Ensure sane ordering of CIDRs with equal masks with a new property.

[hath.git] / src / Cidr.hs

-- | The CIDR modules contains most of the functions used for working
--   with the CIDR type.
module Cidr
( Cidr(..),
  cidr_properties,
  cidr_tests,
  combine_all,
  contains,
  contains_proper,
  enumerate,
  max_octet1,
  max_octet2,
  max_octet3,
  max_octet4,
  min_octet1,
  min_octet2,
  min_octet3,
  min_octet4,
  normalize
) where

import Data.List (nub)
import Data.List.Split (splitOneOf)
import Data.Maybe (catMaybes, mapMaybe)

import Test.Tasty ( TestTree, localOption, testGroup )
import Test.Tasty.HUnit ( (@?=), testCase )
import Test.Tasty.QuickCheck (
  Arbitrary( arbitrary ),
  Gen,
  Property,
  QuickCheckTests( QuickCheckTests ),
  (==>),
  testProperty )
import Text.Read (readMaybe)

import qualified Bit as B (Bit(..))
import IPv4Address (
  IPv4Address( IPv4Address, octet1, octet2, octet3, octet4 ),
  most_sig_bit_different )
import Maskable (Maskable(apply_mask))
import Maskbits ( Maskbits(Zero) )
import Octet (Octet())


data Cidr = Cidr { ipv4address :: IPv4Address,
                   maskbits :: Maskbits }


instance Show Cidr where
    show cidr = (show (ipv4address cidr)) ++ "/" ++ (show (maskbits cidr))


instance Arbitrary Cidr where
    arbitrary = do
      ipv4 <- arbitrary :: Gen IPv4Address
      mask <- arbitrary :: Gen Maskbits
      return (Cidr ipv4 mask)


instance Eq Cidr where
  -- | Two CIDRs are equal if they have the same network bits and if
  --   their masks are the same. In other words, if they are the same
  --   after normalization.
  cidr1 == cidr2 = (cidr1 <= cidr2) && (cidr2 <= cidr1)

instance Ord Cidr where
  cidr1 <= cidr2 = if addr1 == addr2 then mask1 <= mask2 else addr1 <= addr2
    where
      Cidr addr1 mask1 = normalize cidr1
      Cidr addr2 mask2 = normalize cidr2

-- | Returns the mask portion of a CIDR address. That is, everything
--   after the trailing slash.
maskbits_from_cidr_string :: String -> Maybe Maskbits
maskbits_from_cidr_string s
  | length partlist == 2 = readMaybe (partlist !! 1)
  | otherwise = Nothing
    where
      partlist = splitOneOf "/" s


-- | Takes an IP address String in CIDR notation, and returns a list
--   of its octets (as Ints).
octets_from_cidr_string :: String -> [Octet]
octets_from_cidr_string s =
  case parts of
    (p1:p2:p3:p4:_) -> mapMaybe readMaybe [p1,p2,p3,p4]
    _ -> []
  where
    parts = splitOneOf "./" s

instance Read Cidr where
  -- | Parse everything or nothing.
  readsPrec _ s =
    case (octets_from_cidr_string s) of
      [oct1, oct2, oct3, oct4] ->
        case (maskbits_from_cidr_string s) of
          Just mbits ->
            [(Cidr (IPv4Address oct1 oct2 oct3 oct4) mbits, "")]
          _ -> []
      _ -> []


-- | Given a CIDR, return the minimum valid IPv4 address contained
--   within it.
min_host :: Cidr -> IPv4Address
min_host (Cidr addr mask) = apply_mask addr mask B.Zero

-- | Given a CIDR, return the maximum valid IPv4 address contained
--   within it.
max_host :: Cidr -> IPv4Address
max_host (Cidr addr mask) = apply_mask addr mask B.One

-- | Given a CIDR, return the first octet of the minimum valid IPv4
--   address contained within it.
min_octet1 :: Cidr -> Octet
min_octet1 cidr = octet1 (min_host cidr)

-- | Given a CIDR, return the second octet of the minimum valid IPv4
--   address contained within it.
min_octet2 :: Cidr -> Octet
min_octet2 cidr = octet2 (min_host cidr)

-- | Given a CIDR, return the third octet of the minimum valid IPv4
--   address contained within it.
min_octet3 :: Cidr -> Octet
min_octet3 cidr = octet3 (min_host cidr)

-- | Given a CIDR, return the fourth octet of the minimum valid IPv4
--   address contained within it.
min_octet4 :: Cidr -> Octet
min_octet4 cidr = octet4 (min_host cidr)

