ASF Bugzilla – Attachment 27694 Details for
Bug 51953
Proposal: netmask filtering valve and filter [PATCH]
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
Alternative netmask class, using byte arrays
NetMask2.java (text/x-java), 3.97 KB, created by
Francis Galiegue
on 2011-10-05 09:22:33 UTC
(
hide
)
Description:
Alternative netmask class, using byte arrays
Filename:
MIME Type:
Creator:
Francis Galiegue
Created:
2011-10-05 09:22:33 UTC
Size:
3.97 KB
patch
obsolete
>package org.apache.catalina.util; > >import java.math.BigInteger; >import java.net.InetAddress; >import java.net.UnknownHostException; > >/** > * A class representing a netmask, which is at the core of this valve. > * > * <p>The constructor takes a {@link String} representing a > * CIDR netmask as an argument and extracts two informations from it: the > * network address and the CIDR. It then turns the address into a {@link > * java.math.BigInteger}, calculates the right shift and shifts that > * BigInteger by it.</p> > * <p>The process to verify whether an IP address falls within the mask > * is to also convert it to a BigInteger, shifting it right and comparing > * it to the stored BigInteger. > * </p> > */ > >public final class NetMask2 >{ > /** > * The argument to the constructor, used for .toString() > */ > private final String expression; > > private byte[] netaddr; > private int nrBytes; > private int shift; > > /** > * Constructor. > * > * @param input the CIDR netmask > * @throws IllegalArgumentException if the netmask is not correct > * (invalid address specification, malformed CIDR prefix, etc) > */ > public NetMask2(final String input) { > > expression = input; > shift = 0; > > final int idx = input.indexOf("/"); > > /* > * Handle the "IP only" case first > */ > if (idx == -1) { > try { > netaddr = InetAddress.getByName(input).getAddress(); > } catch (UnknownHostException e) { > throw new IllegalArgumentException("provided address (" > + input + ") is invalid"); > } > nrBytes = netaddr.length; > return; > } > > final String addressPart = input.substring(0, idx), > cidrPart = input.substring(idx + 1); > > try { > netaddr = InetAddress.getByName(addressPart).getAddress(); > } catch (UnknownHostException e) { > throw new IllegalArgumentException("provided address (" > + input + ") is invalid"); > } > > final int addrlen = netaddr.length * 8; > final int cidr; > > try { > cidr = Integer.parseInt(cidrPart); > if (cidr < 0) > throw new NumberFormatException("CIDR is negative"); > if (cidr > addrlen) > throw new NumberFormatException("CIDR is greater than address " > + "length"); > } catch (NumberFormatException e) { > throw new IllegalArgumentException("provided CIDR mask (" > + cidrPart + ") is invalid"); > } > > nrBytes = cidr / 8; > > if ((cidr % 8) != 0) > shift = 8 - (cidr % 8); > } > > /** > * Test if a given address matches this netmask > * > * @param addr The {@link java.net.InetAddress} to test > * @return true on match, false otherwise > */ > public boolean matches (final InetAddress addr) { > final byte[] provided = addr.getAddress(); > > /* > * If address is of different length (IPv4 vs IPv6), there is no match > */ > > if (provided.length != netaddr.length) > return false; > > int i; > > /* > * If any of the byte we have to compare is different than the recorded > * network address, there is no match > */ > for (i = 0; i < nrBytes; i++) > if (netaddr[i] != provided[i]) > return false; > > /* > * If the CIDR mask is at a byte boundary, we have a match here > */ > if (shift == 0) > return true; > > /* > * Otherwise, xor the nrBytes bytes of the network address and of > * the provided address -- it is faster than a minus... > */ > final int lastByte = netaddr[i] ^ provided[i]; > > /* > * Then shift the result right by the appropriate amount: the result > * must be 0. > */ > return (lastByte >> shift == 0); > } > > @Override > public String toString() { > return expression; > } >}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 51953
:
27686
|
27687
|
27688
|
27689
|
27691
| 27694 |
27726
|
27782