firewall_objects/ip/

range.rs

//! Inclusive IPv4/IPv6 range utilities.

use std::fmt;
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
use std::str::FromStr;

/// Inclusive IP range (start <= end) for either IPv4 or IPv6.
///
/// Keep this in your crate so you control ordering rules and serialization.
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
#[derive(Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub enum IpRange {
    V4 { start: Ipv4Addr, end: Ipv4Addr },
    V6 { start: Ipv6Addr, end: Ipv6Addr },
}

/// IP address family for an `IpRange`.
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub enum IpFamily {
    V4,
    V6,
}

impl IpRange {
    /// Create a validated range.
    ///
    /// Ensures the start/end address families match and that `start <= end`.
    ///
    /// # Examples
    ///
    /// IPv4:
    /// ```rust
    /// use std::net::{IpAddr, Ipv4Addr};
    /// use firewall_objects::ip::range::IpRange;
    ///
    /// let r = IpRange::new(
    ///     IpAddr::V4(Ipv4Addr::new(192, 0, 2, 10)),
    ///     IpAddr::V4(Ipv4Addr::new(192, 0, 2, 20)),
    /// ).unwrap();
    /// assert!(r.contains(IpAddr::V4(Ipv4Addr::new(192, 0, 2, 15))));
    /// ```
    ///
    /// IPv6:
    /// ```rust
    /// use std::net::{IpAddr, Ipv6Addr};
    /// use firewall_objects::ip::range::IpRange;
    ///
    /// let r = IpRange::new(
    ///     IpAddr::V6(Ipv6Addr::LOCALHOST),
    ///     IpAddr::V6(Ipv6Addr::LOCALHOST),
    /// ).unwrap();
    /// assert!(r.contains(IpAddr::V6(Ipv6Addr::LOCALHOST)));
    /// ```
    ///
    /// Mismatched families fail:
    /// ```rust
    /// use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
    /// use firewall_objects::ip::range::IpRange;
    ///
    /// let err = IpRange::new(
    ///     IpAddr::V4(Ipv4Addr::new(192, 0, 2, 10)),
    ///     IpAddr::V6(Ipv6Addr::LOCALHOST),
    /// ).unwrap_err();
    /// assert!(err.contains("families must match"));
    /// ```
    pub fn new(start: IpAddr, end: IpAddr) -> Result<Self, String> {
        match (start, end) {
            (IpAddr::V4(s), IpAddr::V4(e)) => {
                if u32::from(s) > u32::from(e) {
                    return Err("IPv4 range start > end".into());
                }
                Ok(IpRange::V4 { start: s, end: e })
            }
            (IpAddr::V6(s), IpAddr::V6(e)) => {
                if u128::from(s) > u128::from(e) {
                    return Err("IPv6 range start > end".into());
                }
                Ok(IpRange::V6 { start: s, end: e })
            }
            _ => Err("IP range start/end address families must match".into()),
        }
    }

    /// Create a validated IPv4 range.
    pub fn new_v4(start: Ipv4Addr, end: Ipv4Addr) -> Result<Self, String> {
        IpRange::new(IpAddr::V4(start), IpAddr::V4(end))
    }

    /// Create a validated IPv6 range.
    pub fn new_v6(start: Ipv6Addr, end: Ipv6Addr) -> Result<Self, String> {
        IpRange::new(IpAddr::V6(start), IpAddr::V6(end))
    }

    /// Return the IP family of this range.
    pub fn family(&self) -> IpFamily {
        match self {
            IpRange::V4 { .. } => IpFamily::V4,
            IpRange::V6 { .. } => IpFamily::V6,
        }
    }

    /// Return the (start, end) tuple for an IPv4 range.
    pub fn as_v4(&self) -> Option<(Ipv4Addr, Ipv4Addr)> {
        match self {
            IpRange::V4 { start, end } => Some((*start, *end)),
            _ => None,
        }
    }

    /// Return the (start, end) tuple for an IPv6 range.
    pub fn as_v6(&self) -> Option<(Ipv6Addr, Ipv6Addr)> {
        match self {
            IpRange::V6 { start, end } => Some((*start, *end)),
            _ => None,
        }
    }

    /// Return the start of the range as IPv4, if this is an IPv4 range.
    pub fn start_v4(&self) -> Option<Ipv4Addr> {
        self.as_v4().map(|(s, _)| s)
    }

    /// Return the end of the range as IPv4, if this is an IPv4 range.
    pub fn end_v4(&self) -> Option<Ipv4Addr> {
        self.as_v4().map(|(_, e)| e)
    }

    /// Return the start of the range as IPv6, if this is an IPv6 range.
    pub fn start_v6(&self) -> Option<Ipv6Addr> {
        self.as_v6().map(|(s, _)| s)
    }

    /// Return the end of the range as IPv6, if this is an IPv6 range.
    pub fn end_v6(&self) -> Option<Ipv6Addr> {
        self.as_v6().map(|(_, e)| e)
    }

    /// Check whether the given IPv4 address is within the range (inclusive).
    pub fn contains_v4(&self, ip: Ipv4Addr) -> bool {
        matches!(self, IpRange::V4 { .. }) && self.contains(IpAddr::V4(ip))
    }

    /// Check whether the given IPv6 address is within the range (inclusive).
    pub fn contains_v6(&self, ip: Ipv6Addr) -> bool {
        matches!(self, IpRange::V6 { .. }) && self.contains(IpAddr::V6(ip))
    }