-- | Given a CIDR, return the first octet of the maximum valid IPv4
--   address contained within it.
max_octet1 :: Cidr -> Octet
max_octet1 cidr = octet1 (max_host cidr)

-- | Given a CIDR, return the second octet of the maximum valid IPv4
--   address contained within it.
max_octet2 :: Cidr -> Octet
max_octet2 cidr = octet2 (max_host cidr)

-- | Given a CIDR, return the third octet of the maximum valid IPv4
--   address contained within it.
max_octet3 :: Cidr -> Octet
max_octet3 cidr = octet3 (max_host cidr)

-- | Given a CIDR, return the fourth octet of the maximum valid IPv4
--   address contained within it.
max_octet4 :: Cidr -> Octet
max_octet4 cidr = octet4 (max_host cidr)



-- | Return true if the first argument (a CIDR range) contains the
--   second (another CIDR range). There are a lot of ways we can be
--   fed junk here. For lack of a better alternative, just return
--   False when we are given nonsense.
--
--   If the number of bits in the network part of the first address is
--   larger than the number of bits in the second, there is no way
--   that the first range can contain the second. For, if the number
--   of network bits is larger, then the number of host bits must be
--   smaller, and if cidr1 has fewer hosts than cidr2, cidr1 most
--   certainly does not contain cidr2.
--
--   On the other hand, if the first argument (cidr1) has fewer (or
--   the same number of) network bits as the second, it can contain
--   the second. In this case, we need to check that every host in
--   cidr2 is contained in cidr1. If a host in cidr2 is contained in
--   cidr1, then at least mbits1 of an address in cidr2 will match
--   cidr1. For example,
--
--   cidr1 = 192.168.1.0\/23, cidr2 = 192.168.1.100\/24
--
--   Here, cidr2 contains all of 192.168.1.0 through
--   192.168.1.255. However, cidr1 contains BOTH 192.168.0.0 through
--   192.168.0.255 and 192.168.1.0 through 192.168.1.255. In essence,
--   what we want to check is that cidr2 "begins with" something that
--   cidr1 CAN begin with. Since cidr1 can begin with 192.168.1, and
--   cidr2 DOES, cidr1 contains cidr2..
--
--   The way that we check this is to apply cidr1's mask to cidr2's
--   address and see if the result is the same as cidr1's mask applied
--   to cidr1's address.
--
contains :: Cidr -> Cidr -> Bool
contains (Cidr addr1 mbits1) (Cidr addr2 mbits2)
  | mbits1 > mbits2 = False
  | otherwise = addr1masked == addr2masked
  where
    addr1masked = apply_mask addr1 mbits1 B.Zero
    addr2masked = apply_mask addr2 mbits1 B.Zero


-- | Contains but is not equal to.
contains_proper :: Cidr -> Cidr -> Bool
contains_proper cidr1 cidr2 =
    (cidr1 `contains` cidr2) && (not (cidr2 `contains` cidr1))


-- | A CIDR range is redundant (with respect to the given list) if
--   another CIDR range in that list properly contains it.
redundant :: [Cidr] -> Cidr -> Bool
redundant cidrlist cidr = any ((flip contains_proper) cidr) cidrlist


-- | First, we look at all possible pairs of cidrs, and combine the
--   adjacent ones in to a new list. Then, we concatenate that list
--   with the original one, and filter out all of the redundancies. If
--   two adjacent Cidrs are combined into a larger one, they will be
--   removed in the second step since the larger Cidr must contain the
--   smaller two.
--
--   Once this is done, we see whether or not the result is different
--   than the argument that was passed in. If nothing changed, we're
--   done and return the list that was passed to us. However, if
--   something changed, we recurse and try to combine the list again.
combine_all :: [Cidr] -> [Cidr]
combine_all cidrs
  | cidrs == (combine_contained unique_cidrs) = cidrs
  | otherwise = combine_all (combine_contained unique_cidrs)
    where
      unique_cidrs = nub cidr_combinations
      cidr_combinations =
        cidrs ++ (catMaybes [ (combine_adjacent x y) | x <- cidrs, y <- cidrs ])


-- | Take a list of CIDR ranges and filter out all of the ones that
--   are contained entirelt within some other range in the list.
combine_contained :: [Cidr] -> [Cidr]
combine_contained cidrs =
  filter (not . (redundant cidrs)) cidrs


-- | If the two Cidrs are not adjacent, return Cidr.None. Otherwise,
--   decrement the maskbits of cidr1 and return that; it will contain
--   both cidr1 and cidr2.
combine_adjacent :: Cidr -> Cidr -> Maybe Cidr
combine_adjacent cidr1 cidr2
  | not (adjacent cidr1 cidr2) = Nothing
  | (maskbits cidr1 == Zero) = Nothing
  | otherwise = Just $ cidr1 { maskbits = pred (maskbits cidr1) }



