summaryrefslogtreecommitdiffhomepage
path: root/libs/luci-lib-ip
diff options
context:
space:
mode:
Diffstat (limited to 'libs/luci-lib-ip')
-rw-r--r--libs/luci-lib-ip/Makefile14
-rw-r--r--libs/luci-lib-ip/src/Makefile17
-rw-r--r--libs/luci-lib-ip/src/ip.c1392
-rw-r--r--libs/luci-lib-ip/src/ip.luadoc831
4 files changed, 2254 insertions, 0 deletions
diff --git a/libs/luci-lib-ip/Makefile b/libs/luci-lib-ip/Makefile
new file mode 100644
index 0000000000..eb80dcb258
--- /dev/null
+++ b/libs/luci-lib-ip/Makefile
@@ -0,0 +1,14 @@
+#
+# Copyright (C) 2015 LuCI Team <luci@lists.subsignal.org>
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=Lua library for IP calculation and routing information
+LUCI_DEPENDS:=+liblua +libnl-tiny
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
diff --git a/libs/luci-lib-ip/src/Makefile b/libs/luci-lib-ip/src/Makefile
new file mode 100644
index 0000000000..76abd27d2a
--- /dev/null
+++ b/libs/luci-lib-ip/src/Makefile
@@ -0,0 +1,17 @@
+IP_CFLAGS = -std=gnu99 -I$(STAGING_DIR)/usr/include/libnl-tiny/
+IP_LDFLAGS = -llua -lm -lnl-tiny
+IP_OBJ = ip.o
+IP_LIB = ip.so
+
+%.o: %.c
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LUA_CFLAGS) $(IP_CFLAGS) $(FPIC) -c -o $@ $<
+
+compile: $(IP_OBJ)
+ $(CC) $(LDFLAGS) -shared -o $(IP_LIB) $(IP_OBJ) $(IP_LDFLAGS)
+
+install: compile
+ mkdir -p $(DESTDIR)/usr/lib/lua/luci
+ cp $(IP_LIB) $(DESTDIR)/usr/lib/lua/luci/$(IP_LIB)
+
+clean:
+ rm -f *.o *.so
diff --git a/libs/luci-lib-ip/src/ip.c b/libs/luci-lib-ip/src/ip.c
new file mode 100644
index 0000000000..b91966c536
--- /dev/null
+++ b/libs/luci-lib-ip/src/ip.c
@@ -0,0 +1,1392 @@
+/*
+Copyright 2015 Jo-Philipp Wich <jow@openwrt.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#define _GNU_SOURCE
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <unistd.h>
+#include <errno.h>
+#include <string.h>
+#include <limits.h>
+
+#include <lua.h>
+#include <lualib.h>
+#include <lauxlib.h>
+
+#include <net/if.h>
+#include <netinet/ether.h>
+#include <arpa/inet.h>
+#include <netlink/msg.h>
+#include <netlink/attr.h>
+#include <netlink/socket.h>
+#include <linux/rtnetlink.h>
+
+#define LUCI_IP "luci.ip"
+#define LUCI_IP_CIDR "luci.ip.cidr"
+
+#define RTA_INT(x) (*(int *)RTA_DATA(x))
+#define RTA_U32(x) (*(uint32_t *)RTA_DATA(x))
+
+static int hz = 0;
+static struct nl_sock *sock = NULL;
+
+typedef struct {
+ union {
+ struct in_addr v4;
+ struct in6_addr v6;
+ } addr;
+ int len;
+ int bits;
+ int family;
+ bool exact;
+} cidr_t;
+
+struct dump_filter {
+ bool get;
+ int family;
+ int iif;
+ int oif;
+ int type;
+ int scope;
+ int proto;
+ int table;
+ cidr_t gw;
+ cidr_t from;
+ cidr_t src;
+ cidr_t dst;
+ struct ether_addr mac;
+};
+
+struct dump_state {
+ int index;
+ int pending;
+ int callback;
+ struct lua_State *L;
+ struct dump_filter *filter;
+};
+
+
+static int _cidr_new(lua_State *L, int index, int family, bool mask);
+
+static cidr_t *L_checkcidr (lua_State *L, int index, cidr_t *p)
+{
+ if (lua_type(L, index) == LUA_TUSERDATA)
+ return luaL_checkudata(L, index, LUCI_IP_CIDR);
+
+ if (_cidr_new(L, index, p ? p->family : 0, false))
+ return lua_touserdata(L, -1);
+
+ luaL_error(L, "Invalid operand");
+ return NULL;
+}
+
+static bool parse_mask(int family, const char *mask, int *bits)
+{
+ char *e;
+ struct in_addr m;
+ struct in6_addr m6;
+
+ if (family == AF_INET && inet_pton(AF_INET, mask, &m))
+ {
+ for (*bits = 0, m.s_addr = ntohl(m.s_addr);
+ *bits < 32 && (m.s_addr << *bits) & 0x80000000;
+ ++*bits);
+ }
+ else if (family == AF_INET6 && inet_pton(AF_INET6, mask, &m6))
+ {
+ for (*bits = 0;
+ *bits < 128 && (m6.s6_addr[*bits / 8] << (*bits % 8)) & 128;
+ ++*bits);
+ }
+ else
+ {
+ *bits = strtoul(mask, &e, 10);
+
+ if (e == mask || *e != 0 || *bits > ((family == AF_INET) ? 32 : 128))
+ return false;
+ }
+
+ return true;
+}
+
+static bool parse_cidr(const char *dest, cidr_t *pp)
+{
+ char *p, buf[INET6_ADDRSTRLEN * 2 + 2];
+ uint8_t bitlen = 0;
+
+ strncpy(buf, dest, sizeof(buf) - 1);
+
+ p = strchr(buf, '/');
+
+ if (p)
+ *p++ = 0;
+
+ if (inet_pton(AF_INET, buf, &pp->addr.v4))
+ {
+ bitlen = 32;
+ pp->family = AF_INET;
+ pp->len = sizeof(struct in_addr);
+ }
+ else if (inet_pton(AF_INET6, buf, &pp->addr.v6))
+ {
+ bitlen = 128;
+ pp->family = AF_INET6;
+ pp->len = sizeof(struct in6_addr);
+ }
+ else
+ return false;
+
+ if (p)
+ {
+ if (!parse_mask(pp->family, p, &pp->bits))
+ return false;
+ }
+ else
+ {
+ pp->bits = bitlen;
+ }
+
+ return true;
+}
+
+static int L_getint(lua_State *L, int index, const char *name)
+{
+ int rv = 0;
+
+ lua_getfield(L, index, name);
+
+ if (lua_type(L, -1) == LUA_TNUMBER)
+ rv = lua_tonumber(L, -1);
+
+ lua_pop(L, 1);
+
+ return rv;
+}
+
+static const char * L_getstr(lua_State *L, int index, const char *name)
+{
+ const char *rv = NULL;
+
+ lua_getfield(L, index, name);
+
+ if (lua_type(L, -1) == LUA_TSTRING)
+ rv = lua_tostring(L, -1);
+
+ lua_pop(L, 1);
+
+ return rv;
+}
+
+static void L_setint(struct lua_State *L, const char *name, uint32_t n)
+{
+ lua_pushinteger(L, n);
+ lua_setfield(L, -2, name);
+}
+
+static void L_setbool(struct lua_State *L, const char *name, bool val)
+{
+ lua_pushboolean(L, val);
+ lua_setfield(L, -2, name);
+}
+
+static void L_setaddr(struct lua_State *L, const char *name,
+ int family, void *addr, int bits)
+{
+ cidr_t *p;
+
+ if (!addr)
+ return;
+
+ p = lua_newuserdata(L, sizeof(*p));
+
+ if (!p)
+ return;
+
+ if (family == AF_INET)
+ {
+ p->family = AF_INET;
+ p->bits = (bits < 0) ? 32 : bits;
+ p->len = sizeof(p->addr.v4);
+ p->addr.v4 = *(struct in_addr *)addr;
+ }
+ else
+ {
+ p->family = AF_INET6;
+ p->bits = (bits < 0) ? 128 : bits;
+ p->len = sizeof(p->addr.v6);
+ p->addr.v6 = *(struct in6_addr *)addr;
+ }
+
+ luaL_getmetatable(L, LUCI_IP_CIDR);
+ lua_setmetatable(L, -2);
+ lua_setfield(L, -2, name);
+}
+
+static void L_setstr(struct lua_State *L, const char *name, const char *val)
+{
+ lua_pushstring(L, val);
+ lua_setfield(L, -2, name);
+}
+
+static void L_setdev(struct lua_State *L, const char *name,
+ struct nlattr *attr)
+{
+ char buf[32];
+
+ if (if_indextoname(RTA_INT(attr), buf))
+ L_setstr(L, name, buf);
+}
+
+static int L_checkbits(lua_State *L, int index, cidr_t *p)
+{
+ int bits;
+
+ if (lua_gettop(L) < index || lua_isnil(L, index))
+ {
+ bits = p->bits;
+ }
+ else if (lua_type(L, index) == LUA_TNUMBER)
+ {
+ bits = lua_tointeger(L, index);
+
+ if (bits < 0 || bits > ((p->family == AF_INET) ? 32 : 128))
