From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH proxmox-ve-rs v3 03/24] firewall: add ip range types
Date: Tue, 12 Nov 2024 13:25:41 +0100 [thread overview]
Message-ID: <20241112122602.88598-4-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20241112122602.88598-1-s.hanreich@proxmox.com>
Currently we are using tuples to represent IP ranges which is
suboptimal. Validation logic and invariant checking needs to happen at
every site using the IP range rather than having a unified struct for
enforcing those invariants.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
.../src/firewall/types/address.rs | 230 +++++++++++++++++-
1 file changed, 228 insertions(+), 2 deletions(-)
diff --git a/proxmox-ve-config/src/firewall/types/address.rs b/proxmox-ve-config/src/firewall/types/address.rs
index e48ac1b..f7bde51 100644
--- a/proxmox-ve-config/src/firewall/types/address.rs
+++ b/proxmox-ve-config/src/firewall/types/address.rs
@@ -1,9 +1,9 @@
-use std::fmt;
+use std::fmt::{self, Display};
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
use std::ops::Deref;
use anyhow::{bail, format_err, Error};
-use serde_with::DeserializeFromStr;
+use serde_with::{DeserializeFromStr, SerializeDisplay};
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub enum Family {
@@ -239,6 +239,202 @@ impl<T: Into<Ipv6Addr>> From<T> for Ipv6Cidr {
}
}
+#[derive(Clone, Copy, Debug, PartialOrd, Ord, PartialEq, Eq, Hash)]
+pub enum IpRangeError {
+ MismatchedFamilies,
+ StartGreaterThanLast,
+ InvalidFormat,
+}
+
+impl std::error::Error for IpRangeError {}
+
+impl Display for IpRangeError {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ f.write_str(match self {
+ IpRangeError::MismatchedFamilies => "mismatched ip address families",
+ IpRangeError::StartGreaterThanLast => "start is greater than last",
+ IpRangeError::InvalidFormat => "invalid ip range format",
+ })
+ }
+}
+
+/// Represents a range of IPv4 or IPv6 addresses.
+///
+/// For more information see [`AddressRange`]
+#[derive(Clone, Copy, Debug, PartialEq, Eq, SerializeDisplay, DeserializeFromStr)]
+pub enum IpRange {
+ V4(AddressRange<Ipv4Addr>),
+ V6(AddressRange<Ipv6Addr>),
+}
+
+impl IpRange {
+ /// Returns the family of the IpRange.
+ pub fn family(&self) -> Family {
+ match self {
+ IpRange::V4(_) => Family::V4,
+ IpRange::V6(_) => Family::V6,
+ }
+ }
+
+ /// Creates a new [`IpRange`] from two [`IpAddr`].
+ ///
+ /// # Errors
+ ///
+ /// This function will return an error if start and last IP address are not from the same family.
+ pub fn new(start: impl Into<IpAddr>, last: impl Into<IpAddr>) -> Result<Self, IpRangeError> {
+ match (start.into(), last.into()) {
+ (IpAddr::V4(start), IpAddr::V4(last)) => Self::new_v4(start, last),
+ (IpAddr::V6(start), IpAddr::V6(last)) => Self::new_v6(start, last),
+ _ => Err(IpRangeError::MismatchedFamilies),
+ }
+ }
+
+ /// construct a new Ipv4 Range
+ pub fn new_v4(
+ start: impl Into<Ipv4Addr>,
+ last: impl Into<Ipv4Addr>,
+ ) -> Result<Self, IpRangeError> {
+ Ok(IpRange::V4(AddressRange::new_v4(start, last)?))
+ }
+
+ pub fn new_v6(
+ start: impl Into<Ipv6Addr>,
+ last: impl Into<Ipv6Addr>,
+ ) -> Result<Self, IpRangeError> {
+ Ok(IpRange::V6(AddressRange::new_v6(start, last)?))
+ }
+}
+
+impl std::str::FromStr for IpRange {
+ type Err = IpRangeError;
+
+ fn from_str(s: &str) -> Result<Self, Self::Err> {
+ if let Ok(range) = s.parse() {
+ return Ok(IpRange::V4(range));
+ }
+
+ if let Ok(range) = s.parse() {
+ return Ok(IpRange::V6(range));
+ }
+
+ Err(IpRangeError::InvalidFormat)
+ }
+}
+
+impl fmt::Display for IpRange {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ match self {
+ IpRange::V4(range) => range.fmt(f),
+ IpRange::V6(range) => range.fmt(f),
+ }
+ }
+}
+
+/// Represents a range of IP addresses from start to last.
+///
+/// This type is for encapsulation purposes for the [`IpRange`] enum and should be instantiated via
+/// that enum.
+///
+/// # Invariants
+///
+/// * start and last have the same IP address family
+/// * start is less than or equal to last
+///
+/// # Textual representation
+///
+/// Two IP addresses separated by a hyphen, e.g.: `127.0.0.1-127.0.0.255`
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+pub struct AddressRange<T> {
+ start: T,
+ last: T,
+}
+
+impl AddressRange<Ipv4Addr> {
+ pub(crate) fn new_v4(
+ start: impl Into<Ipv4Addr>,
+ last: impl Into<Ipv4Addr>,
+ ) -> Result<AddressRange<Ipv4Addr>, IpRangeError> {
+ let (start, last) = (start.into(), last.into());
+
+ if start > last {
+ return Err(IpRangeError::StartGreaterThanLast);
+ }
+
+ Ok(Self { start, last })
+ }
+}
+
+impl AddressRange<Ipv6Addr> {
+ pub(crate) fn new_v6(
+ start: impl Into<Ipv6Addr>,
+ last: impl Into<Ipv6Addr>,
+ ) -> Result<AddressRange<Ipv6Addr>, IpRangeError> {
+ let (start, last) = (start.into(), last.into());
+
+ if start > last {
+ return Err(IpRangeError::StartGreaterThanLast);
+ }
+
+ Ok(Self { start, last })
+ }
+}
+
+impl<T> AddressRange<T> {
+ pub fn start(&self) -> &T {
+ &self.start
+ }
+
+ pub fn last(&self) -> &T {
+ &self.last
+ }
+}
+
+impl std::str::FromStr for AddressRange<Ipv4Addr> {
+ type Err = IpRangeError;
+
+ fn from_str(s: &str) -> Result<Self, Self::Err> {
+ if let Some((start, last)) = s.split_once('-') {
+ let start_address = start
+ .parse::<Ipv4Addr>()
+ .map_err(|_| IpRangeError::InvalidFormat)?;
+
+ let last_address = last
+ .parse::<Ipv4Addr>()
+ .map_err(|_| IpRangeError::InvalidFormat)?;
+
+ return Self::new_v4(start_address, last_address);
+ }
+
+ Err(IpRangeError::InvalidFormat)
+ }
+}
+
+impl std::str::FromStr for AddressRange<Ipv6Addr> {
+ type Err = IpRangeError;
+
+ fn from_str(s: &str) -> Result<Self, Self::Err> {
+ if let Some((start, last)) = s.split_once('-') {
+ let start_address = start
+ .parse::<Ipv6Addr>()
+ .map_err(|_| IpRangeError::InvalidFormat)?;
+
+ let last_address = last
+ .parse::<Ipv6Addr>()
+ .map_err(|_| IpRangeError::InvalidFormat)?;
+
+ return Self::new_v6(start_address, last_address);
+ }
+
+ Err(IpRangeError::InvalidFormat)
+ }
+}
+
+impl<T: fmt::Display> fmt::Display for AddressRange<T> {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ write!(f, "{}-{}", self.start, self.last)
+ }
+}
+
#[derive(Clone, Debug)]
#[cfg_attr(test, derive(Eq, PartialEq))]
pub enum IpEntry {
@@ -612,4 +808,34 @@ mod tests {
])
.expect_err("cannot mix ip families in ip list");
}
+
+ #[test]
+ fn test_ip_range() {
+ IpRange::new([10, 0, 0, 2], [10, 0, 0, 1]).unwrap_err();
+
+ IpRange::new(
+ [0x2001, 0x0db8, 0, 0, 0, 0, 0, 0x1000],
+ [0x2001, 0x0db8, 0, 0, 0, 0, 0, 0],
+ )
+ .unwrap_err();
+
+ let v4_range = IpRange::new([10, 0, 0, 0], [10, 0, 0, 100]).unwrap();
+ assert_eq!(v4_range.family(), Family::V4);
+
+ let v6_range = IpRange::new(
+ [0x2001, 0x0db8, 0, 0, 0, 0, 0, 0],
+ [0x2001, 0x0db8, 0, 0, 0, 0, 0, 0x1000],
+ )
+ .unwrap();
+ assert_eq!(v6_range.family(), Family::V6);
+
+ "10.0.0.1-10.0.0.100".parse::<IpRange>().unwrap();
+ "2001:db8::1-2001:db8::f".parse::<IpRange>().unwrap();
+
+ "10.0.0.1-2001:db8::1000".parse::<IpRange>().unwrap_err();
+ "2001:db8::1-192.168.0.2".parse::<IpRange>().unwrap_err();
+
+ "10.0.0.1-10.0.0.0".parse::<IpRange>().unwrap_err();
+ "2001:db8::1-2001:db8::0".parse::<IpRange>().unwrap_err();
+ }
}
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2024-11-12 12:26 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-12 12:25 [pve-devel] [PATCH docs/firewall/manager/proxmox{-ve-rs, -firewall, -perl-rs} v3 00/24] autogenerate ipsets for sdn objects Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 01/24] debian: add files for packaging Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 02/24] firewall: add sdn scope for ipsets Stefan Hanreich
2024-11-12 12:25 ` Stefan Hanreich [this message]
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 04/24] firewall: address: use new iprange type for ip entries Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 05/24] ipset: add range variant to addresses Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 06/24] iprange: add methods for converting an ip range to cidrs Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 07/24] ipset: address: add helper methods Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 08/24] firewall: guest: derive traits according to rust api guidelines Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 09/24] common: add allowlist Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 10/24] sdn: add name types Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 11/24] sdn: add ipam module Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 12/24] sdn: ipam: add method for generating ipsets Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 13/24] sdn: add config module Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 14/24] sdn: config: add method for generating ipsets Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 15/24] tests: add sdn config tests Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 16/24] tests: add ipam tests Stefan Hanreich
2024-11-12 19:16 ` [pve-devel] partially-applied-series: " Thomas Lamprecht
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-firewall v3 17/24] add proxmox-ve-rs crate - move proxmox-ve-config there Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-firewall v3 18/24] config: tests: add support for loading sdn and ipam config Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-firewall v3 19/24] ipsets: autogenerate ipsets for vnets and ipam Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH pve-firewall v3 20/24] add support for loading sdn firewall configuration Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH pve-firewall v3 21/24] api: load sdn ipsets Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH proxmox-perl-rs v3 22/24] add PVE::RS::Firewall::SDN module Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH pve-manager v3 23/24] firewall: add sdn scope to IPRefSelector Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH pve-docs v3 24/24] sdn: add documentation for firewall integration Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241112122602.88598-4-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox