Skip to content

Commit 73faa5b

Browse files
thessthess
committed
feat(expressions): Upgrade cidranger to use BART tables. Replace sha256sum with xxhash for keys
Signed-off-by: Ted Hess <[email protected]>
1 parent 68dc14c commit 73faa5b

File tree

1 file changed

+19
-22
lines changed

1 file changed

+19
-22
lines changed

lib/policy/expressions/environment.go

Lines changed: 19 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -3,20 +3,20 @@ package expressions
33
import (
44
"fmt"
55
"math/rand/v2"
6-
"net"
6+
"net/netip"
77
"strings"
88

99
"github.com/TecharoHQ/anubis/internal"
10+
"github.com/gaissmai/bart"
1011
"github.com/google/cel-go/cel"
1112
"github.com/google/cel-go/common/types"
1213
"github.com/google/cel-go/common/types/ref"
1314
"github.com/google/cel-go/common/types/traits"
1415
"github.com/google/cel-go/ext"
15-
"github.com/yl2chen/cidranger"
1616
)
1717

18-
// pre-parsed CIDR ranger map. Hash of CIDR IP list is key
19-
var CIDRMap = make(map[string]cidranger.Ranger)
18+
// pre-parsed CIDR bart tables map. Hash of CIDR IP list is key
19+
var CIDRMap = make(map[string]*bart.Lite)
2020

2121
// buildCacheKey creates a deterministic cache key from the IP list
2222
func buildCacheKey(ipList traits.Lister) string {
@@ -31,21 +31,21 @@ func buildCacheKey(ipList traits.Lister) string {
3131
cidrs = append(cidrs, string(cidr))
3232
}
3333
// Join them to create a unique key
34-
return internal.SHA256sum(strings.Join(cidrs, "|"))
34+
return internal.FastHash(strings.Join(cidrs, "|"))
3535
}
3636

37-
// getCachedRanger returns a cached ranger or builds a new one
38-
func getCachedRanger(ipList traits.Lister) (cidranger.Ranger, error) {
37+
// getCachedPrefixTable returns a cached bart table or builds a new one
38+
func getCachedPrefixTable(ipList traits.Lister) (*bart.Lite, error) {
3939
// Build cache key
4040
cacheKey := buildCacheKey(ipList)
4141

4242
// Check cache
43-
if ranger, ok := CIDRMap[cacheKey]; ok {
44-
return ranger, nil
43+
if prefixtable, ok := CIDRMap[cacheKey]; ok {
44+
return prefixtable, nil
4545
}
4646

47-
// Build new ranger
48-
ranger := cidranger.NewPCTrieRanger()
47+
// Build new bart table
48+
prefixtable := new(bart.Lite)
4949

5050
it := ipList.Iterator()
5151
for it.HasNext() == types.True {
@@ -54,33 +54,30 @@ func getCachedRanger(ipList traits.Lister) (cidranger.Ranger, error) {
5454
if !ok {
5555
continue
5656
}
57-
_, rng, err := net.ParseCIDR(string(cidr))
57+
prefix, err := netip.ParsePrefix(string(cidr))
5858
if err != nil {
5959
return nil, fmt.Errorf("address %s CIDR parse error: %w", cidr, err)
6060
}
61-
ranger.Insert(cidranger.NewBasicRangerEntry(*rng))
61+
prefixtable.Insert(prefix)
6262
}
6363

6464
// Store in map
65-
CIDRMap[cacheKey] = ranger
66-
return ranger, nil
65+
CIDRMap[cacheKey] = prefixtable
66+
return prefixtable, nil
6767
}
6868

6969
func remoteAddrInList(remoteAddr types.String, ipList traits.Lister) (bool, error) {
70-
ipAddr := net.ParseIP(string(remoteAddr))
71-
if ipAddr == nil {
70+
ipAddr, err := netip.ParseAddr(string(remoteAddr))
71+
if err != nil {
7272
return false, fmt.Errorf("remoteAddrInList: %s is not a valid IP address", remoteAddr)
7373
}
7474

75-
ranger, err := getCachedRanger(ipList)
75+
prefixtable, err := getCachedPrefixTable(ipList)
7676
if err != nil {
7777
return false, fmt.Errorf("remoteAddrInList: %v", err)
7878
}
7979

80-
ok, err := ranger.Contains(ipAddr)
81-
if err != nil {
82-
return false, fmt.Errorf("remoteAddrInList: error checking if %s is in range: %v", remoteAddr, err)
83-
}
80+
ok := prefixtable.Contains(ipAddr)
8481
return ok, nil
8582
}
8683

0 commit comments

Comments
 (0)