Removed filter that won't be used
This commit is contained in:
parent
a52c2d9adb
commit
007220b82e
@ -1,177 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright 2014 The Netty Project
|
|
||||||
*
|
|
||||||
* The Netty Project licenses this file to you under the Apache License,
|
|
||||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
|
||||||
* with the License. You may obtain a copy of the License at:
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
||||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
||||||
* License for the specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
package dorkbox.network.ipFilter;
|
|
||||||
|
|
||||||
import java.math.BigInteger;
|
|
||||||
import java.net.Inet4Address;
|
|
||||||
import java.net.Inet6Address;
|
|
||||||
import java.net.InetAddress;
|
|
||||||
import java.net.InetSocketAddress;
|
|
||||||
import java.net.UnknownHostException;
|
|
||||||
|
|
||||||
import io.netty.util.internal.ObjectUtil;
|
|
||||||
import io.netty.util.internal.SocketUtils;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Use this class to create rules for {@link RuleBasedIpFilter} that group IP addresses into subnets.
|
|
||||||
* Supports both, IPv4 and IPv6.
|
|
||||||
*/
|
|
||||||
public final class IpSubnetFilterRule implements IpFilterRule {
|
|
||||||
|
|
||||||
private final IpFilterRule filterRule;
|
|
||||||
|
|
||||||
public IpSubnetFilterRule(String ipAddress, int cidrPrefix, IpFilterRuleType ruleType) {
|
|
||||||
try {
|
|
||||||
filterRule = selectFilterRule(SocketUtils.addressByName(ipAddress), cidrPrefix, ruleType);
|
|
||||||
} catch (UnknownHostException e) {
|
|
||||||
throw new IllegalArgumentException("ipAddress", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public IpSubnetFilterRule(InetAddress ipAddress, int cidrPrefix, IpFilterRuleType ruleType) {
|
|
||||||
filterRule = selectFilterRule(ipAddress, cidrPrefix, ruleType);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static
|
|
||||||
IpFilterRule selectFilterRule(InetAddress ipAddress, int cidrPrefix, IpFilterRuleType ruleType) {
|
|
||||||
ObjectUtil.checkNotNull(ipAddress, "ipAddress");
|
|
||||||
ObjectUtil.checkNotNull(ruleType, "ruleType");
|
|
||||||
|
|
||||||
if (ipAddress instanceof Inet4Address) {
|
|
||||||
return new Ip4SubnetFilterRule((Inet4Address) ipAddress, cidrPrefix, ruleType);
|
|
||||||
} else if (ipAddress instanceof Inet6Address) {
|
|
||||||
return new Ip6SubnetFilterRule((Inet6Address) ipAddress, cidrPrefix, ruleType);
|
|
||||||
} else {
|
|
||||||
throw new IllegalArgumentException("Only IPv4 and IPv6 addresses are supported");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean matches(InetSocketAddress remoteAddress) {
|
|
||||||
return filterRule.matches(remoteAddress);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public
|
|
||||||
IpFilterRuleType ruleType() {
|
|
||||||
return filterRule.ruleType();
|
|
||||||
}
|
|
||||||
|
|
||||||
private static final class Ip4SubnetFilterRule implements IpFilterRule {
|
|
||||||
|
|
||||||
private final int networkAddress;
|
|
||||||
private final int subnetMask;
|
|
||||||
private final IpFilterRuleType ruleType;
|
|
||||||
|
|
||||||
private Ip4SubnetFilterRule(Inet4Address ipAddress, int cidrPrefix, IpFilterRuleType ruleType) {
|
|
||||||
if (cidrPrefix < 0 || cidrPrefix > 32) {
|
|
||||||
throw new IllegalArgumentException(String.format("IPv4 requires the subnet prefix to be in range of " +
|
|
||||||
"[0,32]. The prefix was: %d", cidrPrefix));
|
|
||||||
}
|
|
||||||
|
|
||||||
subnetMask = prefixToSubnetMask(cidrPrefix);
|
|
||||||
networkAddress = ipToInt(ipAddress) & subnetMask;
|
|
||||||
this.ruleType = ruleType;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean matches(InetSocketAddress remoteAddress) {
|
|
||||||
final InetAddress inetAddress = remoteAddress.getAddress();
|
|
||||||
if (inetAddress instanceof Inet4Address) {
|
|
||||||
int ipAddress = ipToInt((Inet4Address) inetAddress);
|
|
||||||
return (ipAddress & subnetMask) == networkAddress;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public
|
|
||||||
IpFilterRuleType ruleType() {
|
|
||||||
return ruleType;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static int ipToInt(Inet4Address ipAddress) {
|
|
||||||
byte[] octets = ipAddress.getAddress();
|
|
||||||
assert octets.length == 4;
|
|
||||||
|
|
||||||
return (octets[0] & 0xff) << 24 |
|
|
||||||
(octets[1] & 0xff) << 16 |
|
|
||||||
(octets[2] & 0xff) << 8 |
|
|
||||||
octets[3] & 0xff;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static int prefixToSubnetMask(int cidrPrefix) {
|
|
||||||
/**
|
|
||||||
* Perform the shift on a long and downcast it to int afterwards.
|
|
||||||
* This is necessary to handle a cidrPrefix of zero correctly.
|
|
||||||
* The left shift operator on an int only uses the five least
|
|
||||||
* significant bits of the right-hand operand. Thus -1 << 32 evaluates
|
|
||||||
* to -1 instead of 0. The left shift operator applied on a long
|
|
||||||
* uses the six least significant bits.
|
|
||||||
*
|
|
||||||
* Also see https://github.com/netty/netty/issues/2767
|
|
||||||
*/
|
|
||||||
return (int) ((-1L << 32 - cidrPrefix) & 0xffffffff);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static final class Ip6SubnetFilterRule implements IpFilterRule {
|
|
||||||
|
|
||||||
private static final BigInteger MINUS_ONE = BigInteger.valueOf(-1);
|
|
||||||
|
|
||||||
private final BigInteger networkAddress;
|
|
||||||
private final BigInteger subnetMask;
|
|
||||||
private final IpFilterRuleType ruleType;
|
|
||||||
|
|
||||||
private Ip6SubnetFilterRule(Inet6Address ipAddress, int cidrPrefix, IpFilterRuleType ruleType) {
|
|
||||||
if (cidrPrefix < 0 || cidrPrefix > 128) {
|
|
||||||
throw new IllegalArgumentException(String.format("IPv6 requires the subnet prefix to be in range of " +
|
|
||||||
"[0,128]. The prefix was: %d", cidrPrefix));
|
|
||||||
}
|
|
||||||
|
|
||||||
subnetMask = prefixToSubnetMask(cidrPrefix);
|
|
||||||
networkAddress = ipToInt(ipAddress).and(subnetMask);
|
|
||||||
this.ruleType = ruleType;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean matches(InetSocketAddress remoteAddress) {
|
|
||||||
final InetAddress inetAddress = remoteAddress.getAddress();
|
|
||||||
if (inetAddress instanceof Inet6Address) {
|
|
||||||
BigInteger ipAddress = ipToInt((Inet6Address) inetAddress);
|
|
||||||
return ipAddress.and(subnetMask).equals(networkAddress);
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public
|
|
||||||
IpFilterRuleType ruleType() {
|
|
||||||
return ruleType;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static BigInteger ipToInt(Inet6Address ipAddress) {
|
|
||||||
byte[] octets = ipAddress.getAddress();
|
|
||||||
assert octets.length == 16;
|
|
||||||
|
|
||||||
return new BigInteger(octets);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static BigInteger prefixToSubnetMask(int cidrPrefix) {
|
|
||||||
return MINUS_ONE.shiftLeft(128 - cidrPrefix);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user