PoC for IP categorization

pkg/api/transform_network.go

@@ -18,11 +18,12 @@
 package api
 
 type TransformNetwork struct {
-	Rules          NetworkTransformRules `yaml:"rules" json:"rules" doc:"list of transform rules, each includes:"`
-	KubeConfigPath string                `yaml:"kubeConfigPath,omitempty" json:"kubeConfigPath,omitempty" doc:"path to kubeconfig file (optional)"`
-	ServicesFile   string                `yaml:"servicesFile,omitempty" json:"servicesFile,omitempty" doc:"path to services file (optional, default: /etc/services)"`
-	ProtocolsFile  string                `yaml:"protocolsFile,omitempty" json:"protocolsFile,omitempty" doc:"path to protocols file (optional, default: /etc/protocols)"`
-	DirectionInfo  DirectionInfo         `yaml:"directionInfo,omitempty" json:"directionInfo,omitempty" doc:"information to reinterpret flow direction (optional, to use with reinterpret_direction rule)"`
+	Rules          NetworkTransformRules          `yaml:"rules" json:"rules" doc:"list of transform rules, each includes:"`
+	KubeConfigPath string                         `yaml:"kubeConfigPath,omitempty" json:"kubeConfigPath,omitempty" doc:"path to kubeconfig file (optional)"`
+	ServicesFile   string                         `yaml:"servicesFile,omitempty" json:"servicesFile,omitempty" doc:"path to services file (optional, default: /etc/services)"`
+	ProtocolsFile  string                         `yaml:"protocolsFile,omitempty" json:"protocolsFile,omitempty" doc:"path to protocols file (optional, default: /etc/protocols)"`
+	Categorization NetworkTransformCategorization `yaml:"categorization,omitempty" json:"categorization,omitempty" doc:"configure subnet categories"`
+	DirectionInfo  DirectionInfo                  `yaml:"directionInfo,omitempty" json:"directionInfo,omitempty" doc:"information to reinterpret flow direction (optional, to use with reinterpret_direction rule)"`
 }
 
 func (tn *TransformNetwork) GetServiceFiles() (string, string) {
@@ -78,3 +79,18 @@ type DirectionInfo struct {
 }
 
 type NetworkTransformRules []NetworkTransformRule
+
+type NetworkTransformCategorization struct {
+	Fields           []InOutField                     `yaml:"fields,omitempty" json:"fields,omitempty" doc:"list of IP fields to categorize"`
+	SubnetCategories []NetworkTransformSubnetCategory `yaml:"subnetCategories,omitempty" json:"subnetCategories,omitempty" doc:"configure subnet categories"`
+}
+
+type InOutField struct {
+	Input  string `yaml:"input,omitempty" json:"input,omitempty" doc:"input IP field"`
+	Output string `yaml:"output,omitempty" json:"output,omitempty" doc:"output category field"`
+}
+
+type NetworkTransformSubnetCategory struct {
+	CIDRs []string `yaml:"cidrs,omitempty" json:"cidrs,omitempty" doc:"list of CIDRs to match a category"`
+	Name  string   `yaml:"name,omitempty" json:"name,omitempty" doc:"name of the category"`
+}

pkg/pipeline/transform/transform_network.go

@@ -37,7 +37,18 @@ var log = logrus.WithField("component", "transform.Network")
 
 type Network struct {
 	api.TransformNetwork
-	svcNames *netdb.ServiceNames
+	svcNames       *netdb.ServiceNames
+	categorization categorization
+}
+
+type categorization struct {
+	fields     []api.InOutField
+	categories []subnetCategory
+}
+
+type subnetCategory struct {
+	cidrs []*net.IPNet
+	name  string
 }
 
 func (n *Network) Transform(inputEntry config.GenericMap) (config.GenericMap, bool) {
@@ -149,9 +160,29 @@ func (n *Network) Transform(inputEntry config.GenericMap) (config.GenericMap, bo
 		}
 	}
 
+	for _, field := range n.categorization.fields {
+		if strIP, ok := outputEntry[field.Input].(string); ok {
+			ip := net.ParseIP(strIP)
+			if ip != nil {
+				outputEntry[field.Output] = n.categorizeIP(ip)
+			}
+		}
+	}
+
 	return outputEntry, true
 }
 
+func (n *Network) categorizeIP(ip net.IP) string {
+	for _, subnetCat := range n.categorization.categories {
+		for _, cidr := range subnetCat.cidrs {
+			if cidr.Contains(ip) {
+				return subnetCat.name
+			}
+		}
+	}
+	return ""
+}
+
 // NewTransformNetwork create a new transform
 func NewTransformNetwork(params config.StageParam) (Transformer, error) {
 	var needToInitLocationDB = false
@@ -211,11 +242,30 @@ func NewTransformNetwork(params config.StageParam) (Transformer, error) {
 		}
 	}
 
+	var subnetCats []subnetCategory
+	for _, category := range jsonNetworkTransform.Categorization.SubnetCategories {
+		var cidrs []*net.IPNet
+		for _, cidr := range category.CIDRs {
+			_, parsed, err := net.ParseCIDR(cidr)
+			if err != nil {
+				return nil, fmt.Errorf("category %s: fail to parse CIDR, %w", category.Name, err)
+			}
+			cidrs = append(cidrs, parsed)
+		}
+		if len(cidrs) > 0 {
+			subnetCats = append(subnetCats, subnetCategory{name: category.Name, cidrs: cidrs})
+		}
+	}
+
 	return &Network{
 		TransformNetwork: api.TransformNetwork{
 			Rules:         jsonNetworkTransform.Rules,
 			DirectionInfo: jsonNetworkTransform.DirectionInfo,
 		},
 		svcNames: servicesDB,
+		categorization: categorization{
+			fields:     jsonNetworkTransform.Categorization.Fields,
+			categories: subnetCats,
+		},
 	}, nil
 }

pkg/pipeline/transform/transform_network_test.go

@@ -368,6 +368,55 @@ func (*fakeKubeData) GetInfo(n string) (*kubernetes.Info, error) {
 }
 
 func Test_Categorize(t *testing.T) {
+	entry := config.GenericMap{
+		"addr1": "10.1.2.3",
+		"addr2": "100.1.2.3",
+		"addr3": "100.2.3.4",
+		"addr4": "101.1.0.0",
+	}
+	cfg := config.StageParam{
+		Transform: &config.Transform{
+			Network: &api.TransformNetwork{
+				Categorization: api.NetworkTransformCategorization{
+					Fields: []api.InOutField{
+						{Input: "addr1", Output: "cat1"},
+						{Input: "addr2", Output: "cat2"},
+						{Input: "addr3", Output: "cat3"},
+						{Input: "addr4", Output: "cat4"},
+					},
+					SubnetCategories: []api.NetworkTransformSubnetCategory{{
+						Name:  "Pods overlay",
+						CIDRs: []string{"10.0.0.0/8"},
+					}, {
+						Name:  "MySite.com",
+						CIDRs: []string{"101.1.0.0/32", "100.1.0.0/16"},
+					}, {
+						Name:  "MyOtherSite.com",
+						CIDRs: []string{"100.2.3.10/32"},
+					}},
+				},
+			},
+		},
+	}
+
+	tr, err := NewTransformNetwork(cfg)
+	require.NoError(t, err)
+
+	output, ok := tr.Transform(entry)
+	require.True(t, ok)
+	require.Equal(t, config.GenericMap{
+		"addr1": "10.1.2.3",
+		"cat1":  "Pods overlay",
+		"addr2": "100.1.2.3",
+		"cat2":  "MySite.com",
+		"addr3": "100.2.3.4",
+		"cat3":  "",
+		"addr4": "101.1.0.0",
+		"cat4":  "MySite.com",
+	}, output)
+}
+
+func Test_ReinterpretDirection(t *testing.T) {
 	cfg := config.StageParam{
 		Transform: &config.Transform{
 			Network: &api.TransformNetwork{