WIF - Utils - Introduce IP prefix

plnyrich · plnyrich · commit 64b30cee6a22 · 2024-02-29T11:47:52.000+01:00
TG-36
diff --git a/include/wif/utils/ipPrefix.hpp b/include/wif/utils/ipPrefix.hpp
@@ -0,0 +1,117 @@
+/**
+ * @file
+ * @author Richard Plny <plnyrich@fit.cvut.cz>
+ * @brief IP prefix interface
+ * Based on:
+ * https://github.com/CESNET/nemea-modules-ng/blob/main/modules/whitelist/src/ipAddressPrefix.hpp
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#pragma once
+
+#include "wif/storage/ipAddress.hpp"
+
+namespace WIF {
+
+/**
+ * @brief Class representing an IP prefix (or an IP subnet)
+ */
+class IpPrefix {
+public:
+	/**
+	 * @brief Max bit lenth of IPv4 prefix
+	 */
+	static constexpr size_t IPV4_MAX_PREFIX_LENGTH = 32;
+
+	/**
+	 * @brief Max bit lenth of IPv6 prefix
+	 */
+	static constexpr size_t IPV6_MAX_PREFIX_LENGTH = 128;
+
+	/**
+	 * @brief Construct a new IP Prefix object representing just 1 IP address
+	 *
+	 * @param address single IP address
+	 */
+	IpPrefix(const IpAddress& address);
+
+	/**
+	 * @brief Construct a new IP Prefix object
+	 * @param addressStr string representation of IP prefix
+	 * @param prefixLength number of bits of the prefix
+	 */
+	IpPrefix(const std::string& addressStr, size_t prefixLength);
+
+	/**
+	 * @brief Construct a new IP Prefix object
+	 * @param address IP prefix
+	 * @param prefixLength number of bits of the prefix
+	 */
+	IpPrefix(const IpAddress& address, size_t prefixLength);
+
+	/**
+	 * @brief Getter for the number of bits used by prefix
+	 * @return size_t number of bits of the prefix
+	 */
+	size_t prefixLength() const noexcept { return m_prefixLength; }
+
+	/**
+	 * @brief Getter for number of IP addresses in the prefix
+	 * @return size_t number of IP addresses in the prefix
+	 */
+	size_t size() const noexcept;
+
+	/**
+	 * @brief Getter for the prefix address
+	 * @return const IpAddress& prefix address
+	 */
+	const IpAddress& getPrefix() const noexcept { return m_prefixAddress; }
+
+	/**
+	 * @brief Getter for the prefix mask
+	 * @return const IpAddress& prefix mask
+	 */
+	const IpAddress& getMask() const noexcept { return m_prefixMask; }
+
+	/**
+	 * @brief Match IP prefix and check if IP address in part of the prefix
+	 * @param ipAddress to be matched
+	 * @return true if ipAddress is in this prefix
+	 * @return false otherwise
+	 */
+	bool match(const IpAddress& ipAddress) const noexcept;
+
+	/**
+	 * @brief Comparison operator <
+	 * @param l left operand
+	 * @param r right operand
+	 * @return bool true if l is less than r
+	 */
+	friend bool operator<(const IpPrefix& l, const IpPrefix& r);
+
+	/**
+	 * @brief Comparison operator <
+	 * Used for binary search of IP address in a vector of IP prefixes
+	 * @param l left operand
+	 * @param r right operand
+	 * @return bool true if l is less than r
+	 */
+	friend bool operator<(const IpAddress& l, const IpPrefix& r);
+
+	/**
+	 * @brief Comparison operator <
+	 * Used for binary search of IP address in a vector of IP prefixes
+	 * @param l left operand
+	 * @param r right operand
+	 * @return bool true if l is less than r
+	 */
+	friend bool operator<(const IpPrefix& l, const IpAddress& r);
+
+private:
+	IpAddress m_prefixAddress;
+	IpAddress m_prefixMask;
+	size_t m_prefixLength;
+};
+
+} // namespace WIF
diff --git a/src/wif/CMakeLists.txt b/src/wif/CMakeLists.txt
@@ -10,6 +10,7 @@ set(LIBWIF_SOURCES
 	regex/regexPattern.cpp
 	storage/flowFeatures.cpp
 	storage/ipAddress.cpp
+	utils/ipPrefix.cpp
 )
 
