// CIDR provides a CEL function library extension of CIDR notation parsing functions. // // cidr // // Converts a string in CIDR notation to a network address representation or results in an error if the string is not a valid CIDR notation. // The CIDR must be an IPv4 or IPv6 subnet address with a mask. // Leading zeros in IPv4 address octets are not allowed. // IPv4-mapped IPv6 addresses (e.g. ::ffff:1.2.3.4/24) are not allowed. // // cidr(<string>) <CIDR> // // Examples: // // cidr('192.168.0.0/16') // returns an IPv4 address with a CIDR mask // cidr('::1/128') // returns an IPv6 address with a CIDR mask // cidr('192.168.0.0/33') // error // cidr('::1/129') // error // cidr('192.168.0.1/16') // error, because there are non-0 bits after the prefix // // isCIDR // // Returns true if a string is a valid CIDR notation respresentation of a subnet with mask. // The CIDR must be an IPv4 or IPv6 subnet address with a mask. // Leading zeros in IPv4 address octets are not allowed. // IPv4-mapped IPv6 addresses (e.g. ::ffff:1.2.3.4/24) are not allowed. // // isCIDR(<string>) <bool> // // Examples: // // isCIDR('192.168.0.0/16') // returns true // isCIDR('::1/128') // returns true // isCIDR('192.168.0.0/33') // returns false // isCIDR('::1/129') // returns false // // containsIP / containerCIDR / ip / masked / prefixLength // // - containsIP: Returns true if a the CIDR contains the given IP address. // The IP address must be an IPv4 or IPv6 address. // May take either a string or IP address as an argument. // // - containsCIDR: Returns true if a the CIDR contains the given CIDR. // The CIDR must be an IPv4 or IPv6 subnet address with a mask. // May take either a string or CIDR as an argument. // // - ip: Returns the IP address representation of the CIDR. // // - masked: Returns the CIDR representation of the network address with a masked prefix. // This can be used to return the canonical form of the CIDR network. // // - prefixLength: Returns the prefix length of the CIDR in bits. // This is the number of bits in the mask. // // Examples: // // cidr('192.168.0.0/24').containsIP(ip('192.168.0.1')) // returns true // cidr('192.168.0.0/24').containsIP(ip('192.168.1.1')) // returns false // cidr('192.168.0.0/24').containsIP('192.168.0.1') // returns true // cidr('192.168.0.0/24').containsIP('192.168.1.1') // returns false // cidr('192.168.0.0/16').containsCIDR(cidr('192.168.10.0/24')) // returns true // cidr('192.168.1.0/24').containsCIDR(cidr('192.168.2.0/24')) // returns false // cidr('192.168.0.0/16').containsCIDR('192.168.10.0/24') // returns true // cidr('192.168.1.0/24').containsCIDR('192.168.2.0/24') // returns false // cidr('192.168.0.1/24').ip() // returns ipAddr('192.168.0.1') // cidr('192.168.0.1/24').ip().family() // returns '4' // cidr('::1/128').ip() // returns ipAddr('::1') // cidr('::1/128').ip().family() // returns '6' // cidr('192.168.0.0/24').masked() // returns cidr('192.168.0.0/24') // cidr('192.168.0.1/24').masked() // returns cidr('192.168.0.0/24') // cidr('192.168.0.0/24') == cidr('192.168.0.0/24').masked() // returns true, CIDR was already in canonical format // cidr('192.168.0.1/24') == cidr('192.168.0.1/24').masked() // returns false, CIDR was not in canonical format // cidr('192.168.0.0/16').prefixLength() // returns 16 // cidr('::1/128').prefixLength() // returns 128 func CIDR() cel.EnvOption { … } var cidrsLib … type cidrs … func (*cidrs) LibraryName() string { … } func (*cidrs) declarations() map[string][]cel.FunctionOpt { … } func (*cidrs) Types() []*cel.Type { … } var cidrLibraryDecls … func (*cidrs) CompileOptions() []cel.EnvOption { … } func (*cidrs) ProgramOptions() []cel.ProgramOption { … } func stringToCIDR(arg ref.Val) ref.Val { … } func cidrToString(arg ref.Val) ref.Val { … } func cidrContainsIPString(arg ref.Val, other ref.Val) ref.Val { … } func cidrContainsCIDRString(arg ref.Val, other ref.Val) ref.Val { … } func cidrContainsIP(arg ref.Val, other ref.Val) ref.Val { … } func cidrContainsCIDR(arg ref.Val, other ref.Val) ref.Val { … } func prefixLength(arg ref.Val) ref.Val { … } func isCIDR(arg ref.Val) ref.Val { … } func cidrToIP(arg ref.Val) ref.Val { … } func masked(arg ref.Val) ref.Val { … } // parseCIDR parses a string into an CIDR. // We use this function to parse CIDR notation in the CEL library // so that we can share the common logic of rejecting strings // that IPv4-mapped IPv6 addresses or contain non-zero bits after the mask. func parseCIDR(raw string) (netip.Prefix, error) { … }