly check against the INTERSECT_* + * constants because this method will return a value > 1 even for partial + * matches. + * + * @param mixed $ip The IP/cidr to match + * @param mixed $cidr The CIDR block to match within + * @return integer Returns an INTERSECT_* constant + * @throws \InvalidArgumentException if either $ip or $cidr is invalid + */ + public static function cidr_intersect($ip, $cidr) + { + // use fixed length HEX strings so we can easily do STRING comparisons + // instead of using slower bccomp() math. + list($lo,$hi) = array_map(function($v){ return sprintf("%032s", IP::inet_ptoh($v)); }, CIDR::cidr_to_range($ip)); + list($min,$max) = array_map(function($v){ return sprintf("%032s", IP::inet_ptoh($v)); }, CIDR::cidr_to_range($cidr)); + + /** visualization of logic used below + lo-hi = $ip to check + min-max = $cidr block being checked against + --- --- --- lo --- --- hi --- --- --- --- --- IP/prefix to check + --- min --- --- max --- --- --- --- --- --- --- Partial "LOW" match + --- --- --- --- --- min --- --- max --- --- --- Partial "HIGH" match + --- --- --- --- min max --- --- --- --- --- --- No match "NO" + --- --- --- --- --- --- --- --- min --- max --- No match "NO" + min --- max --- --- --- --- --- --- --- --- --- No match "NO" + --- --- min --- --- --- --- max --- --- --- --- Full match "YES" + */ + + // IP is exact match or completely inside the CIDR block + if ($lo >= $min and $hi <= $max) { + return self::INTERSECT_YES; + } + + // IP is completely outside the CIDR block + if ($max < $lo or $min > $hi) { + return self::INTERSECT_NO; + } + + // @todo is it useful to return LOW/HIGH partial matches? + + // IP matches the lower end + if ($max <= $hi and $min <= $lo) { + return self::INTERSECT_LOW; + } + + // IP matches the higher end + if ($min >= $lo and $max >= $hi) { + return self::INTERSECT_HIGH; + } + + return self::INTERSECT_NO; + } + + /** + * Converts an IPv4 or IPv6 CIDR block into its range. + * + * @todo May not be the fastest way to do this. + * + * @static + * @param string $cidr CIDR block or IP address string. + * @param integer|null $bits If /bits is not specified on string they can be + * passed via this parameter instead. + * @return array A 2 element array with the low, high range + */ + public static function cidr_to_range($cidr, $bits = null) + { + if (strpos($cidr, '/') !== false) { + list($ip, $_bits) = array_pad(explode('/', $cidr, 2), 2, null); + } else { + $ip = $cidr; + $_bits = $bits; + } + + if (false === filter_var($ip, FILTER_VALIDATE_IP)) { + throw new \InvalidArgumentException("IP address \"$cidr\" is invalid"); + } + + // force bit length to 32 or 128 depending on type of IP + $bitlen = (false === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ? 128 : 32; + + if ($bits === null) { + // if no prefix is given use the length of the binary string which + // will give us 32 or 128 and result in a single IP being returned. + $bits = $_bits !== null ? $_bits : $bitlen; + } + + if ($bits > $bitlen) { + throw new \InvalidArgumentException("IP address \"$cidr\" is invalid"); + } + + $ipdec = IP::inet_ptod($ip); + $ipbin = BC::bcdecbin($ipdec, $bitlen); + + // calculate network + $netmask = BC::bcbindec(str_pad(str_repeat('1',$bits), $bitlen, '0')); + $ip1 = BC::bcand($ipdec, $netmask); + + // calculate "broadcast" (not technically a broadcast in IPv6) + $ip2 = BC::bcor($ip1, BC::bcnot($netmask)); + + return array(IP::inet_dtop($ip1), IP::inet_dtop($ip2)); + } + + /** + * Return the CIDR string from the range given + */ + public static function range_to_cidr($start, $end) + { + $cidr = new CIDR($start, $end); + return (string)$cidr; + } + + /** + * Return the maximum prefix length that would fit the IP address given. + * + * This is useful to determine how my bit would be needed to store the IP + * address when you don't already have a prefix for the IP. + * + * @example 216.240.32.0 would return 27 + * + * @param string $ip IP address without prefix + * @param integer $bits Maximum bits to check; defaults to 32 for IPv4 and 128 for IPv6 + */ + public static function max_prefix($ip, $bits = null) + { + static $mask = array(); + + $ver = (false === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ? 