oslo.utils/oslo_utils/netutils.py
Hervé Beraud 3288539a0b Add a `strict` flag allowing users to restrict validation of IPv4 format
Add a ``strict`` flag allowing users to restrict validation to IP
addresses in presentation format (``a.b.c.d``) as opposed to address
format (``a.b.c.d``, ``a.b.c``, ``a.b``, ``a``).

https://github.com/netaddr/netaddr/issues/186
https://man7.org/linux/man-pages/man3/inet_pton.3.html
https://bugzilla.redhat.com/show_bug.cgi?id=1924436

Change-Id: I10fed16dad77ac17691a5d175c42b25916dc8bc4
Closes-Bug: #1914386
2021-02-05 14:07:20 +01:00

523 lines
16 KiB
Python

# Copyright 2012 OpenStack Foundation.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""
Network-related utilities and helper functions.
"""
import logging
import os
import re
import socket
from urllib import parse
import netaddr
from netaddr.core import INET_PTON
import netifaces
from oslo_utils._i18n import _
LOG = logging.getLogger(__name__)
_IS_IPV6_ENABLED = None
def parse_host_port(address, default_port=None):
"""Interpret a string as a host:port pair.
An IPv6 address MUST be escaped if accompanied by a port,
because otherwise ambiguity ensues: 2001:db8:85a3::8a2e:370:7334
means both [2001:db8:85a3::8a2e:370:7334] and
[2001:db8:85a3::8a2e:370]:7334.
>>> parse_host_port('server01:80')
('server01', 80)
>>> parse_host_port('server01')
('server01', None)
>>> parse_host_port('server01', default_port=1234)
('server01', 1234)
>>> parse_host_port('[::1]:80')
('::1', 80)
>>> parse_host_port('[::1]')
('::1', None)
>>> parse_host_port('[::1]', default_port=1234)
('::1', 1234)
>>> parse_host_port('2001:db8:85a3::8a2e:370:7334', default_port=1234)
('2001:db8:85a3::8a2e:370:7334', 1234)
>>> parse_host_port(None)
(None, None)
"""
if not address:
return (None, None)
if address[0] == '[':
# Escaped ipv6
_host, _port = address[1:].split(']')
host = _host
if ':' in _port:
port = _port.split(':')[1]
else:
port = default_port
else:
if address.count(':') == 1:
host, port = address.split(':')
else:
# 0 means ipv4, >1 means ipv6.
# We prohibit unescaped ipv6 addresses with port.
host = address
port = default_port
return (host, None if port is None else int(port))
def is_valid_ipv4(address, strict=None):
"""Verify that address represents a valid IPv4 address.
:param address: Value to verify
:type address: string
:param strict: flag allowing users to restrict validation
to IP addresses in presentation format (``a.b.c.d``) as opposed to
address format (``a.b.c.d``, ``a.b.c``, ``a.b``, ``a``).
:type flags: bool
:returns: bool
.. versionadded:: 1.1
.. versionchanged:: 4.8.0
Allow to restrict validation to IP addresses in presentation format
(``a.b.c.d``) as opposed to address format
(``a.b.c.d``, ``a.b.c``, ``a.b``, ``a``).
"""
if strict is not None:
flag = INET_PTON if strict else 0
try:
return netaddr.valid_ipv4(address, flags=flag)
except netaddr.AddrFormatError:
return False
# non strict mode
try:
if netaddr.valid_ipv4(address, flags=INET_PTON):
return True
else:
if netaddr.valid_ipv4(address):
LOG.warn(
'Converting in non strict mode is deprecated. '
'You should pass strict=False if you want to '
'preserve legacy behavior')
return True
else:
return False
except netaddr.AddrFormatError:
return False
def is_valid_ipv6(address):
"""Verify that address represents a valid IPv6 address.
:param address: Value to verify
:type address: string
:returns: bool
.. versionadded:: 1.1
"""
if not address:
return False
parts = address.rsplit("%", 1)
address = parts[0]
scope = parts[1] if len(parts) > 1 else None
if scope is not None and (len(scope) < 1 or len(scope) > 15):
return False
try:
return netaddr.valid_ipv6(address, netaddr.core.INET_PTON)
except netaddr.AddrFormatError:
return False
def is_valid_cidr(address):
"""Verify that address represents a valid CIDR address.
:param address: Value to verify
:type address: string
:returns: bool
.. versionadded:: 3.8
"""
try:
# Validate the correct CIDR Address
netaddr.IPNetwork(address)
except (TypeError, netaddr.AddrFormatError):
return False
# Prior validation partially verify /xx part
# Verify it here
ip_segment = address.split('/')
if (len(ip_segment) <= 1 or
ip_segment[1] == ''):
return False
return True
def is_valid_ipv6_cidr(address):
"""Verify that address represents a valid IPv6 CIDR address.
:param address: address to verify
:type address: string
:returns: true if address is valid, false otherwise
.. versionadded:: 3.17
"""
try:
netaddr.IPNetwork(address, version=6).cidr
return True
except (TypeError, netaddr.AddrFormatError):
return False
def get_ipv6_addr_by_EUI64(prefix, mac):
"""Calculate IPv6 address using EUI-64 specification.
