1 /* The 'ipset' data structure and related algorithms in this file were
2 inspired by the 'ipaddr.py' library from Cendio Systems AB. */
12 #define DEFAULT_ALLOC 2
13 #define EXTEND_ALLOC_BY 4
15 struct subnet_list *subnet_list_new(void)
17 struct subnet_list *r;
20 r->alloc=DEFAULT_ALLOC;
21 NEW_ARY(r->list,r->alloc);
25 void subnet_list_free(struct subnet_list *a)
27 if (a->list) free(a->list);
31 static void subnet_list_set_len(struct subnet_list *a, int32_t l)
36 assert(a->alloc < INT_MAX-EXTEND_ALLOC_BY);
37 na=a->alloc+EXTEND_ALLOC_BY;
38 REALLOC_ARY(a->list,na);
44 void subnet_list_append(struct subnet_list *a, uint32_t prefix, int len)
47 assert(a->entries < INT_MAX);
48 subnet_list_set_len(a,a->entries+1);
49 sn=&a->list[a->entries-1];
52 sn->mask=len?(0xffffffff << (32-len)):0;
55 struct ipset *ipset_new(void)
61 r->d=safe_malloc(sizeof(*r->d)*r->a,"ipset_new:data");
65 void ipset_free(struct ipset *a)
72 static void ipset_dump(struct ipset *a, string_t name)
77 for (i=0; i<a->l; i++) {
78 printf("[%08x-%08x] ",a->d[i].a,a->d[i].b);
84 struct ipset *ipset_from_subnet(struct subnet s)
91 r->d[0].b=s.prefix | (~s.mask);
95 struct ipset *ipset_from_subnet_list(struct subnet_list *l)
97 struct ipset *r, *a, *b;
101 for (i=0; i<l->entries; i++) {
102 a=ipset_from_subnet(l->list[i]);
111 static void ipset_set_len(struct ipset *a, int32_t l)
116 assert(a->a < INT_MAX-EXTEND_ALLOC_BY);
117 na=a->a+EXTEND_ALLOC_BY;
118 REALLOC_ARY(a->d,na);
124 static void ipset_append_range(struct ipset *a, struct iprange r)
126 ipset_set_len(a,a->l+1);
130 struct ipset *ipset_union(struct ipset *a, struct ipset *b)
138 while (ia<a->l || ib<b->l) {
141 if (a->d[ia].a < b->d[ib].a)
151 ipset_append_range(c,r);
152 else if (r.a <= c->d[c->l-1].b+1)
153 /* Extends (or is consumed by) the last range */
154 c->d[c->l-1].b=MAX(c->d[c->l-1].b, r.b);
156 ipset_append_range(c,r);
161 struct ipset *ipset_intersection(struct ipset *a, struct ipset *b)
164 struct iprange ra, rb;
170 while (ia<a->l && ib<b->l) {
174 /* The first entry of a doesn't overlap with any part of b */
176 else if (ra.a > rb.b)
177 /* The first entry of b doesn't overlap with any part of a */
180 /* Trim away any leading edges */
182 /* a starts before b */
184 else if (ra.a > rb.a)
185 /* b starts before a */
188 /* Now the ranges start at the same point */
190 /* The ranges are equal */
191 ipset_append_range(r,ra);
194 } else if (ra.b < rb.b) {
195 /* a is the smaller range */
196 ipset_append_range(r,ra);
199 /* y is the smaller range */
200 ipset_append_range(r,rb);
208 struct ipset *ipset_complement(struct ipset *a)
218 for (i=0; i<a->l; i++) {
224 ipset_append_range(r,n);
228 if (pre!=0xffffffff) {
231 ipset_append_range(r,n);
237 struct ipset *ipset_subtract(struct ipset *a, struct ipset *b)
240 c=ipset_complement(b);
241 r=ipset_intersection(a,c);
246 bool_t ipset_is_empty(struct ipset *a)
251 bool_t ipset_contains_addr(struct ipset *a, uint32_t addr)
256 for (i=0; i<a->l; i++) {
258 if (addr>=r.a && addr<=r.b) return True;
259 if (addr<r.a) return False;
264 /* sub is a subset of super if it does not intersect with the complement
266 bool_t ipset_is_subset(struct ipset *super, struct ipset *sub)
268 struct ipset *superc;
272 superc=ipset_complement(super);
273 inter=ipset_intersection(superc,sub);
274 empty=ipset_is_empty(inter);
280 struct subnet_list *ipset_to_subnet_list(struct ipset *is)
282 struct subnet_list *r;
283 int64_t a,b,lobit,himask,lomask;
288 for (i=0; i<is->l; i++) {
297 if ((a & lomask) != 0) {
298 subnet_list_append(r,a,bits);
300 } else if ((b & lomask) != lomask) {
301 subnet_list_append(r,b&himask,bits);
304 lomask = (lomask << 1) | 1;
305 lobit = (lobit << 1);
306 himask = himask ^ lobit;
316 #define IPADDR_NBUFS_SHIFT 4
317 #define IPADDR_NBUFS (1 << IPADDR_NBUFS_SHIFT)
318 #define IPADDR_BUFLEN 20
320 static char *ipaddr_getbuf(void)
322 static int ipaddr_bufnum;
323 static char ipaddr_bufs[IPADDR_NBUFS][IPADDR_BUFLEN];
326 ipaddr_bufnum &= IPADDR_NBUFS-1;
327 return ipaddr_bufs[ipaddr_bufnum];
330 /* The string buffer must be at least 16 bytes long */
331 string_t ipaddr_to_string(uint32_t addr)
341 snprintf(s, 16, "%d.%d.%d.%d", a, b, c, d);
345 string_t subnet_to_string(struct subnet sn)
347 uint32_t addr=sn.prefix;
356 snprintf(s, 19, "%d.%d.%d.%d/%d", a, b, c, d, sn.len);
360 static struct subnet string_item_to_subnet(item_t *i, cstring_t desc,
364 uint32_t a, b, c, d, n;
370 /* i is not guaranteed to be a string */
371 if (i->type!=t_string) {
372 cfgfatal(i->loc,desc,"expecting a string (subnet specification)\n");
376 if (strcmp(in,"default")==0) {
387 /* We expect strings of the form "a.b.c.d[/n]", i.e. the dots are
388 NOT optional. The subnet mask is optional; if missing it is assumed
390 match=sscanf(in,"%u.%u.%u.%u/%u", &a, &b, &c, &d, &n);
392 cfgfatal(i->loc,desc,"\"%s\" is not a valid "
393 "subnet specification\n",in);
398 if (a>255 || b>255 || c>255 || d>255 || n>32) {
399 cfgfatal(i->loc,desc,"\"%s\": range error\n",in);
401 s.prefix=(a<<24)|(b<<16)|(c<<8)|(d);
402 s.mask=n?(~0UL << (32-n)):0;
404 if (s.prefix & ~s.mask) {
405 cfgfatal(i->loc,desc,"\"%s\": prefix not fully contained "
411 uint32_t string_item_to_ipaddr(const item_t *i, cstring_t desc)
416 /* i is not guaranteed to be a string */
417 if (i->type!=t_string) {
418 cfgfatal(i->loc,desc,"expecting a string (IP address)\n");
421 match=sscanf(i->data.string,"%u.%u.%u.%u", &a, &b, &c, &d);
423 cfgfatal(i->loc,desc,"\"%s\" is not a valid "
424 "IP address\n",i->data.string);
426 if (a>255 || b>255 || c>255 || d>255) {
427 cfgfatal(i->loc,desc,"\"%s\": range error\n",i->data.string);
429 return (a<<24)|(b<<16)|(c<<8)|(d);
432 struct ipset *string_list_to_ipset(list_t *l, struct cloc loc,
433 cstring_t module, cstring_t param)
435 struct ipset *r, *n, *isn;
442 for (i=0; i<e; i++) {
444 isn=ipset_from_subnet(string_item_to_subnet(item,param,&inv));
446 n=ipset_subtract(r,isn);
448 n=ipset_union(r,isn);