modify daemon to accept aliases

2025-03-04 08:34:40 +01:00 · 2024-12-11 08:58:50 +01:00 · 2024-12-11 08:58:50 +01:00 · f4e7d38af5
commit f4e7d38af5
parent ca5c5cdb43
2 changed files with 95 additions and 7 deletions
--- a/daemon/main.go
+++ b/daemon/main.go
@ -64,6 +64,7 @@ var (
 	logMicro          = false
 	rulesPath         = ""
 	configFile        = "/etc/opensnitchd/default-config.json"
+	aliasFile         = "network_aliases.json"
 	fwConfigFile      = ""
 	ebpfModPath       = "" // /usr/lib/opensnitchd/ebpf
 	noLiveReload      = false
@ -576,6 +577,12 @@ func main() {

 	log.Important("Starting %s v%s", core.Name, core.Version)

+	err := rule.LoadAliases(aliasFile)
+	if err != nil {
+		log.Fatal("Error loading network aliases: %v", err)
+	}
+	log.Info("Loading network aliases from %s ...", aliasFile)
+
 	cfg, err := loadDiskConfiguration()
 	if err != nil {
 		log.Fatal("%s", err)
--- a/daemon/rule/operator.go
+++ b/daemon/rule/operator.go
@ -1,8 +1,10 @@
 package rule

 import (
+	"encoding/json"
 	"fmt"
 	"net"
+	"os"
 	"reflect"
 	"regexp"
 	"strconv"
@ -67,6 +69,60 @@ const (
 	//OpQuotaRxOver  = Operand("quota.recv.over") // 1000b, 1kb, 1mb, 1gb, ...
 )

+var NetworkAliases = make(map[string][]string)
+var AliasIPCache = make(map[string][]*net.IPNet)
+
+func LoadAliases(filename string) error {
+	data, err := os.ReadFile(filename)
+	if err != nil {
+		return err
+	}
+
+	var aliases map[string][]string
+	if err := json.Unmarshal(data, &aliases); err != nil {
+		return err
+	}
+
+	for alias, networks := range aliases {
+		var ipNets []*net.IPNet
+		for _, network := range networks {
+			_, ipNet, err := net.ParseCIDR(network)
+			if err != nil {
+				// fmt.Printf("Error parsing CIDR for %s: %v\n", network, err)
+				continue
+			}
+			ipNets = append(ipNets, ipNet)
+		}
+		AliasIPCache[alias] = ipNets
+		// fmt.Printf("Alias '%s' loaded with the following networks: %v\n", alias, networks)
+	}
+
+	// fmt.Println("Network aliases successfully loaded into the cache.")
+	return nil
+}
+
+func GetAliasByIP(ip string) string {
+	ipAddr := net.ParseIP(ip)
+	for alias, ipNets := range AliasIPCache {
+		for _, ipNet := range ipNets {
+			if ipNet.Contains(ipAddr) {
+				// fmt.Printf("Alias '%s' found for IP address: %s in network %s\n", alias, ip, ipNet.String())
+				return alias
+			}
+		}
+	}
+	// fmt.Printf("No alias found for IP: %s\n", ip)
+	return ""
+}
+
+func (o *Operator) SerializeData() string {
+	alias := GetAliasByIP(o.Data)
+	if alias != "" {
+		return alias
+	}
+	return o.Data
+}
+
 type opCallback func(value interface{}) bool

 // Operator represents what we want to filter of a connection, and how.
@ -120,14 +176,39 @@ func (o *Operator) Compile() error {
 	} else if o.Type == List {
 		o.Operand = OpList
 	} else if o.Type == Network {
-		var err error
-		_, o.netMask, err = net.ParseCIDR(o.Data)
-		if err != nil {
-			return err
+		// Check if the operator's data is an alias present in the cache
+		if ipNets, found := AliasIPCache[o.Data]; found {
+			o.cb = func(value interface{}) bool {
+				ip := value.(net.IP)
+				matchFound := false
+
+				// fmt.Printf("\nStarting IP check %s for alias '%s'\n", ip, o.Data)
+
+				for _, ipNet := range ipNets {
+					if ipNet.Contains(ip) {
+						// fmt.Printf(" -> Match found: IP %s in network %s for alias '%s'\n", ip, ipNet, o.Data)
+						matchFound = true
+						break
 					}
+				}
+				/*
+					if !matchFound {
+						fmt.Printf(" -> No match found: IP %s for alias '%s'\n", ip, o.Data)
+					}
+				*/
+				return matchFound
+			}
+			// fmt.Printf("Network alias '%s' successfully compiled for the operator.\n", o.Data)
+		} else {
+			// Parse the data as a CIDR if it's not an alias
+			_, netMask, err := net.ParseCIDR(o.Data)
+			if err != nil {
+				return fmt.Errorf("CIDR parsing error: %s", err)
+			}
+			o.netMask = netMask
 			o.cb = o.cmpNetwork
 		}
-
+	}
 	if o.Operand == OpDomainsLists {
 		if o.Data == "" {
 			return fmt.Errorf("Operand lists is empty, nothing to load: %s", o)