libswoc: update maxmind plugin to IPSpace.

Author: SolidWallOfCode

include/tscpp/util/ts_ip.h

@@ -0,0 +1,271 @@
+/** @file
+
+  IP address handling support.
+
+  @section license License
+
+  Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements.
+  See the NOTICE file distributed with this work for additional information regarding copyright
+  ownership.  The ASF licenses this file to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance with the License.  You may obtain a
+  copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software distributed under the License
+  is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+  or implied. See the License for the specific language governing permissions and limitations under
+  the License.
+*/
+
+#pragma once
+
+#include <tuple>
+
+#include "swoc/swoc_ip.h"
+
+namespace ts
+{
+/// Pair of addresses, each optional.
+/// Used in situations where both an IPv4 and IPv6 may be needed.
+class IPAddrPair
+{
+public:
+  using self_type = IPAddrPair;
+
+  IPAddrPair() = default;
+  bool
+  has_value() const
+  {
+    return _ip4.has_value() || _ip6.has_value();
+  }
+  bool
+  has_ip4() const
+  {
+    return _ip4.has_value();
+  }
+  bool
+  has_ip6() const
+  {
+    return _ip6.has_value();
+  }
+
+  swoc::IP4Addr const &
+  ip4() const
+  {
+    return _ip4.value();
+  }
+  swoc::IP6Addr const &
+  ip6() const
+  {
+    return _ip6.value();
+  }
+
+  self_type &
+  operator=(swoc::IP4Addr const &addr)
+  {
+    _ip4 = addr;
+    return *this;
+  }
+  self_type &
+  operator=(swoc::IP6Addr const &addr)
+  {
+    _ip6 = addr;
+    return *this;
+  }
+  self_type &
+  operator=(swoc::IPAddr const &addr)
+  {
+    if (addr.is_ip4()) {
+      _ip4 = addr.ip4();
+    } else if (addr.is_ip6()) {
+      _ip6 = addr.ip6();
+    }
+    return *this;
+  }
+
+protected:
+  std::optional<swoc::IP4Addr> _ip4;
+  std::optional<swoc::IP6Addr> _ip6;
+};
+
+/// Pair of services, each optional.
+/// Used in situations where both an IPv4 and IPv6 may be needed.
+class IPSrvPair
+{
+public:
+  using self_type = IPSrvPair;
+
+  IPSrvPair() = default;
+  IPSrvPair(swoc::IP4Addr const &a4, swoc::IP6Addr const &a6, in_port_t port = 0)
+    : _ip4(swoc::IP4Srv(a4, port)), _ip6(swoc::IP6Srv(a6, port))
+  {
+  }
+  IPSrvPair(IPAddrPair const &a, in_port_t port = 0)
+  {
+    if (a.has_ip4())
+      _ip4 = swoc::IP4Srv(a.ip4(), port);
+    if (a.has_ip6())
+      _ip6 = swoc::IP6Srv(a.ip6(), port);
+  }
+
+  bool
+  has_value() const
+  {
+    return _ip4.has_value() || _ip6.has_value();
+  }
+  bool
+  has_ip4() const
+  {
+    return _ip4.has_value();
+  }
+  bool
+  has_ip6() const
+  {
+    return _ip6.has_value();
+  }
+
+  swoc::IP4Srv const &
+  ip4() const
+  {
+    return _ip4.value();
+  }
+  swoc::IP6Srv const &
+  ip6() const
+  {
+    return _ip6.value();
+  }
+
+  self_type &
+  operator=(swoc::IP4Srv const &srv)
+  {
+    _ip4 = srv;
+    return *this;
+  }
+  self_type &
+  operator=(swoc::IP6Srv const &srv)
+  {
+    _ip6 = srv;
+    return *this;
+  }
+  self_type &
+  operator=(swoc::IPSrv const &srv)
+  {
+    if (srv.is_ip4()) {
+      _ip4 = srv.ip4();
+    } else if (srv.is_ip6()) {
+      _ip6 = srv.ip6();
+    }
+    return *this;
+  }
+
+protected:
+  std::optional<swoc::IP4Srv> _ip4;
+  std::optional<swoc::IP6Srv> _ip6;
+};
+
+/** Get the best address info for @a name.
+
+ * @param name Address / host.
+ * @param ip4 [out] Best IPv4 result, if any.
+ * @param ip6 [out] Best IPv6 result, if any.
+ * @return @c true if an address was found, @c false if not.
+ *
+ * If @a name is a valid IP address it is interpreted as such. Otherwise it is presumed
+ * to be a host name suitable for resolution using @c getaddrinfo. The "best" address is
+ * selected by ranking the types of addresss in the order
+ *
+ * - Global, multi-cast, non-routable (private), link local, loopback
+ *
+ * For a host name, both IPv4 and IPv6 addresses may be returned. Each is judged
+ * independently.
+ *
+ * Either @a ip4 or @ip6 can be @c nullptr in which that result is discarded.
+ *
+ * @note If @name is known or required to be an IP address, use a standard address conversion
+ * instead, e.g. @c IPAddr::load .
+ *
+ * @see getaddrinfo
+ */
+IPAddrPair getbestaddrinfo(swoc::TextView name);
+
+/** Get the best address info for @a name.
+
+ * @param name Address / host.
+ * @param ip4 [out] Best IPv4 result, if any.
+ * @param ip6 [out] Best IPv6 result, if any.
+ * @return @c true if an address was found, @c false if not.
+ *
+ * If @a name is a valid IP address it is interpreted as such. Otherwise it is presumed
+ * to be a host name suitable for resolution using @c getaddrinfo. The "best" address is
+ * selected by ranking the types of addresss in the order
+ *
+ * - Global, multi-cast, non-routable (private), link local, loopback
+ *
+ * For a host name, both IPv4 and IPv6 addresses may be returned. Each is judged
+ * independently.
+ *
+ * Either @a ip4 or @ip6 can be @c nullptr in which that result is discarded.
+ *
+ * @note If @name is known or required to be an IP address, use a standard address conversion
+ * instead, e.g. @c IPAddr::load .
+ *
+ * @see getaddrinfo
+ */
+IPSrvPair getbestsrvinfo(swoc::TextView name);
+
+/// An IPSpace that only tracks the presence of IP addresses.
+class IPAddrSet
+{
+  using self_type = IPAddrSet;
+
+public:
+  /// Default construct empty set.
+  IPAddrSet() = default;
+
+  /** Add addresses to the set.
+   *
+   * @param r Range of addresses to add.
+   * @return @a this
+   */
+  self_type &
+  fill(swoc::IPRange const &r)
+  {
+    _addrs.fill(r, MARK);
+    return *this;
+  }
+
+  /// @return @c true if @a addr is in the set.
+  bool
+  contains(swoc::IPAddr const &addr) const
+  {
+    return _addrs.find(addr) != _addrs.end();
+  }
+
+  /// @return Number of ranges in the set.
+  size_t
+  count() const
+  {
+    return _addrs.count();
+  }
+
+protected:
+  /// Empty struct to use for payload.
+  static inline constexpr struct Mark {
+    using self_type = Mark;
+    bool
+    operator==(self_type const &that)
+    {
+      return true;
+    }
+    bool
+    operator!=(self_type const &that)
+    {
+      return false;
+    }
+  } MARK{};
+  /// The address set.
+  swoc::IPSpace<Mark> _addrs;
+};
+
+} // namespace ts