-- | Determine whether or not two CIDR ranges are adjacent. If two
--   ranges lie consecutively within the IP space, they can be
--   combined. For example, 10.1.0.0/24 and 10.0.1.0/24 are adjacent,
--   and can be combined in to 10.1.0.0/23.
adjacent :: Cidr -> Cidr -> Bool
adjacent cidr1 cidr2
  | mbits1 /= mbits2 = False
  | mbits1 == Maskbits.Zero = False -- They're equal.
  | otherwise = (mbits1 == (most_sig_bit_different addr1 addr2))
  where
    addr1 = ipv4address cidr1
    addr2 = ipv4address cidr2
    mbits1 = maskbits cidr1
    mbits2 = maskbits cidr2


enumerate :: Cidr -> [IPv4Address]
enumerate cidr = [(min_host cidr)..(max_host cidr)]


-- | Replace any masked bits in this CIDR's IPv4Address with zeros.
normalize :: Cidr -> Cidr
normalize (Cidr addr mask) =
  Cidr nrml_addr mask
  where
    nrml_addr = apply_mask addr mask B.Zero

-- Test lists.
cidr_tests :: TestTree
cidr_tests =
  testGroup "CIDR Tests" [
    test_enumerate,
    test_min_host1,
    test_max_host1,
    test_equality1,
    test_contains1,
    test_contains2,
    test_contains_proper1,
    test_contains_proper2,
    test_adjacent1,
    test_adjacent2,
    test_adjacent3,
    test_adjacent4,
    test_combine_contained1,
    test_combine_contained2,
    test_combine_all1,
    test_combine_all2,
    test_combine_all3,
    test_normalize1,
    test_normalize2,
    test_normalize3 ]

cidr_properties :: TestTree
cidr_properties =
  testGroup "CIDR Properties" [
      prop_all_cidrs_contain_themselves,
      prop_contains_proper_antisymmetric,
      prop_normalize_idempotent,
      prop_normalize_preserves_equality,
      prop_ord_instance_antisymmetric,
      prop_ord_instance_reflexive,
      prop_ord_instance_transitive,
      prop_ord_uses_addr_when_masks_equal ]


-- HUnit Tests
test_enumerate :: TestTree
test_enumerate =
  testCase desc $ actual @?= expected
  where
    desc = "192.168.0.240/30 is enumerated correctly"
    oct1 = toEnum 192 :: Octet
    oct2 = toEnum 168 :: Octet
    oct3 = minBound :: Octet
    mk_ip = IPv4Address oct1 oct2 oct3
    addr1 = mk_ip $ toEnum 240
    addr2 = mk_ip $ toEnum 241
    addr3 = mk_ip $ toEnum 242
    addr4 = mk_ip $ toEnum 243
    expected = [addr1, addr2, addr3, addr4]
    actual = enumerate (read "192.168.0.240/30" :: Cidr)

test_min_host1 :: TestTree
test_min_host1 =
  testCase desc $ actual @?= expected
  where
    desc = "The minimum host in 10.0.0.0/24 is 10.0.0.0"
    actual = show $ min_host (read "10.0.0.0/24" :: Cidr)
    expected = "10.0.0.0"


test_max_host1 :: TestTree
test_max_host1 =
  testCase desc $ actual @?= expected
  where
    desc = "The maximum host in 10.0.0.0/24 is 10.0.0.255"
    actual = show $ max_host (read "10.0.0.0/24" :: Cidr)
    expected = "10.0.0.255"


test_equality1 :: TestTree
test_equality1 =
  testCase desc $ actual @?= expected
  where
    desc = "10.1.1.0/23 equals itself"
    actual = read "10.1.1.0/23" :: Cidr
    expected = read "10.1.1.0/23" :: Cidr


test_contains1 :: TestTree
test_contains1 =
  testCase desc $ actual @?= expected
  where
    desc = "10.1.1.0/23 contains 10.1.1.0/24"
    cidr1 = read "10.1.1.0/23" :: Cidr
    cidr2 = read "10.1.1.0/24" :: Cidr
    expected = True
    actual = cidr1 `contains` cidr2


test_contains2 :: TestTree
test_contains2 =
  testCase desc $ actual @?= expected
  where
    desc = "10.1.1.0/23 contains itself"
    cidr1 = read "10.1.1.0/23" :: Cidr
    expected = True
    actual = cidr1 `contains` cidr1


