IPSet
Match IPs against CIDR specs
|
Matches IP addresses against a set of CIDR specifications. More...
Public Member Functions | |
__construct (array $cfg) | |
Instantiate the object from an array of CIDR specs. | |
match ( $ip) | |
Match an IP address against the set. | |
jsonSerialize () | |
Static Public Member Functions | |
static | newFromJson (string $json) |
Matches IP addresses against a set of CIDR specifications.
Usage:
use Wikimedia\IPSet; // At startup, calculate the optimized data structure for the set: $ipset = new IPSet( [ '208.80.154.0/26', '2620:0:861:1::/64', '10.64.0.0/22', ] ); // Runtime check against cached set (returns bool): $allowme = $ipset->match( $ip );
In rough benchmarking, this takes about 80% more time than in_array() checks on a short (a couple hundred at most) array of addresses. It's fast either way at those levels, though, and IPSet would scale better than in_array if the array were much larger.
For mixed-family CIDR sets, however, this code gives well over 100x speedup vs iterating Wikimedia\IPUtils::isInRange() over an array of CIDR specs.
The basic implementation is two separate binary trees (IPv4 and IPv6) as nested php arrays with keys named 0 and 1. The values false and true are terminal match-fail and match-success, otherwise the value is a deeper node in the tree.
A simple depth-compression scheme is also implemented: whole-byte tree compression at whole-byte boundaries only, where no branching occurs during that whole byte of depth. A compressed node has keys 'comp' (the byte to compare) and 'next' (the next node to recurse into if 'comp' matched successfully).
For example, given these inputs:
25.0.0.0/9 25.192.0.0/10
The v4 tree would look like:
root4 => [ 'comp' => 25, 'next' => [ 0 => true, 1 => [ 0 => false, 1 => true, ], ], ];
(multi-byte compression nodes were attempted as well, but were a net loss in my test scenarios due to additional match complexity)
Wikimedia\IPSet::__construct | ( | array | $cfg | ) |
Instantiate the object from an array of CIDR specs.
Invalid input network/mask values in $cfg will result in issuing E_WARNING and/or E_USER_WARNING and the bad values being ignored.
array | $cfg | Array of IPv[46] CIDR specs as strings |
Wikimedia\IPSet::match | ( | $ip | ) |
Match an IP address against the set.
If $ip is unparseable, inet_pton may issue an E_WARNING to that effect
string | $ip | string IPv[46] address |
|
static |
string | $json |