Skip to content

Commit 59441be

Browse files
rejain789rejain789
committed
updated validate superset logic
1 parent e3dd026 commit 59441be

File tree

1 file changed

+11
-20
lines changed

1 file changed

+11
-20
lines changed

cns/restserver/internalapi.go

Lines changed: 11 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111
"net"
1212
"net/http"
1313
"net/http/httptest"
14+
"net/netip"
1415
"reflect"
1516
"strconv"
1617
"strings"
@@ -729,36 +730,26 @@ func (service *HTTPRestService) GetIMDSNCs(ctx context.Context) (map[string]stri
729730

730731
// IsCIDRSuperset returns true if newCIDR is a superset of oldCIDR (i.e., all IPs in oldCIDR are contained in newCIDR).
731732
func validateCIDRSuperset(newCIDR, oldCIDR string) error {
732-
_, newNet, err := net.ParseCIDR(newCIDR)
733+
// Parse newCIDR and oldCIDR into netip.Prefix
734+
newPrefix, err := netip.ParsePrefix(newCIDR)
733735
if err != nil {
734736
return errors.Wrapf(err, "parsing newCIDR %q", newCIDR)
735737
}
736-
_, oldNet, err := net.ParseCIDR(oldCIDR)
738+
739+
oldPrefix, err := netip.ParsePrefix(oldCIDR)
737740
if err != nil {
738741
return errors.Wrapf(err, "parsing oldCIDR %q", oldCIDR)
739742
}
740743

741-
// Check that the network family matches (both IPv4 or both IPv6)
742-
if len(newNet.IP) != len(oldNet.IP) {
743-
return errors.New("CIDRs belong to different IP families")
744-
}
745-
746-
// Check that the old network's base IP is contained in the new network
747-
if !newNet.Contains(oldNet.IP) {
748-
return errors.New("old network's base IP is not contained in the new network")
749-
}
750-
751-
// Calculate the last IP in oldNet
752-
oldLastIP := make(net.IP, len(oldNet.IP))
753-
for i := range oldNet.IP {
754-
oldLastIP[i] = oldNet.IP[i] | ^oldNet.Mask[i]
744+
// Condition 1: Check if the new prefix length is smaller (larger range) than the old prefix length
745+
if newPrefix.Bits() >= oldPrefix.Bits() {
746+
return errors.New("newCIDR does not have a larger range than oldCIDR")
755747
}
756748

757-
// Check that the last IP in oldNet is also contained in newNet
758-
if !newNet.Contains(oldLastIP) {
759-
return errors.New("last IP of old network is not contained in new network")
749+
// Condition 2: Check if the base IP of oldCIDR is contained in newCIDR
750+
if !newPrefix.Contains(oldPrefix.Addr()) {
751+
return errors.New("old subnet's base IP is not contained in new subnet")
760752
}
761753

762-
// If both the first and last IPs of oldNet are in newNet, oldNet is fully contained in newNet
763754
return nil
764755
}

0 commit comments

Comments
 (0)