+ return if $cidr !~ m!^(\S+?)/(\S+)$!;
+ my ($ip, $prefix) = ($1, $2);
+
+ my $ipobj = Net::IP->new($ip, $version);
+ return if !$ipobj;
+
+ $version = $ipobj->version();
+
+ my $binmask = Net::IP::ip_get_mask($prefix, $version);
+ return if !$binmask;
+
+ my $masked_binip = $ipobj->binip() & $binmask;
+ my $masked_ip = Net::IP::ip_bintoip($masked_binip, $version);
+ return Net::IP->new("$masked_ip/$prefix");
+}
+
+sub is_ip_in_cidr {
+ my ($ip, $cidr, $version) = @_;
+
+ my $cidr_obj = IP_from_cidr($cidr, $version);
+ return undef if !$cidr_obj;
+
+ my $ip_obj = Net::IP->new($ip, $version);
+ return undef if !$ip_obj;
+
+ return $cidr_obj->overlaps($ip_obj) == $Net::IP::IP_B_IN_A_OVERLAP;
+}
+
+
+sub get_local_ip_from_cidr {
+ my ($cidr) = @_;
+
+ my $cmd = ['/sbin/ip', 'address', 'show', 'to', $cidr, 'up'];
+
+ my $IPs = [];
+
+ my $code = sub {
+ my $line = shift;
+
+ if ($line =~ m!^\s*inet(?:6)?\s+($PVE::Tools::IPRE)/\d+!) {
+ push @$IPs, $1;
+ }
+ };
+
+ PVE::Tools::run_command($cmd, outfunc => $code);
+
+ return $IPs;
+}
+
+sub addr_to_ip {
+ my ($addr) = @_;
+ my ($err, $host, $port) = Socket::getnameinfo($addr, NI_NUMERICHOST | NI_NUMERICSERV);
+ die "failed to get numerical host address: $err\n" if $err;
+ return ($host, $port) if wantarray;
+ return $host;
+}
+
+sub get_ip_from_hostname {
+ my ($hostname, $noerr) = @_;
+
+ my ($family, $ip);
+
+ eval {
+ my @res = PVE::Tools::getaddrinfo_all($hostname);
+ $family = $res[0]->{family};
+ $ip = addr_to_ip($res[0]->{addr})
+ };
+ if ($@) {
+ die "hostname lookup '$hostname' failed - $@" if !$noerr;
+ return undef;
+ }
+
+ if ($ip =~ m/^127\.|^::1$/) {
+ die "hostname lookup '$hostname' failed - got local IP address '$ip'\n" if !$noerr;
+ return undef;
+ }
+
+ return wantarray ? ($ip, $family) : $ip;
+}
+
+sub lock_network {
+ my ($code, @param) = @_;
+ my $res = lock_file('/var/lock/pve-network.lck', 10, $code, @param);
+ die $@ if $@;
+ return $res;