Move some net::IPAddressNumber implementations to net::IPAddress.

net/base/ip_address.cc

 // Copyright (c) 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/ip_address.h"
 
 #include "base/strings/string_piece.h"
 #include "base/strings/string_split.h"
 #include "net/base/ip_address_number.h"
 #include "net/base/parse_number.h"
 #include "url/gurl.h"
 #include "url/url_canon_ip.h"
 
+namespace {
+
+bool IPAddressPrefixCheck(const std::vector<uint8_t>& ip_address,
+                          const unsigned char* ip_prefix,
+                          size_t prefix_length_in_bits) {
+  // Compare all the bytes that fall entirely within the prefix.
+  int num_entire_bytes_in_prefix = prefix_length_in_bits / 8;
+  for (int i = 0; i < num_entire_bytes_in_prefix; ++i) {
+    if (ip_address[i] != ip_prefix[i])
+      return false;
+  }
+
+  // In case the prefix was not a multiple of 8, there will be 1 byte
+  // which is only partially masked.
+  int remaining_bits = prefix_length_in_bits % 8;
+  if (remaining_bits != 0) {
+    unsigned char mask = 0xFF << (8 - remaining_bits);
+    int i = num_entire_bytes_in_prefix;
+    if ((ip_address[i] & mask) != (ip_prefix[i] & mask))
+      return false;
+  }
+  return true;
+}
+
+}  // namespace
+
 namespace net {
 
 IPAddress::IPAddress() {}
 
 IPAddress::IPAddress(const IPAddressNumber& address) : ip_address_(address) {}
 
 IPAddress::IPAddress(const IPAddress& other) = default;
 
 IPAddress::IPAddress(const uint8_t* address, size_t address_len)
     : ip_address_(address, address + address_len) {}
@@ skipping 34 matching lines @@
 }
 
 bool IPAddress::IsIPv6() const {
   return ip_address_.size() == kIPv6AddressSize;
 }
 
 bool IPAddress::IsValid() const {
   return IsIPv4() || IsIPv6();
 }
 
+// Don't compare IPv4 and IPv6 addresses (they have different range
+// reservations). Keep separate reservation arrays for each IP type, and
+// consolidate adjacent reserved ranges within a reservation array when
+// possible.
+// Sources for info:
+// www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml
+// www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
+// They're formatted here with the prefix as the last element. For example:
+// 10.0.0.0/8 becomes 10,0,0,0,8 and fec0::/10 becomes 0xfe,0xc0,0,0,0...,10.
 bool IPAddress::IsReserved() const {
-  return IsIPAddressReserved(ip_address_);
+  static const unsigned char kReservedIPv4[][5] = {
+      {0, 0, 0, 0, 8},     {10, 0, 0, 0, 8},      {100, 64, 0, 0, 10},
+      {127, 0, 0, 0, 8},   {169, 254, 0, 0, 16},  {172, 16, 0, 0, 12},
+      {192, 0, 2, 0, 24},  {192, 88, 99, 0, 24},  {192, 168, 0, 0, 16},
+      {198, 18, 0, 0, 15}, {198, 51, 100, 0, 24}, {203, 0, 113, 0, 24},
+      {224, 0, 0, 0, 3}};
+  static const unsigned char kReservedIPv6[][17] = {

[martijnc, 2016/04/11 22:02:08]

I copied this list but while trying to write tests for this method I wasn't
quite able to figure out how these ranges match those in [1]. Not sure what the
precise definition of 'reserved' is here.

I'm probably missing something but 0100::/8, 0200::/7, 0400::/6, 0800::/5 &
1000::/4 don't seem to match any of these ranges [2]?

[1] http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
[2]
https://docs.google.com/spreadsheets/d/1zRoJYtk3aM-QxRz-d_hYLICcXWSc3PKS9OWkA...

[eroman, 2016/04/12 05:30:56]

Thanks for raising this issue Martin!

Yeah, those ranges do seem to be missing reserved blocks unless I am reading
this wrong.

The scarcity of documentation in this function makes it hard to understand what
the author's intent was.

+rsleevi who may know more.

I expect we can simplify this by storing the pattern for non-reserved ranges
rather than the patterns for all the private address space. I think just these
two mappings:

  2000::/3 (unicast)
  ff00::/8 (multicast)

If it doesn't match one of those two patterns, then the function can return
true. This covers all the reserved ranges as well as Unique Local Unicast
(fc00::/7) and Link-Scoped Unicast (fe80::/10).