+ return luaL_error(L, "Invalid prefix size");
+ }
+ else if (lua_type(L, index) == LUA_TSTRING)
+ {
+ if (!parse_mask(p->family, lua_tostring(L, index), &bits))
+ return luaL_error(L, "Invalid netmask format");
+ }
+ else
+ {
+ return luaL_error(L, "Invalid data type");
+ }
+
+ return bits;
+}
+
+static int _cidr_new(lua_State *L, int index, int family, bool mask)
+{
+ uint32_t n;
+ const char *addr;
+ cidr_t cidr = { }, *cidrp;
+
+ if (lua_type(L, index) == LUA_TNUMBER)
+ {
+ n = htonl(lua_tointeger(L, index));
+
+ if (family == AF_INET6)
+ {
+ cidr.family = AF_INET6;
+ cidr.bits = 128;
+ cidr.len = sizeof(cidr.addr.v6);
+ cidr.addr.v6.s6_addr[12] = n;
+ cidr.addr.v6.s6_addr[13] = (n >> 8);
+ cidr.addr.v6.s6_addr[14] = (n >> 16);
+ cidr.addr.v6.s6_addr[15] = (n >> 24);
+ }
+ else
+ {
+ cidr.family = AF_INET;
+ cidr.bits = 32;
+ cidr.len = sizeof(cidr.addr.v4);
+ cidr.addr.v4.s_addr = n;
+ }
+ }
+ else
+ {
+ addr = luaL_checkstring(L, index);
+
+ if (!parse_cidr(addr, &cidr))
+ return 0;
+
+ if (family && cidr.family != family)
+ return 0;
+
+ if (mask)
+ cidr.bits = L_checkbits(L, index + 1, &cidr);
+ }
+
+ if (!(cidrp = lua_newuserdata(L, sizeof(*cidrp))))
+ return 0;
+
+ *cidrp = cidr;
+ luaL_getmetatable(L, LUCI_IP_CIDR);
+ lua_setmetatable(L, -2);
+ return 1;
+}
+
+static int cidr_new(lua_State *L)
+{
+ return _cidr_new(L, 1, 0, true);
+}
+
+static int cidr_ipv4(lua_State *L)
+{
+ return _cidr_new(L, 1, AF_INET, true);
+}
+
+static int cidr_ipv6(lua_State *L)
+{
+ return _cidr_new(L, 1, AF_INET6, true);
+}
+
+static int cidr_is4(lua_State *L)
+{
+ cidr_t *p = L_checkcidr(L, 1, NULL);
+
+ lua_pushboolean(L, p->family == AF_INET);
+ return 1;
+}
+
+static int cidr_is4rfc1918(lua_State *L)
+{
+ cidr_t *p = L_checkcidr(L, 1, NULL);
+ uint32_t a = htonl(p->addr.v4.s_addr);
+
+ lua_pushboolean(L, (p->family == AF_INET &&
+ ((a >= 0x0A000000 && a <= 0x0AFFFFFF) ||
+ (a >= 0xAC100000 && a <= 0xAC1FFFFF) ||
+ (a >= 0xC0A80000 && a <= 0xC0A8FFFF))));
+
+ return 1;
+}
+
+static int cidr_is4linklocal(lua_State *L)
+{
+ cidr_t *p = L_checkcidr(L, 1, NULL);
+ uint32_t a = htonl(p->addr.v4.s_addr);
+
+ lua_pushboolean(L, (p->family == AF_INET &&
+ a >= 0xA9FE0000 &&
+ a <= 0xA9FEFFFF));
+
+ return 1;
+}
+
+static bool _is_mapped4(cidr_t *p)
+{
+ return (p->family == AF_INET6 &&
+ p->addr.v6.s6_addr[0] == 0 &&
+ p->addr.v6.s6_addr[1] == 0 &&
+ p->addr.v6.s6_addr[2] == 0 &&
+ p->addr.v6.s6_addr[3] == 0 &&
+ p->addr.v6.s6_addr[4] == 0 &&
+ p->addr.v6.s6_addr[5] == 0 &&
+ p->addr.v6.s6_addr[6] == 0 &&
+ p->addr.v6.s6_addr[7] == 0 &&
+ p->addr.v6.s6_addr[8] == 0 &&
+ p->addr.v6.s6_addr[9] == 0 &&
+ p->addr.v6.s6_addr[10] == 0xFF &&
+ p->addr.v6.s6_addr[11] == 0xFF);
+}
+
+static int cidr_is6mapped4(lua_State *L)
+{
+ cidr_t *p = L_checkcidr(L, 1, NULL);
+
+ lua_pushboolean(L, _is_mapped4(p));
+ return 1;
+}
+
+static int cidr_is6(lua_State *L)
+{
+ cidr_t *p = L_checkcidr(L, 1, NULL);
+
+ lua_pushboolean(L, p->family == AF_INET6);
+ return 1;
+}
+
+static int cidr_is6linklocal(lua_State *L)
+{
+ cidr_t *p = L_checkcidr(L, 1, NULL);
+
+ lua_pushboolean(L, (p->family == AF_INET6 &&
+ p->addr.v6.s6_addr[0] == 0xFE &&
+ p->addr.v6.s6_addr[1] >= 0x80 &&
+ p->addr.v6.s6_addr[1] <= 0xBF));
+
+ return 1;
+}
+
+static int _cidr_cmp(lua_State *L)
+{
+ cidr_t *a = L_checkcidr(L, 1, NULL);
+ cidr_t *b = L_checkcidr(L, 2, NULL);
+
+ if (a->family != b->family)
+ return (a->family - b->family);
+
+ return memcmp(&a->addr.v6, &b->addr.v6, a->len);
+}
+
+static int cidr_lower(lua_State *L)
+{
+ lua_pushboolean(L, _cidr_cmp(L) < 0);
+ return 1;
+}
+
+static int cidr_higher(lua_State *L)
+{
+ lua_pushboolean(L, _cidr_cmp(L) > 0);
+ return 1;
+}
+
+static int cidr_equal(lua_State *L)
+{
+ lua_pushboolean(L, _cidr_cmp(L) == 0);
+ return 1;
+}
+
+static int cidr_lower_equal(lua_State *L)
+{
+ lua_pushboolean(L, _cidr_cmp(L) <= 0);
+ return 1;
+}
+
+static int cidr_prefix(lua_State *L)
+{
+ cidr_t *p = L_checkcidr(L, 1, NULL);
+ int bits = L_checkbits(L, 2, p);
+
+ p->bits = bits;
+ lua_pushinteger(L, p->bits);
+ return 1;
+}
+
+static void _apply_mask(cidr_t *p, int bits, bool inv)
+{
+ uint8_t b, i;
+
+ if (bits <= 0)
+ {
+ memset(&p->addr.v6, inv * 0xFF, p->len);
+ }
+ else if (p->family == AF_INET && bits <= 32)
+ {
+ if (inv)
+ p->addr.v4.s_addr |= ntohl((1 << (32 - bits)) - 1);
+ else
+ p->addr.v4.s_addr &= ntohl(~((1 << (32 - bits)) - 1));
+ }
+ else if (p->family == AF_INET6 && bits <= 128)
+ {
+ for (i = 0; i < sizeof(p->addr.v6.s6_addr); i++)
+ {
+ b = (bits > 8) ? 8 : bits;
+ if (inv)
+ p->addr.v6.s6_addr[i] |= ~((uint8_t)(0xFF << (8 - b)));
+ else
+ p->addr.v6.s6_addr[i] &= (uint8_t)(0xFF << (8 - b));
+ bits -= b;
+ }
+ }
+}
+
+static int cidr_network(lua_State *L)
+{
+ cidr_t *p1 = L_checkcidr(L, 1, NULL), *p2;
+ int bits = L_checkbits(L, 2, p1);
+
+ if (!(p2 = lua_newuserdata(L, sizeof(*p2))))
+ return 0;
+
+ *p2 = *p1;
+ p2->bits = (p1->family == AF_INET) ? 32 : 128;
+ _apply_mask(p2, bits, false);
+
+ luaL_getmetatable(L, LUCI_IP_CIDR);
+ lua_setmetatable(L, -2);
+ return 1;
+}
+
+static int cidr_host(lua_State *L)
+{
+ cidr_t *p1 = L_checkcidr(L, 1, NULL);
+ cidr_t *p2 = lua_newuserdata(L, sizeof(*p2));
+
+ if (!p2)
+ return 0;
+
+ *p2 = *p1;
+ p2->bits = (p1->family == AF_INET) ? 32 : 128;
+
+ luaL_getmetatable(L, LUCI_IP_CIDR);
+ lua_setmetatable(L, -2);
+ return 1;
+}
+
+static int cidr_mask(lua_State *L)
+{
+ cidr_t *p1 = L_checkcidr(L, 1, NULL), *p2;
+ int bits = L_checkbits(L, 2, p1);
+
+ if (!(p2 = lua_newuserdata(L, sizeof(*p2))))
+ return 0;
+
+ p2->bits = (p1->family == AF_INET) ? 32 : 128;
+ p2->family = p1->family;
+
+ memset(&p2->addr.v6.s6_addr, 0xFF, sizeof(p2->addr.v6.s6_addr));
+ _apply_mask(p2, bits, false);
+
+ luaL_getmetatable(L, LUCI_IP_CIDR);
+ lua_setmetatable(L, -2);
+ return 1;
+}
+
+static int cidr_broadcast(lua_State *L)
+{
+ cidr_t *p1 = L_checkcidr(L, 1, NULL);
+ cidr_t *p2;
+ int bits = L_checkbits(L, 2, p1);
+
+ if (p1->family == AF_INET6)
+ return 0;
+
+ if (!(p2 = lua_newuserdata(L, sizeof(*p2))))
+ return 0;
+
+ *p2 = *p1;
+ p2->bits = (p1->family == AF_INET) ? 32 : 128;
+ _apply_mask(p2, bits, true);
+
+ luaL_getmetatable(L, LUCI_IP_CIDR);
+ lua_setmetatable(L, -2);
+ return 1;
+}
+
+static int cidr_mapped4(lua_State *L)
+{
+ cidr_t *p1 = L_checkcidr(L, 1, NULL);
+ cidr_t *p2;
+
+ if (!_is_mapped4(p1))
+ return 0;
+
+ if (!(p2 = lua_newuserdata(L, sizeof(*p2))))
+ return 0;
+
+ p2->family = AF_INET;
+ p2->bits = (p1->bits > 32) ? 32 : p1->bits;
+ memcpy(&p2->addr.v4, p1->addr.v6.s6_addr + 12, sizeof(p2->addr.v4));
+
+ luaL_getmetatable(L, LUCI_IP_CIDR);
+ lua_setmetatable(L, -2);
+ return 1;
+}
+
+static int cidr_contains(lua_State *L)
+{
+ cidr_t *p1 = L_checkcidr(L, 1, NULL);
+ cidr_t *p2 = L_checkcidr(L, 2, NULL);
+ cidr_t a = *p1, b = *p2;
+ bool rv = false;
+
+ if (p1->family == p2->family && p1->bits <= p2->bits)
+ {
+ _apply_mask(&a, p1->bits, false);
+ _apply_mask(&b, p1->bits, false);
+
+ rv = !memcmp(&a.addr.v6, &b.addr.v6, a.len);
+ }
+
+ lua_pushboolean(L, rv);
+ return 1;
+}
+
+#define S6_BYTE(a, i) \
+ (a)->addr.v6.s6_addr[sizeof((a)->addr.v6.s6_addr) - (i) - 1]
+
+static int _cidr_add_sub(lua_State *L, bool add)
+{
+ cidr_t *p1 = L_checkcidr(L, 1, NULL);
+ cidr_t *p2 = L_checkcidr(L, 2, p1);
+ cidr_t r = *p1;
+ bool inplace = lua_isboolean(L, 3) ? lua_toboolean(L, 3) : false;
+ bool ok = true;
+ uint8_t i, carry;
+ uint32_t a, b;
+
+ if (p1->family == p2->family)
+ {
+ if (p1->family == AF_INET6)
+ {
+ for (i = 0, carry = 0; i < sizeof(r.addr.v6.s6_addr); i++)
+ {
+ if (add)
+ {
+ S6_BYTE(&r, i) = S6_BYTE(p1, i) + S6_BYTE(p2, i) + carry;
+ carry = (S6_BYTE(p1, i) + S6_BYTE(p2, i) + carry) / 256;
+ }
+ else
+ {
+ S6_BYTE(&r, i) = (S6_BYTE(p1, i) - S6_BYTE(p2, i) - carry);
+ carry = (S6_BYTE(p1, i) < (S6_BYTE(p2, i) + carry));
+ }
+ }
+
+ /* would over/underflow */
+ if (carry)
+ {
+ memset(&r.addr.v6, add * 0xFF, sizeof(r.addr.v6));
+ ok = false;
+ }
+ }
+ else
+ {
+ a = ntohl(p1->addr.v4.s_addr);
+ b = ntohl(p2->addr.v4.s_addr);
+
+ /* would over/underflow */
+ if ((add && (UINT_MAX - a) < b) || (!add && a < b))
+ {
+ r.addr.v4.s_addr = add * 0xFFFFFFFF;
+ ok = false;
+ }
+ else
+ {
+ r.addr.v4.s_addr = add ? htonl(a + b) : htonl(a - b);
+ }
+ }
+ }
+ else
+ {
+ ok = false;
+ }
+
+ if (inplace)
+ {
+ *p1 = r;
+ lua_pushboolean(L, ok);
+ return 1;
+ }
+
+ if (!(p1 = lua_newuserdata(L, sizeof(*p1))))
+ return 0;
+
+ *p1 = r;
+
+ luaL_getmetatable(L, LUCI_IP_CIDR);
+ lua_setmetatable(L, -2);
+ return 1;
+}
+
+static int cidr_add(lua_State *L)
+{
+ return _cidr_add_sub(L, true);
+}
+
+static int cidr_sub(lua_State *L)
+{
+ return _cidr_add_sub(L, false);
+}
+
+static int cidr_minhost(lua_State *L)
+{
+ cidr_t *p = L_checkcidr(L, 1, NULL);
+ cidr_t r = *p;
+ uint8_t i, rest, carry;
+
+ _apply_mask(&r, r.bits, false);
+
+ if (r.family == AF_INET6 && r.bits < 128)
+ {
+ r.bits = 128;
+
+ for (i = 0, carry = 1; i < sizeof(r.addr.v6.s6_addr); i++)
+ {
+ rest = (S6_BYTE(&r, i) + carry) > 255;
+ S6_BYTE(&r, i) += carry;
+ carry = rest;
+ }
+ }
+ else if (r.family == AF_INET && r.bits < 32)
+ {
+ r.bits = 32;
+ r.addr.v4.s_addr = htonl(ntohl(r.addr.v4.s_addr) + 1);
+ }
+
+ if (!(p = lua_newuserdata(L, sizeof(*p))))
+ return 0;
+
+ *p = r;
+
+ luaL_getmetatable(L, LUCI_IP_CIDR);
+ lua_setmetatable(L, -2);
+ return 1;
+}
+
+static int cidr_maxhost(lua_State *L)
+{
+ cidr_t *p = L_checkcidr(L, 1, NULL);
+ cidr_t r = *p;
+
+ _apply_mask(&r, r.bits, true);
+
+ if (r.family == AF_INET && r.bits < 32)
+ {
+ r.bits = 32;
+ r.addr.v4.s_addr = htonl(ntohl(r.addr.v4.s_addr) - 1);
+ }
+ else if (r.family == AF_INET6)
+ {
+ r.bits = 128;
+ }
+
+ if (!(p = lua_newuserdata(L, sizeof(*p))))
+ return 0;
+
+ *p = r;
+
+ luaL_getmetatable(L, LUCI_IP_CIDR);
+ lua_setmetatable(L, -2);
+ return 1;
+}
+
+static int cidr_gc (lua_State *L)
+{
+ return 0;
+}
+
+static int cidr_tostring (lua_State *L)
+{
+ char buf[INET6_ADDRSTRLEN];
+ cidr_t *p = L_checkcidr(L, 1, NULL);
+
+ if ((p->family == AF_INET && p->bits < 32) ||
+ (p->family == AF_INET6 && p->bits < 128))
+ {
+ lua_pushfstring(L, "%s/%d",
+ inet_ntop(p->family, &p->addr.v6, buf, sizeof(buf)),
+ p->bits);
+ }
+ else
+ {
+ lua_pushstring(L, inet_ntop(p->family, &p->addr.v6, buf, sizeof(buf)));
+ }
+
+ return 1;
+}
+
+/*
+ * route functions
+ */
+
+static bool diff_prefix(int family, void *addr, int bits, cidr_t *p)
+{
+ uint8_t i, b, r;
+ uint32_t m;
+
+ if (!p->family)
+ return false;
+
+ if (!addr || p->family != family || p->bits > bits)
+ return true;
+
+ if (family == AF_INET6)
+ {
+ for (i = 0, r = p->bits; i < sizeof(struct in6_addr); i++)
+ {
+ b = r ? (0xFF << (8 - ((r > 8) ? 8 : r))) : 0;
+
+ if ((((struct in6_addr *)addr)->s6_addr[i] & b) !=
+ (p->addr.v6.s6_addr[i] & b))
+ return true;
+
+ r -= ((r > 8) ? 8 : r);
+ }
+ }
+ else
+ {
+ m = p->bits ? htonl(~((1 << (32 - p->bits)) - 1)) : 0;
+
+ if ((((struct in_addr *)addr)->s_addr & m) != (p->addr.v4.s_addr & m))
+ return true;
+ }
+
+ return (p->exact && p->bits != bits);
+}
+
+static int cb_dump_route(struct nl_msg *msg, void *arg)
+{
+ struct dump_state *s = arg;
+ struct dump_filter *f = s->filter;
+ struct nlmsghdr *hdr = nlmsg_hdr(msg);
+ struct rtmsg *rt = NLMSG_DATA(hdr);
+ struct nlattr *tb[RTA_MAX+1];
+ struct in6_addr *src, *dst, *gw, *from, def = { };
+ int iif, oif, bitlen;
+ uint32_t table;
+
+ if (hdr->nlmsg_type != RTM_NEWROUTE ||
+ (rt->rtm_family != AF_INET && rt->rtm_family != AF_INET6))
+ return NL_SKIP;
+
+ nlmsg_parse(hdr, sizeof(*rt), tb, RTA_MAX, NULL);
+
+ iif = tb[RTA_IIF] ? RTA_INT(tb[RTA_IIF]) : 0;
+ oif = tb[RTA_OIF] ? RTA_INT(tb[RTA_OIF]) : 0;
+ table = tb[RTA_TABLE] ? RTA_U32(tb[RTA_TABLE]) : rt->rtm_table;
+ from = tb[RTA_SRC] ? RTA_DATA(tb[RTA_SRC]) : NULL;
+ src = tb[RTA_PREFSRC] ? RTA_DATA(tb[RTA_PREFSRC]) : NULL;
+ dst = tb[RTA_DST] ? RTA_DATA(tb[RTA_DST]) : &def;
+ gw = tb[RTA_GATEWAY] ? RTA_DATA(tb[RTA_GATEWAY]) : NULL;
+
+ bitlen = (rt->rtm_family == AF_INET6) ? 128 : 32;
+
+ if ((f->type && rt->rtm_type != f->type) ||
+ (f->family && rt->rtm_family != f->family) ||
+ (f->proto && rt->rtm_protocol != f->proto) ||
+ (f->scope && rt->rtm_scope != f->scope) ||
+ (f->iif && iif != f->iif) ||
+ (f->oif && oif != f->oif) ||
+ (f->table && table != f->table) ||
+ diff_prefix(rt->rtm_family, from, rt->rtm_src_len, &f->from) ||
+ diff_prefix(rt->rtm_family, dst, rt->rtm_dst_len, &f->dst) ||
+ diff_prefix(rt->rtm_family, gw, bitlen, &f->gw) ||
+ diff_prefix(rt->rtm_family, src, bitlen, &f->src))
+ goto out;
+
+ if (s->callback)
+ lua_pushvalue(s->L, 2);
+
+ lua_newtable(s->L);
+
+ L_setint(s->L, "type", rt->rtm_type);
+ L_setint(s->L, "family", (rt->rtm_family == AF_INET) ? 4 : 6);
+
+ L_setaddr(s->L, "dest", rt->rtm_family, dst, rt->rtm_dst_len);
+
+ if (gw)
+ L_setaddr(s->L, "gw", rt->rtm_family, gw, -1);
+
+ if (from)