lib/swoc/include/swoc/IPRange.h

@@ -373,6 +373,9 @@ class IPRange {
   /// @return The IPv6 range.
   IP6Range const & ip6() const { return _range._ip6; }
 
+  /// @return The range family.
+  sa_family_t family() const { return _family; }
+
   /** Compute the mask for @a this as a network.
    *
    * @return If @a this is a network, the mask for that network. Otherwise an invalid mask.

plugins/experimental/maxmind_acl/mmdb.cc

@@ -242,10 +242,10 @@ Acl::loaddeny(const YAML::Node &denyNode)
         if (ip.IsSequence()) {
           // Do IP Deny processing
           for (auto &&i : ip) {
-            IpAddr min, max;
-            ats_ip_range_parse(std::string_view{i.as<std::string>()}, min, max);
-            deny_ip_map.fill(min, max, nullptr);
-            TSDebug(PLUGIN_NAME, "loading ip: valid: %d, fam %d ", min.isValid(), min.family());
+            if (swoc::IPRange r; r.load(i.Scalar())) {
+              deny_ip_map.fill(r);
+              TSDebug(PLUGIN_NAME, "Denying ip fam %d ", r.family());
+            }
           }
         } else {
           TSDebug(PLUGIN_NAME, "Invalid IP deny list yaml");
@@ -323,10 +323,10 @@ Acl::loadallow(const YAML::Node &allowNode)
         if (ip.IsSequence()) {
           // Do IP Allow processing
           for (auto &&i : ip) {
-            IpAddr min, max;
-            ats_ip_range_parse(std::string_view{i.as<std::string>()}, min, max);
-            allow_ip_map.fill(min, max, nullptr);
-            TSDebug(PLUGIN_NAME, "loading ip: valid: %d, fam %d ", min.isValid(), min.family());
+            if (swoc::IPRange r; r.load(i.Scalar())) {
+              allow_ip_map.fill(r);
+              TSDebug(PLUGIN_NAME, "loading ip: valid: fam %d ", r.family());
+            }
           }
         } else {
           TSDebug(PLUGIN_NAME, "Invalid IP allow list yaml");
@@ -749,12 +749,13 @@ Acl::eval_ip(const sockaddr *sock) const
   }
 #endif
 
-  if (allow_ip_map.contains(sock, nullptr)) {
+  swoc::IPAddr addr(sock);
+  if (allow_ip_map.contains(addr)) {
     // Allow map has this ip, we know we want to allow it
     return ALLOW_IP;
   }
 
-  if (deny_ip_map.contains(sock, nullptr)) {
+  if (deny_ip_map.contains(addr)) {
     // Deny map has this ip, explicitly deny
     return DENY_IP;
   }

plugins/experimental/maxmind_acl/mmdb.h

@@ -36,7 +36,7 @@
 #include <unistd.h>
 #include <iterator>
 #include <maxminddb.h>
-#include "tscore/IpMap.h"
+#include "tscpp/util/ts_ip.h"
 
 #ifdef HAVE_PCRE_PCRE_H
 #include <pcre/pcre.h>
@@ -91,8 +91,8 @@ class Acl
   std::unordered_map<std::string, std::vector<plugin_regex>> allow_regex;
   std::unordered_map<std::string, std::vector<plugin_regex>> deny_regex;
 
-  IpMap allow_ip_map;
-  IpMap deny_ip_map;
+  ts::IPAddrSet allow_ip_map;
+  ts::IPAddrSet deny_ip_map;
 
   // Anonymous blocking default to off
   bool _anonymous_ip      = false;