Merge pull request #11 from Netnod/SubsetCIDRs

SubsetCIDRs

Author: flindeberg

README.md

@@ -8,9 +8,10 @@ This is a fork from [EvilSuperstars/go-cidrman](https://github.com/EvilSuperstar
 
 ## Background
 
-*Note:* This project uses [Go Modules](https://blog.golang.org/using-go-modules) making it safe to work with it outside of
-your existing [GOPATH](http://golang.org/doc/code.html#GOPATH). The instructions that follow assume a directory in your
-home directory outside of the standard GOPATH (i.e `$HOME/git/GitHub/Netnod/go-cidrman/`).
+*Note:* This project uses [Go Modules](https://blog.golang.org/using-go-modules) making it
+safe to work with it outside of your existing [GOPATH](http://golang.org/doc/code.html#GOPATH).
+The instructions that follow assume a directory in your home directory
+outside of the standard GOPATH (i.e `$HOME/git/GitHub/Netnod/go-cidrman/`).
 
 # Build instructions
 
@@ -51,7 +52,8 @@ $ make clean
 ## Findings about the original project
 
 A lot of work was done in the `ipv6-experimental` branch in February and December 2017.
-In June 2019, some of the *metafiles* in the `master` branch were created or updated, without changes to the code itself.
+In June 2019, some of the *metafiles* in the `master` branch were created or updated,
+without changes to the code itself.
 
 ## Where are we now?
 
@@ -64,8 +66,11 @@ In April 2022, a `merge-experimental` branch was temporarily used to merge the o
 together with the IPv6 support developed in this fork.
 With IPv6 support now in `main`, the `ipv6-experimental` branch was removed as it's no longer relevant in this fork.
 
-New `RemoveCIDRs` functions were added (in June 2022) to remove/exclude CIDR blocks or IP ranges.
+New `RemoveCIDRs` functions added (in June 2022) to remove/exclude CIDR blocks or IP ranges.
+
+New `SubsetCIDRs` functions added (in September 2022) to select specific CIDR blocks or IP ranges to keep.
+A bit like the oposite of RemoveCIDRs, `SubsetCIDRs` selects what to keep instead of what to remove.
 
 ## Upcoming
 
-New `SubsetCIDRs` functions are planned to select specific CIDR blocks or IP ranges to keep.
+New `DiffCIDRs` functions are planned to compare two lists of CIDR blocks or IP ranges.

ipv4.go

@@ -240,3 +240,70 @@ func remove4(blocks, removes cidrBlock4s) ([]*net.IPNet, error) {
 
 	return merged, nil
 }
+
+// subset4 accepts two lists of IPv4 networks and return a new list of IPNets that exsists/overlaps in both lists.
+// The subset4() will return the smallest possible list of IPNets.
+func subset4(blocks, subsets cidrBlock4s) ([]*net.IPNet, error) {
+	sort.Sort(blocks)
+	sort.Sort(subsets)
+
+	i := 0
+	j := 0
+	for i < len(blocks) {
+		if j >= len(subsets) || blocks[i].last < subsets[j].first {
+			// No more subset blocks to compare with (then no more network blocks to keep), or
+			// network-block entirely before subset-block, remove block and continue with next
+			//
+			// Clear network-block and continue to next
+			blocks[i] = nil
+			i++
+		} else if subsets[j].last < blocks[i].first {
+			// Subset-block entirely before network-block, use next subset-block
+			j++
+		} else if blocks[i].first >= subsets[j].first && blocks[i].last <= subsets[j].last {
+			// Network-block inside subset-block, keep that network-block
+			i++
+		// From here on we have some sort of overlap
+		} else if blocks[i].first >= subsets[j].first {
+			// Network-block starts inside subset-block, adjust end of network-block
+			blocks[i].last = subsets[j].last
+			i++
+			j++
+		} else if blocks[i].last <= subsets[j].last {
+			// Network-block ends inside subset-block, adjust start of network-block
+			blocks[i].first = subsets[j].first
+			i++
+		} else {
+			// Subset-block inside network-block, adjust both start and end of network-block
+			blocks[i].first = subsets[j].first
+			// Check if next subset-block exists and starts with network-block
+			if j < len(subsets) - 1 && subsets[j+1].first < blocks[i].last {
+				// Make room for new network block
+				blocks = append(blocks, nil)
+				copy(blocks[i+1:], blocks[i:])
+				blocks[i] = new(cidrBlock4)
+				// update first half of the network-block (new)
+				blocks[i].first = subsets[j].first
+				// Update second half of the network-block (old)
+				blocks[i+1].first = subsets[j+1].first
+			}
+			// Finaly handle (first) network-block's last address
+			blocks[i].last = subsets[j].last
+			i++
+			j++
+		}
+	}
+
+	var overlaps []*net.IPNet
+	for _, block := range blocks {
+		if block == nil {
+			continue
+		}
+
+		if err := splitRange4(0, 0, block.first, block.last, &overlaps); err != nil {
+			return nil, err
+		}
+	}
+
+	return overlaps, nil
+}

ipv6.go

@@ -254,3 +254,70 @@ func remove6(blocks, removes cidrBlock6s) ([]*net.IPNet, error) {
 
 	return merged, nil
 }
+
+// subset6 accepts two lists of IPv6 networks and return a new list of IPNets that exsists/overlaps in both lists.
+// The subset6() will return the smallest possible list of IPNets.
+func subset6(blocks, subsets cidrBlock6s) ([]*net.IPNet, error) {
+	sort.Sort(blocks)
+	sort.Sort(subsets)
+
+	i := 0
+	j := 0
+	for i < len(blocks) {
+		if j >= len(subsets) || blocks[i].last.Cmp(subsets[j].first) < 0 {
+			// No more subset blocks to compare with (then no more network blocks to keep), or
+			// network-block entirely before subset-block, remove block and continue with next
+			//
+			// Clear network-block and continue to next
+			blocks[i] = nil
+			i++
+		} else if subsets[j].last.Cmp(blocks[i].first) < 0 {
+			// Subset-block entirely before network-block, use next subset-block
+			j++
+		} else if blocks[i].first.Cmp(subsets[j].first) >= 0 && blocks[i].last.Cmp(subsets[j].last) <= 0 {
+			// Network-block inside subset-block, keep that network-block
+			i++
+		// From here on we have some sort of overlap
+		} else if blocks[i].first.Cmp(subsets[j].first) >= 0 {
+			// Network-block starts inside subset-block, adjust end of network-block
+			blocks[i].last = subsets[j].last
+			i++
+			j++
+		} else if blocks[i].last.Cmp(subsets[j].last) <= 0 {
+			// Network-block ends inside subset-block, adjust start of network-block
+			blocks[i].first = subsets[j].first
+			i++
+		} else {
+			// Subset-block inside network-block, adjust both start and end of network-block
+			blocks[i].first = subsets[j].first
+			// Check if next subset-block exists and starts with network-block
+			if j < len(subsets) - 1 && subsets[j+1].first.Cmp(blocks[i].last) < 0 {
+				// Make room for new network block
+				blocks = append(blocks, nil)
+				copy(blocks[i+1:], blocks[i:])
+				blocks[i] = new(cidrBlock6)
+				// update first half of the network-block (new)
+				blocks[i].first = subsets[j].first
+				// Update second half of the network-block (old)
+				blocks[i+1].first = subsets[j+1].first
+			}
+			// Finaly handle (first) network-block's last address
+			blocks[i].last = subsets[j].last
+			i++
+			j++
+		}
+	}
+
+	var overlaps []*net.IPNet
+	for _, block := range blocks {
+		if block == nil {
+			continue
+		}
+
+		if err := splitRange6(big.NewInt(0), 0, block.first, block.last, &overlaps); err != nil {
+			return nil, err
+		}
+	}
+
+	return overlaps, nil
+}

merge.go

@@ -14,7 +14,6 @@ func (nets ipNets) toCIDRs() []string {
 	for _, net := range nets {
 		cidrs = append(cidrs, net.String())
 	}
-
 	return cidrs
 }
 
@@ -29,7 +28,7 @@ func MergeIPNets(nets []*net.IPNet) ([]*net.IPNet, error) {
 	}
 
 	// Split into IPv4 and IPv6 lists.
-	// Merge the list separately and then combine.
+	// Handle the lists separately and then combine.
 	var block4s cidrBlock4s
 	var block6s cidrBlock6s
 	for _, net := range nets {
@@ -42,14 +41,21 @@ func MergeIPNets(nets []*net.IPNet) ([]*net.IPNet, error) {
 		}
 	}
 
-	merged4, err := merge4(block4s)
-	if err != nil {
-		return nil, err
+	var merged4 []*net.IPNet
+	var err error
+	if len(block4s) > 0 {
+		merged4, err = merge4(block4s)
+		if err != nil {
+			return nil, err
+		}
 	}
 
-	merged6, err := merge6(block6s)
-	if err != nil {
-		return nil, err
+	var merged6 []*net.IPNet
+	if len(block6s) > 0 {
+		merged6, err = merge6(block6s)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	merged := append(merged4, merged6...)

remove.go

@@ -33,7 +33,7 @@ func RemoveIPNets(nets, rmnets []*net.IPNet) ([]*net.IPNet, error) {
 	}
 
 	// Split into IPv4 and IPv6 lists.
-	// Merge the list separately and then combine.
+	// Handle the lists separately and then combine.
 	var block4s cidrBlock4s
 	var block6s cidrBlock6s
 	for _, net := range nets {
@@ -57,14 +57,20 @@ func RemoveIPNets(nets, rmnets []*net.IPNet) ([]*net.IPNet, error) {
 		}
 	}
 
-	new4s, err := remove4(block4s, remove4s)
-	if err != nil {
-		return nil, err
+	var new4s []*net.IPNet
+	if len(block4s) > 0 {
+		new4s, err = remove4(block4s, remove4s)
+		if err != nil {
+			return nil, err
+		}
 	}
 
-	new6s, err := remove6(block6s, remove6s)
-	if err != nil {
-		return nil, err
+	var new6s []*net.IPNet
+	if len(block6s) > 0 {
+		new6s, err = remove6(block6s, remove6s)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	merged := append(new4s, new6s...)

remove_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 )
 
-func TestRremoveCIDRs(t *testing.T) {
+func TestRemoveCIDRs(t *testing.T) {
 	type TestCase struct {
 		Input  []string
 		Remove []string