+ L_setaddr(s->L, "from", rt->rtm_family, from, rt->rtm_src_len);
+
+ if (iif)
+ L_setdev(s->L, "iif", tb[RTA_IIF]);
+
+ if (oif)
+ L_setdev(s->L, "dev", tb[RTA_OIF]);
+
+ L_setint(s->L, "table", table);
+ L_setint(s->L, "proto", rt->rtm_protocol);
+ L_setint(s->L, "scope", rt->rtm_scope);
+
+ if (src)
+ L_setaddr(s->L, "src", rt->rtm_family, src, -1);
+
+ if (tb[RTA_PRIORITY])
+ L_setint(s->L, "metric", RTA_U32(tb[RTA_PRIORITY]));
+
+ if (rt->rtm_family == AF_INET6 && tb[RTA_CACHEINFO])
+ {
+ struct rta_cacheinfo *ci = RTA_DATA(tb[RTA_CACHEINFO]);
+
+ if (ci->rta_expires)
+ {
+ if (ci->rta_expires)
+ L_setint(s->L, "expires", ci->rta_expires / hz);
+
+ if (ci->rta_error != 0)
+ L_setint(s->L, "error", ci->rta_error);
+ }
+ }
+
+ s->index++;
+
+ if (s->callback)
+ lua_call(s->L, 1, 0);
+ else if (hdr->nlmsg_flags & NLM_F_MULTI)
+ lua_rawseti(s->L, -2, s->index);
+
+out:
+ s->pending = !!(hdr->nlmsg_flags & NLM_F_MULTI);
+ return NL_SKIP;
+}
+
+static int
+cb_done(struct nl_msg *msg, void *arg)
+{
+ struct dump_state *s = arg;
+ s->pending = 0;
+ return NL_STOP;
+}
+
+static int
+cb_error(struct sockaddr_nl *nla, struct nlmsgerr *err, void *arg)
+{
+ struct dump_state *s = arg;
+ s->pending = 0;
+ return NL_STOP;
+}
+
+static int _error(lua_State *L, int code, const char *msg)
+{
+ lua_pushnil(L);
+ lua_pushnumber(L, code ? code : errno);
+ lua_pushstring(L, msg ? msg : strerror(errno));
+
+ return 3;
+}
+
+static int _route_dump(lua_State *L, struct dump_filter *filter)
+{
+ int flags = NLM_F_REQUEST;
+ struct dump_state s = {
+ .L = L,
+ .pending = 1,
+ .index = 0,
+ .callback = lua_isfunction(L, 2),
+ .filter = filter
+ };
+
+ if (!hz)
+ hz = sysconf(_SC_CLK_TCK);
+
+ if (!sock)
+ {
+ sock = nl_socket_alloc();
+ if (!sock)
+ return _error(L, -1, "Out of memory");
+
+ if (nl_connect(sock, NETLINK_ROUTE))
+ return _error(L, 0, NULL);
+ }
+
+ struct nl_msg *msg;
+ struct nl_cb *cb = nl_cb_alloc(NL_CB_DEFAULT);
+ struct rtmsg rtm = {
+ .rtm_family = filter->family,
+ .rtm_dst_len = filter->dst.bits,
+ .rtm_src_len = filter->src.bits
+ };
+
+ if (!filter->get)
+ flags |= NLM_F_DUMP;
+
+ msg = nlmsg_alloc_simple(RTM_GETROUTE, flags);
+ if (!msg)
+ goto out;
+
+ nlmsg_append(msg, &rtm, sizeof(rtm), 0);
+
+ if (filter->get)
+ nla_put(msg, RTA_DST, filter->dst.len, &filter->dst.addr.v6);
+
+ nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, cb_dump_route, &s);
+ nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, cb_done, &s);
+ nl_cb_err(cb, NL_CB_CUSTOM, cb_error, &s);
+
+ nl_send_auto_complete(sock, msg);
+
+ if (!filter->get && !s.callback)
+ lua_newtable(L);
+
+ while (s.pending > 0)
+ nl_recvmsgs(sock, cb);
+
+ nlmsg_free(msg);
+
+out:
+ nl_cb_put(cb);
+ return (s.callback == 0);
+}
+
+static int route_get(lua_State *L)
+{
+ struct dump_filter filter = { .get = true };
+ const char *dest = luaL_checkstring(L, 1);
+
+ if (!parse_cidr(dest, &filter.dst))
+ return _error(L, -1, "Invalid destination");
+
+ filter.family = filter.dst.family;
+
+ return _route_dump(L, &filter);
+}
+
+static int route_dump(lua_State *L)
+{
+ const char *s;
+ cidr_t p = { };
+ struct dump_filter filter = { };
+
+ if (lua_type(L, 1) == LUA_TTABLE)
+ {
+ filter.family = L_getint(L, 1, "family");
+
+ if (filter.family == 4)
+ filter.family = AF_INET;
+ else if (filter.family == 6)
+ filter.family = AF_INET6;
+ else
+ filter.family = 0;
+
+ if ((s = L_getstr(L, 1, "iif")) != NULL)
+ filter.iif = if_nametoindex(s);
+
+ if ((s = L_getstr(L, 1, "oif")) != NULL)
+ filter.oif = if_nametoindex(s);
+
+ filter.type = L_getint(L, 1, "type");
+ filter.scope = L_getint(L, 1, "scope");
+ filter.proto = L_getint(L, 1, "proto");
+ filter.table = L_getint(L, 1, "table");
+
+ if ((s = L_getstr(L, 1, "gw")) != NULL && parse_cidr(s, &p))
+ filter.gw = p;
+
+ if ((s = L_getstr(L, 1, "from")) != NULL && parse_cidr(s, &p))
+ filter.from = p;
+
+ if ((s = L_getstr(L, 1, "src")) != NULL && parse_cidr(s, &p))
+ filter.src = p;
+
+ if ((s = L_getstr(L, 1, "dest")) != NULL && parse_cidr(s, &p))
+ filter.dst = p;
+
+ if ((s = L_getstr(L, 1, "from_exact")) != NULL && parse_cidr(s, &p))
+ filter.from = p, filter.from.exact = true;
+
+ if ((s = L_getstr(L, 1, "dest_exact")) != NULL && parse_cidr(s, &p))
+ filter.dst = p, filter.dst.exact = true;
+ }
+
+ return _route_dump(L, &filter);
+}
+
+
+static bool diff_macaddr(struct ether_addr *mac1, struct ether_addr *mac2)
+{
+ struct ether_addr empty = { };
+
+ if (!memcmp(mac2, &empty, sizeof(empty)))
+ return false;
+
+ if (!mac1 || memcmp(mac1, mac2, sizeof(empty)))
+ return true;
+
+ return false;
+}
+
+static int cb_dump_neigh(struct nl_msg *msg, void *arg)
+{
+ char buf[32];
+ struct ether_addr *mac;
+ struct in6_addr *dst;
+ struct dump_state *s = arg;
+ struct dump_filter *f = s->filter;
+ struct nlmsghdr *hdr = nlmsg_hdr(msg);
+ struct ndmsg *nd = NLMSG_DATA(hdr);
+ struct nlattr *tb[NDA_MAX+1];
+ int bitlen;
+
+ if (hdr->nlmsg_type != RTM_NEWNEIGH ||
+ (nd->ndm_family != AF_INET && nd->ndm_family != AF_INET6))
+ return NL_SKIP;
+
+ nlmsg_parse(hdr, sizeof(*nd), tb, NDA_MAX, NULL);
+
+ mac = tb[NDA_LLADDR] ? RTA_DATA(tb[NDA_LLADDR]) : NULL;
+ dst = tb[NDA_DST] ? RTA_DATA(tb[NDA_DST]) : NULL;
+
+ bitlen = (nd->ndm_family == AF_INET) ? 32 : 128;
+
+ if ((f->family && nd->ndm_family != f->family) ||
+ (f->iif && nd->ndm_ifindex != f->iif) ||
+ (f->type && !(f->type & nd->ndm_state)) ||
+ diff_prefix(nd->ndm_family, dst, bitlen, &f->dst) ||
+ diff_macaddr(mac, &f->mac))
+ goto out;
+
+ if (s->callback)
+ lua_pushvalue(s->L, 2);
+
+ lua_newtable(s->L);
+
+ L_setint(s->L, "family", (nd->ndm_family == AF_INET) ? 4 : 6);
+ L_setstr(s->L, "dev", if_indextoname(nd->ndm_ifindex, buf));
+
+ L_setbool(s->L, "router", (nd->ndm_flags & NTF_ROUTER));
+ L_setbool(s->L, "proxy", (nd->ndm_flags & NTF_PROXY));
+
+ L_setbool(s->L, "incomplete", (nd->ndm_state & NUD_INCOMPLETE));
+ L_setbool(s->L, "reachable", (nd->ndm_state & NUD_REACHABLE));
+ L_setbool(s->L, "stale", (nd->ndm_state & NUD_STALE));
+ L_setbool(s->L, "delay", (nd->ndm_state & NUD_DELAY));
+ L_setbool(s->L, "probe", (nd->ndm_state & NUD_PROBE));
+ L_setbool(s->L, "failed", (nd->ndm_state & NUD_FAILED));
+ L_setbool(s->L, "noarp", (nd->ndm_state & NUD_NOARP));
+ L_setbool(s->L, "permanent", (nd->ndm_state & NUD_PERMANENT));
+
+ if (dst)
+ L_setaddr(s->L, "dest", nd->ndm_family, dst, -1);
+
+ if (mac)
+ {
+ snprintf(buf, sizeof(buf), "%02x:%02x:%02x:%02x:%02x:%02x",
