如何确定IP地址是否为私有地址

本文关键字:地址 是否 IP 何确定 | 更新日期: 2023-09-27 18:14:18

到目前为止,我有以下代码:

NetworkInterface[] adapters = NetworkInterface.GetAllNetworkInterfaces();
foreach (NetworkInterface adapter in adapters)
{
  IPInterfaceProperties properties = adapter.GetIPProperties();
  foreach (IPAddressInformation uniCast in properties.UnicastAddresses)
  {
    // Ignore loop-back addresses & IPv6
    if (!IPAddress.IsLoopback(uniCast.Address) && 
      uniCast.Address.AddressFamily!= AddressFamily.InterNetworkV6)
        Addresses.Add(uniCast.Address);
  }
}

我如何也过滤私人IP地址?以同样的方式,我过滤环回IP地址。

如何确定IP地址是否为私有地址

这里有更详细的响应:

private bool _IsPrivate(string ipAddress)
{
    int[] ipParts = ipAddress.Split(new String[] { "." }, StringSplitOptions.RemoveEmptyEntries)
                             .Select(s => int.Parse(s)).ToArray();
    // in private ip range
    if (ipParts[0] == 10 ||
        (ipParts[0] == 192 && ipParts[1] == 168) ||
        (ipParts[0] == 172 && (ipParts[1] >= 16 && ipParts[1] <= 31))) {
        return true;
    }
    // IP Address is probably public.
    // This doesn't catch some VPN ranges like OpenVPN and Hamachi.
    return false;
}

私有地址范围在RFC1918中定义。它们是:

  • 10.0.0.0-10.255.255.255(10/8前缀(
  • 172.16.0.0-172.31.255.255(172.16/12前缀(
  • 192.168.0.0-192.168.255.255(192.168/16前缀(

您可能还想过滤掉RFC3927中定义的链接本地地址(169.254/16(。

最好的方法是对IP地址类进行扩展

    /// <summary>
    /// An extension method to determine if an IP address is internal, as specified in RFC1918
    /// </summary>
    /// <param name="toTest">The IP address that will be tested</param>
    /// <returns>Returns true if the IP is internal, false if it is external</returns>
    public static bool IsInternal(this IPAddress toTest)
    {
        if (IPAddress.IsLoopback(toTest)) return true;
        else if (toTest.ToString() == "::1") return false;
        byte[] bytes = toTest.GetAddressBytes();
        switch( bytes[ 0 ] )
        {
            case 10:
                return true;
            case 172:
                return bytes[ 1 ] < 32 && bytes[ 1 ] >= 16;
            case 192:
                return bytes[ 1 ] == 168;
            default:
                return false;
        }
    }

然后,可以在IP地址类的实例上调用该方法

    bool isIpInternal = ipAddressInformation.Address.IsInternal();

添加了IPv6和localhost情况。

    /* An IP should be considered as internal when:
       ::1          -   IPv6  loopback
       10.0.0.0     -   10.255.255.255  (10/8 prefix)
       127.0.0.0    -   127.255.255.255  (127/8 prefix)
       172.16.0.0   -   172.31.255.255  (172.16/12 prefix)
       192.168.0.0  -   192.168.255.255 (192.168/16 prefix)
     */
    public bool IsInternal(string testIp)
    {
        if(testIp == "::1") return true;
        byte[] ip = IPAddress.Parse(testIp).GetAddressBytes();
        switch (ip[0])
        {
            case 10:
            case 127:
                return true;
            case 172:
                return ip[1] >= 16 && ip[1] < 32;
            case 192:
                return ip[1] == 168;
            default:
                return false;
        }
    }

此实现+测试涵盖:

  • 环回(IPv4、IPv6(
  • 链路本地(IPv4、IPv6(
  • 站点本地(IPv6(
  • 唯一本地(IPv6,需要.NET6(
  • IPv4映射到IPv6

在.NET Core 3.1和.NET 6。

https://gist.github.com/angularsen/f77b53ee9966fcd914025e25a2b3a085

实施

using System;
using System.Net;
using System.Net.Sockets;
namespace MyNamespace
{
    /// <summary>
    /// Extension methods on <see cref="System.Net.IPAddress"/>.
    /// </summary>
    public static class IPAddressExtensions
    {
        /// <summary>
        /// Returns true if the IP address is in a private range.<br/>
        /// IPv4: Loopback, link local ("169.254.x.x"), class A ("10.x.x.x"), class B ("172.16.x.x" to "172.31.x.x") and class C ("192.168.x.x").<br/>
        /// IPv6: Loopback, link local, site local, unique local and private IPv4 mapped to IPv6.<br/>
        /// </summary>
        /// <param name="ip">The IP address.</param>
        /// <returns>True if the IP address was in a private range.</returns>
        /// <example><code>bool isPrivate = IPAddress.Parse("127.0.0.1").IsPrivate();</code></example>
        public static bool IsPrivate(this IPAddress ip)
        {
            // Map back to IPv4 if mapped to IPv6, for example "::ffff:1.2.3.4" to "1.2.3.4".
            if (ip.IsIPv4MappedToIPv6)
                ip = ip.MapToIPv4();
            // Checks loopback ranges for both IPv4 and IPv6.
            if (IPAddress.IsLoopback(ip)) return true;
            // IPv4
            if (ip.AddressFamily == AddressFamily.InterNetwork)
                return IsPrivateIPv4(ip.GetAddressBytes());
            // IPv6
            if (ip.AddressFamily == AddressFamily.InterNetworkV6)
            {
                return ip.IsIPv6LinkLocal ||
#if NET6_0
                       ip.IsIPv6UniqueLocal ||
#endif
                       ip.IsIPv6SiteLocal;
            }
            throw new NotSupportedException(
                    $"IP address family {ip.AddressFamily} is not supported, expected only IPv4 (InterNetwork) or IPv6 (InterNetworkV6).");
        }
        private static bool IsPrivateIPv4(byte[] ipv4Bytes)
        {
            // Link local (no IP assigned by DHCP): 169.254.0.0 to 169.254.255.255 (169.254.0.0/16)
            bool IsLinkLocal() => ipv4Bytes[0] == 169 && ipv4Bytes[1] == 254;
            // Class A private range: 10.0.0.0 – 10.255.255.255 (10.0.0.0/8)
            bool IsClassA() => ipv4Bytes[0] == 10;
            // Class B private range: 172.16.0.0 – 172.31.255.255 (172.16.0.0/12)
            bool IsClassB() => ipv4Bytes[0] == 172 && ipv4Bytes[1] >= 16 && ipv4Bytes[1] <= 31;
            // Class C private range: 192.168.0.0 – 192.168.255.255 (192.168.0.0/16)
            bool IsClassC() => ipv4Bytes[0] == 192 && ipv4Bytes[1] == 168;
            return IsLinkLocal() || IsClassA() || IsClassC() || IsClassB();
        }
    }
}

测试

using System.Diagnostics.CodeAnalysis;
using System.Net;
using MyNamespace;
using FluentAssertions;
using Xunit;
namespace MyNamespace.Tests
{
    [SuppressMessage("ReSharper", "InvokeAsExtensionMethod")]
    public class IPAddressExtensionsTests
    {
        [Theory]
        [InlineData("1.1.1.1"     )] // Cloudflare DNS
        [InlineData("8.8.8.8"     )] // Google DNS
        [InlineData("20.112.52.29")] // microsoft.com
        public void IsPrivate_ReturnsFalse_PublicIPv4(string ip)
        {
            var ipAddress = IPAddress.Parse(ip);
            IPAddressExtensions.IsPrivate(ipAddress).Should().BeFalse();
        }
        [Theory]
        [InlineData("::ffff:1.1.1.1"     )] // Cloudflare DNS
        [InlineData("::ffff:8.8.8.8"     )] // Google DNS
        [InlineData("::ffff:20.112.52.29")] // microsoft.com
        public void IsPrivate_ReturnsFalse_PublicIPv4MappedToIPv6(string ip)
        {
            var ipAddress = IPAddress.Parse(ip);
            IPAddressExtensions.IsPrivate(ipAddress).Should().BeFalse();
        }
        [Theory]
        [InlineData("127.0.0.1"      )] // Loopback IPv4 127.0.0.1 - 127.255.255.255 (127.0.0.0/8)
        [InlineData("127.10.20.30"   )]
        [InlineData("127.255.255.255")]
        [InlineData("10.0.0.0"       )] // Class A private IP 10.0.0.0 – 10.255.255.255 (10.0.0.0/8)
        [InlineData("10.20.30.40"    )]
        [InlineData("10.255.255.255" )]
        [InlineData("172.16.0.0"     )] // Class B private IP 172.16.0.0 – 172.31.255.255 (172.16.0.0/12)
        [InlineData("172.20.30.40"   )]
        [InlineData("172.31.255.255" )]
        [InlineData("192.168.0.0"    )] // Class C private IP 192.168.0.0 – 192.168.255.255 (192.168.0.0/16)
        [InlineData("192.168.30.40"  )]
        [InlineData("192.168.255.255")]
        [InlineData("169.254.0.0"    )] // Link local (169.254.x.x)
        [InlineData("169.254.30.40"  )]
        [InlineData("169.254.255.255")]
        public void IsPrivate_ReturnsTrue_PrivateIPv4(string ip)
        {
            var ipAddress = IPAddress.Parse(ip);
            IPAddressExtensions.IsPrivate(ipAddress).Should().BeTrue();
        }
        [Theory]
        [InlineData("::ffff:127.0.0.1"      )] // Loopback IPv4 127.0.0.1 - 127.255.255.254 (127.0.0.0/8)
        [InlineData("::ffff:127.10.20.30"   )]
        [InlineData("::ffff:127.255.255.254")]
        [InlineData("::ffff:10.0.0.0"       )] // Class A private IP 10.0.0.0 – 10.255.255.255 (10.0.0.0/8)
        [InlineData("::ffff:10.20.30.40"    )]
        [InlineData("::ffff:10.255.255.255" )]
        [InlineData("::ffff:172.16.0.0"     )] // Class B private IP 172.16.0.0 – 172.31.255.255 (172.16.0.0/12)
        [InlineData("::ffff:172.20.30.40"   )]
        [InlineData("::ffff:172.31.255.255" )]
        [InlineData("::ffff:192.168.0.0"    )] // Class C private IP 192.168.0.0 – 192.168.255.255 (192.168.0.0/16)
        [InlineData("::ffff:192.168.30.40"  )]
        [InlineData("::ffff:192.168.255.255")]
        [InlineData("::ffff:169.254.0.0"    )] // Link local (169.254.x.x)
        [InlineData("::ffff:169.254.30.40"  )]
        [InlineData("::ffff:169.254.255.255")]
        public void IsPrivate_ReturnsTrue_PrivateIPv4MappedToIPv6(string ip)
        {
            var ipAddress = IPAddress.Parse(ip);
            IPAddressExtensions.IsPrivate(ipAddress).Should().BeTrue();
        }
        [Theory]
        [InlineData("::1"              )]  // Loopback
        [InlineData("fe80::"           )]  // Link local
        [InlineData("fe80:1234:5678::1")]  // Link local
        [InlineData("fc00::"           )]  // Unique local, globally assigned.
        [InlineData("fc00:1234:5678::1")]  // Unique local, globally assigned.
        [InlineData("fd00::"           )]  // Unique local, locally assigned.
        [InlineData("fd12:3456:789a::1")]  // Unique local, locally assigned.
        public void IsPrivate_ReturnsTrue_PrivateIPv6(string ip)
        {
            var ipAddress = IPAddress.Parse(ip);
            IPAddressExtensions.IsPrivate(ipAddress).Should().BeTrue();
        }
        [Theory]
        [InlineData("2606:4700:4700::64"                     )] // Cloudflare DNS
        [InlineData("2001:4860:4860::8888"                   )] // Google DNS
        [InlineData("2001:0db8:85a3:0000:0000:8a2e:0370:7334")] // Commonly used example.
        public void IsPrivate_ReturnsFalse_PublicIPv6(string ip)
        {
            var ipAddress = IPAddress.Parse(ip);
            IPAddressExtensions.IsPrivate(ipAddress).Should().BeFalse();
        }
    }
}
10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

使用RFC中定义的范围(如Anders所建议的(;而不是使用正则表达式从列表中检测/删除私有IP地址。

下面是一个用于检测私有IP地址的RegEx示例。(我没有测试(

(^127'.0'.0'.1)|
(^10'.)|
(^172'.1[6-9]'.)|(^172'.2[0-9]'.)|(^172'.3[0-1]'.)|
(^192'.168'.)