    /// Parse an IP range from a string.
    ///
    /// Supported format is `start-end` where both sides are valid IP addresses
    /// of the same family (IPv4 or IPv6). Whitespace around addresses is allowed.
    ///
    /// # Examples
    ///
    /// IPv4:
    /// ```rust
    /// use std::net::{IpAddr, Ipv4Addr};
    /// use firewall_objects::ip::range::IpRange;
    ///
    /// let r = IpRange::parse("192.0.2.10-192.0.2.20").unwrap();
    /// assert!(r.contains(IpAddr::V4(Ipv4Addr::new(192, 0, 2, 15))));
    /// ```
    ///
    /// IPv6:
    /// ```rust
    /// use std::net::{IpAddr, Ipv6Addr};
    /// use firewall_objects::ip::range::IpRange;
    ///
    /// let r = IpRange::parse("::1-::1").unwrap();
    /// assert!(r.contains(IpAddr::V6(Ipv6Addr::LOCALHOST)));
    /// ```
    ///
    /// Bad formats fail:
    /// ```rust
    /// use firewall_objects::ip::range::IpRange;
    ///
    /// assert!(IpRange::parse("192.0.2.10").is_err());
    /// assert!(IpRange::parse("192.0.2.10-").is_err());
    /// assert!(IpRange::parse("-192.0.2.10").is_err());
    /// ```
    pub fn parse(s: &str) -> Result<Self, String> {
        let input = s.trim();

        if input.is_empty() {
            return Err("IP range string cannot be empty".into());
        }

        let (a, b) = input
            .split_once('-')
            .ok_or_else(|| "invalid IP range format; expected 'start-end'".to_string())?;

        let a = a.trim();
        let b = b.trim();

        if a.is_empty() || b.is_empty() {
            return Err("invalid IP range format; missing start or end".into());
        }

        let start: IpAddr = a
            .parse()
            .map_err(|_| "invalid IP range start".to_string())?;
        let end: IpAddr = b.parse().map_err(|_| "invalid IP range end".to_string())?;

        IpRange::new(start, end)
    }

    /// Return the start of the range.
    pub fn start(&self) -> IpAddr {
        match self {
            IpRange::V4 { start, .. } => IpAddr::V4(*start),
            IpRange::V6 { start, .. } => IpAddr::V6(*start),
        }
    }

    /// Return the end of the range.
    pub fn end(&self) -> IpAddr {
        match self {
            IpRange::V4 { end, .. } => IpAddr::V4(*end),
            IpRange::V6 { end, .. } => IpAddr::V6(*end),
        }
    }

    /// Returns true if this is an IPv4 range.
    pub fn is_v4(&self) -> bool {
        matches!(self, IpRange::V4 { .. })
    }

    /// Returns true if this is an IPv6 range.
    pub fn is_v6(&self) -> bool {
        matches!(self, IpRange::V6 { .. })
    }

    /// Check whether the given IP is within the range (inclusive).
    pub fn contains(&self, ip: IpAddr) -> bool {
        match (self, ip) {
            (IpRange::V4 { start, end }, IpAddr::V4(v)) => {
                let s = u32::from(*start);
                let e = u32::from(*end);
                let x = u32::from(v);
                s <= x && x <= e
            }
            (IpRange::V6 { start, end }, IpAddr::V6(v)) => {
                let s = u128::from(*start);
                let e = u128::from(*end);
                let x = u128::from(v);
                s <= x && x <= e
            }
            _ => false,
        }
    }
}

impl fmt::Debug for IpRange {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            IpRange::V4 { start, end } => f
                .debug_struct("IpRange")
                .field("start", start)
                .field("end", end)
                .finish(),
            IpRange::V6 { start, end } => f
                .debug_struct("IpRange")
                .field("start", start)
                .field("end", end)
                .finish(),
        }
    }
}

impl FromStr for IpRange {
    type Err = String;

    fn from_str(s: &str) -> Result<Self, Self::Err> {
        IpRange::parse(s)
    }
}

impl fmt::Display for IpRange {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            IpRange::V4 { start, end } => write!(f, "{}-{}", start, end),
            IpRange::V6 { start, end } => write!(f, "{}-{}", start, end),
        }
    }
}

#[cfg(test)]
mod tests {
    use super::IpRange;
    use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
    use std::str::FromStr;

    #[test]
    fn parse_rejects_mismatched_families() {
        let err = IpRange::parse("192.0.2.1-2001:db8::1").unwrap_err();
        assert!(err.contains("families"));
    }

    #[test]
    fn contains_checks_are_inclusive() {
        let start = Ipv4Addr::new(192, 0, 2, 10);
        let end = Ipv4Addr::new(192, 0, 2, 12);
        let range = IpRange::new(IpAddr::V4(start), IpAddr::V4(end)).unwrap();
        assert!(range.contains(IpAddr::V4(start)));
        assert!(range.contains(IpAddr::V4(end)));
        assert!(!range.contains(IpAddr::V4(Ipv4Addr::new(192, 0, 2, 13))));
    }

    #[test]
    fn from_str_round_trips_ipv6() {
        let input = "2001:db8::1-2001:db8::5";
        let parsed = IpRange::from_str(input).unwrap();
        assert_eq!(parsed.to_string(), input);
        assert!(parsed.contains(IpAddr::V6(Ipv6Addr::new(0x2001, 0x0db8, 0, 0, 0, 0, 0, 2))));
    }
}