add ipv6 ranges

neowu · neowu · commit 6eeab3a2a5b1 · 2025-05-25T11:02:14.000+08:00
Signed-off-by: neo &lt;1100909+neowu@users.noreply.github.com&gt;
diff --git a/core-ng/src/main/java/core/framework/internal/web/http/IPv4Ranges.java b/core-ng/src/main/java/core/framework/internal/web/http/IPv4Ranges.java
@@ -75,16 +75,28 @@ public IPv4Ranges(List<String> cidrs) {
     private int[] comparableIPRanges(String cidr) {
         int index = cidr.indexOf('/');
         if (index <= 0 || index >= cidr.length() - 1) throw new Error("invalid cidr, value=" + cidr);
-        int address = toInteger(address(cidr.substring(0, index)));
+        int address = toInt(address(cidr.substring(0, index)));
         int maskBits = Integer.parseInt(cidr.substring(index + 1));
-        long mask = -1L << (32 - maskBits);
-        int lowestIP = (int) (address & mask);
-        int highestIP = (int) (lowestIP + ~mask);
-        return new int[]{lowestIP ^ Integer.MIN_VALUE, highestIP ^ Integer.MIN_VALUE};
+
+        int rangeStart;
+        int rangeEnd;
+        // refer to https://docs.oracle.com/javase/specs/jls/se22/html/jls-15.html#jls-15.19
+        // If the promoted type of the left-hand operand is int, then only the five lowest-order bits of the right-hand operand are used as the shift distance.
+        // It is as if the right-hand operand were subjected to a bitwise logical AND operator & (§15.22.1) with the mask value 0x1f (0b11111).
+        // The shift distance actually used is therefore always in the range 0 to 31, inclusive.
+        if (maskBits == 0) {
+            rangeStart = 0;
+            rangeEnd = -1;
+        } else {
+            int mask = -1 << (32 - maskBits);
+            rangeStart = address & mask;
+            rangeEnd = rangeStart + ~mask;
+        }
+        return new int[]{toSortable(rangeStart), toSortable(rangeEnd)};
     }
 
-    private int toInteger(byte[] address) {
-        if (address.length > 4) throw new Error("only support ipv4, address=" + Arrays.toString(address));
+    private int toInt(byte[] address) {
+        if (address.length != 4) throw new Error("not ipv4 address, address=" + Arrays.toString(address));
         int result = 0;
         result |= (address[0] & 0xFF) << 24;
         result |= (address[1] & 0xFF) << 16;
@@ -93,15 +105,18 @@ private int toInteger(byte[] address) {
         return result;
     }
 
-    /*
-     * with address ^ Integer.MIN_VALUE, it converts binary presentation to sortable int form
-     * where Integer.MIN_VALUE = 0.0.0.0
-     * and 0 = 128.0.0.0
-     * and Integer.MAX_VALUE = 255.255.255.255
-     * */
     public boolean matches(byte[] address) {
         if (ranges.length == 0) return false;
-        int comparableIP = toInteger(address) ^ Integer.MIN_VALUE;
+        int comparableIP = toSortable(toInt(address));
         return withinRanges(ranges, comparableIP);
     }
+
+    // with address ^ MIN_VALUE, it converts binary presentation to sortable number form (due to java doesn't have unsigned number type)
+    // 0.0.0.0 => MIN_VALUE         (00000000.0.0.0 => 10000000.0.0.0)
+    // 127.255.255.255 => -1        (01111111.11111111.11111111.11111111 => 11111111.11111111.11111111.11111111)
+    // 128.0.0.0 => 0               (10000000.0.0.0 => 00000000.0.0.0)
+    // 255.255.255.255 => MAX_VALUE (11111111.11111111.11111111.11111111 => 01111111.11111111.11111111.11111111)
+    private int toSortable(int value) {
+        return value ^ Integer.MIN_VALUE;
+    }
 }
diff --git a/core-ng/src/main/java/core/framework/internal/web/http/IPv6Ranges.java b/core-ng/src/main/java/core/framework/internal/web/http/IPv6Ranges.java
@@ -0,0 +1,138 @@
+package core.framework.internal.web.http;
+
+import java.util.Arrays;
+import java.util.Comparator;
+import java.util.List;
+
+public class IPv6Ranges {
+    static boolean withinRanges(LongLong[] ranges, LongLong value) {
+        int low = 0;
+        int high = ranges.length - 1;
+
+        if (value.compareTo(ranges[low]) < 0 || value.compareTo(ranges[high]) > 0) return false;
+
+        while (high - low > 1) {
+            int middle = (low + high) >>> 1;
+            LongLong middleValue = ranges[middle];
+
+            int comparison = middleValue.compareTo(value);
+            if (comparison < 0)
+                low = middle;
+            else if (comparison > 0)
