【发布时间】:2010-12-02 17:24:40
【问题描述】:
我有一个格式为 10.132.0.0/20 的子网和一个来自 ASP.Net 请求对象的 IP 地址。
是否有 .NET 框架函数来检查 IP 地址是否在给定子网内?
如果没有,怎么办?我猜是位操作?
【问题讨论】:
标签: c# ip-address subnet
【发布时间】:2010-12-02 17:24:40
【问题描述】:
查看 MSDN 博客上的 IP Address Calculations with C#。它包含一个扩展方法 (IsInSameSubnet),应该可以满足您的需求以及其他一些好处。
public static class IPAddressExtensions
{
public static IPAddress GetBroadcastAddress(this IPAddress address, IPAddress subnetMask)
{
byte[] ipAdressBytes = address.GetAddressBytes();
byte[] subnetMaskBytes = subnetMask.GetAddressBytes();
if (ipAdressBytes.Length != subnetMaskBytes.Length)
throw new ArgumentException("Lengths of IP address and subnet mask do not match.");
byte[] broadcastAddress = new byte[ipAdressBytes.Length];
for (int i = 0; i < broadcastAddress.Length; i++)
{
broadcastAddress[i] = (byte)(ipAdressBytes[i] | (subnetMaskBytes[i] ^ 255));
}
return new IPAddress(broadcastAddress);
}
public static IPAddress GetNetworkAddress(this IPAddress address, IPAddress subnetMask)
{
byte[] ipAdressBytes = address.GetAddressBytes();
byte[] subnetMaskBytes = subnetMask.GetAddressBytes();
if (ipAdressBytes.Length != subnetMaskBytes.Length)
throw new ArgumentException("Lengths of IP address and subnet mask do not match.");
byte[] broadcastAddress = new byte[ipAdressBytes.Length];
for (int i = 0; i < broadcastAddress.Length; i++)
{
broadcastAddress[i] = (byte)(ipAdressBytes[i] & (subnetMaskBytes[i]));
}
return new IPAddress(broadcastAddress);
}
public static bool IsInSameSubnet(this IPAddress address2, IPAddress address, IPAddress subnetMask)
{
IPAddress network1 = address.GetNetworkAddress(subnetMask);
IPAddress network2 = address2.GetNetworkAddress(subnetMask);
return network1.Equals(network2);
}
}
【讨论】:
-
IPv6 地址怎么样?
-
@ageroh GitHub 似乎有一些可以处理 IPv6 地址的 C# 库。 IP网络,例如github.com/lduchosal/ipnetwork
-
我在my answer 中添加了一个使用 IPv6 和 IPv4 的实现 - 我很乐意收到一些反馈 ;)
使用答案from Thomas 和Chris 以及Ciscos Subnetting Examples 如果您使用 CIDR 表示法(IPAddress/PrefixLength),我终于可以为 IPv4 和 IPv6 工作了。我的 IPv6 实现可能有点太直接了,但由于没有 UInt128 数据类型,我无法适应 Thomas 的解决方案。这是似乎运行良好的代码:
public static bool IsInSubnet(this IPAddress address, string subnetMask)
{
var slashIdx = subnetMask.IndexOf("/");
if (slashIdx == -1)
{ // We only handle netmasks in format "IP/PrefixLength".
throw new NotSupportedException("Only SubNetMasks with a given prefix length are supported.");
}
// First parse the address of the netmask before the prefix length.
var maskAddress = IPAddress.Parse(subnetMask.Substring(0, slashIdx));
if (maskAddress.AddressFamily != address.AddressFamily)
{ // We got something like an IPV4-Address for an IPv6-Mask. This is not valid.
return false;
}
// Now find out how long the prefix is.
int maskLength = int.Parse(subnetMask.Substring(slashIdx + 1));
if (maskLength == 0)
{
return true;
}
if (maskLength < 0)
{
throw new NotSupportedException("A Subnetmask should not be less than 0.");
}
if (maskAddress.AddressFamily == AddressFamily.InterNetwork)
{
// Convert the mask address to an unsigned integer.
var maskAddressBits = BitConverter.ToUInt32(maskAddress.GetAddressBytes().Reverse().ToArray(), 0);
// And convert the IpAddress to an unsigned integer.
var ipAddressBits = BitConverter.ToUInt32(address.GetAddressBytes().Reverse().ToArray(), 0);
// Get the mask/network address as unsigned integer.
uint mask = uint.MaxValue << (32 - maskLength);
// https://stackoverflow.com/a/1499284/3085985
// Bitwise AND mask and MaskAddress, this should be the same as mask and IpAddress
// as the end of the mask is 0000 which leads to both addresses to end with 0000
// and to start with the prefix.
return (maskAddressBits & mask) == (ipAddressBits & mask);
}
if (maskAddress.AddressFamily == AddressFamily.InterNetworkV6)
{
// Convert the mask address to a BitArray. Reverse the BitArray to compare the bits of each byte in the right order.
var maskAddressBits = new BitArray(maskAddress.GetAddressBytes().Reverse().ToArray());
// And convert the IpAddress to a BitArray. Reverse the BitArray to compare the bits of each byte in the right order.
var ipAddressBits = new BitArray(address.GetAddressBytes().Reverse().ToArray());
var ipAddressLength = ipAddressBits.Length;
if (maskAddressBits.Length != ipAddressBits.Length)
{
throw new ArgumentException("Length of IP Address and Subnet Mask do not match.");
}
// Compare the prefix bits.
for (var i = ipAddressLength - 1; i >= ipAddressLength - maskLength; i--)
{
if (ipAddressBits[i] != maskAddressBits[i])
{
return false;
}
}
return true;
}
throw new NotSupportedException("Only InterNetworkV6 or InterNetwork address families are supported.");
}
这是我用来测试的 XUnit 测试:
public class IpAddressExtensionsTests
{
[Theory]
[InlineData("192.168.5.85/24", "192.168.5.1")]
[InlineData("192.168.5.85/24", "192.168.5.254")]
[InlineData("10.128.240.50/30", "10.128.240.48")]
[InlineData("10.128.240.50/30", "10.128.240.49")]
[InlineData("10.128.240.50/30", "10.128.240.50")]
[InlineData("10.128.240.50/30", "10.128.240.51")]
[InlineData("192.168.5.85/0", "0.0.0.0")]
[InlineData("192.168.5.85/0", "255.255.255.255")]
public void IpV4SubnetMaskMatchesValidIpAddress(string netMask, string ipAddress)
{
var ipAddressObj = IPAddress.Parse(ipAddress);
Assert.True(ipAddressObj.IsInSubnet(netMask));
}
[Theory]
[InlineData("192.168.5.85/24", "192.168.4.254")]
[InlineData("192.168.5.85/24", "191.168.5.254")]
[InlineData("10.128.240.50/30", "10.128.240.47")]
[InlineData("10.128.240.50/30", "10.128.240.52")]
[InlineData("10.128.240.50/30", "10.128.239.50")]
[InlineData("10.128.240.50/30", "10.127.240.51")]
public void IpV4SubnetMaskDoesNotMatchInvalidIpAddress(string netMask, string ipAddress)
{
var ipAddressObj = IPAddress.Parse(ipAddress);
