Package org.apache.cassandra.auth
Class CIDRGroupsMappingIntervalTree<V>
- java.lang.Object
-
- org.apache.cassandra.auth.CIDRGroupsMappingIntervalTree<V>
-
- All Implemented Interfaces:
CIDRGroupsMappingTable<V>
public class CIDRGroupsMappingIntervalTree<V> extends java.lang.Object implements CIDRGroupsMappingTable<V>
This class implements CIDR Interval tree and the ability to find longest matching CIDR for the given IP. CIDRs interval tree is a variant of interval tree. Each node contains a CIDR and a value. A node has left children array and the right children array. - The left children's CIDRs are either less than the starting IP of parent or overlaps with the parent node. - The right children's CIDRs are either greater than the ending IP of the parent or overlaps with the parent node. Note that nodes that overlap with the parent node are included in both left and right children arrays. The tree organizes nodes by placing non-overlapping CIDRs at the same level. In general, CIDRs with the same net mask do not overlap, hence are placed in the same level. CIDRs with different net mask may overlap, hence placed at different levels in the tree. In addition to this, there is an optimisation to promote a CIDR to an upper level, if it is not overlapping with any CIDR in the parent level, that means, in such cases a CIDR with different net mask can co-locate in the same level with other CIDRs. Levels closer to the root contains CIDRs with higher net mask value. Net mask value decreases as levels further down from the root. i.e, Nearer the level to the root, the narrower the CIDR, meaning matching the longer IP prefix. Search for Longest matching CIDR for an IP starts at level 0, if not found a match, search continues to the next level, until it finds a match or reaches leaf nodes without a match. That means search terminates on the first match closest to the root, i.e, locates narrowest matching CIDR. Example: Assume below CIDRs "128.10.120.2/10", ==> IP range 128.0.0.0 - 128.63.255.255, netmask 10 "128.20.120.2/20", ==> IP range 128.20.112.0 - 128.20.127.255, netmask 20 "0.0.0.0/0", ==> IP range 0.0.0.0 - 255.255.255.255, netmask 0 "10.1.1.2/10" ==> IP range 10.0.0.0 - 10.63.255.255, netmask 10 Resulting interval tree looks like: (10.0.0.0 - 10.63.255.255, 10) (128.20.112.0 - 128.20.127.255, 20) / \ / \ / (128.0.0.0 - 128.63.255.255, 10) / / \ (0.0.0.0 - 255.255.255.255, 0) Note that in this example (10.0.0.0 - 10.63.255.255, 10) doesn't have any overlapping CIDR, hence moved up a level as an optimization
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.cassandra.auth.CIDRGroupsMappingTable
CIDRGroupsMappingTable.Builder<V>
-
-
Constructor Summary
Constructors Constructor Description CIDRGroupsMappingIntervalTree(boolean isIPv6, java.util.Map<CIDR,java.util.Set<V>> cidrMappings)
Build an interval tree for given CIDRs
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.util.Set<V>
lookupLongestMatchForIP(java.net.InetAddress ip)
Get the longest matching CIDR (i.e, the narrowest match) for given IP-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.cassandra.auth.CIDRGroupsMappingTable
getIPTypeString
-
-
-
-
Method Detail
-
lookupLongestMatchForIP
public java.util.Set<V> lookupLongestMatchForIP(java.net.InetAddress ip)
Get the longest matching CIDR (i.e, the narrowest match) for given IP- Specified by:
lookupLongestMatchForIP
in interfaceCIDRGroupsMappingTable<V>
- Parameters:
ip
- IP to lookup CIDR group- Returns:
- CIDR group name(s)
-
-