Merge pull request #51 from hslatman/ipstore-bart-and-generics

hslatman · Oct 9, 2024 · fa8beaf · fa8beaf
2 parents ce698c8 + 60366ae
commit fa8beaf
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 36 deletions.
diff --git a/go.mod b/go.mod
@@ -1,14 +1,14 @@
 module github.com/hslatman/caddy-crowdsec-bouncer
 
-go 1.22
+go 1.22.0
 
 require (
 	github.com/caddyserver/caddy/v2 v2.7.5
 	github.com/crowdsecurity/crowdsec v1.6.3
 	github.com/crowdsecurity/go-cs-bouncer v0.0.14
 	github.com/crowdsecurity/go-cs-lib v0.0.15
 	github.com/google/go-cmp v0.6.0
-	github.com/hslatman/ipstore v0.2.0
+	github.com/hslatman/ipstore v0.3.0
 	github.com/jarcoal/httpmock v1.3.1
 	github.com/mholt/caddy-l4 v0.0.0-20231016112149-a362a1fbf652
 	github.com/sirupsen/logrus v1.9.3
@@ -31,6 +31,7 @@ require (
 	github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bits-and-blooms/bitset v1.14.3 // indirect
 	github.com/blackfireio/osinfo v1.0.5 // indirect
 	github.com/caddyserver/certmagic v0.19.2 // indirect
 	github.com/cespare/xxhash v1.1.0 // indirect
@@ -45,6 +46,7 @@ require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/expr-lang/expr v1.16.9 // indirect
 	github.com/fatih/color v1.17.0 // indirect
+	github.com/gaissmai/bart v0.13.0 // indirect
 	github.com/go-kit/kit v0.13.0 // indirect
 	github.com/go-kit/log v0.2.1 // indirect
 	github.com/go-logfmt/logfmt v0.6.0 // indirect
@@ -69,7 +71,6 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/pprof v0.0.0-20231101202521-4ca4178f5c7a // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/hslatman/cidranger v1.0.3-0.20210102151717-b2292da972c3 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect

diff --git a/go.sum b/go.sum
@@ -38,6 +38,8 @@ github.com/aws/aws-sdk-go v1.52.0 h1:ptgek/4B2v/ljsjYSEvLQ8LTD+SQyrqhOOWvHc/VGPI
 github.com/aws/aws-sdk-go v1.52.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bits-and-blooms/bitset v1.14.3 h1:Gd2c8lSNf9pKXom5JtD7AaKO8o7fGQ2LtFj1436qilA=
+github.com/bits-and-blooms/bitset v1.14.3/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/blackfireio/osinfo v1.0.5 h1:6hlaWzfcpb87gRmznVf7wSdhysGqLRz9V/xuSdCEXrA=
 github.com/blackfireio/osinfo v1.0.5/go.mod h1:Pd987poVNmd5Wsx6PRPw4+w7kLlf9iJxoRKPtPAjOrA=
 github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps=
@@ -103,6 +105,8 @@ github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7z
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/gaissmai/bart v0.13.0 h1:pItEhXDVVebUa+i978FfQ7ye8xZc1FrMgs8nJPPWAgA=
+github.com/gaissmai/bart v0.13.0/go.mod h1:qSes2fnJ8hB410BW0ymHUN/eQkuGpTYyJcN8sKMYpJU=
 github.com/go-kit/kit v0.4.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.13.0 h1:OoneCcHKHQ03LfBpoQCUfCluwd2Vt3ohz+kvbJneZAU=
 github.com/go-kit/kit v0.13.0/go.mod h1:phqEHMMUbyrCFCTgH48JueqrM3md2HcAZ8N3XE4FKDg=
@@ -197,10 +201,10 @@ github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f/go.mod h1:kBGZzfjB
 github.com/gorilla/mux v1.4.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/groob/finalizer v0.0.0-20170707115354-4c2ed49aabda/go.mod h1:MyndkAZd5rUMdNogn35MWXBX1UiBigrU8eTj8DoAC2c=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hslatman/cidranger v1.0.3-0.20210102151717-b2292da972c3 h1:Sv/aRgGM6Qpidn4IaCeW1M184rkdXCuKHCMGW3slpnY=
-github.com/hslatman/cidranger v1.0.3-0.20210102151717-b2292da972c3/go.mod h1:gcrMfr0dObt7Xdm3JrZqrshMoaCFs9Plkc+ID9ygSdY=
-github.com/hslatman/ipstore v0.2.0 h1:q320dnrCF78ruZta0zNuterclga4tTFzxXosHfbEbfU=
-github.com/hslatman/ipstore v0.2.0/go.mod h1:O5HTtag+448N/IuPezCz/3B+p/Ev7DMrqW2q0VZedRg=
+github.com/hslatman/ipstore v0.2.1-0.20241003102639-77b98e171659 h1:kkKqw+NR37yM2LSz2n4KDrk7euiWKDxW7Uy2okVpv98=
+github.com/hslatman/ipstore v0.2.1-0.20241003102639-77b98e171659/go.mod h1:fUg+lu09+OKKllPSRSvE6OdJ8AZB4sAjHxqW6QChpmU=
+github.com/hslatman/ipstore v0.3.0 h1:3lUtYZMDGRdDePFFL2wUIrpHqMsqzJEluDnQwt43cfs=
+github.com/hslatman/ipstore v0.3.0/go.mod h1:fUg+lu09+OKKllPSRSvE6OdJ8AZB4sAjHxqW6QChpmU=
 github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
 github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=

diff --git a/internal/bouncer/decisions.go b/internal/bouncer/decisions.go
@@ -3,7 +3,6 @@ package bouncer
 import (
 	"context"
 	"fmt"
-	"net"
 	"net/netip"
 
 	"github.com/crowdsecurity/crowdsec/pkg/models"
@@ -96,9 +95,7 @@ func (b *Bouncer) delete(decision *models.Decision) error {
 	return b.store.delete(decision)
 }
 
-func (b *Bouncer) retrieveDecision(ipAddr netip.Addr) (*models.Decision, error) {
-	ip := net.IP(ipAddr.AsSlice()) // TODO: feed through netip.Addr fully
-
+func (b *Bouncer) retrieveDecision(ip netip.Addr) (*models.Decision, error) {
 	if b.useStreamingBouncer {
 		return b.store.get(ip)
 	}

diff --git a/internal/bouncer/store.go b/internal/bouncer/store.go
@@ -16,19 +16,19 @@ package bouncer
 
 import (
 	"fmt"
-	"net"
+	"net/netip"
 
 	"github.com/crowdsecurity/crowdsec/pkg/models"
 	"github.com/hslatman/ipstore"
 )
 
 type store struct {
-	store *ipstore.Store
+	store *ipstore.Store[*models.Decision]
 }
 
 func newStore() *store {
 	return &store{
-		store: ipstore.New(),
+		store: ipstore.New[*models.Decision](),
 	}
 }
 
@@ -48,11 +48,11 @@ func (s *store) add(decision *models.Decision) error {
 		}
 		return s.store.Add(ip, decision)
 	case "Range":
-		_, net, err := net.ParseCIDR(value)
+		prf, err := netip.ParsePrefix(value)
 		if err != nil {
 			return err
 		}
-		return s.store.AddCIDR(*net, decision)
+		return s.store.AddCIDR(prf, decision)
 	default:
 		return fmt.Errorf("got unhandled scope: %s", scope)
 	}
@@ -75,18 +75,18 @@ func (s *store) delete(decision *models.Decision) error {
 		_, err = s.store.Remove(ip)
 		return err
 	case "Range":
-		_, net, err := net.ParseCIDR(value)
+		prf, err := netip.ParsePrefix(value)
 		if err != nil {
 			return err
 		}
-		_, err = s.store.RemoveCIDR(*net)
+		_, err = s.store.RemoveCIDR(prf)
 		return err
 	default:
 		return fmt.Errorf("got unhandled scope: %s", scope)
 	}
 }
 
-func (s *store) get(key net.IP) (*models.Decision, error) {
+func (s *store) get(key netip.Addr) (*models.Decision, error) {
 	r, err := s.store.Get(key)
 	if err != nil {
 		return nil, err
@@ -102,31 +102,27 @@ func (s *store) get(key net.IP) (*models.Decision, error) {
 	// means that the IP should not be allowed, so it's relatively safe to use
 	// the first, but there may be 'softer' Decisions that should actually take
 	// precedence.
-	first, ok := r[0].(*models.Decision)
-	if !ok {
-		return nil, fmt.Errorf("invalid type retrieved from store")
-	}
 
-	return first, err
+	return r[0], err
 }
 
 // parseIP parses a value
-func parseIP(value string) (net.IP, error) {
+func parseIP(value string) (netip.Addr, error) {
 	var err error
-	var ip net.IP
-	var nw *net.IPNet
-	ip = net.ParseIP(value)
-	if ip == nil {
+	var ip netip.Addr
+	ip, err = netip.ParseAddr(value)
+	if err != nil || !ip.IsValid() {
 		// try parsing as CIDR instead as fallback
-		ip, nw, err = net.ParseCIDR(value)
+		prf, err := netip.ParsePrefix(value)
 		if err != nil {
-			return nil, err
+			return netip.Addr{}, err
 		}
 		// expect all bits to be ones for an IP; otherwise this is probably a range
-		ones, bits := nw.Mask.Size()
+		ones, bits := prf.Bits(), prf.Addr().BitLen()
 		if ones != bits {
-			return nil, fmt.Errorf("%s seems to be a range instead of an IP", value)
+			return netip.Addr{}, fmt.Errorf("%s seems to be a range instead of an IP", value)
 		}
+		ip = prf.Addr()
 	}
 	return ip, nil
 }

diff --git a/internal/bouncer/store_test.go b/internal/bouncer/store_test.go
@@ -15,7 +15,7 @@
 package bouncer
 
 import (
-	"net"
+	"net/netip"
 	"testing"
 
 	"github.com/crowdsecurity/crowdsec/pkg/models"
@@ -72,7 +72,7 @@ func TestStore(t *testing.T) {
 		Scenario: &scenario,
 		Scope:    &scopeIP,
 		Type:     &typ,
-		Value:    &value4,
+		Value:    &value4, // ip in range notation
 	}
 
 	d5 := &models.Decision{
@@ -96,8 +96,9 @@ func TestStore(t *testing.T) {
 	require.NoError(t, err)
 	err = s.add(d5)
 	require.Error(t, err)
+	require.Equal(t, 4, s.store.Len())
 
-	ip1 := net.ParseIP(value1)
+	ip1 := netip.MustParseAddr(value1)
 	r1, err := s.get(ip1)
 	require.NoError(t, err)
 	require.NotNil(t, r1)