+ mac->ether_addr_octet[0], mac->ether_addr_octet[1],
+ mac->ether_addr_octet[2], mac->ether_addr_octet[3],
+ mac->ether_addr_octet[4], mac->ether_addr_octet[5]);
+
+ lua_pushstring(s->L, buf);
+ lua_setfield(s->L, -2, "mac");
+ }
+
+ s->index++;
+
+ if (s->callback)
+ lua_call(s->L, 1, 0);
+ else if (hdr->nlmsg_flags & NLM_F_MULTI)
+ lua_rawseti(s->L, -2, s->index);
+
+out:
+ s->pending = !!(hdr->nlmsg_flags & NLM_F_MULTI);
+ return NL_SKIP;
+}
+
+static int neighbor_dump(lua_State *L)
+{
+ cidr_t p = { };
+ const char *s;
+ struct ether_addr *mac;
+ struct dump_filter filter = { .type = 0xFF & ~NUD_NOARP };
+ struct dump_state st = {
+ .callback = lua_isfunction(L, 2),
+ .pending = 1,
+ .filter = &filter,
+ .L = L
+ };
+
+ if (lua_type(L, 1) == LUA_TTABLE)
+ {
+ filter.family = L_getint(L, 1, "family");
+
+ if (filter.family == 4)
+ filter.family = AF_INET;
+ else if (filter.family == 6)
+ filter.family = AF_INET6;
+ else
+ filter.family = 0;
+
+ if ((s = L_getstr(L, 1, "dev")) != NULL)
+ filter.iif = if_nametoindex(s);
+
+ if ((s = L_getstr(L, 1, "dest")) != NULL && parse_cidr(s, &p))
+ filter.dst = p;
+
+ if ((s = L_getstr(L, 1, "mac")) != NULL &&
+ (mac = ether_aton(s)) != NULL)
+ filter.mac = *mac;
+ }
+
+ if (!sock)
+ {
+ sock = nl_socket_alloc();
+ if (!sock)
+ return _error(L, -1, "Out of memory");
+
+ if (nl_connect(sock, NETLINK_ROUTE))
+ return _error(L, 0, NULL);
+ }
+
+ struct nl_msg *msg;
+ struct nl_cb *cb = nl_cb_alloc(NL_CB_DEFAULT);
+ struct ndmsg ndm = {
+ .ndm_family = filter.family
+ };
+
+ msg = nlmsg_alloc_simple(RTM_GETNEIGH, NLM_F_REQUEST | NLM_F_DUMP);
+ if (!msg)
+ goto out;
+
+ nlmsg_append(msg, &ndm, sizeof(ndm), 0);
+
+ nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, cb_dump_neigh, &st);
+ nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, cb_done, &st);
+ nl_cb_err(cb, NL_CB_CUSTOM, cb_error, &st);
+
+ nl_send_auto_complete(sock, msg);
+
+ if (!st.callback)
+ lua_newtable(L);
+
+ while (st.pending > 0)
+ nl_recvmsgs(sock, cb);
+
+ nlmsg_free(msg);
+
+out:
+ nl_cb_put(cb);
+ return (st.callback == 0);
+}
+
+
+static int cb_dump_link(struct nl_msg *msg, void *arg)
+{
+ char *p, *addr, buf[48];
+ struct dump_state *s = arg;
+ struct nlmsghdr *hdr = nlmsg_hdr(msg);
+ struct ifinfomsg *ifm = NLMSG_DATA(hdr);
+ struct nlattr *tb[IFLA_MAX+1];
+ int i, len;
+
+ if (hdr->nlmsg_type != RTM_NEWLINK)
+ return NL_SKIP;
+
+ nlmsg_parse(hdr, sizeof(*ifm), tb, IFLA_MAX, NULL);
+
+ L_setbool(s->L, "up", (ifm->ifi_flags & IFF_RUNNING));
+ L_setint(s->L, "type", ifm->ifi_type);
+ L_setstr(s->L, "name", if_indextoname(ifm->ifi_index, buf));
+
+ if (tb[IFLA_MTU])
+ L_setint(s->L, "mtu", RTA_U32(tb[IFLA_MTU]));
+
+ if (tb[IFLA_TXQLEN])
+ L_setint(s->L, "qlen", RTA_U32(tb[IFLA_TXQLEN]));
+
+ if (tb[IFLA_MASTER])
+ L_setdev(s->L, "master", tb[IFLA_MASTER]);
+
+ if (tb[IFLA_ADDRESS])
+ {
+ len = nla_len(tb[IFLA_ADDRESS]);
+ addr = nla_get_string(tb[IFLA_ADDRESS]);
+
+ if ((len * 3) <= sizeof(buf))
+ {
+ for (p = buf, i = 0; i < len; i++)
+ p += sprintf(p, "%s%02x", (i ? ":" : ""), (uint8_t)*addr++);
+
+ L_setstr(s->L, "mac", buf);
+ }
+ }
+
+ s->pending = 0;
+ return NL_SKIP;
+}
+
+static int link_get(lua_State *L)
+{
+ const char *dev = luaL_checkstring(L, 1);
+ struct dump_state st = {
+ .pending = 1,
+ .L = L
+ };
+
+ if (!sock)
+ {
+ sock = nl_socket_alloc();
+ if (!sock)
+ return _error(L, -1, "Out of memory");
+
+ if (nl_connect(sock, NETLINK_ROUTE))
+ return _error(L, 0, NULL);
+ }
+
+ struct nl_msg *msg = nlmsg_alloc_simple(RTM_GETLINK, NLM_F_REQUEST);
+ struct nl_cb *cb = nl_cb_alloc(NL_CB_DEFAULT);
+ struct ifinfomsg ifm = { .ifi_index = if_nametoindex(dev) };
+
+ if (!msg || !cb)
+ return 0;
+
+ nlmsg_append(msg, &ifm, sizeof(ifm), 0);
+
+ nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, cb_dump_link, &st);
+ nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, cb_done, &st);
+ nl_cb_err(cb, NL_CB_CUSTOM, cb_error, &st);
+
+ lua_newtable(L);
+
+ nl_send_auto_complete(sock, msg);
+
+ while (st.pending > 0)
+ nl_recvmsgs(sock, cb);
+
+ nlmsg_free(msg);
+ nl_cb_put(cb);
+
+ return 1;
+}
+
+
+static const luaL_reg ip_methods[] = {
+ { "new", cidr_new },
+ { "IPv4", cidr_ipv4 },
+ { "IPv6", cidr_ipv6 },
+
+ { "route", route_get },
+ { "routes", route_dump },
+
+ { "neighbors", neighbor_dump },
+
+ { "link", link_get },
+
+ { }
+};
+
+static const luaL_reg ip_cidr_methods[] = {
+ { "is4", cidr_is4 },
+ { "is4rfc1918", cidr_is4rfc1918 },
+ { "is4linklocal", cidr_is4linklocal },
+ { "is6", cidr_is6 },
+ { "is6linklocal", cidr_is6linklocal },
+ { "is6mapped4", cidr_is6mapped4 },
+ { "lower", cidr_lower },
+ { "higher", cidr_higher },
+ { "equal", cidr_equal },
+ { "prefix", cidr_prefix },
+ { "network", cidr_network },
+ { "host", cidr_host },
+ { "mask", cidr_mask },
+ { "broadcast", cidr_broadcast },
+ { "mapped4", cidr_mapped4 },
+ { "contains", cidr_contains },
+ { "add", cidr_add },
+ { "sub", cidr_sub },
+ { "minhost", cidr_minhost },
+ { "maxhost", cidr_maxhost },
+ { "string", cidr_tostring },
+
+ { "__lt", cidr_lower },
+ { "__le", cidr_lower_equal },
+ { "__eq", cidr_equal },
+ { "__add", cidr_add },
+ { "__sub", cidr_sub },
+ { "__gc", cidr_gc },
+ { "__tostring", cidr_tostring },
+
+ { }
+};
+
+int luaopen_luci_ip(lua_State *L)
+{
+ luaL_register(L, LUCI_IP, ip_methods);
+
+ luaL_newmetatable(L, LUCI_IP_CIDR);
+ luaL_register(L, NULL, ip_cidr_methods);
+ lua_pushvalue(L, -1);
+ lua_setfield(L, -2, "__index");
+ lua_pop(L, 1);
+
+ return 1;
+}
diff --git a/libs/luci-lib-ip/src/ip.luadoc b/libs/luci-lib-ip/src/ip.luadoc
new file mode 100644
index 0000000000..00738832c4
--- /dev/null
+++ b/libs/luci-lib-ip/src/ip.luadoc
@@ -0,0 +1,831 @@
+--- LuCI IP calculation and netlink access library.
+module "luci.ip"
+
+---[[
+Construct a new luci.ip.cidr instance and autodetect the address family.
+Throws an error if the given strings do not represent a valid address or
+if the given optional netmask is of a different family.
+@class function
+@sort 1
+@name new
+@param address String containing a valid IPv4 or IPv6 address, optionally
+with prefix size (CIDR notation) or netmask separated by slash.
+@param netmask String containing a valid IPv4 or IPv6 netmask or number
+containing a prefix size in bits (`0..32` for IPv4,
+`0..128` for IPv6). Overrides mask embedded in the first argument
+if specified. (optional)
+@return A `luci.ip.cidr` object representing the given
+address/mask range.
+@usage `addr = luci.ip.new("10.24.0.1/24")
+addr = luci.ip.new("10.24.0.1/255.255.255.0")
+addr = luci.ip.new("10.24.0.1", "255.255.255.0") -- separate netmask
+addr = luci.ip.new("10.24.0.1/24", 16) -- override netmask
+
+addr6 = luci.ip.new("fe80::221:63ff:fe75:aa17/64")
+addr6 = luci.ip.new("fe80::221:63ff:fe75:aa17/ffff:ffff:ffff:ffff::")
+addr6 = luci.ip.new("fe80::221:63ff:fe75:aa17", "ffff:ffff:ffff:ffff::")
+addr6 = luci.ip.new("fe80::221:63ff:fe75:aa17/64", 128) -- override netmask`
+@see IPv4
+@see IPv6
+]]
+
+---[[
+Construct a new IPv4 luci.ip.cidr instance.
+Throws an error if the given string does not represent a valid IPv4 address or
+if the given optional netmask is of a different family.
+@class function
+@sort 2
+@name IPv4
+@param address String containing a valid IPv4, optionally with prefix size
+(CIDR notation) or netmask separated by slash.
+@param netmask String containing a valid IPv4 netmask or number
+containing a prefix size between `0` and `32` bit.
+Overrides mask embedded in the first argument if specified. (optional)
+@return A `luci.ip.cidr` object representing the given IPv4 range.
+@usage `addr = luci.ip.new("10.24.0.1/24")
+addr = luci.ip.new("10.24.0.1/255.255.255.0")
+addr = luci.ip.new("10.24.0.1", "255.255.255.0") -- separate netmask
+addr = luci.ip.new("10.24.0.1/24", 16) -- override netmask`
+@see IPv6
+]]
+
+---[[
+Construct a new IPv6 luci.ip.cidr instance.
+Throws an error if the given string does not represent a valid IPv6 address or
+if the given optional netmask is of a different family.
+@class function
+@sort 3
+@name IPv6
+@param address String containing a valid IPv6, optionally with prefix size
+(CIDR notation) or netmask separated by slash.
+@param netmask String containing a valid IPv4 netmask or number
+containing a prefix size between `0` and `128` bit.
+Overrides mask embedded in the first argument if specified. (optional)
+@return A `luci.ip.cidr` object representing the given IPv6 range.
+@usage `addr6 = luci.ip.new("fe80::221:63ff:fe75:aa17/64")
+addr6 = luci.ip.new("fe80::221:63ff:fe75:aa17/ffff:ffff:ffff:ffff::")
+addr6 = luci.ip.new("fe80::221:63ff:fe75:aa17", "ffff:ffff:ffff:ffff::")
+addr6 = luci.ip.new("fe80::221:63ff:fe75:aa17/64", 128) -- override netmask`
+@see IPv4
+]]
+
+---[[
+Determine the route leading to the given destination.
+@class function
+@sort 4
+@name route
+@param address A `luci.ip.cidr` instance or a string containing
+a valid IPv4 or IPv6 range as specified by `luci.ip.new()`.
+@return <p>Table containing the fields described below.</p>
+<table id="routetable">
+<tr><th>Field</th><th>Description</th></tr>
+<tr><td>`type`<td>
+ <p>Route type with one of the following numeric values:</p>
+ <table>
+ <tr>
+ <td>`1`</td>
+ <td>`RTN_UNICAST` - Gateway or direct route</td>
+ </tr>
+ <tr>
+ <td>`2`</td>
+ <td>`RTN_LOCAL` - Accept locally</td>
+ </tr>
+ <tr>
+ <td>`3`</td>
+ <td>`RTN_BROADCAST` -
+ Accept locally as broadcast send as broadcast</td>
+ </tr>
+ <tr>
+ <td>`4`</td>
+ <td>`RTN_ANYCAST` -
+ Accept locally as broadcast but send as unicast</td>
+ </tr>
+ <tr>
+ <td>`5`</td>
+ <td>`RTN_MULTICAST` - Multicast route</td>
+ </tr>
+ </table>
+</td></tr>
+<tr>
+ <td>`family`</td>
+ <td>Number containing the route family, `4` for IPv4 or
+ `6` for IPv6</td>
+</tr>
+<tr>
+ <td>`dest`</td>
+ <td>Destination `luci.ip.cidr` instance</td>
+</tr>
+<tr>
+ <td>`gw`</td>
+ <td>Gateway `luci.ip.cidr` instance (optional)</td>
+</tr>
+<tr>
+ <td>`from`</td>
+ <td>Source address `luci.ip.cidr` instance (optional)</td>
+</tr>
+<tr>
+ <td>`src`</td>
+ <td>Preferred source `luci.ip.cidr` instance (optional)</td>
+</tr>
+<tr>
+ <td>`dev`</td>
+ <td>String containing the name of the outgoing interface</td>
+</tr>
+<tr>
+ <td>`iif`</td>
+ <td>String containing the name of the incoming interface (optional)</td>
+</tr>
+<tr>
+ <td>`table`</td>
+ <td>Number of the associated routing table (`0..65535`)</td>
+</tr>
+<tr>
+ <td>`proto`</td>
+ <td>Number of the associated routing protocol</td>
+</tr>
+<tr>
+ <td>`scope`</td>
+ <td>Number describing the scope of the route, most commonly
+ `0` for global or `253` for on-link</td>
+</tr>
+<tr>
+ <td>`metric`</td>
+ <td>Number describing the route metric (optional)</td>
+</tr>
+<tr>
+ <td>`expires`</td>
+ <td>Number of seconds the prefix is valid (IPv6 only, optional)</td>
+</tr>
+<tr>
+ <td>`error`</td>
+ <td>Route destination error code (optional)</td>
+</tr>
+</table>
+@usage <ul>
+<li>Find default gateway by getting route to Google's public NS server
+`rt = luci.ip.route("8.8.8.8")
+if rt ~= nil then
+ print("gateway is", rt.gw)
+end`</li>
+<li>Determine IPv6 upstream interface `rt = luci.ip.route("2001::/7")
+if rt ~= nil then
+ print("ipv6 upstream device is", rt.dev)
+end`</li>
+</ul>
+@see routes
+]]
+
+---[[
+Fetch all routes, optionally matching the given criteria.
+@class function
+@sort 5
+@name routes
+@param filter <p>Table containing one or more of the possible filter
+critera described below (optional)</p><table>
+<tr><th>Field</th><th>Description</th></tr>
+<tr><td>`family`</td><td>
+ Number describing the address family to return - `4` selects
+ IPv4 routes, `6` IPv6 ones. Any other value selects both.
+</td></tr>
+<tr><td>`iif`</td><td>
+ String containing the incoming route interface to match.
+</td></tr>
+<tr><td>`oif`</td><td>
+ String containing the outgoing route interface to match.
+</td></tr>
+<tr><td>`type`</td><td>
+ Numeric type to match, e.g. `1` for unicast.
+</td></tr>
+<tr><td>`scope`</td><td>
+ Numeric scope to match, e.g. `253` for onlink.
+</td></tr>
+<tr><td>`proto`</td><td>
+ Numeric protocol to match, e.g. `2` for boot.
+</td></tr>
+<tr><td>`table`</td><td>
+ Numeric routing table to match (`0..65535`).
+</td></tr>
+<tr><td>`gw`</td><td>
+ String containing the gateway address to match. Can be in any notation
+ specified by `luci.ip.new()`. Prefix matching is performed when
+ comparing the routes, e.g. "192.168.1.0/24" would select routes with gateway
+ addresses `192.168.1.1 .. 192.168.1.255`.
+</td></tr>
+<tr><td>`dest`</td><td>
+ String containing the destination to match. Prefix matching is performed.
+</td></tr>
+<tr><td>`from`</td><td>
+ String containing the source address to match. Prefix matching is performed.
+</td></tr>
+<tr><td>`src`</td><td>
+ String containing the preferred source address to match.
+ Prefix matching is performed.
+</td></tr>
+<tr><td>`dest_exact`</td><td>
+ String containing the destination to match. Exact matching is performed,
+ e.g. `dest = "0.0.0.0/0"` would match <em>any</em> IPv4 route
+ while `dest_exact = "0.0.0.0/0"` will <em>only</em> match the
+ default route.
+</td></tr>
+<tr><td>`from_exact`</td><td>
+ String containing the source address to match. Exact matching is performed.
+</td></tr>
+</table>
+@param callback <p>Callback function to invoke for each found route
+instead of returning one table of route objects (optional)</p>
+@return If no callback function is provided, a table of routes
+<a href="#routetable">as specified by `luci.ip.route()`</a>
+is returned. If a callback function is given, it is invoked for each route
+and nothing is returned.
+@see route
+@usage <ul>
+<li>Find all IPv4 default routes:
+`luci.ip.routes({ dest_exact = "0.0.0.0/0" }, function(rt)
+ print(rt.type, rt.gw, rt.dev)
+end)`</li>
+<li>Find all global IPv6 prefixes on the current system:
+`luci.ip.routes({ from = "2001::/7" }, function(rt)
+ print(rt.from)
+end)`</li>
+<li>Fetch all IPv4 routes:
+`routes = luci.ip.routes({ family = 4 })
+for _, rt in ipairs(routes) do
+ print(rt.dest, rt.gw, rt.dev)
+end`</li>
+</ul>
+]]
+
+---[[
+Fetches entries from the IPv4 ARP and IPv6 neighbour kernel table
+@class function
+@sort 6
+@name neighbors
+@param filter <p>Table containing one or more of the possible filter
+critera described below (optional)</p><table>
+<tr><th>Field</th><th>Description</th></tr>
+<tr><td>`family`</td><td>
+ Number describing the address family to return - `4` selects
+ IPv4 ARP, `6` select IPv6 neighbour entries. Any other value
+ selects both.
+</td></tr>
+<tr><td>`dev`</td><td>
+ String containing the associated interface to match.
+</td></tr>
+<tr><td>`dest`</td><td>
+ String containing the associated address to match. Can be in any notation
+ specified by `luci.ip.new()`. Prefix matching is performed when
+ comparing the addresses, e.g. "192.168.1.0/24" would select ARP entries
+ for `192.168.1.1 .. 192.168.1.255`.
+</td></tr>
+<tr><td>`mac`</td><td>
+ String containing MAC address to match.
+</td></tr>
+</table>
+@param callback <p>Callback function to invoke for each found neighbour
+entry instead of returning one table of neighbour entries (optional)</p>
+@return If no callback function is provided, a table of neighbour entries
+is returned. If a callback function is given, it is invoked for each entry
+and nothing is returned.
+
+A neighbour entry is a table containing the following fields:
+
+<table>
+<tr><th>Field</th><th>Description</th></tr>
+<tr>
+ <td>`family`</td>
+ <td>Number containing the neighbour entry family, `4` for IPv4
+ ARP or `6` for IPv6 NDP</td>
+</tr>
+<tr>
+ <td>`dev`</td>
+ <td>String containing the associated device of the neighbour entry</td>
+</tr>
+<tr>
+ <td>`dest`</td>
+ <td>IP address `luci.ip.cidr` instance</td>
+</tr>
+<tr>
+ <td>`mac`</td>
+ <td>String containing the associated MAC address</td>
+</tr>
+<tr>
+ <td>`router`</td>
+ <td>Boolean "true" if the neighbour entry is a router (IPv6, optional)</td>
+</tr>
+<tr>
+ <td>`proxy`</td>
+ <td>Boolean "true" if this is a proxy entry (optional)</td>
+</tr>
+<tr>
+ <td>`incomplete`</td>
+ <td>Boolean "true" if the entry is in incomplete state (optional)</td>
+</tr>
+<tr>
+ <td>`reachable`</td>
+ <td>Boolean "true" if the entry is in reachable state (optional)</td>
+</tr>
+<tr>
+ <td>`stale`</td>
+ <td>Boolean "true" if the entry is stale (optional)</td>
+</tr>
+<tr>
+ <td>`delay`</td>
+ <td>Boolean "true" if the entry is delayed (optional)</td>
+</tr>
+<tr>
+ <td>`probe`</td>
+ <td>Boolean "true" if the entry is in probe state (optional)</td>
+</tr>
+<tr>
+ <td>`failed`</td>
+ <td>Boolean "true" if the entry is in failed state (optional)</td>
+</tr>
+<tr>
+ <td>`noarp`</td>
+ <td>Boolean "true" if the entry is not caused by NDP or
+ ARP (optional)</td>
+</tr>
+<tr>
+ <td>`permanent`</td>
+ <td>Boolean "true" if the entry was statically configured from
+ userspace (optional)</td>
+</tr>
+</table>
+@usage <ul>
+<li>Find all ARP neighbours in the LAN:
+`luci.ip.neighbors({ dest = "192.168.0.0/16" }, function(n)
+ print(n.dest, n.mac)
+end)`</li>
+<li>Find all active IPv6 addresses of host with given MAC:
+`luci.ip.neighbors({ family = 6, mac = "00:21:63:75:aa:17" },
+ function(n)
+ print(n.dest)
+ end)`</li>
+</ul>
+]]
+
+---[[
+Fetch basic device information
+@class function
+@sort 7
+@name link
+@param device String containing the network device to query
+@return If the given interface is found, a table containing the fields
+described below is returned, else an empty table.
+
+<table>
+<tr><th>Field</th><th>Description</th></tr>
+<tr>
+ <td>`up`</td>
+ <td>Boolean indicating whether the device is in IFF_RUNNING state</td>
+</tr>
+<tr>
+ <td>`type`</td>
+ <td>Numeric value indicating the type of the device, e.g. `1`
+ for ethernet.</td>
+</tr>
+<tr>
+ <td>`name`</td>
+ <td>String containing the name of the device</td>
+</tr>
+<tr>
+ <td>`master`</td>
+ <td>If queried device is a bridge port, string containing the name of
+ parent bridge device (optional)</td>
+</tr>
+<tr>
+ <td>`mtu`</td>
+ <td>Number containing the current MTU of the device</td>
+</tr>
+<tr>
+ <td>`qlen`</td>
+ <td>Number containing the TX queue length of the device</td>
+</tr>
+<tr>
+ <td>`mac`</td>
+ <td>String containing the link local address of the device in
+ dotted hex notation</td>
+</tr>
+</table>
+@usage <ul>
+<li>Test whether device br-lan exists:
+`print(luci.ip.link("br-lan").name ~= nil)
+`</li>
+<li>Query MAC address of eth0:
+`print(luci.ip.link("eth0").mac)
+`</li>
+</ul>
+]]
+
+
+--- IP CIDR Object.
+-- Represents an IPv4 or IPv6 address range.
+-- @cstyle instance
+module "luci.ip.cidr"
+
+---[[
+Checks whether the CIDR instance is an IPv4 address range
+
+@class function
+@sort 1
+@name cidr.is4
+@see cidr.is6
+@return `true` if the CIDR is an IPv4 range, else `false`
+]]
+
+---[[
+Checks whether the CIDR instance is within the private RFC1918 address space
+
+@class function
+@sort 2
+@name cidr.is4rfc1918
+@return `true` if the entire range of this CIDR lies within one of
+ the ranges `10.0.0.0-10.255.255.255`,
+ `172.16.0.0-172.31.0.0` or
+ `192.168.0.0-192.168.255.255`, else `false`.
+@usage `local addr = luci.ip.new("192.168.45.2/24")
+if addr:is4rfc1918() then
+ print("Is a private address")
+end`
+]]
+
+---[[
+Checks whether the CIDR instance is an IPv4 link local (Zeroconf) address
+
+@class function
+@sort 3
+@name cidr.is4linklocal
+@return `true` if the entire range of this CIDR lies within the range
+ the range `169.254.0.0-169.254.255.255`, else `false`.
+@usage `local addr = luci.ip.new("169.254.34.125")
+if addr:is4linklocal() then
+ print("Is a zeroconf address")
+end`
+]]
+
+---[[
+Checks whether the CIDR instance is an IPv6 address range
+
+@class function
+@sort 4
+@name cidr.is6
+@see cidr.is4
+@return `true` if the CIDR is an IPv6 range, else `false`
+]]
+
+---[[
+Checks whether the CIDR instance is an IPv6 link local address
+
+@class function
+@sort 5
+@name cidr.is6linklocal
+@return `true` if the entire range of this CIDR lies within the range
+ the `fe80::/10` range, else `false`.
+@usage `local addr = luci.ip.new("fe92:53a:3216:af01:221:63ff:fe75:aa17/64")
+if addr:is6linklocal() then
+ print("Is a linklocal address")
+end`
+]]
+
+---[[
+Checks whether the CIDR instance is an IPv6 mapped IPv4 address
+
+@class function
+@sort 6
+@name cidr.is6mapped4
+@return `true` if the address is an IPv6 mapped IPv4 address in the
+ form `::ffff:1.2.3.4`.
+@usage `local addr = luci.ip.new("::ffff:192.168.1.1")
+if addr:is6mapped4() then
+ print("Is a mapped IPv4 address")
+end`
+]]
+
+---[[
+Checks whether this CIDR instance is lower than the given argument.
+The comparisation follows these rules:
+<ul><li>An IPv4 address is always lower than an IPv6 address</li>
+<li>Prefix sizes are ignored</li></ul>
+
+@class function
+@sort 7
+@name cidr.lower
+@param addr A `luci.ip.cidr` instance or a string convertable by
+ `luci.ip.new()` to compare against.
+@return `true` if this CIDR is lower than the given address,
+ else `false`.
+@usage `local addr = luci.ip.new("192.168.1.1")
+print(addr:lower(addr)) -- false
+print(addr:lower("10.10.10.10/24")) -- false
+print(addr:lower(luci.ip.new("::1"))) -- true
+print(addr:lower(luci.ip.new("192.168.200.1"))) -- true`
+@see cidr.higher
+@see cidr.equal
+]]
+
+---[[
+Checks whether this CIDR instance is higher than the given argument.
+The comparisation follows these rules:
+<ul><li>An IPv4 address is always lower than an IPv6 address</li>
+<li>Prefix sizes are ignored</li></ul>
+
+@class function
+@sort 8
+@name cidr.higher
+@param addr A `luci.ip.cidr` instance or a string convertable by
+ `luci.ip.new()` to compare against.
+@return `true` if this CIDR is higher than the given address,
+ else `false`.
+@usage `local addr = luci.ip.new("192.168.1.1")
+print(addr:higher(addr)) -- false
+print(addr:higher("10.10.10.10/24")) -- true
+print(addr:higher(luci.ip.new("::1"))) -- false
+print(addr:higher(luci.ip.new("192.168.200.1"))) -- false`
+@see cidr.lower
+@see cidr.equal
+]]
+
+---[[
+Checks whether this CIDR instance is equal to the given argument.
+
+@class function
+@sort 9
+@name cidr.equal
+@param addr A `luci.ip.cidr` instance or a string convertable by
+ `luci.ip.new()` to compare against.
+@return `true` if this CIDR is equal to the given address,
+ else `false`.
+@usage `local addr = luci.ip.new("192.168.1.1")
+print(addr:equal(addr)) -- true
+print(addr:equal("192.168.1.1")) -- true
+print(addr:equal(luci.ip.new("::1"))) -- false
+
+local addr6 = luci.ip.new("::1")
+print(addr6:equal("0:0:0:0:0:0:0:1/64")) -- true
+print(addr6:equal(luci.ip.new("fe80::221:63ff:fe75:aa17"))) -- false`
+@see cidr.lower
+@see cidr.higher
+]]
+
+---[[
+Get or set prefix size of CIDR instance.
