-
Notifications
You must be signed in to change notification settings - Fork 119
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #295 from riemann/filter-by-asn
Add support for ignoring IPs by ASN in `riemann-http`
- Loading branch information
Showing
11 changed files
with
185 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,3 +6,4 @@ pkg/ | |
.*.swp | ||
*.log | ||
lib/riemann/tools/*_parser.tab.rb | ||
spec/fixtures/test-asn/test-asn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
network,autonomous_system_number,autonomous_system_organization | ||
1.1.1.0/24,64512,FOO | ||
2.2.2.0/24,64513,BAR | ||
3.3.3.0/24,64514,BAZ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
network,autonomous_system_number,autonomous_system_organization | ||
2001:1::/20,64512,FOO | ||
2001:2::/20,64513,BAR | ||
2001:3::/20,64514,BAZ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# test-asn | ||
|
||
This is a copy of the asn-writer example from [MaxMind's `mmdbwriter` repository](https://github.com/maxmind/mmdbwriter), with some tooling to build the `test-asn.mmdb` file from the `GeoLite2-ASN-Blocks-IPv4.csv` and `GeoLite2-ASN-Blocks-IPv6.csv` files. | ||
|
||
## Usage | ||
|
||
Adjsut the `.cvs` files, then (re)generate `test-asn.mmdb` with: | ||
|
||
```sh | ||
go get | ||
go build | ||
./test-asn | ||
``` | ||
|
||
## Note | ||
|
||
The `mmdbwriter` code does not allow to use private neworks nor networks reserved for documentation. | ||
The test ASN database therefore contains (obviously incorrect) information about *real* networks. | ||
It goes without saying, but I will still say it: do not use this database for anything else than testing the riemann-tools. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
module test-asn | ||
|
||
go 1.21 | ||
|
||
require github.com/maxmind/mmdbwriter v1.0.0 | ||
|
||
require ( | ||
github.com/oschwald/maxminddb-golang v1.12.0 // indirect | ||
go4.org/netipx v0.0.0-20220812043211-3cc044ffd68d // indirect | ||
golang.org/x/sys v0.10.0 // indirect | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
github.com/maxmind/mmdbwriter v1.0.0 h1:bieL4P6yaYaHvbtLSwnKtEvScUKKD6jcKaLiTM3WSMw= | ||
github.com/maxmind/mmdbwriter v1.0.0/go.mod h1:noBMCUtyN5PUQ4H8ikkOvGSHhzhLok51fON2hcrpKj8= | ||
github.com/oschwald/maxminddb-golang v1.12.0 h1:9FnTOD0YOhP7DGxGsq4glzpGy5+w7pq50AS6wALUMYs= | ||
github.com/oschwald/maxminddb-golang v1.12.0/go.mod h1:q0Nob5lTCqyQ8WT6FYgS1L7PXKVVbgiymefNwIjPzgY= | ||
go4.org/netipx v0.0.0-20220812043211-3cc044ffd68d h1:ggxwEf5eu0l8v+87VhX1czFh8zJul3hK16Gmruxn7hw= | ||
go4.org/netipx v0.0.0-20220812043211-3cc044ffd68d/go.mod h1:tgPU4N2u9RByaTN3NC2p9xOzyFpte4jYwsIIRF7XlSc= | ||
golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= | ||
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
// asn-writer is an example of how to create an ASN MaxMind DB file from the | ||
// GeoLite2 ASN CSVs. You must have the CSVs in the current working directory. | ||
package main | ||
|
||
import ( | ||
"encoding/csv" | ||
"io" | ||
"log" | ||
"net" | ||
"os" | ||
"strconv" | ||
|
||
"github.com/maxmind/mmdbwriter" | ||
"github.com/maxmind/mmdbwriter/mmdbtype" | ||
) | ||
|
||
func main() { | ||
writer, err := mmdbwriter.New( | ||
mmdbwriter.Options{ | ||
DatabaseType: "GeoLite2-ASN", | ||
RecordSize: 24, | ||
}, | ||
) | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
|
||
for _, file := range []string{"GeoLite2-ASN-Blocks-IPv4.csv", "GeoLite2-ASN-Blocks-IPv6.csv"} { | ||
fh, err := os.Open(file) | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
|
||
r := csv.NewReader(fh) | ||
|
||
// first line | ||
r.Read() | ||
|
||
for { | ||
row, err := r.Read() | ||
if err == io.EOF { | ||
break | ||
} | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
|
||
if len(row) != 3 { | ||
log.Fatalf("unexpected CSV rows: %v", row) | ||
} | ||
|
||
_, network, err := net.ParseCIDR(row[0]) | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
|
||
asn, err := strconv.Atoi(row[1]) | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
|
||
record := mmdbtype.Map{} | ||
|
||
if asn != 0 { | ||
record["autonomous_system_number"] = mmdbtype.Uint32(asn) | ||
} | ||
|
||
if row[2] != "" { | ||
record["autonomous_system_organization"] = mmdbtype.String(row[2]) | ||
} | ||
|
||
err = writer.Insert(network, record) | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
} | ||
} | ||
|
||
fh, err := os.Create("test-asn.mmdb") | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
|
||
_, err = writer.WriteTo(fh) | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
} |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters