Hacker News new | past | comments | ask | show | jobs | submit login

Probably doesn't matter much with only a few networks, but this is using the wrong data structure:

    if let Some(net) = ip_nets.load()
        .iter()
        .find(|net| net.contains(&addr.ip()))
ip_nets is a 'HashSet<IpNet>' but it should be a radix/patricia tree.

Something like https://lib.rs/crates/iprange




The `iprange` library contains two bits of `unsafe` code [0].

[0] https://github.com/sticnarf/iprange-rs/search?q=unsafe


The first one seems to be a necessary workaround for the lack of GATs; its safety comment is pretty trivially correct. The second one is entirely unnecessary, and I've just filed a PR to get rid of it.


I looked for that kind of data structure for 30 seconds in the ipnet crate itself, didn't find it, noticed there were only 23 IP ranges and decided it was fine.

(Keep in mind this happened during the attack, so compromises)


why


Because a radix tree has O(1) lookups even if you have 500,000 ip ranges. It's how routers route.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: