1 -- | The CIDR modules contains most of the functions used for working
22 import Data.List (nub)
23 import Data.List.Split (splitOneOf)
24 import Data.Maybe (catMaybes, mapMaybe)
26 import Test.Tasty ( TestTree, testGroup )
27 import Test.Tasty.HUnit ( (@?=), testCase )
28 import Test.Tasty.QuickCheck (
29 Arbitrary( arbitrary ),
34 import Text.Read (readMaybe)
36 import qualified Bit as B (Bit(..))
38 IPv4Address( IPv4Address, octet1, octet2, octet3, octet4 ),
39 most_sig_bit_different )
40 import Maskable (Maskable(apply_mask))
41 import Maskbits ( Maskbits(Zero) )
42 import Octet (Octet())
45 data Cidr = Cidr { ipv4address :: IPv4Address,
46 maskbits :: Maskbits }
49 instance Show Cidr where
50 show cidr = (show (ipv4address cidr)) ++ "/" ++ (show (maskbits cidr))
53 instance Arbitrary Cidr where
55 ipv4 <- arbitrary :: Gen IPv4Address
56 mask <- arbitrary :: Gen Maskbits
57 return (Cidr ipv4 mask)
60 instance Eq Cidr where
61 -- | Two CIDRs are equal if they have the same network bits and if
62 -- their masks are the same. In other words, if they are the same
63 -- after normalization.
64 cidr1 == cidr2 = (cidr1 <= cidr2) && (cidr2 <= cidr1)
66 instance Ord Cidr where
67 cidr1 <= cidr2 = if addr1 == addr2 then mask1 <= mask2 else addr1 <= addr2
69 Cidr addr1 mask1 = normalize cidr1
70 Cidr addr2 mask2 = normalize cidr2
72 -- | Returns the mask portion of a CIDR address. That is, everything
73 -- after the trailing slash.
74 maskbits_from_cidr_string :: String -> Maybe Maskbits
75 maskbits_from_cidr_string s
76 | length partlist == 2 = readMaybe (partlist !! 1)
79 partlist = splitOneOf "/" s
82 -- | Takes an IP address String in CIDR notation, and returns a list
83 -- of its octets (as Ints).
84 octets_from_cidr_string :: String -> [Octet]
85 octets_from_cidr_string s =
87 (p1:p2:p3:p4:_) -> mapMaybe readMaybe [p1,p2,p3,p4]
90 parts = splitOneOf "./" s
92 instance Read Cidr where
93 -- | Parse everything or nothing.
95 case (octets_from_cidr_string s) of
96 [oct1, oct2, oct3, oct4] ->
97 case (maskbits_from_cidr_string s) of
99 [(Cidr (IPv4Address oct1 oct2 oct3 oct4) mbits, "")]
104 -- | Given a CIDR, return the minimum valid IPv4 address contained
106 min_host :: Cidr -> IPv4Address
107 min_host (Cidr addr mask) = apply_mask addr mask B.Zero
109 -- | Given a CIDR, return the maximum valid IPv4 address contained
111 max_host :: Cidr -> IPv4Address
112 max_host (Cidr addr mask) = apply_mask addr mask B.One
114 -- | Given a CIDR, return the first octet of the minimum valid IPv4
115 -- address contained within it.
116 min_octet1 :: Cidr -> Octet
117 min_octet1 cidr = octet1 (min_host cidr)
119 -- | Given a CIDR, return the second octet of the minimum valid IPv4
120 -- address contained within it.
121 min_octet2 :: Cidr -> Octet
122 min_octet2 cidr = octet2 (min_host cidr)
124 -- | Given a CIDR, return the third octet of the minimum valid IPv4
125 -- address contained within it.
126 min_octet3 :: Cidr -> Octet
127 min_octet3 cidr = octet3 (min_host cidr)
129 -- | Given a CIDR, return the fourth octet of the minimum valid IPv4
130 -- address contained within it.
131 min_octet4 :: Cidr -> Octet
132 min_octet4 cidr = octet4 (min_host cidr)
134 -- | Given a CIDR, return the first octet of the maximum valid IPv4
135 -- address contained within it.
136 max_octet1 :: Cidr -> Octet
137 max_octet1 cidr = octet1 (max_host cidr)
139 -- | Given a CIDR, return the second octet of the maximum valid IPv4
140 -- address contained within it.
141 max_octet2 :: Cidr -> Octet
142 max_octet2 cidr = octet2 (max_host cidr)
144 -- | Given a CIDR, return the third octet of the maximum valid IPv4
145 -- address contained within it.
146 max_octet3 :: Cidr -> Octet
147 max_octet3 cidr = octet3 (max_host cidr)
149 -- | Given a CIDR, return the fourth octet of the maximum valid IPv4
150 -- address contained within it.
151 max_octet4 :: Cidr -> Octet
152 max_octet4 cidr = octet4 (max_host cidr)
156 -- | Return true if the first argument (a CIDR range) contains the
157 -- second (another CIDR range). There are a lot of ways we can be
158 -- fed junk here. For lack of a better alternative, just return
159 -- False when we are given nonsense.
161 -- If the number of bits in the network part of the first address is
162 -- larger than the number of bits in the second, there is no way
163 -- that the first range can contain the second. For, if the number
164 -- of network bits is larger, then the number of host bits must be
165 -- smaller, and if cidr1 has fewer hosts than cidr2, cidr1 most
166 -- certainly does not contain cidr2.
168 -- On the other hand, if the first argument (cidr1) has fewer (or
169 -- the same number of) network bits as the second, it can contain
170 -- the second. In this case, we need to check that every host in
171 -- cidr2 is contained in cidr1. If a host in cidr2 is contained in
172 -- cidr1, then at least mbits1 of an address in cidr2 will match
173 -- cidr1. For example,
175 -- cidr1 = 192.168.1.0\/23, cidr2 = 192.168.1.100\/24
177 -- Here, cidr2 contains all of 192.168.1.0 through
178 -- 192.168.1.255. However, cidr1 contains BOTH 192.168.0.0 through
179 -- 192.168.0.255 and 192.168.1.0 through 192.168.1.255. In essence,
180 -- what we want to check is that cidr2 "begins with" something that
181 -- cidr1 CAN begin with. Since cidr1 can begin with 192.168.1, and
182 -- cidr2 DOES, cidr1 contains cidr2..
184 -- The way that we check this is to apply cidr1's mask to cidr2's
185 -- address and see if the result is the same as cidr1's mask applied
186 -- to cidr1's address.
188 contains :: Cidr -> Cidr -> Bool
189 contains (Cidr addr1 mbits1) (Cidr addr2 mbits2)
190 | mbits1 > mbits2 = False
191 | otherwise = addr1masked == addr2masked
193 addr1masked = apply_mask addr1 mbits1 B.Zero
194 addr2masked = apply_mask addr2 mbits1 B.Zero
197 -- | Contains but is not equal to.
198 contains_proper :: Cidr -> Cidr -> Bool
199 contains_proper cidr1 cidr2 =
200 (cidr1 `contains` cidr2) && (not (cidr2 `contains` cidr1))
203 -- | A CIDR range is redundant (with respect to the given list) if
204 -- another CIDR range in that list properly contains it.
205 redundant :: [Cidr] -> Cidr -> Bool
206 redundant cidrlist cidr = any ((flip contains_proper) cidr) cidrlist
209 -- | First, we look at all possible pairs of cidrs, and combine the
210 -- adjacent ones in to a new list. Then, we concatenate that list
211 -- with the original one, and filter out all of the redundancies. If
212 -- two adjacent Cidrs are combined into a larger one, they will be
213 -- removed in the second step since the larger Cidr must contain the
216 -- Once this is done, we see whether or not the result is different
217 -- than the argument that was passed in. If nothing changed, we're
218 -- done and return the list that was passed to us. However, if
219 -- something changed, we recurse and try to combine the list again.
220 combine_all :: [Cidr] -> [Cidr]
222 | cidrs == (combine_contained unique_cidrs) = cidrs
223 | otherwise = combine_all (combine_contained unique_cidrs)
225 unique_cidrs = nub cidr_combinations
227 cidrs ++ (catMaybes [ (combine_adjacent x y) | x <- cidrs, y <- cidrs ])
230 -- | Take a list of CIDR ranges and filter out all of the ones that
231 -- are contained entirelt within some other range in the list.