 set(LIBWIF_LIBS
diff --git a/src/wif/utils/ipPrefix.cpp b/src/wif/utils/ipPrefix.cpp
@@ -0,0 +1,114 @@
+/**
+ * @file
+ * @author Richard Plny <plnyrich@fit.cvut.cz>
+ * @brief IP prefix implementation
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "wif/utils/ipPrefix.hpp"
+
+#include <climits>
+#include <cmath>
+#include <cstdint>
+#include <limits>
+
+namespace {
+
+void validatePrefixLength(size_t prefixLength, size_t maxPrefixLength)
+{
+	if (prefixLength > maxPrefixLength) {
+		throw std::invalid_argument(
+			"IP prefix is too long. Given: " + std::to_string(prefixLength)
+			+ ", max: " + std::to_string(maxPrefixLength));
+	}
+}
+
+WIF::IpAddress createIpV6MaskFromPrefix(size_t prefixLength)
+{
+	uint8_t prefixBytes = prefixLength / 8;
+	uint8_t prefixBits = prefixLength % 8;
+	uint8_t data[16];
+
+	for (unsigned bytesIndex = 0; bytesIndex < prefixBytes; ++bytesIndex) {
+		data[bytesIndex] = UINT8_MAX;
+	}
+
+	if (prefixBits != 0U) {
+		data[prefixBytes] = UINT8_MAX << (CHAR_BIT - prefixBits);
+	}
+
+	return WIF::IpAddress(data, WIF::IpAddress::IpVersion::V6);
+}
+
+} // namespace
+
+namespace WIF {
+
+IpPrefix::IpPrefix(const IpAddress& address)
+	: IpPrefix(address, address.isIPv4() ? IPV4_MAX_PREFIX_LENGTH : IPV6_MAX_PREFIX_LENGTH)
+{
+}
+
+IpPrefix::IpPrefix(const std::string& addressStr, size_t prefixLength)
+	: IpPrefix(IpAddress(addressStr), prefixLength)
+{
+}
+
+IpPrefix::IpPrefix(const IpAddress& address, size_t prefixLength)
+	: m_prefixLength(prefixLength)
+{
+	if (address.isIPv4()) {
+		validatePrefixLength(prefixLength, IPV4_MAX_PREFIX_LENGTH);
+		size_t shift = IPV4_MAX_PREFIX_LENGTH - prefixLength;
+		m_prefixMask = IpAddress(std::numeric_limits<uint32_t>::max() << shift);
+	} else {
+		validatePrefixLength(prefixLength, IPV6_MAX_PREFIX_LENGTH);
+		m_prefixMask = createIpV6MaskFromPrefix(prefixLength);
+	}
+	m_prefixAddress = address & m_prefixMask;
+}
+
+size_t IpPrefix::size() const noexcept
+{
+	if (m_prefixAddress.isIPv4()) {
+		return std::pow(2, IPV4_MAX_PREFIX_LENGTH - m_prefixLength);
+	} else {
+		return std::pow(2, IPV6_MAX_PREFIX_LENGTH - m_prefixLength);
+	}
+}
+
+bool IpPrefix::match(const IpAddress& ipAddress) const noexcept
+{
+	if (ipAddress.getVersion() != m_prefixAddress.getVersion()) {
+		return false;
+	}
+	return (ipAddress & m_prefixMask) == m_prefixAddress;
+}
+
+bool operator<(const IpPrefix& l, const IpPrefix& r)
+{
+	// IPv4 is before IPv6
+	if (l.m_prefixAddress.isIPv4() && r.m_prefixAddress.isIPv6()) {
+		return true;
+	} else if (l.m_prefixAddress.isIPv6() && r.m_prefixAddress.isIPv4()) {
+		return false;
+	} // Now we are sure that both prefixes have the same IP version
+
+	if (l.m_prefixAddress == r.m_prefixAddress) {
+		return l.m_prefixLength < r.m_prefixLength;
+	}
+	return l.m_prefixAddress < r.m_prefixAddress;
+}
+
+bool operator<(const IpAddress& l, const IpPrefix& r)
+{
+	return l < r.m_prefixAddress;
+}
+
+bool operator<(const IpPrefix& l, const IpAddress& r)
+{
+	return l.m_prefixAddress < r;
+}
+
+} // namespace WIF

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ set(LIBWIF_SOURCES`
`10`	`10`	`regex/regexPattern.cpp`
`11`	`11`	`storage/flowFeatures.cpp`
`12`	`12`	`storage/ipAddress.cpp`
	`13`	`+ utils/ipPrefix.cpp`
`13`	`14`	`)`
`14`	`15`
`15`	`16`	`set(LIBWIF_LIBS`