speatzle/nfsense
1
0
Fork 0
mirror of https://github.com/speatzle/nfsense.git synced 2025-05-11 02:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Address Matching

Browse source
This commit is contained in:
Samuel Lorch 2023-03-02 21:34:39 +01:00
parent 4479627a00
commit 00b5286c42
6 changed files with 110 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/definitions/address.go
View file

@ -2,6 +2,7 @@ package definitions
import ( import (
"encoding/json" "encoding/json"
"net"
"net/netip" "net/netip"
"go4.org/netipx" "go4.org/netipx"
@ -12,6 +13,7 @@ type Address struct {
Comment string `json:"comment,omitempty"` Comment string `json:"comment,omitempty"`
Host *netip.Addr `json:"host,omitempty"` Host *netip.Addr `json:"host,omitempty"`
Range *netipx.IPRange `json:"range,omitempty"` Range *netipx.IPRange `json:"range,omitempty"`
Network *net.IPNet `json:"network,omitempty"`
Children *[]string `json:"children,omitempty"` Children *[]string `json:"children,omitempty"`
} }

6
pkg/definitions/match.go
View file

@ -1,6 +1,8 @@
package definitions package definitions
type Match struct { type Match struct {
TCPDestinationPort uint64 `json:"tcp_destination_port,omitempty"` TCPDestinationPort uint64 `json:"tcp_destination_port,omitempty"`
Services []string `json:"services,omitempty"` Services []string `json:"services,omitempty"`
SourceAddresses []string `json:"source_addresses,omitempty"`
DestinationAddresses []string `json:"destination_addresses,omitempty"`
} }

45
pkg/nftables/match.go
View file

@ -63,3 +63,48 @@ func GenerateServiceMatcher(allServices map[string]definitions.Service, match de
return res return res
} }
func GenerateAddressMatcher(allAddresses map[string]definitions.Address, match definitions.Match) string {
sourceAddressList := util.ResolveBaseAddresses(allAddresses, match.SourceAddresses)
destinationAddressList := util.ResolveBaseAddresses(allAddresses, match.DestinationAddresses)
sourceAddresses := []string{}
destinationAddresses := []string{}
for _, address := range sourceAddressList {
switch address.Type {
case definitions.Host:
sourceAddresses = append(sourceAddresses, address.Host.String())
case definitions.Range:
sourceAddresses = append(sourceAddresses, address.Range.String())
case definitions.Network:
sourceAddresses = append(sourceAddresses, address.Network.String())
default:
panic("invalid address type")
}
}
for _, address := range destinationAddressList {
switch address.Type {
case definitions.Host:
destinationAddresses = append(destinationAddresses, address.Host.String())
case definitions.Range:
destinationAddresses = append(destinationAddresses, address.Range.String())
case definitions.Network:
destinationAddresses = append(destinationAddresses, address.Network.String())
default:
panic("invalid address type")
}
}
res := ""
if len(sourceAddresses) != 0 {
res += "ip saddr " + util.ConvertSliceToSetString(sourceAddresses) + " "
}
if len(destinationAddresses) != 0 {
res += "ip daddr " + util.ConvertSliceToSetString(destinationAddresses) + " "
}
return res
}

35
pkg/util/address.go Normal file
View file

@ -0,0 +1,35 @@
package util
import "github.con/speatzle/nfsense/pkg/definitions"
// ResolveBaseAddresses Resolves all groups to their base Addresses
func ResolveBaseAddresses(allAddresses map[string]definitions.Address, addressNames []string) []definitions.Address {
baseAddresses := []definitions.Address{}
for _, addressName := range addressNames {
address := allAddresses[addressName]
if address.Type == definitions.AddressGroup {
baseAddresses = append(baseAddresses, resolveAddressChildren(allAddresses, address)...)
} else {
baseAddresses = append(baseAddresses, address)
}
}
return baseAddresses
}
func resolveAddressChildren(allAddresses map[string]definitions.Address, a definitions.Address) []definitions.Address {
addressList := []definitions.Address{}
for _, addressName := range *a.Children {
address := allAddresses[addressName]
if address.Type == definitions.AddressGroup {
addressList = append(addressList, resolveAddressChildren(allAddresses, address)...)
} else {
addressList = append(addressList, address)
}
}
return addressList
}

26
pkg/util/service.go
View file

@ -10,7 +10,7 @@ func ResolveBaseServices(allServices map[string]definitions.Service, serviceName
service := allServices[serviceName] service := allServices[serviceName]
if service.Type == definitions.ServiceGroup { if service.Type == definitions.ServiceGroup {
baseServices = append(baseServices, resolveChildren(allServices, service)...) baseServices = append(baseServices, resolveServiceChildren(allServices, service)...)
} else { } else {
baseServices = append(baseServices, service) baseServices = append(baseServices, service)
} }
@ -20,36 +20,16 @@ func ResolveBaseServices(allServices map[string]definitions.Service, serviceName
return baseServices return baseServices
} }
func resolveChildren(allServices map[string]definitions.Service, s definitions.Service) []definitions.Service { func resolveServiceChildren(allServices map[string]definitions.Service, s definitions.Service) []definitions.Service {
serviceList := []definitions.Service{} serviceList := []definitions.Service{}
for _, serviceName := range *s.Children { for _, serviceName := range *s.Children {
service := allServices[serviceName] service := allServices[serviceName]
if service.Type == definitions.ServiceGroup { if service.Type == definitions.ServiceGroup {
serviceList = append(serviceList, resolveChildren(allServices, service)...) serviceList = append(serviceList, resolveServiceChildren(allServices, service)...)
} else { } else {
serviceList = append(serviceList, service) serviceList = append(serviceList, service)
} }
} }
return serviceList return serviceList
} }
func ConvertSliceToSetString(slice []string) string {
if len(slice) == 0 {
return ""
} else if len(slice) == 1 {
return slice[0]
}
res := "{ "
for i := range slice {
res += " " + slice[i]
if i < len(slice)-1 {
res += ","
}
}
res += " }"
return res
}

21
pkg/util/set.go Normal file
View file

@ -0,0 +1,21 @@
package util
func ConvertSliceToSetString(slice []string) string {
if len(slice) == 0 {
return ""
} else if len(slice) == 1 {
return slice[0]
}
res := "{ "
for i := range slice {
res += " " + slice[i]
if i < len(slice)-1 {
res += ","
}
}
res += " }"
return res
}