232 combine_contained :: [Cidr] -> [Cidr]
233 combine_contained cidrs =
234 filter (not . (redundant cidrs)) cidrs
237 -- | If the two Cidrs are not adjacent, return Cidr.None. Otherwise,
238 -- decrement the maskbits of cidr1 and return that; it will contain
239 -- both cidr1 and cidr2.
240 combine_adjacent :: Cidr -> Cidr -> Maybe Cidr
241 combine_adjacent cidr1 cidr2
242 | not (adjacent cidr1 cidr2) = Nothing
243 | (maskbits cidr1 == Zero) = Nothing
244 | otherwise = Just $ cidr1 { maskbits = pred (maskbits cidr1) }
248 -- | Determine whether or not two CIDR ranges are adjacent. If two
249 -- ranges lie consecutively within the IP space, they can be
250 -- combined. For example, 10.1.0.0/24 and 10.0.1.0/24 are adjacent,
251 -- and can be combined in to 10.1.0.0/23.
252 adjacent :: Cidr -> Cidr -> Bool
254 | mbits1 /= mbits2 = False
255 | mbits1 == Maskbits.Zero = False -- They're equal.
256 | otherwise = (mbits1 == (most_sig_bit_different addr1 addr2))
258 addr1 = ipv4address cidr1
259 addr2 = ipv4address cidr2
260 mbits1 = maskbits cidr1
261 mbits2 = maskbits cidr2
264 enumerate :: Cidr -> [IPv4Address]
265 enumerate cidr = [(min_host cidr)..(max_host cidr)]
268 -- | Replace any masked bits in this CIDR's IPv4Address with zeros.
269 normalize :: Cidr -> Cidr
270 normalize (Cidr addr mask) =
273 nrml_addr = apply_mask addr mask B.Zero
276 cidr_tests :: TestTree
278 testGroup "CIDR Tests" [
285 test_contains_proper1,
286 test_contains_proper2,
291 test_combine_contained1,
292 test_combine_contained2,
300 cidr_properties :: TestTree
302 testGroup "CIDR Properties" [
303 prop_all_cidrs_contain_themselves,
304 prop_contains_proper_antisymmetric,
305 prop_normalize_idempotent,
306 prop_normalize_preserves_equality,
307 prop_ord_instance_reflexive,
308 prop_ord_instance_transitive ]
312 test_enumerate :: TestTree
314 testCase desc $ actual @?= expected
316 desc = "192.168.0.240/30 is enumerated correctly"
317 oct1 = toEnum 192 :: Octet
318 oct2 = toEnum 168 :: Octet
319 oct3 = minBound :: Octet
320 mk_ip = IPv4Address oct1 oct2 oct3
321 addr1 = mk_ip $ toEnum 240
322 addr2 = mk_ip $ toEnum 241
323 addr3 = mk_ip $ toEnum 242
324 addr4 = mk_ip $ toEnum 243
325 expected = [addr1, addr2, addr3, addr4]
326 actual = enumerate (read "192.168.0.240/30" :: Cidr)
328 test_min_host1 :: TestTree
330 testCase desc $ actual @?= expected
332 desc = "The minimum host in 10.0.0.0/24 is 10.0.0.0"
333 actual = show $ min_host (read "10.0.0.0/24" :: Cidr)
334 expected = "10.0.0.0"
337 test_max_host1 :: TestTree
339 testCase desc $ actual @?= expected
341 desc = "The maximum host in 10.0.0.0/24 is 10.0.0.255"
342 actual = show $ max_host (read "10.0.0.0/24" :: Cidr)
343 expected = "10.0.0.255"
346 test_equality1 :: TestTree
348 testCase desc $ actual @?= expected
350 desc = "10.1.1.0/23 equals itself"
351 actual = read "10.1.1.0/23" :: Cidr
352 expected = read "10.1.1.0/23" :: Cidr
355 test_contains1 :: TestTree
357 testCase desc $ actual @?= expected
359 desc = "10.1.1.0/23 contains 10.1.1.0/24"