This method calculates the IPv6 address using the EUI-64
addressing scheme as explained in rfc2373.
:param prefix: IPv6 prefix.
:param mac: IEEE 802 48-bit MAC address.
:returns: IPv6 address on success.
:raises ValueError, TypeError: For any invalid input.
.. versionadded:: 1.4
"""
# Check if the prefix is an IPv4 address
if is_valid_ipv4(prefix):
msg = _("Unable to generate IP address by EUI64 for IPv4 prefix")
raise ValueError(msg)
try:
eui64 = int(netaddr.EUI(mac).eui64())
prefix = netaddr.IPNetwork(prefix)
return netaddr.IPAddress(prefix.first + eui64 ^ (1 << 57))
except (ValueError, netaddr.AddrFormatError):
raise ValueError(_('Bad prefix or mac format for generating IPv6 '
'address by EUI-64: %(prefix)s, %(mac)s:')
% {'prefix': prefix, 'mac': mac})
except TypeError:
raise TypeError(_('Bad prefix type for generating IPv6 address by '
'EUI-64: %s') % prefix)
def get_mac_addr_by_ipv6(ipv6, dialect=netaddr.mac_unix_expanded):
"""Extract MAC address from interface identifier based IPv6 address.
For example from link-local addresses (fe80::/10) generated from MAC.
:param ipv6: An interface identifier (i.e. mostly MAC) based IPv6
address as a netaddr.IPAddress() object.
:param dialect: The netaddr dialect of the the object returned.
Defaults to netaddr.mac_unix_expanded.
:returns: A MAC address as a netaddr.EUI() object.
See also:
* https://tools.ietf.org/html/rfc4291#appendix-A
* https://tools.ietf.org/html/rfc4291#section-2.5.6
.. versionadded:: 4.3.0
"""
return netaddr.EUI(int(
# out of the lowest 8 bytes (byte positions 8-1)
# delete the middle 2 bytes (5-4, 0xff_fe)
# by shifting the highest 3 bytes to the right by 2 bytes (8-6 -> 6-4)
(((ipv6 & 0xff_ff_ff_00_00_00_00_00) >> 16) +
# adding the lowest 3 bytes as they are (3-1)
(ipv6 & 0xff_ff_ff)) ^
# then invert the universal/local bit
0x02_00_00_00_00_00),
dialect=dialect)
def is_ipv6_enabled():
"""Check if IPv6 support is enabled on the platform.
This api will look into the proc entries of the platform to figure
out the status of IPv6 support on the platform.
:returns: True if the platform has IPv6 support, False otherwise.
.. versionadded:: 1.4
"""
global _IS_IPV6_ENABLED
if _IS_IPV6_ENABLED is None:
disabled_ipv6_path = "/proc/sys/net/ipv6/conf/default/disable_ipv6"
if os.path.exists(disabled_ipv6_path):
with open(disabled_ipv6_path, 'r') as f:
disabled = f.read().strip()
_IS_IPV6_ENABLED = disabled == "0"
else:
_IS_IPV6_ENABLED = False
return _IS_IPV6_ENABLED
def escape_ipv6(address):
"""Escape an IP address in square brackets if IPv6
:param address: address to optionaly escape
:type address: string
:returns: string
.. versionadded:: 3.29.0
"""
if is_valid_ipv6(address):
return "[%s]" % address
return address
def is_valid_ip(address):
"""Verify that address represents a valid IP address.
:param address: Value to verify
:type address: string
:returns: bool
.. versionadded:: 1.1
"""
return is_valid_ipv4(address) or is_valid_ipv6(address)
def is_valid_mac(address):
"""Verify the format of a MAC address.
Check if a MAC address is valid and contains six octets. Accepts
colon-separated format only.
:param address: MAC address to be validated.
:returns: True if valid. False if not.
.. versionadded:: 3.17
"""
m = "[0-9a-f]{2}(:[0-9a-f]{2}){5}$"
return (isinstance(address, str) and
re.match(m, address.lower()))
def _is_int_in_range(value, start, end):
"""Try to convert value to int and check if it lies within
range 'start' to 'end'.
:param value: value to verify
:param start: start number of range
:param end: end number of range
:returns: bool
"""
try:
val = int(value)
except (ValueError, TypeError):
return False
return (start <= val <= end)
def is_valid_port(port):
"""Verify that port represents a valid port number.
Port can be valid integer having a value of 0 up to and
including 65535.
.. versionadded:: 1.1.1
"""
return _is_int_in_range(port, 0, 65535)
def is_valid_icmp_type(type):
"""Verify if ICMP type is valid.
:param type: ICMP *type* field can only be a valid integer
:returns: bool
ICMP *type* field can be valid integer having a value of 0
up to and including 255.
"""
return _is_int_in_range(type, 0, 255)
def is_valid_icmp_code(code):
"""Verify if ICMP code is valid.
