+ return if $cidr !~ m!^(\S+?)/(\S+)$!;
+ my ($ip, $prefix) = ($1, $2);
+
+ my $ipobj = Net::IP->new($ip, $version);
+ return if !$ipobj;
+
+ $version = $ipobj->version();
+
+ my $binmask = Net::IP::ip_get_mask($prefix, $version);
+ return if !$binmask;
+
+ my $masked_binip = $ipobj->binip() & $binmask;
+ my $masked_ip = Net::IP::ip_bintoip($masked_binip, $version);
+ return Net::IP->new("$masked_ip/$prefix");
+}
+
+sub is_ip_in_cidr {
+ my ($ip, $cidr, $version) = @_;
+
+ my $cidr_obj = IP_from_cidr($cidr, $version);
+ return undef if !$cidr_obj;
+
+ my $ip_obj = Net::IP->new($ip, $version);
+ return undef if !$ip_obj;
+
+ my $overlap = $cidr_obj->overlaps($ip_obj);
+
+ return $overlap == $Net::IP::IP_B_IN_A_OVERLAP || $overlap == $Net::IP::IP_IDENTICAL;
+}
+
+
+sub get_local_ip_from_cidr {
+ my ($cidr) = @_;
+
+ my $IPs = {};
+ my $i = 1;
+ run_command(['/sbin/ip', 'address', 'show', 'to', $cidr, 'up'], outfunc => sub {
+ if ($_[0] =~ m!^\s*inet(?:6)?\s+($PVE::Tools::IPRE)(?:/\d+|\s+peer\s+)!) {
+ $IPs->{$1} = $i++ if !exists($IPs->{$1});
+ }
+ });
+
+ return [ sort { $IPs->{$a} <=> $IPs->{$b} } keys %{$IPs} ];
+}
+
+sub addr_to_ip {
+ my ($addr) = @_;
+ my ($err, $host, $port) = Socket::getnameinfo($addr, NI_NUMERICHOST | NI_NUMERICSERV);
+ die "failed to get numerical host address: $err\n" if $err;
+ return ($host, $port) if wantarray;
+ return $host;
+}
+
+sub get_ip_from_hostname {
+ my ($hostname, $noerr) = @_;
+
+ my @res = eval { PVE::Tools::getaddrinfo_all($hostname) };
+ if ($@) {
+ die "hostname lookup '$hostname' failed - $@" if !$noerr;
+ return undef;
+ }
+
+ my ($ip, $family);
+ for my $ai (@res) {
+ $family = $ai->{family};
+ my $tmpip = addr_to_ip($ai->{addr});
+ if ($tmpip !~ m/^127\.|^::1$/) {
+ $ip = $tmpip;
+ last;
+ }
+ }
+ if (!defined($ip) ) {
+ die "hostname lookup '$hostname' failed - got local IP address '$ip'\n" if !$noerr;
+ return undef;
+ }
+
+ return wantarray ? ($ip, $family) : $ip;
+}
+
+sub lock_network {
+ my ($code, @param) = @_;
+ my $res = lock_file('/var/lock/pve-network.lck', 10, $code, @param);
+ die $@ if $@;
+ return $res;