360 cidr1 = read "10.1.1.0/23" :: Cidr
361 cidr2 = read "10.1.1.0/24" :: Cidr
363 actual = cidr1 `contains` cidr2
366 test_contains2 :: TestTree
368 testCase desc $ actual @?= expected
370 desc = "10.1.1.0/23 contains itself"
371 cidr1 = read "10.1.1.0/23" :: Cidr
373 actual = cidr1 `contains` cidr1
376 test_contains_proper1 :: TestTree
377 test_contains_proper1 =
378 testCase desc $ actual @?= expected
380 desc = "10.1.1.0/23 contains 10.1.1.0/24 properly"
381 cidr1 = read "10.1.1.0/23" :: Cidr
382 cidr2 = read "10.1.1.0/24" :: Cidr
384 actual = cidr1 `contains_proper` cidr2
387 test_contains_proper2 :: TestTree
388 test_contains_proper2 =
389 testCase desc $ actual @?= expected
391 desc = "10.1.1.0/23 does not contain itself properly"
392 cidr1 = read "10.1.1.0/23" :: Cidr
394 actual = cidr1 `contains_proper` cidr1
397 test_adjacent1 :: TestTree
399 testCase desc $ actual @?= expected
401 desc = "10.1.0.0/24 is adjacent to 10.1.1.0/24"
402 cidr1 = read "10.1.0.0/24" :: Cidr
403 cidr2 = read "10.1.1.0/24" :: Cidr
405 actual = cidr1 `adjacent` cidr2
408 test_adjacent2 :: TestTree
410 testCase desc $ actual @?= expected
412 desc = "10.1.0.0/23 is not adjacent to 10.1.0.0/24"
413 cidr1 = read "10.1.0.0/23" :: Cidr
414 cidr2 = read "10.1.0.0/24" :: Cidr
416 actual = cidr1 `adjacent` cidr2
419 test_adjacent3 :: TestTree
421 testCase desc $ actual @?= expected
423 desc = "10.1.0.0/24 is not adjacent to 10.2.5.0/24"
424 cidr1 = read "10.1.0.0/24" :: Cidr
425 cidr2 = read "10.2.5.0/24" :: Cidr
427 actual = cidr1 `adjacent` cidr2
430 test_adjacent4 :: TestTree
432 testCase desc $ actual @?= expected
434 desc = "10.1.1.0/24 is not adjacent to 10.1.2.0/24"
435 cidr1 = read "10.1.1.0/24" :: Cidr
436 cidr2 = read "10.1.2.0/24" :: Cidr
438 actual = cidr1 `adjacent` cidr2
440 test_combine_contained1 :: TestTree
441 test_combine_contained1 =
442 testCase desc $ actual @?= expected
444 desc = "10.0.0.0/8, 10.1.0.0/16, and 10.1.1.0/24 combine to 10.0.0.0/8"
445 cidr1 = read "10.0.0.0/8" :: Cidr
446 cidr2 = read "10.1.0.0/16" :: Cidr
447 cidr3 = read "10.1.1.0/24" :: Cidr
448 test_cidrs = [cidr1, cidr2, cidr3]
450 actual = combine_contained test_cidrs
452 test_combine_contained2 :: TestTree
453 test_combine_contained2 =
454 testCase desc $ actual @?= expected
456 desc = "192.168.3.0/23 does not contain 192.168.1.0/24"
457 cidr1 = read "192.168.3.0/23" :: Cidr
458 cidr2 = read "192.168.1.0/24" :: Cidr
459 expected = [cidr1, cidr2]
460 actual = combine_contained [cidr1, cidr2]
463 test_combine_all1 :: TestTree
465 testCase desc $ actual @?= expected
467 desc = "10.0.0.0/24 is adjacent to 10.0.1.0/24 "
468 ++ "and 10.0.3.0/23 contains 10.0.2.0/24"
469 cidr1 = read "10.0.0.0/24" :: Cidr
470 cidr2 = read "10.0.1.0/24" :: Cidr
471 cidr3 = read "10.0.2.0/24" :: Cidr
472 cidr4 = read "10.0.3.0/23" :: Cidr
473 cidr5 = read "10.0.0.0/23" :: Cidr
474 test_cidrs = [cidr1, cidr2, cidr3, cidr4, cidr5]
475 expected = [read "10.0.0.0/22" :: Cidr]
476 actual = combine_all test_cidrs
479 test_combine_all2 :: TestTree
481 testCase desc $ actual @?= expected
483 desc = "127.0.0.1/32 combines with itself recursively"
484 cidr1 = read "127.0.0.1/32" :: Cidr
485 test_cidrs = [cidr1, cidr1, cidr1, cidr1, cidr1]
487 actual = combine_all test_cidrs
490 test_combine_all3 :: TestTree
492 testCase desc $ actual @?= expected
494 desc = "10.0.0.16, 10.0.0.17, 10.0.0.18, and "
495 ++ "10.0.0.19 get combined into 10.0.0.16/30"
496 cidr1 = read "10.0.0.16/32" :: Cidr
497 cidr2 = read "10.0.0.17/32" :: Cidr
498 cidr3 = read "10.0.0.18/32" :: Cidr
499 cidr4 = read "10.0.0.19/32" :: Cidr
500 test_cidrs = [cidr1, cidr2, cidr3, cidr4]
501 expected = [read "10.0.0.16/30" :: Cidr]
502 actual = combine_all test_cidrs
504 test_normalize1 :: TestTree
506 testCase desc $ actual @?= expected
508 desc = "127.0.0.1/8 normalized is 127.0.0.0/8"
509 expected = read "127.0.0.0/8" :: Cidr
510 actual = normalize (read "127.0.0.1/8" :: Cidr)
513 test_normalize2 :: TestTree
515 testCase desc $ actual @?= expected
517 desc = "192.168.1.101/24 normalized is 192.168.1.0/24"
518 expected = read "192.168.1.0/24" :: Cidr
519 actual = normalize (read "192.168.1.101/24" :: Cidr)
521 test_normalize3 :: TestTree
523 testCase desc $ actual @?= expected
525 desc = "10.10.10.10/22 normalized is 10.10.8.0/22"
526 expected = read "10.10.8.0/22" :: Cidr
527 actual = normalize (read "10.10.10.10/22" :: Cidr)
530 prop_all_cidrs_contain_themselves :: TestTree
531 prop_all_cidrs_contain_themselves =
532 testProperty "All CIDRs contain themselves" prop
535 prop cidr1 = cidr1 `contains` cidr1
538 -- If cidr1 properly contains cidr2, then by definition cidr2
539 -- does not properly contain cidr1.
540 prop_contains_proper_antisymmetric :: TestTree
541 prop_contains_proper_antisymmetric =
542 testProperty "CIDR proper containment is an antisymmetric relation" prop
544 prop :: Cidr -> Cidr -> Property
546 (cidr1 `contains_proper` cidr2) ==>
547 (not (cidr2 `contains_proper` cidr1))
550 -- Running "normalize" a second time shouldn't do anything.
551 prop_normalize_idempotent :: TestTree
552 prop_normalize_idempotent =
553 testProperty "The CIDR \"normalize\" function is idempotent" prop
556 prop cidr = (normalize cidr) == (normalize (normalize cidr))
558 -- Normalization should not affect equality of two CIDRs.
559 prop_normalize_preserves_equality :: TestTree
560 prop_normalize_preserves_equality =
561 testProperty "The CIDR \"normalize\" function preserves equality" prop
563 prop :: Cidr -> Cidr -> Bool
564 prop cidr1 cidr2 = (cidr1 == cidr2) == (normalize cidr1 == normalize cidr2)
566 prop_ord_instance_reflexive :: TestTree
567 prop_ord_instance_reflexive =
568 testProperty "The CIDR order is reflexive" prop
571 prop cidr = cidr <= cidr
574 prop_ord_instance_transitive :: TestTree
575 prop_ord_instance_transitive =
576 testProperty "The CIDR order is transitive" prop
578 prop :: Cidr -> Cidr -> Cidr -> Property
579 prop cidr1 cidr2 cidr3 =
580 (cidr1 <= cidr2 && cidr2 <= cidr3) ==> cidr1 <= cidr3