LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-27-2011, 11:20 AM   #1
Anandkpda
LQ Newbie
 
Registered: Sep 2011
Posts: 9

Rep: Reputation: Disabled
valid check of IP in C++ code


Hi,

I want to check & validate given IP address in my Code. Can Checked with inet_addr & inet_itoa fns().
both will pass if IP address is xx.xx, as this is invalid.

can anybody explain me the usage of ping in the C++ code.

thanks,
Anand
 
Old 09-27-2011, 02:19 PM   #2
Nominal Animal
Senior Member
 
Registered: Dec 2010
Location: Finland
Distribution: Xubuntu, CentOS, LFS
Posts: 1,723
Blog Entries: 3

Rep: Reputation: 948Reputation: 948Reputation: 948Reputation: 948Reputation: 948Reputation: 948Reputation: 948Reputation: 948
There are two types of IP addresses: IPv4 and IPv6.

I recommend you split the checking into two phases:
  1. String to address conversion
    IPv4 addresses are 32 bits long, IPv6 addresses are 128 bits long.
    Since IPv4 addresses (0xXXYYZZWW) can be mapped to IPv6 addresses (0:0:0:0:ffff:XXYY:ZZWW) you can have just one string conversion function, which always returns an IPv6 address.
    Or, you can use the functions provided by your C or C++ library, for example trying each one if they work (without error).
  2. Address check
    As described in the Wikipedia articles for IPv4 and IPv6 and documents they link to, there are certain address ranges that have a special purpose. If you wish to classify or check for these, you should do it on the binary data, not on a string.

ping is an external program, which sends an ICMP echo request to the desired IP address, optionally tracing the route (by setting a flag which indicates every device on the route should also send a response to the originator). It is quite nontrivial to implement ping in your own program -- and on many architectures it requires superuser privileges, too. Usually it is much better to execute the command with desired command line options, and parse the output instead.

Note that you absolutely cannot rely on ping, and you really should not be considering using it here. ICMP echo packets are routinely dropped by many if not most firewalls. IP addresses can also be faked (called IP spoofing); you do not want your software to be used as a part of a DDOS (distributed denial-of-service) attack, where an attacker spoofs the victim's address, and connects to your software, and your software then sends the DOSing ICMP echo packets like a well-trained goon.

A reverse DNS lookup (where you look up the name corresponding to the IP address you know) may be useful, although not all IP addresses are named. Most IP addresses can be geolocated (due to the way they are assigned); you might use a IP geolocation service instead of ping.

Finally, an IP address is not an identifying factor. NAT (network address translation) is used in a lot, which means many users share an IP address (or more frequently, a pool of IP addresses). For home users, service providers do not usually give a fixed IP address, but simply the next available IP address from their IP address pool (although many at least try to give the same IP address if it is still available). An IP address really is an ephemeral address, which you can only rely on when you have an open connection (stream or datagram socket) to it, really.
 
Old 09-28-2011, 04:34 AM   #3
Anandkpda
LQ Newbie
 
Registered: Sep 2011
Posts: 9

Original Poster
Rep: Reputation: Disabled
thanks a lot. it means there is no single OS call to validate.

Could you please elaborate the 2nd check(Address check)
 
Old 09-28-2011, 02:20 PM   #4
Nominal Animal
Senior Member
 
Registered: Dec 2010
Location: Finland
Distribution: Xubuntu, CentOS, LFS
Posts: 1,723
Blog Entries: 3

Rep: Reputation: 948Reputation: 948Reputation: 948Reputation: 948Reputation: 948Reputation: 948Reputation: 948Reputation: 948
For the address validity check, consider the reserved IP address list.

The interpretation of what should be allowed and what should not be depends on how you intend to use the IP address. For example, if it is a host IPv4 address, you will want to exclude all 0.*.*.*, 169.254.*.*, 192.0.2.*, 198.18-19.*.*, 198.51.100.*, 203.0.113.*, 224-239.*.*.*, and 255.255.255.255, but accept all other addresses. If it should be an external host, then you can also exclude 127.*.*.*, since they are always local addresses (but it usually makes no sense to specifically ban those). 240-254.*.*.* are still unassigned, except 255.255.255.255 is the global broadcast address; right now only IP spoofers use those addresses, but they may be legitimately used in the future.

In the general case, excluding all-zeros and all-ones should be enough (and should be done when parsing an address, not as a separate step). Everything else is a valid IP address at least in some contexts. This is also the reason there is no single OS call.

Because IP spoofing is so easy, you cannot rely on any IP address on being valid (unless you have local firewall rules applied that validate them, for example by filtering them per interface). Linux, and Unix-like systems in general, do not normally apply checks like this, because it is policy, and is the users'/administrators' responsibility.

To put it bluntly, there is no reason why your application should not accept say IPv4 address 192.168. If the user/admin specifies that to your application, then that is what your application should use. The same obviously applies to IPv6. If the user/admin wishes to avoid the IPv4 address ranges (for example due to attacks) I listed above, they can trivially set up iptables DROP rules in their kernel.

I've written some networking software, both client and server side, mostly in C (GNU C and/or C99), and I've never needed and IP address validation function. If it can be parsed correctly, I'm happy with it. If it happens to be completely bogus, let the user/admin worry about it. If you try to cuddle your users (like certain commercial OSes do, to a very large extent), you simply end up limiting the number of choices available to the user. And I for one do not like that one bit.

However, I don't know how you will be using the IP addresses, so I don't want to claim you should never try to validate them. I just cannot think of any good reason right now. But if you need to, the beginning of this message should point you the right direction. If you need the validation in an application or a library, you should consider putting the rules in configuration files (separate for IPv4 and IPv6), so that the users can modify them if a need arises.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Bash function check for valid IP jchambers Programming 7 04-10-2020 05:51 AM
PHP function to check if string is valid xml? j-ray Programming 6 12-19-2009 08:46 AM
how to check if a socket is valid in C ? naihe2010 Programming 3 10-29-2006 07:56 PM
Check if an int value is within valid range of enum? mic Programming 6 02-21-2006 12:02 PM
Check this out! Mysterious C Code mmarkvillanueva Programming 1 06-23-2005 12:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration