summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/main/java/io/trygvis/rules/acme/IpCalc.java67
-rw-r--r--src/main/java/io/trygvis/rules/engine/Main.java11
-rw-r--r--src/main/java/io/trygvis/rules/network/Ipv4Address.java35
-rw-r--r--src/main/java/io/trygvis/rules/network/Ipv4Cidr.java40
-rw-r--r--src/main/resources/io/trygvis/rules/acme/vpn.drl23
-rw-r--r--src/test/java/io/trygvis/rules/acme/IpCalcTest.java27
6 files changed, 197 insertions, 6 deletions
diff --git a/src/main/java/io/trygvis/rules/acme/IpCalc.java b/src/main/java/io/trygvis/rules/acme/IpCalc.java
new file mode 100644
index 0000000..5369d62
--- /dev/null
+++ b/src/main/java/io/trygvis/rules/acme/IpCalc.java
@@ -0,0 +1,67 @@
+package io.trygvis.rules.acme;
+
+import io.trygvis.rules.network.Ipv4Cidr;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
+public class IpCalc {
+ private static final Pattern pattern = Pattern.compile("([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})/([0-9]{1,3})");
+
+ public static class FirstLast {
+ public final int first;
+ public final int last;
+
+ public FirstLast(int first, int last) {
+ this.first = first;
+ this.last = last;
+ }
+ }
+
+ public static Ipv4Cidr cidr(String cidr) {
+ var matcher = pattern.matcher(cidr);
+ if (!matcher.matches()) {
+ throw new IllegalArgumentException("Not a CIDR: " + cidr);
+ }
+
+ var b1 = matcher.group(1);
+ var b2 = matcher.group(2);
+ var b3 = matcher.group(3);
+ var b4 = matcher.group(4);
+
+ int network = parse(b1) << 24 |
+ parse(b2) << 16 |
+ parse(b3) << 8 |
+ parse(b4);
+
+// System.out.printf("network = %x%n", network);
+
+ var l = matcher.group(5);
+ var bits = Integer.parseInt(l);
+ var hostBits = 32 - bits;
+ int size = 1 << hostBits;
+
+ int netmask = (-1 >> hostBits) << hostBits;
+// System.out.printf("netmask = %08x%n", netmask);
+
+ int x = network & ~netmask;
+
+ if (x != 0) {
+ throw new IllegalArgumentException("Not a CIDR: " + cidr);
+ }
+
+ return new Ipv4Cidr(network, netmask, size, bits);
+ }
+
+ private static int parse(String s) {
+ var i = Integer.parseInt(s);
+ if (i > 255) {
+ throw new IllegalArgumentException("Not a CIDR");
+ }
+
+ return i;
+ }
+}
diff --git a/src/main/java/io/trygvis/rules/engine/Main.java b/src/main/java/io/trygvis/rules/engine/Main.java
index 5556db7..6f04a98 100644
--- a/src/main/java/io/trygvis/rules/engine/Main.java
+++ b/src/main/java/io/trygvis/rules/engine/Main.java
@@ -3,6 +3,8 @@ package io.trygvis.rules.engine;
import io.trygvis.rules.acme.AcmeIo;
import io.trygvis.rules.dns.DnsEntry;
import io.trygvis.rules.machine.Machine;
+import io.trygvis.rules.network.Ipv4Address;
+import io.trygvis.rules.network.Ipv4Cidr;
import org.drools.core.audit.WorkingMemoryConsoleLogger;
import org.kie.api.KieServices;
import org.kie.api.event.rule.AgendaEventListener;
@@ -38,9 +40,12 @@ public class Main {
io.dump("phase-1", session.getFactHandles());
- io.dump("vpn0", session.getFactHandles(), (Object o) -> {
- return o.getClass().getName().contains("Wg") || o instanceof Machine || o instanceof DnsEntry;
- });
+ io.dump("vpn0", session.getFactHandles(), (Object o) ->
+ o.getClass().getName().contains("Wg") ||
+ o instanceof Machine ||
+ o instanceof DnsEntry ||
+ o instanceof Ipv4Cidr ||
+ o instanceof Ipv4Address);
session.dispose();
}
diff --git a/src/main/java/io/trygvis/rules/network/Ipv4Address.java b/src/main/java/io/trygvis/rules/network/Ipv4Address.java
new file mode 100644
index 0000000..071bca9
--- /dev/null
+++ b/src/main/java/io/trygvis/rules/network/Ipv4Address.java
@@ -0,0 +1,35 @@
+package io.trygvis.rules.network;
+
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.JsonSerializer;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+
+import java.io.IOException;
+
+@JsonSerialize(using = Ipv4Address.Serializer.class)
+public class Ipv4Address {
+ public final int address;
+
+ public Ipv4Address(int address) {
+ this.address = address;
+ }
+
+ @Override
+ public String toString() {
+ return "%d.%d.%d.%d".formatted(
+ address >> 24 & 0xff,
+ address >> 16 & 0xff,
+ address >> 8 & 0xff,
+ address & 0xff);
+ }
+
+ public static class Serializer extends JsonSerializer<Ipv4Address> {
+ @Override
+ public void serialize(Ipv4Address value, JsonGenerator gen, SerializerProvider serializers) throws IOException {
+ gen.writeStartObject();
+ gen.writeObjectField("value", value.toString());
+ gen.writeEndObject();
+ }
+ }
+}
diff --git a/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java b/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java
new file mode 100644
index 0000000..34b3a0b
--- /dev/null
+++ b/src/main/java/io/trygvis/rules/network/Ipv4Cidr.java
@@ -0,0 +1,40 @@
+package io.trygvis.rules.network;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.Collection;
+
+public class Ipv4Cidr {
+ public final int network;
+ public final int netmask;
+ public final int size;
+ public final int bits;
+
+ public Ipv4Cidr(int network, int netmask, int size, int bits) {
+ this.network = network;
+ this.netmask = netmask;
+ this.size = size;
+ this.bits = bits;
+ }
+
+ @Override
+ public String toString() {
+ return "%d.%d.%d.%d/%d".formatted(
+ network >> 24 & 0xff,
+ network >> 16 & 0xff,
+ network >> 8 & 0xff,
+ network & 0xff,
+ bits);
+ }
+
+ public Collection<Ipv4Address> addresses() {
+ var end = network + size;
+ var addresses = new ArrayList<Ipv4Address>(size);
+ for (int address = network; address < end; address++) {
+ addresses.add(new Ipv4Address(address));
+ }
+
+ return addresses;
+ }
+}
diff --git a/src/main/resources/io/trygvis/rules/acme/vpn.drl b/src/main/resources/io/trygvis/rules/acme/vpn.drl
index 90cdce2..0f0b3c8 100644
--- a/src/main/resources/io/trygvis/rules/acme/vpn.drl
+++ b/src/main/resources/io/trygvis/rules/acme/vpn.drl
@@ -4,13 +4,30 @@ import java.util.ArrayList
import io.trygvis.rules.machine.Machine;
import io.trygvis.rules.dns.DnsEntry;
import io.trygvis.rules.acme.AcmeServer
-import io.trygvis.rules.acme.WgHost;
+import io.trygvis.rules.network.Ipv4Address
+import io.trygvis.rules.network.Ipv4Cidr
dialect "mvel"
declare WgNet
- name : String
- domain : String
+ name : String
+ domain : String
+ linkCidr : String
+ networkCidr : String
+end
+
+rule "Create link network" when
+ $net : WgNet()
+ not(Ipv4Cidr(network == IpCalc.cidr($net.linkCidr).network))
+then
+ insert(IpCalc.cidr($net.linkCidr))
+end
+
+rule "Create link network addresses" when
+ $cidr : Ipv4Cidr()
+ $addresses : Ipv4Address() from $cidr.addresses
+then
+ insert($addresses)
end
declare WgHost
diff --git a/src/test/java/io/trygvis/rules/acme/IpCalcTest.java b/src/test/java/io/trygvis/rules/acme/IpCalcTest.java
new file mode 100644
index 0000000..8b1e2c6
--- /dev/null
+++ b/src/test/java/io/trygvis/rules/acme/IpCalcTest.java
@@ -0,0 +1,27 @@
+package io.trygvis.rules.acme;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class IpCalcTest {
+
+ @Test
+ public void basic() {
+ Assertions.assertThrows(IllegalArgumentException.class, () -> IpCalc.cidr("192.168.1.1/24").addresses());
+ assertEquals(256, IpCalc.cidr("192.168.1.0/24").addresses().size());
+ assertEquals(128, IpCalc.cidr("192.168.1.128/25").addresses().size());
+ }
+
+ @ParameterizedTest
+ @ValueSource(strings = {
+ "192.168.1.0/24",
+ "192.168.1.128/25",
+ })
+ public void testParsing(String s) {
+ assertEquals(s, IpCalc.cidr(s).toString());
+ }
+}