check-cidr-inclusion.diff

index 8160abe4..f2d42e3f 100644
--- a/pkg/aws/ec2/ec2.go
+++ b/pkg/aws/ec2/ec2.go
@@ -2,6 +2,7 @@ package ec2
 
 import (
        "fmt"
+ "net"
        "time"
 
        "github.com/aws/aws-sdk-go/aws"
@@ -394,12 +395,46 @@ func existsInOtherPortRange(a int64, list []int64) bool {
        return false
 }
 
+func containsIPv4Net(network, other *net.IPNet) bool {
+ if network == nil || other == nil {
+         return false
+ }
+
+ if network.IP.To4() == nil || other.IP.To4() == nil {
+         return false
+ }
+
+ for i := range network.IP {
+         networkByte := network.IP[i] & network.Mask[i]
+         otherByte := other.IP[i] & other.Mask[i] & network.Mask[i]
+         if networkByte != otherByte {
+                 return false
+         }
+ }
+ return true
+}
+
 func existsInOtherIngressCidrRange(a *string, list []*string) bool {
+ _, ipNet, err := net.ParseCIDR(*a)
+ if err != nil {
+         return false
+ }
+
        for _, p := range list {
                if *a == *p {
                        return true
                }
+
+         _, otherIPNet, err := net.ParseCIDR(*p)
+         if err != nil {
+                 return false
+         }
+
+         if containsIPv4Net(otherIPNet, ipNet) {
+                 return true
+         }
        }
+
        return false
 }