From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 280071FF168 for ; Tue, 12 Nov 2024 13:28:40 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 353A01FACD; Tue, 12 Nov 2024 13:26:37 +0100 (CET) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Tue, 12 Nov 2024 13:25:42 +0100 Message-Id: <20241112122602.88598-5-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241112122602.88598-1-s.hanreich@proxmox.com> References: <20241112122602.88598-1-s.hanreich@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.256 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH proxmox-ve-rs v3 04/24] firewall: address: use new iprange type for ip entries X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Signed-off-by: Stefan Hanreich --- .../src/firewall/types/address.rs | 81 +++++++------------ proxmox-ve-config/src/firewall/types/rule.rs | 6 +- 2 files changed, 31 insertions(+), 56 deletions(-) diff --git a/proxmox-ve-config/src/firewall/types/address.rs b/proxmox-ve-config/src/firewall/types/address.rs index f7bde51..d269054 100644 --- a/proxmox-ve-config/src/firewall/types/address.rs +++ b/proxmox-ve-config/src/firewall/types/address.rs @@ -439,57 +439,30 @@ impl fmt::Display for AddressRange { #[cfg_attr(test, derive(Eq, PartialEq))] pub enum IpEntry { Cidr(Cidr), - Range(IpAddr, IpAddr), + Range(IpRange), } impl std::str::FromStr for IpEntry { type Err = Error; fn from_str(s: &str) -> Result { - if s.is_empty() { - bail!("Empty IP specification!") + if let Ok(cidr) = s.parse() { + return Ok(IpEntry::Cidr(cidr)); } - let entries: Vec<&str> = s - .split('-') - .take(3) // so we can check whether there are too many - .collect(); - - match entries.as_slice() { - [cidr] => Ok(IpEntry::Cidr(cidr.parse()?)), - [beg, end] => { - if let Ok(beg) = beg.parse::() { - if let Ok(end) = end.parse::() { - if beg < end { - return Ok(IpEntry::Range(beg.into(), end.into())); - } - - bail!("start address is greater than end address!"); - } - } - - if let Ok(beg) = beg.parse::() { - if let Ok(end) = end.parse::() { - if beg < end { - return Ok(IpEntry::Range(beg.into(), end.into())); - } - - bail!("start address is greater than end address!"); - } - } - - bail!("start and end are not valid IP addresses of the same type!") - } - _ => bail!("Invalid amount of elements in IpEntry!"), + if let Ok(range) = s.parse() { + return Ok(IpEntry::Range(range)); } + + bail!("Invalid IP entry: {s}"); } } impl fmt::Display for IpEntry { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { match self { - Self::Cidr(ip) => write!(f, "{ip}"), - Self::Range(beg, end) => write!(f, "{beg}-{end}"), + Self::Cidr(ip) => ip.fmt(f), + Self::Range(range) => range.fmt(f), } } } @@ -498,19 +471,7 @@ impl IpEntry { fn family(&self) -> Family { match self { Self::Cidr(cidr) => cidr.family(), - Self::Range(start, end) => { - if start.is_ipv4() && end.is_ipv4() { - return Family::V4; - } - - if start.is_ipv6() && end.is_ipv6() { - return Family::V6; - } - - // should never be reached due to constructors validating that - // start type == end type - unreachable!("invalid IP entry") - } + Self::Range(range) => range.family(), } } } @@ -521,6 +482,12 @@ impl From for IpEntry { } } +impl From for IpEntry { + fn from(value: IpRange) -> Self { + IpEntry::Range(value) + } +} + #[derive(Clone, Debug, DeserializeFromStr)] #[cfg_attr(test, derive(Eq, PartialEq))] pub struct IpList { @@ -708,7 +675,9 @@ mod tests { assert_eq!( entry, - IpEntry::Range([192, 168, 0, 1].into(), [192, 168, 99, 255].into()) + IpRange::new_v4([192, 168, 0, 1], [192, 168, 99, 255]) + .expect("valid IP range") + .into() ); entry = "fe80::1".parse().expect("valid IP entry"); @@ -733,10 +702,12 @@ mod tests { assert_eq!( entry, - IpEntry::Range( - [0xFD80, 0, 0, 0, 0, 0, 0, 1].into(), - [0xFD80, 0, 0, 0, 0, 0, 0, 0xFFFF].into(), + IpRange::new_v6( + [0xFD80, 0, 0, 0, 0, 0, 0, 1], + [0xFD80, 0, 0, 0, 0, 0, 0, 0xFFFF], ) + .expect("valid IP range") + .into() ); "192.168.100.0-192.168.99.255" @@ -764,7 +735,9 @@ mod tests { entries: vec![ IpEntry::Cidr(Cidr::new_v4([192, 168, 0, 1], 32).unwrap()), IpEntry::Cidr(Cidr::new_v4([192, 168, 100, 0], 24).unwrap()), - IpEntry::Range([172, 16, 0, 0].into(), [172, 32, 255, 255].into()), + IpRange::new_v4([172, 16, 0, 0], [172, 32, 255, 255]) + .unwrap() + .into(), ], family: Family::V4, } diff --git a/proxmox-ve-config/src/firewall/types/rule.rs b/proxmox-ve-config/src/firewall/types/rule.rs index 20deb3a..5374bb0 100644 --- a/proxmox-ve-config/src/firewall/types/rule.rs +++ b/proxmox-ve-config/src/firewall/types/rule.rs @@ -242,7 +242,7 @@ impl FromStr for RuleGroup { #[cfg(test)] mod tests { use crate::firewall::types::{ - address::{IpEntry, IpList}, + address::{IpEntry, IpList, IpRange}, alias::{AliasName, AliasScope}, ipset::{IpsetName, IpsetScope}, log::LogLevel, @@ -322,7 +322,9 @@ mod tests { IpAddrMatch::Ip(IpList::from(Cidr::new_v4([10, 0, 0, 0], 24).unwrap())), IpAddrMatch::Ip( IpList::new(vec![ - IpEntry::Range([20, 0, 0, 0].into(), [20, 255, 255, 255].into()), + IpRange::new_v4([20, 0, 0, 0], [20, 255, 255, 255]) + .unwrap() + .into(), IpEntry::Cidr(Cidr::new_v4([192, 168, 0, 0], 16).unwrap()), ]) .unwrap() -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel