Properly handle IPs with subnetmasks

Jellyfin.Networking/Manager/NetworkManager.cs

@@ -295,8 +295,8 @@ namespace Jellyfin.Networking.Manager
                 // Get configuration options
                 string[] subnets = config.LocalNetworkSubnets;
 
-                _ = NetworkExtensions.TryParseSubnets(subnets, out _lanSubnets, false);
-                _ = NetworkExtensions.TryParseSubnets(subnets, out _excludedSubnets, true);
+                _ = NetworkExtensions.TryParseToSubnets(subnets, out _lanSubnets, false);
+                _ = NetworkExtensions.TryParseToSubnets(subnets, out _excludedSubnets, true);
 
                 if (_lanSubnets.Count == 0)
                 {
@@ -336,8 +336,8 @@ namespace Jellyfin.Networking.Manager
                 var localNetworkAddresses = config.LocalNetworkAddresses;
                 if (localNetworkAddresses.Length > 0 && !string.IsNullOrWhiteSpace(localNetworkAddresses.First()))
                 {
-                    var bindAddresses = localNetworkAddresses.Select(p => IPAddress.TryParse(p, out var addresses)
-                        ? addresses
+                    var bindAddresses = localNetworkAddresses.Select(p => NetworkExtensions.TryParseToSubnet(p, out var network)
+                        ? network.Prefix
                         : (_interfaces.Where(x => x.Name.Equals(p, StringComparison.OrdinalIgnoreCase))
                             .Select(x => x.Address)
                             .FirstOrDefault() ?? IPAddress.None))
@@ -401,7 +401,7 @@ namespace Jellyfin.Networking.Manager
                 if (remoteIPFilter.Any() && !string.IsNullOrWhiteSpace(remoteIPFilter.First()))
                 {
                     // Parse all IPs with netmask to a subnet
-                    _ = NetworkExtensions.TryParseSubnets(remoteIPFilter.Where(x => x.Contains('/', StringComparison.OrdinalIgnoreCase)).ToArray(), out _remoteAddressFilter, false);
+                    _ = NetworkExtensions.TryParseToSubnets(remoteIPFilter.Where(x => x.Contains('/', StringComparison.OrdinalIgnoreCase)).ToArray(), out _remoteAddressFilter, false);
 
                     // Parse everything else as an IP and construct subnet with a single IP
                     var ips = remoteIPFilter.Where(x => !x.Contains('/', StringComparison.OrdinalIgnoreCase));
@@ -440,17 +440,17 @@ namespace Jellyfin.Networking.Manager
                     else
                     {
                         var replacement = parts[1].Trim();
-                        var ipParts = parts[0].Split("/");
-                        if (string.Equals(parts[0], "all", StringComparison.OrdinalIgnoreCase))
+                        var identifier = parts[0];
+                        if (string.Equals(identifier, "all", StringComparison.OrdinalIgnoreCase))
                         {
                             _publishedServerUrls[new IPData(IPAddress.Broadcast, null)] = replacement;
                         }
-                        else if (string.Equals(parts[0], "external", StringComparison.OrdinalIgnoreCase))
+                        else if (string.Equals(identifier, "external", StringComparison.OrdinalIgnoreCase))
                         {
                             _publishedServerUrls[new IPData(IPAddress.Any, new IPNetwork(IPAddress.Any, 0))] = replacement;
                             _publishedServerUrls[new IPData(IPAddress.IPv6Any, new IPNetwork(IPAddress.IPv6Any, 0))] = replacement;
                         }
-                        else if (string.Equals(parts[0], "internal", StringComparison.OrdinalIgnoreCase))
+                        else if (string.Equals(identifier, "internal", StringComparison.OrdinalIgnoreCase))
                         {
                             foreach (var lan in _lanSubnets)
                             {
@@ -458,17 +458,12 @@ namespace Jellyfin.Networking.Manager
                                 _publishedServerUrls[new IPData(lanPrefix, new IPNetwork(lanPrefix, lan.PrefixLength))] = replacement;
                             }
                         }
-                        else if (IPAddress.TryParse(ipParts[0], out IPAddress? result))
+                        else if (NetworkExtensions.TryParseToSubnet(identifier, out var result) && result != null)
                         {
-                            var data = new IPData(result, null);
-                            if (ipParts.Length > 1 && int.TryParse(ipParts[1], out var netmask))
-                            {
-                                data.Subnet = new IPNetwork(result, netmask);
-                            }
-
+                            var data = new IPData(result.Prefix, result);
                             _publishedServerUrls[data] = replacement;
                         }
-                        else if (TryParseInterface(ipParts[0], out var ifaces))
+                        else if (TryParseInterface(identifier, out var ifaces))
                         {
                             foreach (var iface in ifaces)
                             {
@@ -516,15 +511,20 @@ namespace Jellyfin.Networking.Manager
                 foreach (var details in interfaceList)
                 {
                     var parts = details.Split(',');
-                    var split = parts[0].Split("/");
-                    var address = IPAddress.Parse(split[0]);
-                    var network = new IPNetwork(address, int.Parse(split[1], CultureInfo.InvariantCulture));
-                    var index = int.Parse(parts[1], CultureInfo.InvariantCulture);
-                    if (address.AddressFamily == AddressFamily.InterNetwork || address.AddressFamily == AddressFamily.InterNetworkV6)
+                    if (NetworkExtensions.TryParseToSubnet(parts[0], out var subnet))
+                    {
+                        var address = subnet.Prefix;
+                        var index = int.Parse(parts[1], CultureInfo.InvariantCulture);
+                        if (address.AddressFamily == AddressFamily.InterNetwork || address.AddressFamily == AddressFamily.InterNetworkV6)
+                        {
+                            var data = new IPData(address, subnet, parts[2]);
+                            data.Index = index;
+                            _interfaces.Add(data);
+                        }
+                    }
+                    else
                     {
-                        var data = new IPData(address, network, parts[2]);
-                        data.Index = index;
-                        _interfaces.Add(data);
+                        _logger.LogWarning("Could not parse mock interface settings: {Part}", details);
                     }
                 }
             }
@@ -799,9 +799,9 @@ namespace Jellyfin.Networking.Manager
         /// <inheritdoc/>
         public bool IsInLocalNetwork(string address)
         {
-            if (IPAddress.TryParse(address, out var ep))
+            if (NetworkExtensions.TryParseToSubnet(address, out var subnet))
             {
-                return IPAddress.IsLoopback(ep) || (_lanSubnets.Any(x => x.Contains(ep)) && !_excludedSubnets.Any(x => x.Contains(ep)));
+                return IPAddress.IsLoopback(subnet.Prefix) || (_lanSubnets.Any(x => x.Contains(subnet.Prefix)) && !_excludedSubnets.Any(x => x.Contains(subnet.Prefix)));
             }
 
             if (NetworkExtensions.TryParseHost(address, out var addresses, IsIpv4Enabled, IsIpv6Enabled))

Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs

@@ -348,7 +348,7 @@ namespace Jellyfin.Server.Extensions
                 {
                     AddIpAddress(config, options, addr, addr.AddressFamily == AddressFamily.InterNetwork ? 32 : 128);
                 }
-                else if (NetworkExtensions.TryParseSubnet(allowedProxies[i], out var subnet))
+                else if (NetworkExtensions.TryParseToSubnet(allowedProxies[i], out var subnet))
                 {
                     if (subnet != null)
                     {

MediaBrowser.Common/Net/NetworkExtensions.cs

@@ -152,13 +152,14 @@ namespace MediaBrowser.Common.Net
         }
 
         /// <summary>
-        /// Try parsing an array of strings into subnets, respecting exclusions.
+        /// Try parsing an array of strings into <see cref="IPNetwork"/> objects, respecting exclusions.
+        /// Elements without a subnet mask will be represented as <see cref="IPNetwork"/> with a single IP.
         /// </summary>
         /// <param name="values">Input string array to be parsed.</param>
         /// <param name="result">Collection of <see cref="IPNetwork"/>.</param>
         /// <param name="negated">Boolean signaling if negated or not negated values should be parsed.</param>
         /// <returns><c>True</c> if parsing was successful.</returns>
-        public static bool TryParseSubnets(string[] values, out List<IPNetwork> result, bool negated = false)
+        public static bool TryParseToSubnets(string[] values, out List<IPNetwork> result, bool negated = false)
         {
             result = new List<IPNetwork>();
 
