Skip to content

Commit c1a9239

Browse files
hugehoohugehoo
authored
xds/rbac: replace legacy net to netip (#8908)
Updates #8884 this PR replace net.IPNet with netip.Prefix in file `internal/xds/rbac/matchers.go`. - Replaced internal matcher CIDR type from `*net.IPNet` to `netip.Prefix` - Migrated CIDR parsing from `net.ParseCIDR` to `netip.ParsePrefix`, with .Masked() normalization to keep canonical network behavior RELEASE NOTES: N/A
1 parent 3be7e2d commit c1a9239

1 file changed

Lines changed: 8 additions & 9 deletions

File tree

internal/xds/rbac/matchers.go

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,6 @@ package rbac
1919
import (
2020
"errors"
2121
"fmt"
22-
"net"
2322
"net/netip"
2423
"regexp"
2524

@@ -330,41 +329,41 @@ func (upm *urlPathMatcher) match(data *rpcData) bool {
330329
type remoteIPMatcher struct {
331330
// ipNet represents the CidrRange that this matcher was configured with.
332331
// This is what will remote and destination IP's will be matched against.
333-
ipNet *net.IPNet
332+
ipNet netip.Prefix
334333
}
335334

336335
func newRemoteIPMatcher(cidrRange *v3corepb.CidrRange) (*remoteIPMatcher, error) {
337336
// Convert configuration to a cidrRangeString, as Go standard library has
338337
// methods that parse cidr string.
339338
cidrRangeString := fmt.Sprintf("%s/%d", cidrRange.AddressPrefix, cidrRange.PrefixLen.Value)
340-
_, ipNet, err := net.ParseCIDR(cidrRangeString)
339+
ipNet, err := netip.ParsePrefix(cidrRangeString)
341340
if err != nil {
342341
return nil, err
343342
}
344-
return &remoteIPMatcher{ipNet: ipNet}, nil
343+
return &remoteIPMatcher{ipNet: ipNet.Masked()}, nil
345344
}
346345

347346
func (sim *remoteIPMatcher) match(data *rpcData) bool {
348347
ip, _ := netip.ParseAddr(data.peerInfo.Addr.String())
349-
return sim.ipNet.Contains(net.IP(ip.AsSlice()))
348+
return sim.ipNet.Contains(ip)
350349
}
351350

352351
type localIPMatcher struct {
353-
ipNet *net.IPNet
352+
ipNet netip.Prefix
354353
}
355354

356355
func newLocalIPMatcher(cidrRange *v3corepb.CidrRange) (*localIPMatcher, error) {
357356
cidrRangeString := fmt.Sprintf("%s/%d", cidrRange.AddressPrefix, cidrRange.PrefixLen.Value)
358-
_, ipNet, err := net.ParseCIDR(cidrRangeString)
357+
ipNet, err := netip.ParsePrefix(cidrRangeString)
359358
if err != nil {
360359
return nil, err
361360
}
362-
return &localIPMatcher{ipNet: ipNet}, nil
361+
return &localIPMatcher{ipNet: ipNet.Masked()}, nil
363362
}
364363

365364
func (dim *localIPMatcher) match(data *rpcData) bool {
366365
ip, _ := netip.ParseAddr(data.localAddr.String())
367-
return dim.ipNet.Contains(net.IP(ip.AsSlice()))
366+
return dim.ipNet.Contains(ip)
368367
}
369368

370369
// portMatcher matches on whether the destination port of the RPC matches the

0 commit comments

Comments
 (0)