Added ipfilter rule
This commit is contained in:
parent
ac5ae44cd4
commit
c0a44ebbb4
167
src/dorkbox/network/ipFilter/IpSubnetFilterRule.kt
Normal file
167
src/dorkbox/network/ipFilter/IpSubnetFilterRule.kt
Normal file
|
@ -0,0 +1,167 @@
|
|||
/*
|
||||
* Copyright 2014 The Netty Project
|
||||
*
|
||||
* The Netty Project licenses this file to you under the Apache License,
|
||||
* version 2.0 (the "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at:
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package dorkbox.network.ipFilter
|
||||
|
||||
import dorkbox.netUtil.IPv4
|
||||
import dorkbox.netUtil.SocketUtils
|
||||
import java.math.BigInteger
|
||||
import java.net.*
|
||||
|
||||
/**
|
||||
* Use this class to create rules for [RuleBasedIpFilter] that group IP addresses into subnets.
|
||||
* Supports both, IPv4 and IPv6.
|
||||
*/
|
||||
class IpSubnetFilterRule : IpFilterRule {
|
||||
companion object {
|
||||
internal val fake = IpSubnetFilterRule()
|
||||
|
||||
private fun selectFilterRule(ipAddress: InetAddress, cidrPrefix: Int, ruleType: IpFilterRuleType): IpFilterRule {
|
||||
return when (ipAddress) {
|
||||
is Inet4Address -> {
|
||||
Ip4SubnetFilterRule(ipAddress, cidrPrefix, ruleType)
|
||||
}
|
||||
is Inet6Address -> {
|
||||
Ip6SubnetFilterRule(ipAddress, cidrPrefix, ruleType)
|
||||
}
|
||||
else -> {
|
||||
throw IllegalArgumentException("Only IPv4 and IPv6 addresses are supported")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private val filterRule: IpFilterRule
|
||||
|
||||
private constructor() {
|
||||
filterRule = FakeSubnetFilterRule()
|
||||
}
|
||||
|
||||
constructor(ipAddress: String, cidrPrefix: Int, ruleType: IpFilterRuleType) {
|
||||
filterRule = try {
|
||||
selectFilterRule(SocketUtils.addressByName(ipAddress), cidrPrefix, ruleType)
|
||||
} catch (e: UnknownHostException) {
|
||||
throw IllegalArgumentException("ipAddress", e)
|
||||
}
|
||||
}
|
||||
|
||||
constructor(ipAddress: InetAddress, cidrPrefix: Int, ruleType: IpFilterRuleType) {
|
||||
filterRule = selectFilterRule(ipAddress, cidrPrefix, ruleType)
|
||||
}
|
||||
|
||||
override fun matches(remoteAddress: InetSocketAddress): Boolean {
|
||||
return filterRule.matches(remoteAddress)
|
||||
}
|
||||
|
||||
override fun ruleType(): IpFilterRuleType {
|
||||
return filterRule.ruleType()
|
||||
}
|
||||
|
||||
private class FakeSubnetFilterRule() : IpFilterRule {
|
||||
override fun matches(remoteAddress: InetSocketAddress?): Boolean {
|
||||
return true
|
||||
}
|
||||
|
||||
override fun ruleType(): IpFilterRuleType {
|
||||
return IpFilterRuleType.ACCEPT
|
||||
}
|
||||
}
|
||||
|
||||
private class Ip4SubnetFilterRule(ipAddress: Inet4Address, cidrPrefix: Int, ruleType: IpFilterRuleType) : IpFilterRule {
|
||||
companion object {
|
||||
private fun prefixToSubnetMask(cidrPrefix: Int): Int {
|
||||
/**
|
||||
* Perform the shift on a long and downcast it to int afterwards.
|
||||
* This is necessary to handle a cidrPrefix of zero correctly.
|
||||
* The left shift operator on an int only uses the five least
|
||||
* significant bits of the right-hand operand. Thus -1 << 32 evaluates
|
||||
* to -1 instead of 0. The left shift operator applied on a long
|
||||
* uses the six least significant bits.
|
||||
*
|
||||
* Also see https://github.com/netty/netty/issues/2767
|
||||
*/
|
||||
return (-1L shl 32 - cidrPrefix and -0x1).toInt()
|
||||
}
|
||||
}
|
||||
|
||||
private val networkAddress: Int
|
||||
private val subnetMask: Int
|
||||
private val ruleType: IpFilterRuleType
|
||||
|
||||
init {
|
||||
require(cidrPrefix in 0..32) { "IPv4 requires the subnet prefix to be in range of [0,32]. The prefix was: $cidrPrefix" }
|
||||
|
||||
subnetMask = prefixToSubnetMask(cidrPrefix)
|
||||
networkAddress = IPv4.toInt(ipAddress.address) and subnetMask
|
||||
this.ruleType = ruleType
|
||||
}
|
||||
|
||||
override fun matches(remoteAddress: InetSocketAddress): Boolean {
|
||||
val inetAddress = remoteAddress.address
|
||||
if (inetAddress is Inet4Address) {
|
||||
val ipAddress = IPv4.toInt(inetAddress.address)
|
||||
return ipAddress and subnetMask == networkAddress
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
override fun ruleType(): IpFilterRuleType {
|
||||
return ruleType
|
||||
}
|
||||
}
|
||||
|
||||
private class Ip6SubnetFilterRule(ipAddress: Inet6Address, cidrPrefix: Int, ruleType: IpFilterRuleType) : IpFilterRule {
|
||||
companion object {
|
||||
private val MINUS_ONE = BigInteger.valueOf(-1)
|
||||
|
||||
private fun ipToInt(ipAddress: Inet6Address): BigInteger {
|
||||
val octets = ipAddress.address
|
||||
assert(octets.size == 16)
|
||||
return BigInteger(octets)
|
||||
}
|
||||
|
||||
private fun prefixToSubnetMask(cidrPrefix: Int): BigInteger {
|
||||
return MINUS_ONE.shiftLeft(128 - cidrPrefix)
|
||||
}
|
||||
}
|
||||
|
||||
private val networkAddress: BigInteger
|
||||
private val subnetMask: BigInteger
|
||||
private val ruleType: IpFilterRuleType
|
||||
|
||||
init {
|
||||
require(!(cidrPrefix < 0 || cidrPrefix > 128)) {
|
||||
String.format("IPv6 requires the subnet prefix to be in range of " +
|
||||
"[0,128]. The prefix was: %d", cidrPrefix)
|
||||
}
|
||||
subnetMask = prefixToSubnetMask(cidrPrefix)
|
||||
networkAddress = ipToInt(ipAddress).and(subnetMask)
|
||||
this.ruleType = ruleType
|
||||
}
|
||||
|
||||
override fun matches(remoteAddress: InetSocketAddress): Boolean {
|
||||
val inetAddress = remoteAddress.address
|
||||
if (inetAddress is Inet6Address) {
|
||||
val ipAddress = ipToInt(inetAddress)
|
||||
return ipAddress.and(subnetMask) == networkAddress
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
override fun ruleType(): IpFilterRuleType {
|
||||
return ruleType
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user