test_contains_proper1 :: TestTree
test_contains_proper1 =
  testCase desc $ actual @?= expected
  where
    desc = "10.1.1.0/23 contains 10.1.1.0/24 properly"
    cidr1 = read "10.1.1.0/23" :: Cidr
    cidr2 = read "10.1.1.0/24" :: Cidr
    expected = True
    actual = cidr1 `contains_proper` cidr2


test_contains_proper2 :: TestTree
test_contains_proper2 =
  testCase desc $ actual @?= expected
  where
    desc = "10.1.1.0/23 does not contain itself properly"
    cidr1 = read "10.1.1.0/23" :: Cidr
    expected = False
    actual = cidr1 `contains_proper` cidr1


test_adjacent1 :: TestTree
test_adjacent1 =
  testCase desc $ actual @?= expected
  where
    desc = "10.1.0.0/24 is adjacent to 10.1.1.0/24"
    cidr1 = read "10.1.0.0/24" :: Cidr
    cidr2 = read "10.1.1.0/24" :: Cidr
    expected = True
    actual = cidr1 `adjacent` cidr2


test_adjacent2 :: TestTree
test_adjacent2 =
  testCase desc $ actual @?= expected
  where
    desc = "10.1.0.0/23 is not adjacent to 10.1.0.0/24"
    cidr1 = read "10.1.0.0/23" :: Cidr
    cidr2 = read "10.1.0.0/24" :: Cidr
    expected = False
    actual = cidr1 `adjacent` cidr2


test_adjacent3 :: TestTree
test_adjacent3 =
  testCase desc $ actual @?= expected
  where
    desc = "10.1.0.0/24 is not adjacent to 10.2.5.0/24"
    cidr1 = read "10.1.0.0/24" :: Cidr
    cidr2 = read "10.2.5.0/24" :: Cidr
    expected = False
    actual = cidr1 `adjacent` cidr2


test_adjacent4 :: TestTree
test_adjacent4 =
  testCase desc $ actual @?= expected
  where
    desc = "10.1.1.0/24 is not adjacent to 10.1.2.0/24"
    cidr1 = read "10.1.1.0/24" :: Cidr
    cidr2 = read "10.1.2.0/24" :: Cidr
    expected = False
    actual = cidr1 `adjacent` cidr2

test_combine_contained1 :: TestTree
test_combine_contained1 =
  testCase desc $ actual @?= expected
  where
    desc = "10.0.0.0/8, 10.1.0.0/16, and 10.1.1.0/24 combine to 10.0.0.0/8"
    cidr1 = read "10.0.0.0/8" :: Cidr
    cidr2 = read "10.1.0.0/16" :: Cidr
    cidr3 = read "10.1.1.0/24" :: Cidr
    test_cidrs = [cidr1, cidr2, cidr3]
    expected = [cidr1]
    actual = combine_contained test_cidrs

test_combine_contained2 :: TestTree
test_combine_contained2 =
  testCase desc $ actual @?= expected
  where
    desc = "192.168.3.0/23 does not contain 192.168.1.0/24"
    cidr1 = read "192.168.3.0/23" :: Cidr
    cidr2 = read "192.168.1.0/24" :: Cidr
    expected = [cidr1, cidr2]
    actual = combine_contained [cidr1, cidr2]


test_combine_all1 :: TestTree
test_combine_all1 =
  testCase desc $ actual @?= expected
  where
    desc = "10.0.0.0/24 is adjacent to 10.0.1.0/24 "
           ++ "and 10.0.3.0/23 contains 10.0.2.0/24"
    cidr1 = read "10.0.0.0/24" :: Cidr
    cidr2 = read "10.0.1.0/24" :: Cidr
    cidr3 = read "10.0.2.0/24" :: Cidr
    cidr4 = read "10.0.3.0/23" :: Cidr
    cidr5 = read "10.0.0.0/23" :: Cidr
    test_cidrs = [cidr1, cidr2, cidr3, cidr4, cidr5]
    expected = [read "10.0.0.0/22" :: Cidr]
    actual = combine_all test_cidrs


test_combine_all2 :: TestTree
test_combine_all2 =
  testCase desc $ actual @?= expected
  where
    desc = "127.0.0.1/32 combines with itself recursively"
    cidr1 = read "127.0.0.1/32" :: Cidr
    test_cidrs = [cidr1, cidr1, cidr1, cidr1, cidr1]
    expected = [cidr1]
    actual = combine_all test_cidrs


