lib/ip_checker.rb
require 'ipaddr'
# Utility module to check and validate IPs
module IpChecker
module_function
# Returns true if a string is a valid IP
def is_ip?(str)
str && (IPAddr.new(str) && true) rescue false
end
# Validate an IP address or range string.
#
# It returns `nil` if the address is valid, or an error message text otherwise.
#
# For syntactic valid IPs, the following optional parameters can be used to reject some special cases:
#
# * exclude_0: when true will reject 0.0.0.0 or :: addresses
# * exclude_private: will exclude private addresses (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7)
# * exclude_local: will exclude link local addresses (169.254.0.0/16, fe80::/10)
# * exclude_loopback: will exclude loopback (e.g. 127.0.0.1, ::1)
# * min_ipv4prefix and min_ipv4prefix can be used to limit IP ranges by defining a minimum
# number of bits for the prefix
# * max_host_bits is an alternative way of limiting ranges, by defining the number of bits
# that can vary. This can be convenient two define same-size ranges for both IPv4 and IPv6
#
def validate(str,
max_host_bits: nil,
min_ipv4prefix: nil,
min_ipv6prefix: nil,
exclude_0: false,
exclude_private: false,
exclude_local: false,
exclude_loopback: false
)
if max_host_bits.present?
min_ipv4prefix ||= 32 - max_host_bits
min_ipv6prefix ||= 128 - max_host_bits
end
min_ipv4prefix ||= 0
min_ipv6prefix ||= 0
ip = IPAddr.new(str)
if min_ipv4prefix > 0 && ip.ipv4? && ip.prefix < min_ipv4prefix
return "prefix is too short (#{ip.prefix}); minimum allowed is #{min_ipv4prefix}"
end
if min_ipv6prefix > 0 && ip.ipv6? && ip.prefix < min_ipv6prefix
return "prefix is too short (#{ip.prefix}); minimum allowed is #{min_ipv6prefix}"
end
if exclude_0 && ['0.0.0.0', '::'].include?(ip.to_s)
return "address #{ip.to_s} is not allowed"
end
if exclude_private && ip.private?
return "private addresses are not allowed"
end
if exclude_local && ip.link_local?
return "link local addresses are not allowed"
end
if exclude_loopback && ip.loopback?
return "loopback addresses are not allowed"
end
nil
rescue IPAddr::AddressFamilyError, IPAddr::InvalidAddressError => error
error.message
end
# Normalized IP ranges, so that IP bits outside the mask range are 0
# (some routers/firewalls may not accept it of not normalied)
def normalize(str)
ip = IPAddr.new(str)
norm_ip = ip.to_s
norm_ip += "/#{ip.prefix}" if ip.prefix < IPAddr.new(norm_ip).prefix
norm_ip
end
end
# Backport some IPAddr methods from Ruby 2.5
unless IPAddr.instance_methods.include?(:prefix)
class IPAddr
def prefix
case @family
when Socket::AF_INET
n = IN4MASK ^ @mask_addr
i = 32
when Socket::AF_INET6
n = IN6MASK ^ @mask_addr
i = 128
else
raise IPAddr::AddressFamilyError, "unsupported address family"
end
while n.positive?
n >>= 1
i -= 1
end
i
end
end
end
unless IPAddr.instance_methods.include?(:private?)
class IPAddr
def private?
case @family
when Socket::AF_INET
@addr & 0xff000000 == 0x0a000000 || # 10.0.0.0/8
@addr & 0xfff00000 == 0xac100000 || # 172.16.0.0/12
@addr & 0xffff0000 == 0xc0a80000 # 192.168.0.0/16
when Socket::AF_INET6
@addr & 0xfe00_0000_0000_0000_0000_0000_0000_0000 == 0xfc00_0000_0000_0000_0000_0000_0000_0000
else
raise IPAddr::AddressFamilyError, "unsupported address family"
end
end
end
end
unless IPAddr.instance_methods.include?(:link_local?)
class IPAddr
def link_local?
case @family
when Socket::AF_INET
@addr & 0xffff0000 == 0xa9fe0000 # 169.254.0.0/16
when Socket::AF_INET6
@addr & 0xffc0_0000_0000_0000_0000_0000_0000_0000 == 0xfe80_0000_0000_0000_0000_0000_0000_0000
else
raise IPAddr::AddressFamilyError, "unsupported address family"
end
end
end
end
unless IPAddr.instance_methods.include?(:loopback?)
class IPAddr
def loopback?
case @family
when Socket::AF_INET
@addr & 0xff000000 == 0x7f000000
when Socket::AF_INET6
@addr == 1
else
raise AddressFamilyError, "unsupported address family"
end
end
end
end