+If the optional mask parameter is given, the prefix size of this CIDR is altered
+else the current prefix size is returned.
+
+@class function
+@sort 10
+@name cidr.prefix
+@param mask Either a number containing the number of bits (`0..32`
+ for IPv4, `0..128` for IPv6) or a string containing a valid
+ netmask (optional)
+@return Bit count of the current prefix size
+@usage `local range = luci.ip.new("192.168.1.1/255.255.255.0")
+print(range:prefix()) -- 24
+
+range:prefix(16)
+print(range:prefix()) -- 16
+
+range:prefix("255.255.255.255")
+print(range:prefix()) -- 32`
+]]
+
+---[[
+Derive network address of CIDR instance.
+
+Returns a new CIDR instance representing the network address of this instance
+with all host parts masked out. The used prefix size can be overridden by the
+optional mask parameter.
+
+@class function
+@sort 11
+@name cidr.network
+@param mask Either a number containing the number of bits (`0..32`
+ for IPv4, `0..128` for IPv6) or a string containing a valid
+ netmask (optional)
+@return CIDR instance representing the network address
+@usage `local range = luci.ip.new("192.168.62.243/255.255.0.0")
+print(range:network()) -- "192.168.0.0"
+print(range:network(24)) -- "192.168.62.0"
+print(range:network("255.255.255.0")) -- "192.168.62.0"
+
+local range6 = luci.ip.new("fd9b:62b3:9cc5:0:221:63ff:fe75:aa17/64")
+print(range6:network()) -- "fd9b:62b3:9cc5::"`
+]]
+
+---[[
+Derive host address of CIDR instance.
+
+This function essentially constructs a copy of this CIDR with the prefix size
+set to `32` for IPv4 and `128` for IPv6.
+
+@class function
+@sort 12
+@name cidr.host
+@return CIDR instance representing the host address
+@usage `local range = luci.ip.new("172.19.37.45/16")
+print(range) -- "172.19.37.45/16"
+print(range:host()) -- "172.19.37.45"`
+]]
+
+---[[
+Derive netmask of CIDR instance.
+
+Constructs a CIDR instance representing the netmask of this instance. The used
+prefix size can be overridden by the optional mask parameter.
+
+@class function
+@sort 13
+@name cidr.mask
+@param mask Either a number containing the number of bits (`0..32`
+ for IPv4, `0..128` for IPv6) or a string containing a valid
+ netmask (optional)
+@return CIDR instance representing the netmask
+@usage `local range = luci.ip.new("172.19.37.45/16")
+print(range:mask()) -- "255.255.0.0"
+print(range:mask(24)) -- "255.255.255.0"
+print(range:mask("255.0.0.0")) -- "255.0.0.0"`
+]]
+
+---[[
+Derive broadcast address of CIDR instance.
+
+Constructs a CIDR instance representing the broadcast address of this instance.
+The used prefix size can be overridden by the optional mask parameter.
+
+This function has no effect on IPv6 instances, it will return nothing in this
+case.
+
+@class function
+@sort 14
+@name cidr.broadcast
+@param mask Either a number containing the number of bits (`0..32`
+ for IPv4, `0..128` for IPv6) or a string containing a valid
+ netmask (optional)
+@return Return a new CIDR instance representing the broadcast address if this
+ instance is an IPv4 range, else return nothing.
+@usage `local range = luci.ip.new("172.19.37.45/16")
+print(range:broadcast()) -- "172.19.255.255"
+print(range:broadcast(24)) -- "172.19.37.255"
+print(range:broadcast("255.0.0.0")) -- "172.255.255.255"`
+]]
+
+---[[
+Derive mapped IPv4 address of CIDR instance.
+
+Constructs a CIDR instance representing the IPv4 address of the IPv6 mapped
+IPv4 address in this instance.
+
+This function has no effect on IPv4 instances or IPv6 instances which are not a
+mapped address, it will return nothing in this case.
+
+@class function
+@sort 15
+@name cidr.mapped4
+@return Return a new CIDR instance representing the IPv4 address if this
+ instance is an IPv6 mapped IPv4 address, else return nothing.
+@usage `local addr = luci.ip.new("::ffff:172.16.19.1")
+print(addr:mapped4()) -- "172.16.19.1"`
+]]
+
+---[[
+Test whether CIDR contains given range.
+
+@class function
+@sort 16
+@name cidr.contains
+@param addr A `luci.ip.cidr` instance or a string convertable by
+ `luci.ip.new()` to test.
+@return `true` if this instance fully contains the given address else
+ `false`.
+@usage `local range = luci.ip.new("10.24.0.0/255.255.0.0")
+print(range:contains("10.24.5.1")) -- true
+print(range:contains("::1")) -- false
+print(range:contains("10.0.0.0/8")) -- false
+
+local range6 = luci.ip.new("fe80::/10")
+print(range6:contains("fe80::221:63f:fe75:aa17/64")) -- true
+print(range6:contains("fd9b:6b3:c5:0:221:63f:fe75:aa17/64")) -- false`
+]]
+
+---[[
+Add given amount to CIDR instance. If the result would overflow the maximum
+address space, the result is set to the highest possible address.
+
+@class function
+@sort 17
+@name cidr.add
+@param amount A numeric value between 0 and 0xFFFFFFFF, a
+ `luci.ip.cidr` instance or a string convertable by
+ `luci.ip.new()`.
+@param inplace If `true`, modify this instance instead of returning
+ a new derived CIDR instance.
+@return <ul>
+ <li>When adding inplace: Return `true` if the addition succeded
+ or `false` when the addition overflowed.</li>
+ <li>When deriving new CIDR: Return new instance representing the value of
+ this instance plus the added amount or the highest possible address if
+ the addition overflowed the available address space.</li></ul>
+@usage `local addr = luci.ip.new("192.168.1.1/24")
+print(addr:add(250)) -- "192.168.1.251/24"
+print(addr:add("0.0.99.0")) -- "192.168.100.1/24"
+
+addr:add(256, true) -- true
+print(addr) -- "192.168.2.1/24
+
+addr:add("255.0.0.0", true) -- false (overflow)
+print(addr) -- "255.255.255.255/24
+
+local addr6 = luci.ip.new("fe80::221:63f:fe75:aa17/64")
+print(addr6:add(256)) -- "fe80::221:63f:fe75:ab17/64"
+print(addr6:add("::ffff:0")) -- "fe80::221:640:fe74:aa17/64"
+
+addr:add(256, true) -- true
+print(addr) -- "fe80::221:63f:fe75:ab17/64
+
+addr:add("ffff::", true) -- false (overflow)
+print(addr) -- "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/64"`
+]]
+
+---[[
+Substract given amount from CIDR instance. If the result would under, the lowest
+possible address is returned.
+
+@class function
+@sort 18
+@name cidr.sub
+@param amount A numeric value between 0 and 0xFFFFFFFF, a
+ `luci.ip.cidr` instance or a string convertable by
+ `luci.ip.new()`.
+@param inplace If `true`, modify this instance instead of returning
+ a new derived CIDR instance.
+@return <ul>
+ <li>When substracting inplace: Return `true` if the substraction
+ succeded or `false` when the substraction underflowed.</li>
+ <li>When deriving new CIDR: Return new instance representing the value of
+ this instance minus the substracted amount or the lowest address if
+ the substraction underflowed.</li></ul>
+@usage `local addr = luci.ip.new("192.168.1.1/24")
+print(addr:sub(256)) -- "192.168.0.1/24"
+print(addr:sub("0.168.0.0")) -- "192.0.1.1/24"
+
+addr:sub(256, true) -- true
+print(addr) -- "192.168.0.1/24
+
+addr:sub("255.0.0.0", true) -- false (underflow)
+print(addr) -- "0.0.0.0/24
+
+local addr6 = luci.ip.new("fe80::221:63f:fe75:aa17/64")
+print(addr6:sub(256)) -- "fe80::221:63f:fe75:a917/64"
+print(addr6:sub("::ffff:0")) -- "fe80::221:63e:fe76:aa17/64"
+
+addr:sub(256, true) -- true
+print(addr) -- "fe80::221:63f:fe75:a917/64"
+
+addr:sub("ffff::", true) -- false (underflow)
+print(addr) -- "::/64"`
+]]
+
+---[[
+Calculate the lowest possible host address within this CIDR instance.
+
+@class function
+@sort 19
+@name cidr.minhost
+@return Returns a new CIDR instance representing the lowest host address
+ within this range.
+@usage `local addr = luci.ip.new("192.168.123.56/24")
+print(addr:minhost()) -- "192.168.123.1"
+
+local addr6 = luci.ip.new("fd9b:62b3:9cc5:0:221:63ff:fe75:aa17/64")
+print(addr6:minhost()) -- "fd9b:62b3:9cc5::1"`
+]]
+
+---[[
+Calculate the highest possible host address within this CIDR instance.
+
+@class function
+@sort 20
+@name cidr.maxhost
+@return Returns a new CIDR instance representing the highest host address
+ within this range.
+@usage `local addr = luci.ip.new("192.168.123.56/24")
+print(addr:maxhost()) -- "192.168.123.254" (.255 is broadcast)
+
+local addr6 = luci.ip.new("fd9b:62b3:9cc5:0:221:63ff:fe75:aa17/64")
+print(addr6:maxhost()) -- "fd9b:62b3:9cc5:0:ffff:ffff:ffff:ffff"`
+]]
+
+---[[
+Convert CIDR instance into string representation.
+
+If the prefix size of instance is less than 32 for IPv4 or 128 for IPv6, the
+address is returned in the form "address/prefix" otherwise just "address".
+
+It is usually not required to call this function directly as CIDR objects
+define it as __tostring function in the associated metatable.
+
+@class function
+@sort 21
+@name cidr.string
+@return Returns a string representing the range or address of this CIDR instance
+]]
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 20:33:17 +0000