Add NetFromRange and NetFromIntervalRange helpers

When retrieving set elements it can be desired to format the result in
the same way `nft` would, which is merging intervals to CIDR
representations. To make this easier, introduce helper functions which
allow for conversion of IP address ranges to CIDR networks.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

Author: tacerus

util.go

@@ -16,7 +16,9 @@ package nftables
 
 import (
 	"encoding/binary"
+	"errors"
 	"net"
+	"net/netip"
 
 	"github.com/google/nftables/binaryutil"
 	"golang.org/x/sys/unix"
@@ -126,3 +128,48 @@ func NetInterval(cidr string) (net.IP, net.IP, error) {
 
 	return first, nextIP(last), nil
 }
+
+// NetFromRange returns a CIDR IP network given a start and end address
+func NetFromRange(first net.IP, last net.IP) (*net.IPNet, error) {
+	ip1 := net.IP(first)
+	ip2 := net.IP(last)
+
+	maxLen := 32
+	isIpv6 := ip1.To4() == nil
+
+	if isIpv6 && ip2.To4() != nil {
+		return nil, errors.New("Cannot mix IPv4 and IPv6.")
+	}
+
+	if isIpv6 {
+		maxLen = 128
+	}
+
+	for l := maxLen; l >= 0; l-- {
+		cidrmask := net.CIDRMask(l, maxLen)
+		ipmask := ip2.Mask(cidrmask)
+		ipnet := net.IPNet{
+			IP:   ipmask,
+			Mask: cidrmask,
+		}
+
+		if ipnet.Contains(ip1) {
+			return &ipnet, nil
+		}
+	}
+
+	return nil, errors.New("Failed to construct network from range.")
+}
+
+// NetFromNetInterval returns a CIDR IP network given a start and end address as found in intervals.
+// This is similar to NetFromRange, but subtracts one address from the end of the range.
+func NetFromIntervalRange(first net.IP, last net.IP) (out *net.IPNet, err error) {
+	ip2, ok := netip.AddrFromSlice(last)
+	if !ok {
+		return nil, errors.New("Failed to construct slice from network.")
+	}
+
+	previous := ip2.Prev()
+
+	return NetFromRange(first, previous.AsSlice())
+}

util_test.go

@@ -201,3 +201,135 @@ func TestNetInterval(t *testing.T) {
 		})
 	}
 }
+
+func TestNetFromRange(t *testing.T) {
+	tests := []struct {
+		name    string
+		first   string
+		last    string
+		wantNet string
+		wantErr bool
+	}{
+		{
+			first:   "0.0.0.1",
+			last:    "255.255.255.254",
+			wantNet: "0.0.0.0/0",
+			wantErr: false,
+		},
+		{
+			first:   "192.168.4.0",
+			last:    "192.168.4.255",
+			wantNet: "192.168.4.0/24",
+			wantErr: false,
+		},
+		{
+			first:   "192.0.2.17",
+			last:    "192.0.2.30",
+			wantNet: "192.0.2.16/28",
+			wantErr: false,
+		},
+		{
+			first:   "2001:db8:100::",
+			last:    "2001:db8:100:ffff:ffff:ffff:ffff:ffff",
+			wantNet: "2001:db8:100::/48",
+			wantErr: false,
+		},
+		{
+			first:   "2001:db8:100::",
+			last:    "192.0.2.30",
+			wantNet: "",
+			wantErr: true,
+		},
+		{
+			first:   "192.0.2.30",
+			last:    "2001:db8:100::",
+			wantNet: "",
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.first+"-"+tt.last, func(t *testing.T) {
+			gotNet, err := NetFromRange(net.ParseIP(tt.first), net.ParseIP(tt.last))
+			if (err != nil) != tt.wantErr {
+				t.Errorf("NetFromRange() error = %v, wantErr = %v", err, tt.wantErr)
+			}
+
+			if tt.wantNet == "" {
+				return
+			}
+
+			_, wantNetParsed, err := net.ParseCIDR(tt.wantNet)
+			if err != nil {
+				t.Fatalf("NetFromRange() error parsing test network = %v", err)
+			}
+
+			if !reflect.DeepEqual(gotNet, wantNetParsed) {
+				t.Errorf("NetFromRange() gotNet = %+v, wantNet = %+v", gotNet, wantNetParsed)
+			}
+		})
+	}
+}
+
+func TestNetFromIntervalRange(t *testing.T) {
+	tests := []struct {
+		name    string
+		first   string
+		last    string
+		wantNet string
+		wantErr bool
+	}{
+		{
+			first:   "192.0.2.16",
+			last:    "192.0.2.32",
+			wantNet: "192.0.2.16/28",
+			wantErr: false,
+		},
+		{
+			first:   "2001:db8:100::",
+			last:    "2001:db8:101::",
+			wantNet: "2001:db8:100::/48",
+			wantErr: false,
+		},
+		{
+			first:   "2001:db8:a1:11::",
+			last:    "2001:db8:a1:12::",
+			wantNet: "2001:db8:a1:11::/64",
+			wantErr: false,
+		},
+		{
+			first:   "2001:db8:100::",
+			last:    "192.0.2.30",
+			wantNet: "",
+			wantErr: true,
+		},
+		{
+			first:   "192.0.2.30",
+			last:    "2001:db8:100::",
+			wantNet: "",
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.first+"-"+tt.last, func(t *testing.T) {
+			gotNet, err := NetFromIntervalRange(net.ParseIP(tt.first), net.ParseIP(tt.last))
+			if (err != nil) != tt.wantErr {
+				t.Errorf("NetFromIntervalRange() error = %v, wantErr = %v", err, tt.wantErr)
+			}
+
+			if tt.wantNet == "" {
+				return
+			}
+
+			_, wantNetParsed, err := net.ParseCIDR(tt.wantNet)
+			if err != nil {
+				t.Fatalf("NetFromIntervalRange() error parsing test network = %v", err)
+			}
+
+			if !reflect.DeepEqual(gotNet, wantNetParsed) {
+				t.Errorf("NetFromIntervalRange() gotNet = %+v, wantNet = %+v", gotNet, wantNetParsed)
+			}
+		})
+	}
+}