6 : 4; + $max = $ver == 6 ? 128 : 32; + if ($bits === null) { + $bits = $max; + + } + + $int = IP::inet_ptod($ip); + while ($bits > 0) { + // micro-optimization; calculate mask once ... + if (!isset($mask[$ver][$bits-1])) { + // 2^$max - 2^($max - $bits); + if ($ver == 4) { + $mask[$ver][$bits-1] = pow(2, $max) - pow(2, $max - ($bits-1)); + } else { + $mask[$ver][$bits-1] = bcsub(bcpow(2, $max), bcpow(2, $max - ($bits-1))); + } + } + + $m = $mask[$ver][$bits-1]; + //printf("%s/%d: %s & %s == %s\n", $ip, $bits-1, BC::bcdecbin($m, 32), BC::bcdecbin($int, 32), BC::bcdecbin(BC::bcand($int, $m))); + //echo "$ip/", $bits-1, ": ", IP::inet_dtop($m), " ($m) & $int == ", BC::bcand($int, $m), "\n"; + if (bccomp(BC::bcand($int, $m), $int) != 0) { + return $bits; + } + $bits--; + } + return $bits; + } + + /** + * Return a contiguous list of true CIDR blocks that span the range given. + * + * Note: It's not a good idea to call this with IPv6 addresses. While it may + * work for certain ranges this can be very slow. Also an IPv6 list won't be + * as accurate as an IPv4 list. + * + * @example + * range_to_cidrlist(192.168.0.0, 192.168.0.15) == + * 192.168.0.0/28 + * range_to_cidrlist(192.168.0.0, 192.168.0.20) == + * 192.168.0.0/28 + * 192.168.0.16/30 + * 192.168.0.20/32 + */ + public static function range_to_cidrlist($start, $end) + { + $ver = (false === filter_var($start, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) ? 6 : 4; + $start = IP::inet_ptod($start); + $end = IP::inet_ptod($end); + + $len = $ver == 4 ? 32 : 128; + $log2 = $ver == 4 ? log(2) : BC::bclog(2); + + $list = array(); + while (BC::cmp($end, $start) >= 0) { // $end >= $start + $prefix = self::max_prefix(IP::inet_dtop($start), $len); + if ($ver == 4) { + $diff = $len - floor( log($end - $start + 1) / $log2 ); + } else { + // this is not as accurate due to the bclog function + $diff = bcsub($len, BC::bcfloor(bcdiv(BC::bclog(bcadd(bcsub($end, $start), '1')), $log2))); + } + + if ($prefix < $diff) { + $prefix = $diff; + } + + $list[] = IP::inet_dtop($start) . "/" . $prefix; + + if ($ver == 4) { + $start += pow(2, $len - $prefix); + } else { + $start = bcadd($start, bcpow(2, $len - $prefix)); + } + } + return $list; + } + + /** + * Return an list of optimized CIDR blocks by collapsing adjacent CIDR + * blocks into larger blocks. + * + * @param array $cidrs List of CIDR block strings or objects + * @param integer $maxPrefix Maximum prefix to allow + * @return array Optimized list of CIDR objects + */ + public static function optimize_cidrlist($cidrs, $maxPrefix = 32) + { + // all indexes must be a CIDR object + $cidrs = array_map(function($o){ return $o instanceof CIDR ? $o : new CIDR($o); }, $cidrs); + // sort CIDR blocks in proper order so we can easily loop over them + $cidrs = self::cidr_sort($cidrs); + + $list = array(); + while ($cidrs) { + $c = array_shift($cidrs); + $start = $c->getStart(); + + $max = bcadd($c->getStart(true), $c->getTotal()); + + // loop through each cidr block until its ending range is more than + // the current maximum. + while (!empty($cidrs) and $cidrs[0]->getStart(true) <= $max) { + $b = array_shift($cidrs); + $newmax = bcadd($b->getStart(true), $b->getTotal()); + if ($newmax > $max) { + $max = $newmax; + } + } + + // add the new cidr range to the optimized list + $list = array_merge($list, self::range_to_cidrlist($start, IP::inet_dtop(bcsub($max, '1')))); + } + + return $list; + } + + /** + * Sort the list of CIDR blocks, optionally with a custom callback function. + * + * @param array $cidrs A list of CIDR blocks (strings or objects) + * @param Closure $callback Optional callback to perform the sorting. + * See PHP usort documentation for more details. + */ + public static function cidr_sort($cidrs, $callback = null) + { + // all indexes must be a CIDR object + $cidrs = array_map(function($o){ return $o instanceof CIDR ? $o : new CIDR($o); }, $cidrs); + + if ($callback === null) { + $callback = function($a, $b) { + if (0 != ($o = BC::cmp($a->getStart(true), $b->getStart(true)))) { + return $o; // < or > + } + if ($a->getPrefix() == $b->getPrefix()) { + return 0; + } + return $a->getPrefix() < $b->getPrefix() ? -1 : 1; + }; + } elseif (!