+ return if $cidr !~ m!^(\S+?)/(\S+)$!;
+ my ($ip, $prefix) = ($1, $2);
+
+ my $ipobj = Net::IP->new($ip, $version);
+ return if !$ipobj;
+
+ $version = $ipobj->version();
+
+ my $binmask = Net::IP::ip_get_mask($prefix, $version);
+ return if !$binmask;
+
+ my $masked_binip = $ipobj->binip() & $binmask;
+ my $masked_ip = Net::IP::ip_bintoip($masked_binip, $version);
+ return Net::IP->new("$masked_ip/$prefix");
+}
+
+sub is_ip_in_cidr {
+ my ($ip, $cidr, $version) = @_;
+
+ my $cidr_obj = IP_from_cidr($cidr, $version);
+ return undef if !$cidr_obj;
+
+ my $ip_obj = Net::IP->new($ip, $version);
+ return undef if !$ip_obj;
+
+ return $cidr_obj->overlaps($ip_obj) == $Net::IP::IP_B_IN_A_OVERLAP;
+}
+
+
+sub get_local_ip_from_cidr {
+ my ($cidr) = @_;
+
+ my $cmd = ['/sbin/ip', 'address', 'show', 'to', $cidr, 'up'];
+
+ my $IPs = [];
+
+ my $code = sub {
+ my $line = shift;
+
+ if ($line =~ m!^\s*inet(?:6)?\s+($PVE::Tools::IPRE)/\d+!) {
+ push @$IPs, $1;
+ }
+ };
+
+ PVE::Tools::run_command($cmd, outfunc => $code);
+
+ return $IPs;
+}
+
+sub lock_network {
+ my ($code, @param) = @_;
+ my $res = lock_file('/var/lock/pve-network.lck', 10, $code, @param);
+ die $@ if $@;
+ return $res;