net/ipset, wgengine/filter/filtertype: add split-out packages

This moves NewContainsIPFunc from tsaddr to new ipset package. And wgengine/filter types gets split into wgengine/filter/filtertype, so netmap (and thus the CLI, etc) doesn't need to bring in ipset, bart, etc. Then add a test making sure the CLI deps don't regress. Updates #1278 Change-Id: Ia246d6d9502bbefbdeacc4aef1bed9c8b24f54d5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-21 18:42:36 +00:00 · 2024-06-16 11:34:11 -07:00
parent 36b1b4af2f
commit 86e0f9b912
20 changed files with 388 additions and 347 deletions
--- a/net/tsaddr/tsaddr.go
+++ b/net/tsaddr/tsaddr.go
@@ -11,7 +11,6 @@ import (
 	"slices"
 	"sync"

-	"github.com/gaissmai/bart"
 	"go4.org/netipx"
 	"tailscale.com/net/netaddr"
 	"tailscale.com/types/views"
@@ -161,77 +160,6 @@ type oncePrefix struct {
 	v netip.Prefix
 }

-// FalseContainsIPFunc is shorthand for NewContainsIPFunc(views.Slice[netip.Prefix]{}).
-func FalseContainsIPFunc() func(ip netip.Addr) bool {
-	return func(ip netip.Addr) bool { return false }
-}
-
-// pathForTest is a test hook for NewContainsIPFunc, to test that it took the
-// right construction path.
-var pathForTest = func(string) {}
-
-// NewContainsIPFunc returns a func that reports whether ip is in addrs.
-//
-// It's optimized for the cases of addrs being empty and addrs
-// containing 1 or 2 single-IP prefixes (such as one IPv4 address and
-// one IPv6 address).
-//
-// Otherwise the implementation is somewhat slow.
-func NewContainsIPFunc(addrs views.Slice[netip.Prefix]) func(ip netip.Addr) bool {
-	// Specialize the three common cases: no address, just IPv4
-	// (or just IPv6), and both IPv4 and IPv6.
-	if addrs.Len() == 0 {
-		pathForTest("empty")
-		return func(netip.Addr) bool { return false }
-	}
-	// If any addr is a prefix with more than a single IP, then do either a
-	// linear scan or a bart table, depending on the number of addrs.
-	if addrs.ContainsFunc(func(p netip.Prefix) bool { return !p.IsSingleIP() }) {
-		if addrs.Len() > 6 {
-			pathForTest("bart")
-			// Built a bart table.
-			t := &bart.Table[struct{}]{}
-			for i := range addrs.Len() {
-				t.Insert(addrs.At(i), struct{}{})
-			}
-			return func(ip netip.Addr) bool {
-				_, ok := t.Get(ip)
-				return ok
-			}
-		} else {
-			pathForTest("linear-contains")
-			// Small enough to do a linear search.
-			acopy := addrs.AsSlice()
-			return func(ip netip.Addr) bool {
-				for _, a := range acopy {
-					if a.Contains(ip) {
-						return true
-					}
-				}
-				return false
-			}
-		}
-	}
-	// Fast paths for 1 and 2 IPs:
-	if addrs.Len() == 1 {
-		pathForTest("one-ip")
-		a := addrs.At(0)
-		return func(ip netip.Addr) bool { return ip == a.Addr() }
-	}
-	if addrs.Len() == 2 {
-		pathForTest("two-ip")
-		a, b := addrs.At(0), addrs.At(1)
-		return func(ip netip.Addr) bool { return ip == a.Addr() || ip == b.Addr() }
-	}
-	// General case:
-	pathForTest("ip-map")
-	m := map[netip.Addr]bool{}
-	for i := range addrs.Len() {
-		m[addrs.At(i).Addr()] = true
-	}
-	return func(ip netip.Addr) bool { return m[ip] }
-}
-
 // PrefixesContainsIP reports whether any prefix in ipp contains ip.
 func PrefixesContainsIP(ipp []netip.Prefix, ip netip.Addr) bool {
 	for _, r := range ipp {