Assert.False(ipAddressObj.IsInSubnet(netMask));
}
[Theory]
[InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0012:0000:0000:0000:0000")]
[InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0012:FFFF:FFFF:FFFF:FFFF")]
[InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0012:0001:0000:0000:0000")]
[InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0012:FFFF:FFFF:FFFF:FFF0")]
[InlineData("2001:db8:abcd:0012::0/128", "2001:0DB8:ABCD:0012:0000:0000:0000:0000")]
[InlineData("2001:db8:abcd:5678::0/53", "2001:0db8:abcd:5000:0000:0000:0000:0000")]
[InlineData("2001:db8:abcd:5678::0/53", "2001:0db8:abcd:57ff:ffff:ffff:ffff:ffff")]
[InlineData("2001:db8:abcd:0012::0/0", "::")]
[InlineData("2001:db8:abcd:0012::0/0", "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff")]
public void IpV6SubnetMaskMatchesValidIpAddress(string netMask, string ipAddress)
{
var ipAddressObj = IPAddress.Parse(ipAddress);
Assert.True(ipAddressObj.IsInSubnet(netMask));
}
[Theory]
[InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0011:FFFF:FFFF:FFFF:FFFF")]
[InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0013:0000:0000:0000:0000")]
[InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0013:0001:0000:0000:0000")]
[InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0011:FFFF:FFFF:FFFF:FFF0")]
[InlineData("2001:db8:abcd:0012::0/128", "2001:0DB8:ABCD:0012:0000:0000:0000:0001")]
[InlineData("2001:db8:abcd:5678::0/53", "2001:0db8:abcd:4999:0000:0000:0000:0000")]
[InlineData("2001:db8:abcd:5678::0/53", "2001:0db8:abcd:5800:0000:0000:0000:0000")]
public void IpV6SubnetMaskDoesNotMatchInvalidIpAddress(string netMask, string ipAddress)
{
var ipAddressObj = IPAddress.Parse(ipAddress);
Assert.False(ipAddressObj.IsInSubnet(netMask));
}
}
作为我使用 Ciscos Subnetting Examples 和 IBMs IPV6 address examples 的测试的基础。
我希望有人觉得这很有帮助;)
【讨论】:
-
在v6 IP的情况下,将字节数组转换为位数组进行比较是否有原因?
-
由于前缀长度(例如 /24)表示允许不同的位数,我们需要比较这些位 - 我们可以比较可被 8 整除的前缀长度的字节,但这不适用于像 /25 这样的奇数前缀长度。可能有些操作不需要这样做,但我不是位比较领域的专家,所以这是我能想到的最简单的方法。
-
谢谢。我想指出一件事。如果掩码长度为 0,您的 v6 比较返回 true,而如果掩码长度为 0,则 v4 比较返回 false。在 v6 的情况下,您应该检查 0 掩码长度。
-
请注意,IPv6 的代码不适用于不是 8 乘积的前缀!构造的
BitArray中的字节布局正确,但其中的位被颠倒,使得 for 循环首先比较每个字节的次要位,这是错误的,但当前缀在字节上对齐时仍然有效。提供的测试不包括这个! -
正确的方法是先反转字节,然后再将它们传递给
BitArray构造函数-.GetAddressBytes().Reverse().ToArray(),然后for循环遍历BitArray,如下所示:for (int i = ipAddressBits.Length - 1; i >= ipAddressBits.Length - maskLength; i--)
位操作有效。将 IP 填充为 32 位无符号整数,对子网地址执行相同操作,&-mask 与 0xFFFFFFFF << (32-20) 并比较:
unsigned int net = ..., ip = ...;
int network_bits = 20;
unsigned int mask = 0xFFFFFFFF << (32 - network_bits);
if ((net & mask) == (ip & mask)) {
// ...