:param code: ICMP *code* field can be valid integer or None
:returns: bool
ICMP *code* field can be either None or valid integer having
a value of 0 up to and including 255.
"""
if code is None:
return True
return _is_int_in_range(code, 0, 255)
def get_my_ipv4():
"""Returns the actual ipv4 of the local machine.
This code figures out what source address would be used if some traffic
were to be sent out to some well known address on the Internet. In this
case, IP from RFC5737 is used, but the specific address does not
matter much. No traffic is actually sent.
.. versionadded:: 1.1
.. versionchanged:: 1.2.1
Return ``'127.0.0.1'`` if there is no default interface.
"""
try:
csock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
csock.connect(('192.0.2.0', 80))
(addr, port) = csock.getsockname()
csock.close()
return addr
except socket.error:
return _get_my_ipv4_address()
def _get_my_ipv4_address():
"""Figure out the best ipv4
"""
LOCALHOST = '127.0.0.1'
gtw = netifaces.gateways()
try:
interface = gtw['default'][netifaces.AF_INET][1]
except (KeyError, IndexError):
LOG.info('Could not determine default network interface, '
'using 127.0.0.1 for IPv4 address')
return LOCALHOST
try:
return netifaces.ifaddresses(interface)[netifaces.AF_INET][0]['addr']
except (KeyError, IndexError):
LOG.info('Could not determine IPv4 address for interface %s, '
'using 127.0.0.1',
interface)
except Exception as e:
LOG.info('Could not determine IPv4 address for '
'interface %(interface)s: %(error)s',
{'interface': interface, 'error': e})
return LOCALHOST
class _ModifiedSplitResult(parse.SplitResult):
"""Split results class for urlsplit."""
def params(self, collapse=True):
"""Extracts the query parameters from the split urls components.
This method will provide back as a dictionary the query parameter
names and values that were provided in the url.
:param collapse: Boolean, turn on or off collapsing of query values
with the same name. Since a url can contain the same query parameter
name with different values it may or may not be useful for users to
care that this has happened. This parameter when True uses the
last value that was given for a given name, while if False it will
retain all values provided by associating the query parameter name with
a list of values instead of a single (non-list) value.
"""
if self.query:
if collapse:
return dict(parse.parse_qsl(self.query))
else:
params = {}
for (key, value) in parse.parse_qsl(self.query):
if key in params:
if isinstance(params[key], list):
params[key].append(value)
else:
params[key] = [params[key], value]
else:
params[key] = value
return params
else:
return {}
def urlsplit(url, scheme='', allow_fragments=True):
"""Parse a URL using urlparse.urlsplit(), splitting query and fragments.
This function papers over Python issue9374_ when needed.
.. _issue9374: http://bugs.python.org/issue9374
The parameters are the same as urlparse.urlsplit.
"""
scheme, netloc, path, query, fragment = parse.urlsplit(
url, scheme, allow_fragments)
if allow_fragments and '#' in path:
path, fragment = path.split('#', 1)
if '?' in path:
path, query = path.split('?', 1)
return _ModifiedSplitResult(scheme, netloc,
path, query, fragment)
def set_tcp_keepalive(sock, tcp_keepalive=True,
tcp_keepidle=None,
tcp_keepalive_interval=None,
tcp_keepalive_count=None):
"""Set values for tcp keepalive parameters
This function configures tcp keepalive parameters if users wish to do
so.
:param tcp_keepalive: Boolean, turn on or off tcp_keepalive. If users are
not sure, this should be True, and default values will be used.
:param tcp_keepidle: time to wait before starting to send keepalive probes
:param tcp_keepalive_interval: time between successive probes, once the
initial wait time is over
:param tcp_keepalive_count: number of probes to send before the connection
is killed
"""
# NOTE(praneshp): Despite keepalive being a tcp concept, the level is
# still SOL_SOCKET. This is a quirk.
if isinstance(tcp_keepalive, bool):
sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, tcp_keepalive)
else:
raise TypeError("tcp_keepalive must be a boolean")
if not tcp_keepalive:
return
# These options aren't available in the OS X version of eventlet,
# Idle + Count * Interval effectively gives you the total timeout.
if tcp_keepidle is not None:
if hasattr(socket, 'TCP_KEEPIDLE'):
sock.setsockopt(socket.IPPROTO_TCP,
socket.TCP_KEEPIDLE,
tcp_keepidle)
else:
LOG.warning('tcp_keepidle not available on your system')
if tcp_keepalive_interval is not None:
if hasattr(socket, 'TCP_KEEPINTVL'):
sock.setsockopt(socket.IPPROTO_TCP,
socket.TCP_KEEPINTVL,
tcp_keepalive_interval)
else:
LOG.warning('tcp_keepintvl not available on your system')
if tcp_keepalive_count is not None:
if hasattr(socket, 'TCP_KEEPCNT'):
sock.setsockopt(socket.IPPROTO_TCP,
socket.TCP_KEEPCNT,
tcp_keepalive_count)
else:
LOG.warning('tcp_keepcnt not available on your system')