add TrieAddr mruby library

[i110]

@kazuho @hirose31 Adds TrieAddr module which can handle CIDR based IP address groups.

SYNOPSYS:

paths:
  /:
    mruby.handler: |
      require "trie_addr.rb"
      trie = TrieAddr.new.add(["192.168.0.0/16", "172.16.0.0/12"])
      acl {
        allow { trie.match?(addr) }
        deny
      }
    file.dir: examples/doc_root

This library is mainly built for the use-case in acl block, but this is actually independent of ACL feature, so we can use this in other handlers or anywhere else.

[kazuho]

Thank you for the PR.

The only concern I have before merging this is how it interacts with IPv6. I do not think it would be necessary to support IPv6 in trie_addr.rb, but I think the code and the doc should be clear on what happens if a v6 address is passed in.

[i110]

@kazuho Thank you for your comment.
Considering about ipv6 address,

• I modified add method to raise an ArgumentError if a user provide IPv6 CIDR or not valid IPv4 address. By this, a user who mistakenly believes that this library supports IPv6 can realize the mistake.
• match? method doesn't do any check because of performance, and it always returns false if invalid ipv4 address are passed in. We have to describe this behavior in the document

BTW, where should I add a document about this library? In Access Control ?

[i110]

Changed to use hashes internally instead of arrays. Thanks to it,

• Performance improved because of removing to_i calls
• Below edge-case bug is fixed
  • TrieAddr.new.add("0.0.0.0/8").match?("hoge") # true
• Got cleaner code by using Hash#default

[kazuho]

@i110 Thank you for the updates.

Considering about ipv6 address,

• I modified add method to raise an ArgumentError if a user provide IPv6 CIDR or not valid IPv4 address. By this, a user who mistakenly believes that this library supports IPv6 can realize the mistake.
• match? method doesn't do any check because of performance, and it always returns false if invalid ipv4 address are passed in. We have to describe this behavior in the document

SGTM

BTW, where should I add a document about this library? In Access Control ?

Let's discuss. Maybe we should create a section dedicated mruby, but I'd like to think more before proceeding.

[i110]

@kazuho I added a document in Configure > Access-Control.

[kazuho]

Possibly change the title to "Matching IP Address Blocks?".

Note that CIDR is an abbreviation of Classless Inter-Domain Routing. Are we routing packets?

[kazuho]

Thank you for the doc! Left comments in-line.

I generally believe that using the phrase CIDR is not the way to go since it's not precise in our context (and since the word is not so common). I have left some suggestions on how they should be changed, but please go though and change those I have missed.

[i110]

@kazuho thank you for your comments. I addressed the points you mentioned.

[kazuho]

Thank you for writing this nifty library.