($callback instanceof \Closure) or !is_callable($callback)) { + throw new \InvalidArgumentException("Invalid callback in CIDR::cidr_sort, expected Closure, got " . gettype($callback)); + } + + usort($cidrs, $callback); + return $cidrs; + } + + /** + * Return the Prefix bits from the IPv4 mask given. + * + * This is only valid for IPv4 addresses since IPv6 addressing does not + * have a concept of network masks. + * + * Example: 255.255.255.0 == 24 + * + * @param string $mask IPv4 network mask. + */ + public static function mask_to_prefix($mask) + { + if (false === filter_var($mask, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { + throw new \InvalidArgumentException("Invalid IP netmask \"$mask\""); + } + return strrpos(IP::inet_ptob($mask, 32), '1') + 1; + } + + /** + * Return the network mask for the prefix given. + * + * Normally this is only useful for IPv4 addresses but you can generate a + * mask for IPv6 addresses as well, only because its mathematically + * possible. + * + * @param integer $prefix CIDR prefix bits (0-128) + * @param integer $version IP version. If null the version will be detected + * based on the prefix length given. + */ + public static function prefix_to_mask($prefix, $version = null) + { + if ($version === null) { + $version = $prefix > 32 ? 6 : 4; + } + if ($prefix < 0 or $prefix > 128) { + throw new \InvalidArgumentException("Invalid prefix length \"$prefix\""); + } + if ($version != 4 and $version != 6) { + throw new \InvalidArgumentException("Invalid version \"$version\". Must be 4 or 6"); + } + + if ($version == 4) { + return long2ip($prefix == 0 ? 0 : (0xFFFFFFFF >> (32 - $prefix)) << (32 - $prefix)); + } else { + return IP::inet_dtop($prefix == 0 ? 0 : BC::bcleft(BC::bcright(BC::MAX_UINT_128, 128-$prefix), 128-$prefix)); + } + } + + /** + * Return true if the $ip given is a true CIDR block. + * + * A true CIDR block is one where the $ip given is the actual Network + * address and broadcast matches the prefix appropriately. + */ + public static function cidr_is_true($ip) + { + $ip = new CIDR($ip); + return $ip->isTrueCidr(); + } +} diff --git a/inc/lib/IP/Lifo/IP/IP.php b/inc/lib/IP/Lifo/IP/IP.php new file mode 100755 index 00000000..4d22aa76 --- /dev/null +++ b/inc/lib/IP/Lifo/IP/IP.php @@ -0,0 +1,207 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ +namespace Lifo\IP; + +/** + * IP Address helper class. + * + * Provides routines to translate IPv4 and IPv6 addresses between human readable + * strings, decimal, hexidecimal and binary. + * + * Requires BCmath extension and IPv6 PHP support + */ +abstract class IP +{ + /** + * Convert a human readable (presentational) IP address string into a decimal string. + */ + public static function inet_ptod($ip) + { + // shortcut for IPv4 addresses + if (strpos($ip, ':') === false && strpos($ip, '.') !== false) { + return sprintf('%u', ip2long($ip)); + } + + // remove any cidr block notation + if (($o = strpos($ip, '/')) !== false) { + $ip = substr($ip, 0, $o); + } + + // unpack into 4 32bit integers + $parts = unpack('N*', inet_pton($ip)); + foreach ($parts as &$part) { + if ($part < 0) { + // convert signed int into unsigned + $part = sprintf('%u', $part); + //$part = bcadd($part, '4294967296'); + } + } + + // add each 32bit integer to the proper bit location in our big decimal + $decimal = $parts[4]; // << 0 + $decimal = bcadd($decimal, bcmul($parts[3], '4294967296')); // << 32 + $decimal = bcadd($decimal, bcmul($parts[2], '18446744073709551616')); // << 64 + $decimal = bcadd($decimal, bcmul($parts[1], '79228162514264337593543950336')); // << 96 + + return $decimal; + } + + /** + * Convert a decimal string into a human readable IP address. + */ + public static function inet_dtop($decimal, $expand = false) + { + $parts = array(); + $parts[1] = bcdiv($decimal, '79228162514264337593543950336', 0); // >> 96 + $decimal = bcsub($decimal, bcmul($parts[1], '79228162514264337593543950336')); + $parts[2] = bcdiv($decimal, '18446744073709551616', 0); // >> 64 + $decimal = bcsub($decimal, bcmul($parts[2], '18446744073709551616')); + $parts[3] = bcdiv($decimal, '4294967296', 0); // >> 32 + $decimal = bcsub($decimal, bcmul($parts[3], '4294967296')); + $parts[4] = $decimal; // >> 0 + + foreach ($parts as &$part) { + if (bccomp($part, '2147483647') == 1) { + $part = bcsub($part, '4294967296'); + } + $part = (int) $part; + } + + // if the first 96bits is all zeros then we can safely assume we + // actually have an IPv4 address. Even though it's technically possible + // you're not really ever going to see an IPv6 address in the range: + // ::0 - ::ffff + // It's feasible to see an IPv6 address of "::", in which case the + // caller is going to have to account for that on their own. + if (($parts[1] | $parts[2] | $parts[3]) == 0) { + $ip = long2ip($parts[4]); + } else { + $packed = pack('N4', $parts[1], $parts[2], $parts[3], $parts[4]); + $ip = inet_ntop($packed); + } + + // Turn IPv6 to IPv4 if it's IPv4 + if (preg_match('/^::\d+\./', $ip)) { + return substr($ip, 2); + } + + return $expand ? self::inet_expand($ip) : $ip; + } + + /** + * Convert a human readable (presentational) IP address into a HEX string. + */ + public static function inet_ptoh($ip) + { + return bin2hex(inet_pton($ip)); + //return BC::bcdechex(self::inet_ptod($ip)); + } + + /** + * Convert a human readable (presentational) IP address into a BINARY string. + */ + public static function inet_ptob($ip, $bits = 128) + { + return BC::bcdecbin(self::inet_ptod($ip), $bits); + } + + /** + * Convert a binary string into an IP address (presentational) string. + */ + public static function inet_btop($bin) + { + return self::inet_dtop(BC::bcbindec($bin)); + } + + /** + * Convert a HEX string into a human readable (presentational) IP address + */ + public static function inet_htop($hex) + { + return self::inet_dtop(BC::bchexdec($hex)); + } + + /** + * Expand an IP address. IPv4 addresses are returned as-is. + * + * Example: + * 2001::1 expands to 2001:0000:0000:0000:0000:0000:0000:0001 + * ::127.0.0.1 expands to 0000:0000:0000:0000:0000:0000:7f00:0001 + * 127.0.0.1 expands to 127.0.0.1 + */ + public static function inet_expand($ip) + { + // strip possible cidr notation off + if (($pos = strpos($ip, '/')) !== false) { + $ip = substr($ip, 0, $pos); + } + $bytes = unpack('n*', inet_pton($ip)); + if (count($bytes) > 2) { + return implode(':', array_map(function ($b) { + return sprintf("%04x", $b); + }, $bytes)); + } + return $ip; + } + + /** + * Convert an IPv4 address into an IPv6 address. + * + * One use-case for this is IP 6to4 tunnels used in networking. + * + * @example + * to_ipv4("10.10.10.10") == a0a:a0a + * + * @param string $ip IPv4 address. + * @param boolean $mapped If true a Full IPv6 address is returned within the + * official ipv4to6 mapped space "0:0:0:0:0:ffff:x:x" + */ + public static function to_ipv6($ip, $mapped = false) + { + if (!self::isIPv4($ip)) { + throw new \InvalidArgumentException("Invalid IPv4 address \"$ip\""); + } + + $num = IP::inet_ptod($ip); + $o1 = dechex($num >> 16); + $o2 = dechex($num & 0x0000FFFF); + + return $mapped ? "0:0:0:0:0:ffff:$o1:$o2" : "$o1:$o2"; + } + + /** + * Returns true if the IP address is a valid IPv4 address + */ + public static function isIPv4($ip) + { + return $ip === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4); + } + + /** + * Returns true if the IP address is a valid IPv6 address + */ + public static function isIPv6($ip) + { + return $ip === filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); + } + + /** + * Compare two IP's (v4 or v6) and return -1, 0, 1 if the first is < = > + * the second. + * + * @param string $ip1 IP address + * @param string $ip2 IP address to compare against + * @return integer Return -1,0,1 depending if $ip1 is <=> $ip2 + */ + public static function cmp($ip1, $ip2) + { + return bccomp(self::inet_ptod($ip1), self::inet_ptod($ip2), 0); + } +}