mirror of
https://github.com/netbirdio/netbird.git
synced 2025-02-18 03:01:31 +01:00
a47c69c472
* wip: Add PrivateNetworkCheck checks interface implementation * use generic CheckAction constant * Add private network check to posture checks * Fix copy function target in posture checks * Add network check functionality to posture package * regenerate the openapi specs * Update Posture Check actions in test file * Remove unused function * Refactor network address handling in PrivateNetworkCheck * Refactor Prefixes to Ranges in private network checks * Implement private network checks in posture checks handler tests * Add test for check copy * Add gorm serializer for network range
55 lines
1.3 KiB
Go
55 lines
1.3 KiB
Go
package posture
|
|
|
|
import (
|
|
"fmt"
|
|
"net/netip"
|
|
"slices"
|
|
|
|
nbpeer "github.com/netbirdio/netbird/management/server/peer"
|
|
)
|
|
|
|
type PrivateNetworkCheck struct {
|
|
Action string
|
|
Ranges []netip.Prefix `gorm:"serializer:json"`
|
|
}
|
|
|
|
var _ Check = (*PrivateNetworkCheck)(nil)
|
|
|
|
func (p *PrivateNetworkCheck) Check(peer nbpeer.Peer) (bool, error) {
|
|
if len(peer.Meta.NetworkAddresses) == 0 {
|
|
return false, fmt.Errorf("peer's does not contain private network addresses")
|
|
}
|
|
|
|
maskedPrefixes := make([]netip.Prefix, 0, len(p.Ranges))
|
|
for _, prefix := range p.Ranges {
|
|
maskedPrefixes = append(maskedPrefixes, prefix.Masked())
|
|
}
|
|
|
|
for _, peerNetAddr := range peer.Meta.NetworkAddresses {
|
|
peerMaskedPrefix := peerNetAddr.NetIP.Masked()
|
|
if slices.Contains(maskedPrefixes, peerMaskedPrefix) {
|
|
switch p.Action {
|
|
case CheckActionDeny:
|
|
return false, nil
|
|
case CheckActionAllow:
|
|
return true, nil
|
|
default:
|
|
return false, fmt.Errorf("invalid private network check action: %s", p.Action)
|
|
}
|
|
}
|
|
}
|
|
|
|
if p.Action == CheckActionDeny {
|
|
return true, nil
|
|
}
|
|
if p.Action == CheckActionAllow {
|
|
return false, nil
|
|
}
|
|
|
|
return false, fmt.Errorf("invalid private network check action: %s", p.Action)
|
|
}
|
|
|
|
func (p *PrivateNetworkCheck) Name() string {
|
|
return PrivateNetworkCheckName
|
|
}
|