レポート処理の移植

twsnmp · Jan 9, 2021 · 2540548 · 2540548
1 parent e38cd3e
commit 2540548
Show file tree

Hide file tree

Showing 11 changed files with 1,476 additions and 170 deletions.
diff --git a/datastore/datastore.go b/datastore/datastore.go
@@ -12,6 +12,7 @@ import (
 	_ "github.com/influxdata/influxdb1-client" // this is important because of the bug in go mod
 	client "github.com/influxdata/influxdb1-client/v2"
 
+	"github.com/oschwald/geoip2-golang"
 	gomibdb "github.com/twsnmp/go-mibdb"
 	"go.etcd.io/bbolt"
 )
@@ -31,17 +32,31 @@ type DataStore struct {
 	Lines            sync.Map
 	Pollings         sync.Map
 	PollingTemplates map[string]*PollingTemplateEnt
-	MIBDB            *gomibdb.MIBDB
-	stopBackup       bool
-	nextBackup       int64
-	dbBackupSize     int64
-	dstDB            *bbolt.DB
-	dstTx            *bbolt.Tx
-	eventLogCh       chan EventLogEnt
-	delCount         int
+	// Report
+	devices    map[string]*DeviceEnt
+	users      map[string]*UserEnt
+	flows      map[string]*FlowEnt
+	servers    map[string]*ServerEnt
+	dennyRules map[string]bool
+	allowRules map[string]*AllowRuleEnt
+
+	MIBDB        *gomibdb.MIBDB
+	stopBackup   bool
+	nextBackup   int64
+	dbBackupSize int64
+	dstDB        *bbolt.DB
+	dstTx        *bbolt.Tx
+	eventLogCh   chan EventLogEnt
+	delCount     int
 
 	influxc   client.Client
 	muInfluxc sync.Mutex
+
+	protMap    map[int]string
+	serviceMap map[string]string
+	geoip      *geoip2.Reader
+	geoipMap   map[string]string
+	ouiMap     map[string]string
 }
 
 const (
@@ -242,21 +257,28 @@ type DBBackupParamEnt struct {
 
 func NewDataStore() *DataStore {
 	return &DataStore{
+		devices:          make(map[string]*DeviceEnt),
+		users:            make(map[string]*UserEnt),
+		flows:            make(map[string]*FlowEnt),
+		servers:          make(map[string]*ServerEnt),
+		dennyRules:       make(map[string]bool),
+		allowRules:       make(map[string]*AllowRuleEnt),
 		eventLogCh:       make(chan EventLogEnt, 100),
 		PollingTemplates: make(map[string]*PollingTemplateEnt),
+		protMap: map[int]string{
+			1:   "icmp",
+			2:   "igmp",
+			6:   "tcp",
+			8:   "egp",
+			17:  "udp",
+			112: "vrrp",
+		},
+		serviceMap: make(map[string]string),
+		geoipMap:   make(map[string]string),
+		ouiMap:     make(map[string]string),
 	}
 }
 
-func CheckDB(path string) error {
-	var err error
-	d, err := bbolt.Open(path, 0600, nil)
-	if err != nil {
-		return err
-	}
-	defer d.Close()
-	return nil
-}
-
 func (ds *DataStore) OpenDB(path string) error {
 	var err error
 	ds.db, err = bbolt.Open(path, 0600, nil)

diff --git a/datastore/geoip.go b/datastore/geoip.go
@@ -0,0 +1,79 @@
+package datastore
+
+import (
+	"fmt"
+	"log"
+	"net"
+
+	"github.com/oschwald/geoip2-golang"
+)
+
+func (ds *DataStore) OpenGeoIP() {
+	if ds.geoip != nil {
+		ds.geoip.Close()
+		ds.geoip = nil
+	}
+	if ds.MapConf.GeoIPPath == "" {
+		return
+	}
+	var err error
+	ds.geoip, err = geoip2.Open(ds.MapConf.GeoIPPath)
+	if err != nil {
+		log.Printf("Geoip open err=%v", err)
+	}
+}
+
+func (ds *DataStore) GetLoc(sip string) string {
+	if l, ok := ds.geoipMap[sip]; ok {
+		return l
+	}
+	loc := ""
+	ip := net.ParseIP(sip)
+	if IsPrivateIP(ip) {
+		loc = "LOCAL,0,0,"
+	} else {
+		if ds.geoip == nil {
+			return loc
+		}
+		record, err := ds.geoip.City(ip)
+		if err == nil {
+			loc = fmt.Sprintf("%s,%f,%f,%s", record.Country.IsoCode, record.Location.Latitude, record.Location.Longitude, record.City.Names["en"])
+		} else {
+			log.Printf("getLoc err=%v", err)
+			loc = "LOCAL,0,0,"
+		}
+	}
+	ds.geoipMap[sip] = loc
+	return loc
+}
+
+var privateIPBlocks []*net.IPNet
+
+func IsPrivateIP(ip net.IP) bool {
+	if !ip.IsGlobalUnicast() {
+		return true
+	}
+	if len(privateIPBlocks) == 0 {
+		for _, cidr := range []string{
+			"10.0.0.0/8",     // RFC1918
+			"172.16.0.0/12",  // RFC1918
+			"192.168.0.0/16", // RFC1918
+		} {
+			_, block, err := net.ParseCIDR(cidr)
+			if err == nil {
+				privateIPBlocks = append(privateIPBlocks, block)
+			}
+		}
+	}
+	for _, block := range privateIPBlocks {
+		if block.Contains(ip) {
+			return true
+		}
+	}
+	return false
+}
+
+func IsGlobalUnicast(ips string) bool {
+	ip := net.ParseIP(ips)
+	return ip.IsGlobalUnicast()
+}
diff --git a/datastore/oui.go b/datastore/oui.go
@@ -0,0 +1,42 @@
+package datastore
+
+import (
+	"bufio"
+	"io"
+	"strings"
+)
+
+// OUI Map
+// Download oui.txt from
+// http://standards-oui.ieee.org/oui/oui.txt
+
+// LoadOUIMap : Load OUI Data from io.Reader
+func (ds *DataStore) LoadOUIMap(f io.Reader) error {
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		l := strings.TrimSpace(s.Text())
+		if len(l) < 1 {
+			continue
+		}
+		f := strings.Fields(l)
+		if len(f) < 4 || f[1] != "(base" {
+			continue
+		}
+		ds.ouiMap[f[0]] = strings.Join(f[3:], " ")
+	}
+	return nil
+}
+
+// FindVendor : Find Vendor Name from MAC Address
+func (ds *DataStore) FindVendor(mac string) string {
+	mac = strings.TrimSpace(mac)
+	mac = strings.ReplaceAll(mac, ":", "")
+	mac = strings.ReplaceAll(mac, "-", "")
+	if len(mac) > 6 {
+		mac = strings.ToUpper(mac)
+		if n, ok := ds.ouiMap[mac[:6]]; ok {
+			return n
+		}
+	}
+	return "Unknown"
+}