For the address validity check, consider
the reserved IP address list.
The interpretation of what should be allowed and what should not be depends on how you intend to use the IP address. For example, if it is a host IPv4 address, you will want to exclude all 0.*.*.*, 169.254.*.*, 192.0.2.*, 198.18-19.*.*, 198.51.100.*, 203.0.113.*, 224-239.*.*.*, and 255.255.255.255, but accept all other addresses. If it should be an external host, then you can also exclude 127.*.*.*, since they are always local addresses (but it usually makes no sense to specifically ban those). 240-254.*.*.* are still unassigned, except 255.255.255.255 is the global broadcast address; right now only IP spoofers use those addresses, but they may be legitimately used in the future.
In the general case, excluding all-zeros and all-ones should be enough (and should be done when parsing an address, not as a separate step). Everything else is a valid IP address at least in some contexts. This is also the reason there is no single OS call.
Because IP spoofing is so easy, you cannot rely on any IP address on being valid (unless you have local firewall rules applied that validate them, for example by filtering them per interface). Linux, and Unix-like systems in general, do not normally apply checks like this, because it is
policy, and is the users'/administrators' responsibility.
To put it bluntly, there is no reason why your application should not accept say IPv4 address 192.168. If the user/admin specifies that to your application, then that is what your application should use. The same obviously applies to IPv6. If the user/admin wishes to avoid the IPv4 address ranges (for example due to attacks) I listed above, they can trivially set up iptables DROP rules in their kernel.
I've written some networking software, both client and server side, mostly in C (GNU C and/or C99), and I've never
needed and IP address validation function. If it can be parsed correctly, I'm happy with it. If it happens to be completely bogus, let the user/admin worry about it. If you try to cuddle your users (like certain commercial OSes do, to a very large extent), you simply end up limiting the number of choices available to the user. And I for one do not like that one bit.
However, I don't know how you will be using the IP addresses, so I don't want to claim you should
never try to validate them. I just cannot think of any good reason right now. But if you need to, the beginning of this message should point you the right direction. If you need the validation in an application or a library, you should consider putting the rules in configuration files (separate for IPv4 and IPv6), so that the users can modify them if a need arises.