filter: add MAC address filter

example: conditions: - kind: ether match: - 00:50:56:89:9a:3c - 00:50:56:89:7b:8b
StamusNetworks · Apr 30, 2024 · fbe41df · fbe41df
1 parent db911e2
commit fbe41df
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/pkg/filter/condition.go b/pkg/filter/condition.go
@@ -33,6 +33,7 @@ type FilterKind int
 const (
 	FilterKindUndefined FilterKind = iota
 	FilterKindSubnet
+	FilterKindEther
 	FilterKindPort
 	FilterKindASN
 	FilterKindRaw
@@ -42,6 +43,8 @@ func (k FilterKind) String() string {
 	switch k {
 	case FilterKindSubnet:
 		return "subnet"
+	case FilterKindEther:
+		return "ether"
 	case FilterKindPort:
 		return "port"
 	case FilterKindASN:
@@ -55,6 +58,7 @@ func (k FilterKind) String() string {
 
 var FilterKinds = []string{
 	FilterKindSubnet.String(),
+	FilterKindEther.String(),
 	FilterKindPort.String(),
 	FilterKindASN.String(),
 	FilterKindRaw.String(),
@@ -64,6 +68,8 @@ func NewFilterKind(raw string) FilterKind {
 	switch raw {
 	case FilterKindSubnet.String():
 		return FilterKindSubnet
+	case FilterKindEther.String():
+		return FilterKindEther
 	case FilterKindPort.String():
 		return FilterKindPort
 	case FilterKindASN.String():
@@ -115,6 +121,12 @@ func NewCombinedMatcher(c MatcherConfig) (*CombinedMatcher, error) {
 				return nil, err
 			}
 			m = sm
+		case FilterKindEther:
+			sm, err := NewConditionEther(condition.Match)
+			if err != nil {
+				return nil, err
+			}
+			m = sm
 		case FilterKindPort:
 			pm, err := NewPortMatcher(condition.Match)
 			if err != nil {
@@ -196,6 +208,28 @@ func (cs ConditionSubnet) match(ip net.IP) bool {
 	return false
 }
 
+type ConditionEther map[string]bool
+
+func (cs ConditionEther) Match(pkt gopacket.Packet) bool {
+	fmt.Println(pkt.LinkLayer().LinkFlow().Src().String())
+	if n := pkt.LinkLayer(); n != nil {
+		return cs[n.LinkFlow().Src().String()] || cs[n.LinkFlow().Dst().String()]
+	}
+	return false
+}
+
+func NewConditionEther(e []string) (ConditionEther, error) {
+	ce := make(ConditionEther)
+	for _, mac := range e {
+		_, err := net.ParseMAC(mac)
+		if err != nil {
+			return ce, fmt.Errorf("invalid MAC %s", mac)
+		}
+		ce[mac] = true
+	}
+	return ce, nil
+}
+
 func NewPortMatcher(p []string) (ConditionEndpoint, error) {
 	vals := make(map[gopacket.Endpoint]bool)
 	for _, raw := range p {