Switch most everything to netip in prep for ipv6 in the overlay (#1173)

2025-12-05 18:20:48 -08:00 · 2024-07-31 10:18:56 -05:00 · 2024-07-31 10:18:56 -05:00 · e264a0ff88
commit e264a0ff88
parent 00458302ca
79 changed files with 1900 additions and 2682 deletions
--- a/remote_list_test.go
+++ b/remote_list_test.go
@ -1,47 +1,47 @@
 package nebula

 import (
-	"net"
+	"encoding/binary"
+	"net/netip"
 	"testing"

-	"github.com/slackhq/nebula/iputil"
 	"github.com/stretchr/testify/assert"
 )

 func TestRemoteList_Rebuild(t *testing.T) {
 	rl := NewRemoteList(nil)
 	rl.unlockedSetV4(
-		0,
-		0,
+		netip.MustParseAddr("0.0.0.0"),
+		netip.MustParseAddr("0.0.0.0"),
 		[]*Ip4AndPort{
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("70.199.182.92"))), Port: 1475}, // this is duped
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.17.0.182"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.17.1.1"))), Port: 10101}, // this is duped
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.18.0.1"))), Port: 10101}, // this is duped
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.18.0.1"))), Port: 10101}, // this is a dupe
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.19.0.1"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.31.0.1"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.17.1.1"))), Port: 10101},   // this is a dupe
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("70.199.182.92"))), Port: 1476}, // almost dupe of 0 with a diff port
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("70.199.182.92"))), Port: 1475}, // this is a dupe
+			newIp4AndPortFromString("70.199.182.92:1475"), // this is duped
+			newIp4AndPortFromString("172.17.0.182:10101"),
+			newIp4AndPortFromString("172.17.1.1:10101"), // this is duped
+			newIp4AndPortFromString("172.18.0.1:10101"), // this is duped
+			newIp4AndPortFromString("172.18.0.1:10101"), // this is a dupe
+			newIp4AndPortFromString("172.19.0.1:10101"),
+			newIp4AndPortFromString("172.31.0.1:10101"),
+			newIp4AndPortFromString("172.17.1.1:10101"),   // this is a dupe
+			newIp4AndPortFromString("70.199.182.92:1476"), // almost dupe of 0 with a diff port
+			newIp4AndPortFromString("70.199.182.92:1475"), // this is a dupe
 		},
-		func(iputil.VpnIp, *Ip4AndPort) bool { return true },
+		func(netip.Addr, *Ip4AndPort) bool { return true },
 	)

 	rl.unlockedSetV6(
-		1,
-		1,
+		netip.MustParseAddr("0.0.0.1"),
+		netip.MustParseAddr("0.0.0.1"),
 		[]*Ip6AndPort{
-			NewIp6AndPort(net.ParseIP("1::1"), 1), // this is duped
-			NewIp6AndPort(net.ParseIP("1::1"), 2), // almost dupe of 0 with a diff port, also gets duped
-			NewIp6AndPort(net.ParseIP("1:100::1"), 1),
-			NewIp6AndPort(net.ParseIP("1::1"), 1), // this is a dupe
-			NewIp6AndPort(net.ParseIP("1::1"), 2), // this is a dupe
+			newIp6AndPortFromString("[1::1]:1"), // this is duped
+			newIp6AndPortFromString("[1::1]:2"), // almost dupe of 0 with a diff port, also gets duped
+			newIp6AndPortFromString("[1:100::1]:1"),
+			newIp6AndPortFromString("[1::1]:1"), // this is a dupe
+			newIp6AndPortFromString("[1::1]:2"), // this is a dupe
 		},
-		func(iputil.VpnIp, *Ip6AndPort) bool { return true },
+		func(netip.Addr, *Ip6AndPort) bool { return true },
 	)

-	rl.Rebuild([]*net.IPNet{})
+	rl.Rebuild([]netip.Prefix{})
 	assert.Len(t, rl.addrs, 10, "addrs contains too many entries")

 	// ipv6 first, sorted lexically within
@ -59,9 +59,7 @@ func TestRemoteList_Rebuild(t *testing.T) {
 	assert.Equal(t, "172.31.0.1:10101", rl.addrs[9].String())

 	// Now ensure we can hoist ipv4 up
-	_, ipNet, err := net.ParseCIDR("0.0.0.0/0")
-	assert.NoError(t, err)
-	rl.Rebuild([]*net.IPNet{ipNet})
+	rl.Rebuild([]netip.Prefix{netip.MustParsePrefix("0.0.0.0/0")})
 	assert.Len(t, rl.addrs, 10, "addrs contains too many entries")

 	// ipv4 first, public then private, lexically within them
@ -79,9 +77,7 @@ func TestRemoteList_Rebuild(t *testing.T) {
 	assert.Equal(t, "[1:100::1]:1", rl.addrs[9].String())

 	// Ensure we can hoist a specific ipv4 range over anything else
-	_, ipNet, err = net.ParseCIDR("172.17.0.0/16")
-	assert.NoError(t, err)
-	rl.Rebuild([]*net.IPNet{ipNet})
+	rl.Rebuild([]netip.Prefix{netip.MustParsePrefix("172.17.0.0/16")})
 	assert.Len(t, rl.addrs, 10, "addrs contains too many entries")

 	// Preferred ipv4 first
@ -104,64 +100,61 @@ func TestRemoteList_Rebuild(t *testing.T) {
 func BenchmarkFullRebuild(b *testing.B) {
 	rl := NewRemoteList(nil)
 	rl.unlockedSetV4(
-		0,
-		0,
+		netip.MustParseAddr("0.0.0.0"),
+		netip.MustParseAddr("0.0.0.0"),
 		[]*Ip4AndPort{
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("70.199.182.92"))), Port: 1475},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.17.0.182"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.17.1.1"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.18.0.1"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.19.0.1"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.31.0.1"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.17.1.1"))), Port: 10101},   // this is a dupe
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("70.199.182.92"))), Port: 1476}, // dupe of 0 with a diff port
+			newIp4AndPortFromString("70.199.182.92:1475"),
+			newIp4AndPortFromString("172.17.0.182:10101"),
+			newIp4AndPortFromString("172.17.1.1:10101"),
+			newIp4AndPortFromString("172.18.0.1:10101"),
+			newIp4AndPortFromString("172.19.0.1:10101"),
+			newIp4AndPortFromString("172.31.0.1:10101"),
+			newIp4AndPortFromString("172.17.1.1:10101"),   // this is a dupe
+			newIp4AndPortFromString("70.199.182.92:1476"), // dupe of 0 with a diff port
 		},
-		func(iputil.VpnIp, *Ip4AndPort) bool { return true },
+		func(netip.Addr, *Ip4AndPort) bool { return true },
 	)

 	rl.unlockedSetV6(
-		0,
-		0,
+		netip.MustParseAddr("0.0.0.0"),
+		netip.MustParseAddr("0.0.0.0"),
 		[]*Ip6AndPort{
-			NewIp6AndPort(net.ParseIP("1::1"), 1),
-			NewIp6AndPort(net.ParseIP("1::1"), 2), // dupe of 0 with a diff port
-			NewIp6AndPort(net.ParseIP("1:100::1"), 1),
-			NewIp6AndPort(net.ParseIP("1::1"), 1), // this is a dupe
+			newIp6AndPortFromString("[1::1]:1"),
+			newIp6AndPortFromString("[1::1]:2"), // dupe of 0 with a diff port
+			newIp6AndPortFromString("[1:100::1]:1"),
+			newIp6AndPortFromString("[1::1]:1"), // this is a dupe
 		},
-		func(iputil.VpnIp, *Ip6AndPort) bool { return true },
+		func(netip.Addr, *Ip6AndPort) bool { return true },
 	)

 	b.Run("no preferred", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
 			rl.shouldRebuild = true
-			rl.Rebuild([]*net.IPNet{})
+			rl.Rebuild([]netip.Prefix{})
 		}
 	})

-	_, ipNet, err := net.ParseCIDR("172.17.0.0/16")
-	assert.NoError(b, err)
+	ipNet1 := netip.MustParsePrefix("172.17.0.0/16")
 	b.Run("1 preferred", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
 			rl.shouldRebuild = true
-			rl.Rebuild([]*net.IPNet{ipNet})
+			rl.Rebuild([]netip.Prefix{ipNet1})
 		}
 	})

-	_, ipNet2, err := net.ParseCIDR("70.0.0.0/8")
-	assert.NoError(b, err)
+	ipNet2 := netip.MustParsePrefix("70.0.0.0/8")
 	b.Run("2 preferred", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
 			rl.shouldRebuild = true
-			rl.Rebuild([]*net.IPNet{ipNet, ipNet2})
+			rl.Rebuild([]netip.Prefix{ipNet2})
 		}
 	})

-	_, ipNet3, err := net.ParseCIDR("0.0.0.0/0")
-	assert.NoError(b, err)
+	ipNet3 := netip.MustParsePrefix("0.0.0.0/0")
 	b.Run("3 preferred", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
 			rl.shouldRebuild = true
-			rl.Rebuild([]*net.IPNet{ipNet, ipNet2, ipNet3})
+			rl.Rebuild([]netip.Prefix{ipNet1, ipNet2, ipNet3})
 		}
 	})
 }
@ -169,67 +162,83 @@ func BenchmarkFullRebuild(b *testing.B) {
 func BenchmarkSortRebuild(b *testing.B) {
 	rl := NewRemoteList(nil)
 	rl.unlockedSetV4(
-		0,
-		0,
+		netip.MustParseAddr("0.0.0.0"),
+		netip.MustParseAddr("0.0.0.0"),
 		[]*Ip4AndPort{
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("70.199.182.92"))), Port: 1475},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.17.0.182"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.17.1.1"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.18.0.1"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.19.0.1"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.31.0.1"))), Port: 10101},
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("172.17.1.1"))), Port: 10101},   // this is a dupe
-			{Ip: uint32(iputil.Ip2VpnIp(net.ParseIP("70.199.182.92"))), Port: 1476}, // dupe of 0 with a diff port
+			newIp4AndPortFromString("70.199.182.92:1475"),
+			newIp4AndPortFromString("172.17.0.182:10101"),
+			newIp4AndPortFromString("172.17.1.1:10101"),
+			newIp4AndPortFromString("172.18.0.1:10101"),
+			newIp4AndPortFromString("172.19.0.1:10101"),
+			newIp4AndPortFromString("172.31.0.1:10101"),
+			newIp4AndPortFromString("172.17.1.1:10101"),   // this is a dupe
+			newIp4AndPortFromString("70.199.182.92:1476"), // dupe of 0 with a diff port
 		},
-		func(iputil.VpnIp, *Ip4AndPort) bool { return true },
+		func(netip.Addr, *Ip4AndPort) bool { return true },
 	)

 	rl.unlockedSetV6(
-		0,
-		0,
+		netip.MustParseAddr("0.0.0.0"),
+		netip.MustParseAddr("0.0.0.0"),
 		[]*Ip6AndPort{
-			NewIp6AndPort(net.ParseIP("1::1"), 1),
-			NewIp6AndPort(net.ParseIP("1::1"), 2), // dupe of 0 with a diff port
-			NewIp6AndPort(net.ParseIP("1:100::1"), 1),
-			NewIp6AndPort(net.ParseIP("1::1"), 1), // this is a dupe
+			newIp6AndPortFromString("[1::1]:1"),
+			newIp6AndPortFromString("[1::1]:2"), // dupe of 0 with a diff port
+			newIp6AndPortFromString("[1:100::1]:1"),
+			newIp6AndPortFromString("[1::1]:1"), // this is a dupe
 		},
-		func(iputil.VpnIp, *Ip6AndPort) bool { return true },
+		func(netip.Addr, *Ip6AndPort) bool { return true },
 	)

 	b.Run("no preferred", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
 			rl.shouldRebuild = true
-			rl.Rebuild([]*net.IPNet{})
+			rl.Rebuild([]netip.Prefix{})
 		}
 	})

-	_, ipNet, err := net.ParseCIDR("172.17.0.0/16")
-	rl.Rebuild([]*net.IPNet{ipNet})
+	ipNet1 := netip.MustParsePrefix("172.17.0.0/16")
+	rl.Rebuild([]netip.Prefix{ipNet1})

-	assert.NoError(b, err)
 	b.Run("1 preferred", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
-			rl.Rebuild([]*net.IPNet{ipNet})
+			rl.Rebuild([]netip.Prefix{ipNet1})
 		}
 	})

-	_, ipNet2, err := net.ParseCIDR("70.0.0.0/8")
-	rl.Rebuild([]*net.IPNet{ipNet, ipNet2})
+	ipNet2 := netip.MustParsePrefix("70.0.0.0/8")
+	rl.Rebuild([]netip.Prefix{ipNet1, ipNet2})

-	assert.NoError(b, err)
 	b.Run("2 preferred", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
-			rl.Rebuild([]*net.IPNet{ipNet, ipNet2})
+			rl.Rebuild([]netip.Prefix{ipNet1, ipNet2})
 		}
 	})

-	_, ipNet3, err := net.ParseCIDR("0.0.0.0/0")
-	rl.Rebuild([]*net.IPNet{ipNet, ipNet2, ipNet3})
+	ipNet3 := netip.MustParsePrefix("0.0.0.0/0")
+	rl.Rebuild([]netip.Prefix{ipNet1, ipNet2, ipNet3})

-	assert.NoError(b, err)
 	b.Run("3 preferred", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
-			rl.Rebuild([]*net.IPNet{ipNet, ipNet2, ipNet3})
+			rl.Rebuild([]netip.Prefix{ipNet1, ipNet2, ipNet3})
 		}
 	})
 }
+
+func newIp4AndPortFromString(s string) *Ip4AndPort {
+	a := netip.MustParseAddrPort(s)
+	v4Addr := a.Addr().As4()
+	return &Ip4AndPort{
+		Ip:   binary.BigEndian.Uint32(v4Addr[:]),
+		Port: uint32(a.Port()),
+	}
+}
+
+func newIp6AndPortFromString(s string) *Ip6AndPort {
+	a := netip.MustParseAddrPort(s)
+	v6Addr := a.Addr().As16()
+	return &Ip6AndPort{
+		Hi:   binary.BigEndian.Uint64(v6Addr[:8]),
+		Lo:   binary.BigEndian.Uint64(v6Addr[8:]),
+		Port: uint32(a.Port()),
+	}
+}