+                high = middle;
+            else {
+                return true;
+            }
+        }
+        return low % 2 == 0;
+    }
+
+    static LongLong[] mergeRanges(LongLong[][] ranges) {
+        Arrays.sort(ranges, Comparator.comparing(a -> a[0]));
+        LongLong[] results = new LongLong[ranges.length * 2];
+        int index = 0;
+        for (LongLong[] range : ranges) {
+            if (index > 1 && results[index - 1].compareTo(range[0]) >= 0) {
+                if (results[index - 1].compareTo(range[1]) < 0) {
+                    results[index - 1] = range[1];
+                }
+            } else {
+                results[index++] = range[0];
+                results[index++] = range[1];
+            }
+        }
+        if (index < results.length) {
+            return Arrays.copyOf(results, index);
+        } else {
+            return results;
+        }
+    }
+
+    static LongLong toLongLong(byte[] address) {
+        if (address.length != 16) throw new Error("not ipv6 address, address=" + Arrays.toString(address));
+
+        long high = 0;
+        high |= (long) (address[0] & 0xFF) << 56;
+        high |= (long) (address[1] & 0xFF) << 48;
+        high |= (long) (address[2] & 0xFF) << 40;
+        high |= (long) (address[3] & 0xFF) << 32;
+        high |= (long) (address[4] & 0xFF) << 24;
+        high |= (long) (address[5] & 0xFF) << 16;
+        high |= (long) (address[6] & 0xFF) << 8;
+        high |= address[7] & 0xFF;
+
+        long low = 0;
+        low |= (long) (address[8] & 0xFF) << 56;
+        low |= (long) (address[9] & 0xFF) << 48;
+        low |= (long) (address[10] & 0xFF) << 40;
+        low |= (long) (address[11] & 0xFF) << 32;
+        low |= (long) (address[12] & 0xFF) << 24;
+        low |= (long) (address[13] & 0xFF) << 16;
+        low |= (long) (address[14] & 0xFF) << 8;
+        low |= address[15] & 0xFF;
+
+        return new LongLong(high, low);
+    }
+
+    private final LongLong[] ranges;
+
+    public IPv6Ranges(List<String> cidrs) {
+        LongLong[][] ranges = new LongLong[cidrs.size()][];
+        int index = 0;
+        for (String cidr : cidrs) {
+            LongLong[] range = comparableIPRanges(cidr);
+            ranges[index++] = range;
+        }
+        this.ranges = mergeRanges(ranges);
+    }
+
+    private LongLong[] comparableIPRanges(String cidr) {
+        int index = cidr.indexOf('/');
+        if (index <= 0 || index >= cidr.length() - 1) throw new Error("invalid cidr, value=" + cidr);
+        LongLong address = toLongLong(IPv4Ranges.address(cidr.substring(0, index)));
+        int maskBits = Integer.parseInt(cidr.substring(index + 1));
+
+        LongLong rangeStart;
+        LongLong rangeEnd;
+        if (maskBits == 0) {
+            rangeStart = new LongLong(0L, 0L);
+            rangeEnd = new LongLong(-1L, -1L);
+        } else if (maskBits <= 64) {
+            long highMask = -1L << (64 - maskBits);
+            rangeStart = new LongLong(address.high & highMask, 0L);
+            rangeEnd = new LongLong(rangeStart.high | ~highMask, -1L);
+        } else {
+            long lowMask = -1L << (128 - maskBits);
+            rangeStart = new LongLong(address.high, address.low & lowMask);
+            rangeEnd = new LongLong(address.high, rangeStart.low | ~lowMask);
+        }
+
+        return new LongLong[]{rangeStart.toSortable(), rangeEnd.toSortable()};
+    }
+
+    public boolean matches(byte[] address) {
+        if (ranges.length == 0) return false;
+        if (address.length != 16) return false;
+
+        LongLong comparableIP = toLongLong(address).toSortable();
+        return withinRanges(ranges, comparableIP);
+    }
+
+    // high,low are used to represent a 128-bit IPv6 address as two 64-bit long values
+    record LongLong(long high, long low) implements Comparable<LongLong> {
+        // with address ^ MIN_VALUE, it converts binary presentation to sortable number form (due to java doesn't have unsigned number type)
+        // 0.0.0.0 => MIN_VALUE         (00000000.0.0.0 => 10000000.0.0.0)
+        // 127.255.255.255 => -1        (01111111.11111111.11111111.11111111 => 11111111.11111111.11111111.11111111)
+        // 128.0.0.0 => 0               (10000000.0.0.0 => 00000000.0.0.0)
+        // 255.255.255.255 => MAX_VALUE (11111111.11111111.11111111.11111111 => 01111111.11111111.11111111.11111111)