Alternately as a blacklist (using the current approach) if we add up all the
reserved ranges + unique local unicast + link-scoped unicast and simplify you
get:

4000::/2 (01*)                                                                 
8000::/2 (10*)                                                                 
0000::/3 (000*)                                                                
c000::/3 (110*)                                                                
e000::/4 (1110*)                                                               
f000::/5 (11110*)                                                              
f800::/6 (111110*)                                                             
fc00::/7 (1111110*)                                                            
fe00::/8 (11111110*)

[Ryan Sleevi, 2016/04/12 21:15:59]

When the review introducing this started, that's what we had - because the IPv6
ranges were represented as strings - see
https://codereview.chromium.org/22538003/diff/14001/net/base/net_util.cc#newc...

In Patchset 4, this got rewritten as
https://codereview.chromium.org/22538003/diff/21001/net/base/net_util.cc

Unfortunately, they were lost then.

So it was a bug that was overlooked during review.

+      {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 8},
+      {0x40, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2},
+      {0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2},
+      {0xc0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3},
+      {0xe0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4},
+      {0xf0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5},
+      {0xf8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6},
+      {0xfc, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7},
+      {0xfe, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 9},
+      {0xfe, 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10},
+      {0xfe, 0xc0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10},
+  };
+  size_t array_size = 0;
+  const unsigned char* array = nullptr;
+  switch (ip_address_.size()) {
+    case kIPv4AddressSize:
+      array_size = arraysize(kReservedIPv4);
+      array = kReservedIPv4[0];
+      break;
+    case kIPv6AddressSize:
+      array_size = arraysize(kReservedIPv6);
+      array = kReservedIPv6[0];
+      break;
+  }
+  if (!array)
+    return false;
+  size_t width = ip_address_.size() + 1;
+  for (size_t i = 0; i < array_size; ++i, array += width) {
+    if (IPAddressPrefixCheck(ip_address_, array, array[width - 1]))
+      return true;
+  }
+  return false;
 }
 
 bool IPAddress::IsZero() const {
   for (auto x : ip_address_) {
     if (x != 0)
       return false;
   }
 
   return !empty();
 }
@@ skipping 72 matching lines @@
   return IPAddress(ConvertIPv4NumberToIPv6Number(address.bytes()));
 }
 
 IPAddress ConvertIPv4MappedIPv6ToIPv4(const IPAddress& address) {
   return IPAddress(ConvertIPv4MappedToIPv4(address.bytes()));
 }
 
 bool IPAddressMatchesPrefix(const IPAddress& ip_address,
                             const IPAddress& ip_prefix,
                             size_t prefix_length_in_bits) {
-  return IPNumberMatchesPrefix(ip_address.bytes(), ip_prefix.bytes(),
-                               prefix_length_in_bits);
+  // Both the input IP address and the prefix IP address should be either IPv4
+  // or IPv6.
+  DCHECK(ip_address.IsValid());
+  DCHECK(ip_prefix.IsValid());
+
+  DCHECK_LE(prefix_length_in_bits, ip_prefix.size() * 8);
+
+  // In case we have an IPv6 / IPv4 mismatch, convert the IPv4 addresses to
+  // IPv6 addresses in order to do the comparison.
+  if (ip_address.size() != ip_prefix.size()) {
+    if (ip_address.IsIPv4()) {
+      return IPAddressMatchesPrefix(ConvertIPv4ToIPv4MappedIPv6(ip_address),
+                                    ip_prefix, prefix_length_in_bits);
+    }
+    return IPAddressMatchesPrefix(ip_address,
+                                  ConvertIPv4ToIPv4MappedIPv6(ip_prefix),
+                                  96 + prefix_length_in_bits);
+  }
+
+  return IPAddressPrefixCheck(ip_address.bytes(), ip_prefix.bytes().data(),
+                              prefix_length_in_bits);
 }
 
 bool ParseCIDRBlock(const std::string& cidr_literal,
                     IPAddress* ip_address,
                     size_t* prefix_length_in_bits) {
   // We expect CIDR notation to match one of these two templates:
   //   <IPv4-literal> "/" <number of bits>
   //   <IPv6-literal> "/" <number of bits>
 
   std::vector<base::StringPiece> parts = base::SplitStringPiece(
@@ skipping 34 matching lines @@
 
 unsigned CommonPrefixLength(const IPAddress& a1, const IPAddress& a2) {
   return CommonPrefixLength(a1.bytes(), a2.bytes());
 }
 
 unsigned MaskPrefixLength(const IPAddress& mask) {
   return MaskPrefixLength(mask.bytes());
 }
 
 }  // namespace net