rita
rita copied to clipboard
activecm
Add IPv6 support for single IPs
The following line will attempt to append a /32 on any string configured in the Filtering section if it fails to parse. The rationale is that the user may simply have meant a single IP and forgot to append /32 to make it CIDR format. However, this also assumes IPv4 as IPv6 would have a suffix of /128.
https://github.com/activecm/rita/blob/305-add-neverinclude-to-filtering/parser/filter.go#L66
Suggestions to fix this would be to see if the Golang net library has any functions that would help tell these apart. Or check for : characters to identify an IPv6 address. Side note: I don't think checking for . will work to detect IPv4 as I just saw an RFC where an IPv6 address could be written with a combination of : and ..
This is the solution we are using over in IPFIX-RITA
func (f *filtering) parseSubnetList(netList []string) ([]net.IPNet, []error) {
var errorList []error
var nets []net.IPNet
for j := range netList {
//parse as network
_, network, err := net.ParseCIDR(netList[j])
if err != nil {
//parse as IP
ipAddr := net.ParseIP(netList[j])
if ipAddr == nil {
errorList = append(errorList, errors.WithStack(err))
continue
}
network = f.ipToIPNet(ipAddr)
}
nets = append(nets, *network)
}
return nets, errorList
}
func (f *filtering) ipToIPNet(ipAddr net.IP) *net.IPNet {
var netmask net.IPMask
if ipAddr.To4() == nil {
netmask = net.CIDRMask(32, 32)
} else {
netmask = net.CIDRMask(128, 128)
}
return &net.IPNet{
IP: ipAddr,
Mask: netmask,
}
}
Heres a stack overflow post thats worth a read: https://stackoverflow.com/questions/22751035/golang-distinguish-ipv4-ipv6
Hello Sir,
Is this issue still active? I would like to contribute to this repo :)
Updated link to problem area in the code: https://github.com/activecm/rita/blob/master/util/ip.go#L39