+        LongLong toSortable() {
+            return new LongLong(high ^ Long.MIN_VALUE, low ^ Long.MIN_VALUE);
+        }
+
+        @Override
+        public int compareTo(LongLong other) {
+            int result = Long.compare(high, other.high);
+            return result != 0 ? result : Long.compare(low, other.low);
+        }
+    }
+}
diff --git a/core-ng/src/test/java/core/framework/internal/web/http/IPv6RangesTest.java b/core-ng/src/test/java/core/framework/internal/web/http/IPv6RangesTest.java
@@ -0,0 +1,95 @@
+package core.framework.internal.web.http;
+
+import org.junit.jupiter.api.Test;
+
+import java.util.List;
+
+import static core.framework.internal.web.http.IPv4Ranges.address;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * @author neo
+ */
+class IPv6RangesTest {
+    @Test
+    void matches() {
+        var ranges = new IPv6Ranges(List.of("2001:db8::/32"));
+        assertTrue(ranges.matches(address("2001:db8::1")));
+        assertTrue(ranges.matches(address("2001:db8::ffff")));
+        assertFalse(ranges.matches(address("2001:db9::1")));
+        assertFalse(ranges.matches(address("2001:db7::1")));
+
+        ranges = new IPv6Ranges(List.of("2001:db8::1/128"));
+        assertTrue(ranges.matches(address("2001:db8::1")));
+        assertFalse(ranges.matches(address("2001:db8::2")));
+        assertFalse(ranges.matches(address("2001:db8::3")));
+
+        ranges = new IPv6Ranges(List.of("2001:db8::/64"));
+        assertTrue(ranges.matches(address("2001:db8::0")));
+        assertTrue(ranges.matches(address("2001:db8::1")));
+        assertTrue(ranges.matches(address("2001:db8::ffff")));
+        assertTrue(ranges.matches(address("2001:db8::ffff:ffff")));
+        assertTrue(ranges.matches(address("2001:0db8::ffff:ffff:ffff:ffff")));
+        assertFalse(ranges.matches(address("2001:db9::0")));
+
+        ranges = new IPv6Ranges(List.of("2001::/16"));
+        assertTrue(ranges.matches(address("2001:db8::0")));
+        assertTrue(ranges.matches(address("2001:db8::ffff")));
+        assertTrue(ranges.matches(address("2001:db9::0")));
+        assertFalse(ranges.matches(address("2002::0")));
+    }
+
+    @Test
+    void matchesMultipleRanges() {
+        var ranges = new IPv6Ranges(List.of("2001:db8::/32", "2001:db9::/32", "2001:dba::/32"));
+        assertTrue(ranges.matches(address("2001:db8::1")));
+        assertTrue(ranges.matches(address("2001:db9::1")));
+        assertTrue(ranges.matches(address("2001:dba::1")));
+        assertFalse(ranges.matches(address("2001:dbb::1")));
+        assertFalse(ranges.matches(address("2001:db7::1")));
+    }
+
+    @Test
+    void matchesWithOverlappingRanges() {
+        var ranges = new IPv6Ranges(List.of("2001:db8::/48", "2001:db8:1::/48"));
+        assertTrue(ranges.matches(address("2001:db8::1")));
+        assertTrue(ranges.matches(address("2001:db8:1::1")));
+        assertFalse(ranges.matches(address("2001:db8:2::1")));
+    }
+
+    @Test
+    void matchesWithEmptyRanges() {
+        var ranges = new IPv6Ranges(List.of());
+        assertFalse(ranges.matches(address("2001:db8::1")));
+    }
+
+    @Test
+    void matchesAll() {
+        var ranges = new IPv6Ranges(List.of("::/0"));
+        assertThat(ranges.matches(address("2001:db8::1"))).isTrue();
+        assertThat(ranges.matches(address("::1"))).isTrue();
+        assertTrue(ranges.matches(address("fe80::1")));
+    }
+
+    @Test
+    void mergeRanges() {
+        IPv6Ranges.LongLong[][] ranges1 = {{longLong(1), longLong(2)},
+            {longLong(4), longLong(5)},
+            {longLong(5), longLong(9)},
+            {longLong(3), longLong(5)},
+            {longLong(10), longLong(20)}};
+        assertThat(IPv6Ranges.mergeRanges(ranges1)).containsExactly(longLong(1), longLong(2), longLong(3), longLong(9), longLong(10), longLong(20));
+
+        IPv6Ranges.LongLong[][] ranges2 = {{longLong(1), longLong(2)},
+            {longLong(10), longLong(20)},
+            {longLong(3), longLong(5)},
+            {longLong(30), longLong(40)}};
+        assertThat(IPv6Ranges.mergeRanges(ranges2)).containsExactly(longLong(1), longLong(2), longLong(3), longLong(5), longLong(10), longLong(20), longLong(30), longLong(40));
+    }
+
+    IPv6Ranges.LongLong longLong(long value) {
+        return new IPv6Ranges.LongLong(value, value);
+    }
+}
