ASF Bugzilla – Attachment 27686 Details for
Bug 51953
Proposal: netmask filtering valve and filter [PATCH]
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Netmask class
0001-Netmask-filtering-NetMask-class.patch (text/plain), 3.91 KB, created by
Francis Galiegue
on 2011-10-04 18:06:15 UTC
(
hide
)
Description:
Netmask class
Filename:
MIME Type:
Creator:
Francis Galiegue
Created:
2011-10-04 18:06:15 UTC
Size:
3.91 KB
patch
obsolete
>From 379f36c26c0ab3872c5ab6594cadb83533dd8c66 Mon Sep 17 00:00:00 2001 >From: Francis Galiegue <fgaliegue@gmail.com> >Date: Tue, 4 Oct 2011 19:57:24 +0200 >Subject: [PATCH 1/3] Netmask filtering: NetMask class > >--- > java/org/apache/catalina/util/NetMask.java | 103 ++++++++++++++++++++++++++++ > 1 files changed, 103 insertions(+), 0 deletions(-) > create mode 100644 java/org/apache/catalina/util/NetMask.java > >diff --git a/java/org/apache/catalina/util/NetMask.java b/java/org/apache/catalina/util/NetMask.java >new file mode 100644 >index 0000000..b834443 >--- /dev/null >+++ b/java/org/apache/catalina/util/NetMask.java >@@ -0,0 +1,103 @@ >+package org.apache.catalina.util; >+ >+import java.math.BigInteger; >+import java.net.InetAddress; >+import java.net.UnknownHostException; >+ >+/** >+ * A class representing a netmask, which is at the core of this valve. >+ * >+ * <p>The constructor takes a {@link java.lang.String} representing a >+ * CIDR netmask as an argument and extracts two informations from it: the >+ * network address and the CIDR. It then turns the address into a {@link >+ * java.math.BigInteger}, calculates the right shift and shifts that >+ * BigInteger by it.</p> >+ * <p>The process to verify whether an IP address falls within the mask >+ * is to also convert it to a BigInteger, shifting it right and comparing >+ * it to the stored BigInteger. >+ * </p> >+ */ >+ >+public final class NetMask { >+ /** >+ * The argument to the constructor, used for .toString() >+ */ >+ private final String expression; >+ >+ /** >+ * The number of bits a matching candidate needs to be shifted right >+ * in order to see if it matches >+ */ >+ private final int shift; >+ >+ /** >+ * The network address, already shifted right >+ */ >+ private final BigInteger mask; >+ >+ /** >+ * Constructor. >+ * >+ * @param expression the CIDR netmask >+ * @throws IllegalArgumentException if the netmask is not correct >+ * (invalid address specification, malformed CIDR prefix, etc) >+ */ >+ public NetMask(final String expression) { >+ final int idx = expression.indexOf("/"); >+ final int cidr, addrlen; >+ final String addressPart; >+ final InetAddress addr; >+ final byte[] bytes; >+ >+ if (idx == -1) { >+ cidr = -1; >+ addressPart = expression; >+ } else { >+ final String substring = expression.substring(idx + 1); >+ try { >+ cidr = Integer.parseInt(substring); >+ if (cidr < 0) >+ throw new NumberFormatException("CIDR is negative"); >+ } catch (NumberFormatException ignored) { >+ throw new IllegalArgumentException("provided CIDR mask (" >+ + substring + ") is invalid"); >+ } >+ addressPart = expression.substring(0, idx); >+ } >+ >+ try { >+ addr = InetAddress.getByName(addressPart); >+ } catch (UnknownHostException e) { >+ throw new IllegalArgumentException("provided address (" >+ + addressPart + ") is invalid"); >+ } >+ >+ bytes = addr.getAddress(); >+ addrlen = bytes.length * 8; >+ shift = cidr == -1 ? 0 : addrlen - cidr; >+ >+ if (shift < 0) >+ throw new IllegalArgumentException("CIDR prefix (" + cidr >+ + ") is greater than address length (" + addrlen + ")"); >+ mask = new BigInteger(bytes).shiftRight(shift); >+ this.expression = expression; >+ } >+ >+ /** >+ * Test if a given address matches this netmask >+ * >+ * @param addr The {@link java.net.InetAddress} to test >+ * @return true on match, false otherwise >+ */ >+ public boolean matches (final InetAddress addr) { >+ final BigInteger provided = new BigInteger(addr.getAddress()) >+ .shiftRight(shift); >+ >+ return mask.equals(provided); >+ } >+ >+ @Override >+ public String toString() { >+ return expression; >+ } >+} >-- >1.7.6 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 51953
:
27686
|
27687
|
27688
|
27689
|
27691
|
27694
|
27726
|
27782