Package org.apache.cassandra.auth

Class CIDRGroupsMappingIntervalTree<V>

  • All Implemented Interfaces:
    CIDRGroupsMappingTable<V>
    public class CIDRGroupsMappingIntervalTree<V>
extends java.lang.Object
implements CIDRGroupsMappingTable<V>
    This class implements CIDR Interval tree and the ability to find longest matching CIDR for the given IP. CIDRs interval tree is a variant of interval tree. Each node contains a CIDR and a value. A node has left children array and the right children array. - The left children's CIDRs are either less than the starting IP of parent or overlaps with the parent node. - The right children's CIDRs are either greater than the ending IP of the parent or overlaps with the parent node. Note that nodes that overlap with the parent node are included in both left and right children arrays. The tree organizes nodes by placing non-overlapping CIDRs at the same level. In general, CIDRs with the same net mask do not overlap, hence are placed in the same level. CIDRs with different net mask may overlap, hence placed at different levels in the tree. In addition to this, there is an optimisation to promote a CIDR to an upper level, if it is not overlapping with any CIDR in the parent level, that means, in such cases a CIDR with different net mask can co-locate in the same level with other CIDRs. Levels closer to the root contains CIDRs with higher net mask value. Net mask value decreases as levels further down from the root. i.e, Nearer the level to the root, the narrower the CIDR, meaning matching the longer IP prefix. Search for Longest matching CIDR for an IP starts at level 0, if not found a match, search continues to the next level, until it finds a match or reaches leaf nodes without a match. That means search terminates on the first match closest to the root, i.e, locates narrowest matching CIDR. Example: Assume below CIDRs "128.10.120.2/10", ==> IP range 128.0.0.0 - 128.63.255.255, netmask 10 "128.20.120.2/20", ==> IP range 128.20.112.0 - 128.20.127.255, netmask 20 "0.0.0.0/0", ==> IP range 0.0.0.0 - 255.255.255.255, netmask 0 "10.1.1.2/10" ==> IP range 10.0.0.0 - 10.63.255.255, netmask 10 Resulting interval tree looks like: (10.0.0.0 - 10.63.255.255, 10) (128.20.112.0 - 128.20.127.255, 20) / \ / \ / (128.0.0.0 - 128.63.255.255, 10) / / \ (0.0.0.0 - 255.255.255.255, 0) Note that in this example (10.0.0.0 - 10.63.255.255, 10) doesn't have any overlapping CIDR, hence moved up a level as an optimization

    • Constructor Detail

      • CIDRGroupsMappingIntervalTree

        public CIDRGroupsMappingIntervalTree​(boolean isIPv6,
                                     java.util.Map<CIDR,​java.util.Set<V>> cidrMappings)
        Build an interval tree for given CIDRs
        Parameters:
        isIPv6 - true if this CIDR groups mapping is for IPv6 IPs, false otherwise
        cidrMappings - CIDR to Value mappings

    • Method Detail

      • lookupLongestMatchForIP

        public java.util.Set<V> lookupLongestMatchForIP​(java.net.InetAddress ip)
        Get the longest matching CIDR (i.e, the narrowest match) for given IP
        Specified by:
        lookupLongestMatchForIP in interface CIDRGroupsMappingTable<V>
        Parameters:
        ip - IP to lookup CIDR group
        Returns:
        CIDR group name(s)