@@ -183,10 +184,14 @@ namespace MediaBrowser.Common.Net
 
                 if (address != IPAddress.None && address != null)
                 {
-                    if (int.TryParse(v[1], out var netmask))
+                    if (v.Length > 1 && int.TryParse(v[1], out var netmask))
                     {
                         result.Add(new IPNetwork(address, netmask));
                     }
+                    else if (v.Length > 1 && IPAddress.TryParse(v[1], out var netmaskAddress))
+                    {
+                        result.Add(new IPNetwork(address, NetworkExtensions.MaskToCidr(netmaskAddress)));
+                    }
                     else if (address.AddressFamily == AddressFamily.InterNetwork)
                     {
                         result.Add(new IPNetwork(address, 32));
@@ -207,15 +212,16 @@ namespace MediaBrowser.Common.Net
         }
 
         /// <summary>
-        /// Try parsing a string into a subnet, respecting exclusions.
+        /// Try parsing a string into an <see cref="IPNetwork"/>, respecting exclusions.
+        /// Inputs without a subnet mask will be represented as <see cref="IPNetwork"/> with a single IP.
         /// </summary>
         /// <param name="value">Input string to be parsed.</param>
         /// <param name="result">An <see cref="IPNetwork"/>.</param>
         /// <param name="negated">Boolean signaling if negated or not negated values should be parsed.</param>
         /// <returns><c>True</c> if parsing was successful.</returns>
-        public static bool TryParseSubnet(string value, out IPNetwork? result, bool negated = false)
+        public static bool TryParseToSubnet(string value, out IPNetwork result, bool negated = false)
         {
-            result = null;
+            result = new IPNetwork(IPAddress.None, 32);
 
             if (string.IsNullOrEmpty(value))
             {
@@ -236,10 +242,14 @@ namespace MediaBrowser.Common.Net
 
             if (address != IPAddress.None && address != null)
             {
-                if (int.TryParse(v[1], out var netmask))
+                if (v.Length > 1 && int.TryParse(v[1], out var netmask))
                 {
                     result = new IPNetwork(address, netmask);
                 }
+                else if (v.Length > 1 && IPAddress.TryParse(v[1], out var netmaskAddress))
+                {
+                    result = new IPNetwork(address, NetworkExtensions.MaskToCidr(netmaskAddress));
+                }
                 else if (address.AddressFamily == AddressFamily.InterNetwork)
                 {
                     result = new IPNetwork(address, 32);
@@ -250,7 +260,7 @@ namespace MediaBrowser.Common.Net
                 }
             }
 
-            if (result != null)
+            if (!result.Prefix.Equals(IPAddress.None))
             {
                 return true;
             }

tests/Jellyfin.Networking.Tests/NetworkParseTests.cs

@@ -1,13 +1,11 @@
 using System;
 using System.Collections.Generic;
-using System.Globalization;
 using System.Linq;
 using System.Net;
 using Jellyfin.Networking.Configuration;
 using Jellyfin.Networking.Manager;
 using MediaBrowser.Common.Configuration;
 using MediaBrowser.Common.Net;
-using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Extensions.Logging.Abstractions;
 using Moq;
 using Xunit;
@@ -37,6 +35,8 @@ namespace Jellyfin.Networking.Tests
         [InlineData("192.168.1.208/24,-16,eth16|200.200.200.200/24,11,eth11", "192.168.1.0/24;200.200.200.0/24", "[192.168.1.208/24,200.200.200.200/24]")]
         // eth16 only
         [InlineData("192.168.1.208/24,-16,eth16|200.200.200.200/24,11,eth11", "192.168.1.0/24", "[192.168.1.208/24]")]
+        // eth16 only without mask
+        [InlineData("192.168.1.208,-16,eth16|200.200.200.200,11,eth11", "192.168.1.0/24", "[192.168.1.208/32]")]
         // All interfaces excluded. (including loopbacks)
         [InlineData("192.168.1.208/24,-16,vEthernet1|192.168.2.208/24,-16,vEthernet212|200.200.200.200/24,11,eth11", "192.168.1.0/24", "[]")]
         // vEthernet1 and vEthernet212 should be excluded.
@@ -65,66 +65,79 @@ namespace Jellyfin.Networking.Tests
         /// <param name="address">IP Address.</param>
         [Theory]
         [InlineData("127.0.0.1")]
+        [InlineData("127.0.0.1/8")]
+        [InlineData("192.168.1.2")]
+        [InlineData("192.168.1.2/24")]
+        [InlineData("192.168.1.2/255.255.255.0")]
         [InlineData("fd23:184f:2029:0:3139:7386:67d7:d517")]
         [InlineData("[fd23:184f:2029:0:3139:7386:67d7:d517]")]
         [InlineData("fe80::7add:12ff:febb:c67b%16")]
         [InlineData("[fe80::7add:12ff:febb:c67b%16]:123")]
         [InlineData("fe80::7add:12ff:febb:c67b%16:123")]
         [InlineData("[fe80::7add:12ff:febb:c67b%16]")]
-        [InlineData("192.168.1.2")]
+        [InlineData("fd23:184f:2029:0:3139:7386:67d7:d517/56")]
         public static void TryParseValidIPStringsTrue(string address)
-            => Assert.True(IPAddress.TryParse(address, out _));
+            => Assert.True(NetworkExtensions.TryParseToSubnet(address, out _));
 
         /// <summary>
         /// Checks invalid IP address formats.
         /// </summary>
         /// <param name="address">IP Address.</param>
         [Theory]
-        [InlineData("192.168.1.2/255.255.255.0")]
-        [InlineData("192.168.1.2/24")]
-        [InlineData("127.0.0.1/8")]
         [InlineData("127.0.0.1#")]
         [InlineData("localhost!")]
         [InlineData("256.128.0.0.0.1")]
-        [InlineData("fd23:184f:2029:0:3139:7386:67d7:d517/56")]
         [InlineData("fd23:184f:2029:0:3139:7386:67d7:d517:1231")]
         [InlineData("[fd23:184f:2029:0:3139:7386:67d7:d517:1231]")]
         public static void TryParseInvalidIPStringsFalse(string address)
-            => Assert.False(IPAddress.TryParse(address, out _));
+            => Assert.False(NetworkExtensions.TryParseToSubnet(address, out _));
 
+        /// <summary>
+        /// Checks if IPv4 address is within a defined subnet.
+        /// </summary>
+        /// <param name="netMask">Network mask.</param>
+        /// <param name="ipAddress">IP Address.</param>
         [Theory]
         [InlineData("192.168.5.85/24", "192.168.5.1")]
         [InlineData("192.168.5.85/24", "192.168.5.254")]
+        [InlineData("192.168.5.85/255.255.255.0", "192.168.5.254")]
         [InlineData("10.128.240.50/30", "10.128.240.48")]
         [InlineData("10.128.240.50/30", "10.128.240.49")]
         [InlineData("10.128.240.50/30", "10.128.240.50")]
         [InlineData("10.128.240.50/30", "10.128.240.51")]
+        [InlineData("10.128.240.50/255.255.255.252", "10.128.240.51")]
         [InlineData("127.0.0.1/8", "127.0.0.1")]
         public void IpV4SubnetMaskMatchesValidIpAddress(string netMask, string ipAddress)
         {
-            var split = netMask.Split("/");
-            var mask = int.Parse(split[1], CultureInfo.InvariantCulture);
-            var ipa = IPAddress.Parse(split[0]);
-            var ipn = new IPNetwork(ipa, mask);
-            Assert.True(ipn.Contains(IPAddress.Parse(ipAddress)));
+            var ipa = IPAddress.Parse(ipAddress);
+            Assert.True(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress)));
         }
 
+        /// <summary>
+        /// Checks if IPv4 address is not within a defined subnet.
+        /// </summary>
+        /// <param name="netMask">Network mask.</param>
+        /// <param name="ipAddress">IP Address.</param>
         [Theory]
         [InlineData("192.168.5.85/24", "192.168.4.254")]
         [InlineData("192.168.5.85/24", "191.168.5.254")]
+        [InlineData("192.168.5.85/255.255.255.252", "192.168.4.254")]
         [InlineData("10.128.240.50/30", "10.128.240.47")]
         [InlineData("10.128.240.50/30", "10.128.240.52")]
         [InlineData("10.128.240.50/30", "10.128.239.50")]
         [InlineData("10.128.240.50/30", "10.127.240.51")]
+        [InlineData("10.128.240.50/255.255.255.252", "10.127.240.51")]
         public void IpV4SubnetMaskDoesNotMatchInvalidIpAddress(string netMask, string ipAddress)
         {
-            var split = netMask.Split("/");
-            var mask = int.Parse(split[1], CultureInfo.InvariantCulture);
-            var ipa = IPAddress.Parse(split[0]);
-            var ipn = new IPNetwork(ipa, mask);
-            Assert.False(ipn.Contains(IPAddress.Parse(ipAddress)));
+            var ipa = IPAddress.Parse(ipAddress);
+            Assert.False(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress)));
         }
 
+        /// <summary>
+        /// Checks if IPv6 address is within a defined subnet.
+        /// </summary>
+        /// <param name="netMask">Network mask.</param>
+        /// <param name="ipAddress">IP Address.</param>
         [Theory]
         [InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0012:0000:0000:0000:0000")]
         [InlineData("2001:db8:abcd:0012::0/64", "2001:0DB8:ABCD:0012:FFFF:FFFF:FFFF:FFFF")]
@@ -133,11 +146,7 @@ namespace Jellyfin.Networking.Tests
         [InlineData("2001:db8:abcd:0012::0/128", "2001:0DB8:ABCD:0012:0000:0000:0000:0000")]
         public void IpV6SubnetMaskMatchesValidIpAddress(string netMask, string ipAddress)
         {
-            var split = netMask.Split("/");
-            var mask = int.Parse(split[1], CultureInfo.InvariantCulture);
-            var ipa = IPAddress.Parse(split[0]);
-            var ipn = new IPNetwork(ipa, mask);
-            Assert.True(ipn.Contains(IPAddress.Parse(ipAddress)));
+            Assert.True(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress)));
         }
 
         [Theory]
@@ -148,11 +157,7 @@ namespace Jellyfin.Networking.Tests
         [InlineData("2001:db8:abcd:0012::0/128", "2001:0DB8:ABCD:0012:0000:0000:0000:0001")]
         public void IpV6SubnetMaskDoesNotMatchInvalidIpAddress(string netMask, string ipAddress)
         {
-            var split = netMask.Split("/");
-            var mask = int.Parse(split[1], CultureInfo.InvariantCulture);
-            var ipa = IPAddress.Parse(split[0]);
-            var ipn = new IPNetwork(ipa, mask);
-            Assert.False(ipn.Contains(IPAddress.Parse(ipAddress)));
+            Assert.False(NetworkExtensions.TryParseToSubnet(netMask, out var subnet) && subnet.Contains(IPAddress.Parse(ipAddress)));
         }
 
         [Theory]
@@ -262,7 +267,7 @@ namespace Jellyfin.Networking.Tests
 
             if (nm.TryParseInterface(result, out List<IPData>? resultObj) && resultObj != null)
             {
-                // Parse out IPAddresses so we can do a string comparison. (Ignore subnet masks).
+                // Parse out IPAddresses so we can do a string comparison (ignore subnet masks).
                 result = resultObj.First().Address.ToString();
             }