test_combine_all3 :: TestTree
test_combine_all3 =
  testCase desc $ actual @?= expected
  where
    desc = "10.0.0.16, 10.0.0.17, 10.0.0.18, and "
           ++ "10.0.0.19 get combined into 10.0.0.16/30"
    cidr1 = read "10.0.0.16/32" :: Cidr
    cidr2 = read "10.0.0.17/32" :: Cidr
    cidr3 = read "10.0.0.18/32" :: Cidr
    cidr4 = read "10.0.0.19/32" :: Cidr
    test_cidrs = [cidr1, cidr2, cidr3, cidr4]
    expected = [read "10.0.0.16/30" :: Cidr]
    actual = combine_all test_cidrs

test_normalize1 :: TestTree
test_normalize1 =
  testCase desc $ actual @?= expected
  where
    desc = "127.0.0.1/8 normalized is 127.0.0.0/8"
    expected = read "127.0.0.0/8" :: Cidr
    actual = normalize (read "127.0.0.1/8" :: Cidr)


test_normalize2 :: TestTree
test_normalize2 =
  testCase desc $ actual @?= expected
  where
    desc = "192.168.1.101/24 normalized is 192.168.1.0/24"
    expected = read "192.168.1.0/24" :: Cidr
    actual = normalize (read "192.168.1.101/24" :: Cidr)

test_normalize3 :: TestTree
test_normalize3 =
  testCase desc $ actual @?= expected
  where
    desc = "10.10.10.10/22 normalized is 10.10.8.0/22"
    expected = read "10.10.8.0/22" :: Cidr
    actual = normalize (read "10.10.10.10/22" :: Cidr)

-- QuickCheck Tests
prop_all_cidrs_contain_themselves :: TestTree
prop_all_cidrs_contain_themselves =
  testProperty "All CIDRs contain themselves" prop
  where
    prop :: Cidr -> Bool
    prop cidr1 = cidr1 `contains` cidr1


-- If cidr1 properly contains cidr2, then by definition cidr2
-- does not properly contain cidr1.
prop_contains_proper_antisymmetric :: TestTree
prop_contains_proper_antisymmetric =
  testProperty "CIDR proper containment is an antisymmetric relation" prop
  where
    prop :: Cidr -> Cidr -> Property
    prop cidr1 cidr2 =
      (cidr1 `contains_proper` cidr2) ==>
        (not (cidr2 `contains_proper` cidr1))


-- Running "normalize" a second time shouldn't do anything.
prop_normalize_idempotent :: TestTree
prop_normalize_idempotent =
  testProperty "The CIDR \"normalize\" function is idempotent" prop
  where
    prop :: Cidr -> Bool
    prop cidr = (normalize cidr) == (normalize (normalize cidr))

-- Normalization should not affect equality of two CIDRs.
prop_normalize_preserves_equality :: TestTree
prop_normalize_preserves_equality =
  testProperty "The CIDR \"normalize\" function preserves equality" prop
  where
    prop :: Cidr -> Cidr -> Bool
    prop cidr1 cidr2 = (cidr1 == cidr2) == (normalize cidr1 == normalize cidr2)


prop_ord_instance_reflexive :: TestTree
prop_ord_instance_reflexive =
  testProperty "The CIDR order is reflexive" prop
  where
    prop :: Cidr -> Bool
    prop cidr = cidr <= cidr


prop_ord_instance_transitive :: TestTree
prop_ord_instance_transitive =
  testProperty "The CIDR order is transitive" prop
  where
    prop :: Cidr -> Cidr -> Cidr -> Property
    prop cidr1 cidr2 cidr3 =
      (cidr1 <= cidr2 && cidr2 <= cidr3) ==> cidr1 <= cidr3

-- This is how Eq is currently implemented, but it is useful to have
-- around in case that changes. Try fewer instances of this than usual
-- because it's a rare condition.
prop_ord_instance_antisymmetric :: TestTree
prop_ord_instance_antisymmetric =
  localOption (QuickCheckTests 500) $
    testProperty "The CIDR order is antisymmetric" prop
  where
    prop :: Cidr -> Cidr -> Property
    prop cidr1 cidr2 =
      (cidr1 <= cidr2 && cidr2 <= cidr1) ==> cidr1 == cidr2


-- When comparing two CIDRs with the same mask, the comparison
-- should be numeric (i.e. whatever the IPv4Address does).
-- Of course, we have to normalize first.
prop_ord_uses_addr_when_masks_equal :: TestTree
prop_ord_uses_addr_when_masks_equal =
  testProperty "The CIDR order is the IPv4Address order for equal masks" prop
  where
    prop :: Cidr -> Cidr -> Property
    prop cidr1 cidr2 =
      (mask1 == mask2) ==> (cidr1 <= cidr2) == (addr1 <= addr2)
      where
        (Cidr addr1 mask1) = normalize cidr1
        (Cidr addr2 mask2) = normalize cidr2