ripe importer: handle more specific CIDRs from a different country, when restricting

[bernhardreiter]

Import more specific CIDRs inside my country, even if they are assigned to a different country so the CERT can chose to only send reports to the national CERT.

Situation

Some CIDRs that are assigned to country A contain more specific CIDRs from country B.

A national CERT for country A want to send notifications to the national CERT for B. Currently (version 0.9.4) if we use the --restrict-to-country option, the more specific CIDRs are not imported, thus the notification will be send to the default contacts of the broader CIDR in country A.

example

from `ripe.db.inetnum.gz today

inetnum:        77.37.0.0 - 77.37.127.255
netname:        DE-IPFFM-20070316
country:        DE

inetnum:        77.37.120.0 - 77.37.127.255
netname:        NORDFIBER-13112018
country:        NO

Implementation idea

In order to make the decision, the info of the more specific CIDRs have to be imported in some way.

One approach is to import them all.

However it would be enough to only import those, which are within CIDRs of the country, we want to restrict our import to. It seems more prudent to do the filtering early, because it is a one time filtering, while the additional entries in the database would have to be considered each time a request is made.

[bernhardreiter]

Implementation considerations to import only the holes

To find CIDRs //within// the ones that we are interested in from country A, we need to have all CIDRs in a datastructure to query it first. I call this the first run.

Technically a second run is needed via all CIDRs to see if they fulfill the conditions of being within the CIDR and need to be included into the set to be imported.

The data structure would ideally we within the importer, so the diff to the database can be created. However the database itself would also offer an efficient way to do these queries.