}
【讨论】:
-
或者,如果常见,子网以数字形式给出,例如 255.255.240.0,只需将掩码填充为 32 位整数而不是移位。
-
我发现 System.Net.IPAddress 类有助于将 IP 地址解析和分解为字节
-
@RyanMichela 一行 C# 总是比库更快更小
-
这是我在my response 中添加的使用 IPv6 和 IPv4 实现的 IPv4 部分的一个很好的基础 - 如果您可以查看它会很棒,因为我的头脑无法使用二进制操作很好;)
由于 MSDN 博客代码依赖广播,而 IPv6 没有,我不知道它是否适用于 IPv6。
我最终采用了这些方法(感谢 nu everest)。您可以从 CIDR 表示法(“1.2.3.4/5”)获取子网和掩码,并检查地址是否在此网络内。
这适用于 IPv4 和 IPv6:
public static class IpAddresses
{
public static Tuple<IPAddress, IPAddress> GetSubnetAndMaskFromCidr(string cidr)
{
var delimiterIndex = cidr.IndexOf('/');
string ipSubnet = cidr.Substring(0, delimiterIndex);
string mask = cidr.Substring(delimiterIndex + 1);
var subnetAddress = IPAddress.Parse(ipSubnet);
if (subnetAddress.AddressFamily == AddressFamily.InterNetworkV6)
{
// ipv6
var ip = BigInteger.Parse("00FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", NumberStyles.HexNumber) << (128 - int.Parse(mask));
var maskBytes = new[]
{
(byte)((ip & BigInteger.Parse("00FF000000000000000000000000000000", NumberStyles.HexNumber)) >> 120),
(byte)((ip & BigInteger.Parse("0000FF0000000000000000000000000000", NumberStyles.HexNumber)) >> 112),
(byte)((ip & BigInteger.Parse("000000FF00000000000000000000000000", NumberStyles.HexNumber)) >> 104),
(byte)((ip & BigInteger.Parse("00000000FF000000000000000000000000", NumberStyles.HexNumber)) >> 96),
(byte)((ip & BigInteger.Parse("0000000000FF0000000000000000000000", NumberStyles.HexNumber)) >> 88),
(byte)((ip & BigInteger.Parse("000000000000FF00000000000000000000", NumberStyles.HexNumber)) >> 80),
(byte)((ip & BigInteger.Parse("00000000000000FF000000000000000000", NumberStyles.HexNumber)) >> 72),
(byte)((ip & BigInteger.Parse("0000000000000000FF0000000000000000", NumberStyles.HexNumber)) >> 64),
(byte)((ip & BigInteger.Parse("000000000000000000FF00000000000000", NumberStyles.HexNumber)) >> 56),
(byte)((ip & BigInteger.Parse("00000000000000000000FF000000000000", NumberStyles.HexNumber)) >> 48),
(byte)((ip & BigInteger.Parse("0000000000000000000000FF0000000000", NumberStyles.HexNumber)) >> 40),
(byte)((ip & BigInteger.Parse("000000000000000000000000FF00000000", NumberStyles.HexNumber)) >> 32),
(byte)((ip & BigInteger.Parse("00000000000000000000000000FF000000", NumberStyles.HexNumber)) >> 24),
(byte)((ip & BigInteger.Parse("0000000000000000000000000000FF0000", NumberStyles.HexNumber)) >> 16),
(byte)((ip & BigInteger.Parse("000000000000000000000000000000FF00", NumberStyles.HexNumber)) >> 8),
(byte)((ip & BigInteger.Parse("00000000000000000000000000000000FF", NumberStyles.HexNumber)) >> 0),
};
return Tuple.Create(subnetAddress, new IPAddress(maskBytes));
}
else
{
// ipv4
uint ip = 0xFFFFFFFF << (32 - int.Parse(mask));
var maskBytes = new[]
{
(byte)((ip & 0xFF000000) >> 24),
(byte)((ip & 0x00FF0000) >> 16),
(byte)((ip & 0x0000FF00) >> 8),
(byte)((ip & 0x000000FF) >> 0),
};
return Tuple.Create(subnetAddress, new IPAddress(maskBytes));
}
}
public static bool IsAddressOnSubnet(IPAddress address, IPAddress subnet, IPAddress mask)
{
byte[] addressOctets = address.GetAddressBytes();
byte[] subnetOctets = mask.GetAddressBytes();
byte[] networkOctets = subnet.GetAddressBytes();
// ensure that IPv4 isn't mixed with IPv6
if (addressOctets.Length != subnetOctets.Length
|| addressOctets.Length != networkOctets.Length)
{
return false;
}
for (int i = 0; i < addressOctets.Length; i += 1)
{
var addressOctet = addressOctets[i];
var subnetOctet = subnetOctets[i];
var networkOctet = networkOctets[i];
if (networkOctet != (addressOctet & subnetOctet))
{
return false;
}
}
return true;
}
}
示例用法:
var subnetAndMask = IpAddresses.GetSubnetAndMaskFromCidr("10.132.0.0/20");
bool result = IpAddresses.IsAddressOnSubnet(
IPAddress.Parse("10.132.12.34"),
subnetAndMask.Item1,
subnetAndMask.Item2);
【讨论】:
-
我想,我在您的解决方案中发现了一个异常。当子网位数等于 23 时,“IsAddressOnSubnet”返回错误结果。我将 if 行更改为
if ((networkOctet & subnetOctet) != (addressOctet & subnetOctet))并开始返回正确的结果。
我在这里参加聚会迟到了,但也有类似的需求,所以我准备了一个快速的包来完成这个。
https://www.nuget.org/packages/IpMatcher/
来源:
https://github.com/jchristn/IpMatcher
简单使用:
using IpMatcher;
Matcher matcher = new Matcher();
matcher.Add("192.168.1.0", "255.255.255.0");
matcher.Add("192.168.2.0", "255.255.255.0");
matcher.Remove("192.168.2.0");
matcher.Exists("192.168.1.0", "255.255.255.0"); // true
matcher.Match("192.168.1.34"); // true
matcher.Match("10.10.10.10"); // false
【讨论】:
解决方案是使用System.Net.IPAddress 将IP 地址转换为字节,并对地址、子网和掩码八位字节进行按位比较。
二元与运算符& 如果两个操作数都存在,则将位复制到结果中。
代码:
using System.Net; // Used to access IPAddress
bool IsAddressOnSubnet(string address, string subnet, string mask)
{
try
{
IPAddress Address = IPAddress.Parse(address);
IPAddress Subnet = IPAddress.Parse(subnet);
IPAddress Mask = IPAddress.Parse(mask);
Byte[] addressOctets = Address.GetAddressBytes();
Byte[] subnetOctets = Mask.GetAddressBytes();
Byte[] networkOctets = Subnet.GetAddressBytes();
return
((networkOctets[0] & subnetOctets[0]) == (addressOctets[0] & subnetOctets[0])) &&
((networkOctets[1] & subnetOctets[1]) == (addressOctets[1] & subnetOctets[1])) &&
((networkOctets[2] & subnetOctets[2]) == (addressOctets[2] & subnetOctets[2])) &&
((networkOctets[3] & subnetOctets[3]) == (addressOctets[3] & subnetOctets[3]));
}
catch (System.Exception ex)
{
return false;
}
}
特别感谢 Reference
【讨论】:
-
请注意,如果提供 IPv6 地址,这将中断
我还创建了一个类来计算网络和广播地址,并检查 IP 是否既不是广播也不是网络地址。
private static IPValidationFailedReason PerformIPRangeValidation(string ipAddress, string subnetMask)
{
IPValidationFailedReason ipValidationType = IPValidationFailedReason.None;
string networkaddress = string.Empty;
string broadcastAddress = string.Empty;
string networkAddressBinary = string.Empty;
string broadcastAddressBinary = string.Empty;
int zerosCountInSubnetMask = 0;
Array.ForEach(subnetMask.Split(SplitterChar), (eachOctet) => Array.ForEach(IPInterfaceHelper.GetOctetWithPadding(eachOctet).Where(c => c == CharZero).ToArray(), (k) => zerosCountInSubnetMask++));
if (zerosCountInSubnetMask == 0)
{
return ipValidationType;
}
string ipAddressBinary = IPInterfaceHelper.ToBinary(ipAddress);
networkAddressBinary = GetNetworkAddressInBinaryFormat(zerosCountInSubnetMask, ipAddressBinary);
broadcastAddressBinary = GetBroadcastAddressInBinaryFormat(zerosCountInSubnetMask, ipAddressBinary);
networkaddress = ToIPFromBinary(networkAddressBinary);
broadcastAddress = ToIPFromBinary(broadcastAddressBinary);
if (ipAddress == networkaddress)
{
ipValidationType = IPValidationFailedReason.NetworkAddressZero;
return ipValidationType;
}
if (ipAddress == broadcastAddress)
{
ipValidationType = IPValidationFailedReason.BroadcastAddressNotPermiited;
return ipValidationType;
}
return ipValidationType;
}
private static string GetNetworkAddressInBinaryFormat(int zeroCountInSubnetMask, string ipAddressBinary)
{
string networkAddressBinary = string.Empty;
int countOfOnesInSubnetMask = TotalBitCount - zeroCountInSubnetMask;
StringBuilder sb = new StringBuilder(ipAddressBinary);
//When Subnet is like 255.255.255.0
if (zeroCountInSubnetMask >= 1 && zeroCountInSubnetMask <= 8)
{
networkAddressBinary = sb.Replace(CharOne, CharZero, countOfOnesInSubnetMask + 3, zeroCountInSubnetMask).ToString();
}
//When Subnet is like 255.255.0.0
if (zeroCountInSubnetMask > 8 && zeroCountInSubnetMask <= 16)
{
networkAddressBinary = sb.Replace(CharOne, CharZero, countOfOnesInSubnetMask + 2, zeroCountInSubnetMask + 1).ToString();
}
//When Subnet is like 255.0.0.0
if (zeroCountInSubnetMask > 16 && zeroCountInSubnetMask <= 24)
{
networkAddressBinary = sb.Replace(CharOne, CharZero, countOfOnesInSubnetMask + 1, zeroCountInSubnetMask + 2).ToString();
}
//When Subnet is like 128.0.0.0
if (zeroCountInSubnetMask > 24 && zeroCountInSubnetMask < 32)
{
networkAddressBinary = sb.Replace(CharOne, CharZero, countOfOnesInSubnetMask , zeroCountInSubnetMask + 3).ToString();
}
return networkAddressBinary;
}
private static string GetBroadcastAddressInBinaryFormat(int zeroCountInSubnetMask, string ipAddressBinary)
{
string broadcastAddressBinary = string.Empty;
int countOfOnesInSubnetMask = TotalBitCount - zeroCountInSubnetMask;
StringBuilder sb = new StringBuilder(ipAddressBinary);
//When Subnet is like 255.255.255.0
if (zeroCountInSubnetMask >= 1 && zeroCountInSubnetMask <= 8)
{
broadcastAddressBinary = sb.Replace(CharZero, CharOne, countOfOnesInSubnetMask + 3, zeroCountInSubnetMask).ToString();
}
//When Subnet is like 255.255.0.0
if (zeroCountInSubnetMask > 8 && zeroCountInSubnetMask <= 16)
{
broadcastAddressBinary = sb.Replace(CharZero, CharOne, countOfOnesInSubnetMask + 2, zeroCountInSubnetMask + 1).ToString();
}
//When Subnet is like 255.0.0.0
if (zeroCountInSubnetMask > 16 && zeroCountInSubnetMask <= 24)
{
broadcastAddressBinary = sb.Replace(CharZero, CharOne, countOfOnesInSubnetMask + 1, zeroCountInSubnetMask + 2).ToString();
}
//When Subnet is like 128.0.0.0
if (zeroCountInSubnetMask > 24 && zeroCountInSubnetMask < 32)
{
broadcastAddressBinary = sb.Replace(CharZero, CharOne, countOfOnesInSubnetMask , zeroCountInSubnetMask + 3).ToString();
}
return broadcastAddressBinary;
}
private static string ToIPFromBinary(string ipAddressBinary)
{
string addrTemp = string.Empty;
string[] networkAddressBinaryOctets = ipAddressBinary.Split(SplitterChar);
foreach (var eachOctet in networkAddressBinaryOctets)
{
string temp = Convert.ToUInt32(eachOctet, 2).ToString(CultureInfo.InvariantCulture);
addrTemp += temp + SplitterChar;
}
// remove last '.'
string ipAddress = addrTemp.Substring(0, addrTemp.Length - 1);
return ipAddress;
}
【讨论】:
如果您正在使用 ASP.NET Core,则有一个新类 IPNetwork 可用于测试 IP 地址是否在特定网络中。
【讨论】: