Improve entity metadata initialization

2025-09-01 10:09:11 +00:00 · 2023-09-06 11:07:31 +02:00 · 2023-09-06 11:07:31 +02:00 · 21cd8cb9e5
commit 21cd8cb9e5
parent 42787b12ad
4 changed files with 89 additions and 85 deletions
--- a/intel/entity.go
+++ b/intel/entity.go
@ -35,6 +35,14 @@ type Entity struct { //nolint:maligned
 	resolveSubDomainLists bool
 	checkCNAMEs           bool

+	// IP is the IP address of the connection. If domain is
+	// set, IP has been resolved by following all CNAMEs.
+	IP net.IP
+
+	// IPScope holds the network scope of the IP.
+	// For DNS requests, this signifies in which scope the DNS request was resolved.
+	IPScope netutils.IPScope
+
 	// Protocol is the protcol number used by the connection.
 	Protocol uint8

@ -55,14 +63,6 @@ type Entity struct { //nolint:maligned
 	// resolved for Domain.
 	CNAME []string

-	// IP is the IP address of the connection. If domain is
-	// set, IP has been resolved by following all CNAMEs.
-	IP net.IP
-
-	// IPScope holds the network scope of the IP.
-	// For DNS requests, this signifies in which scope the DNS request was resolved.
-	IPScope netutils.IPScope
-
 	// Country holds the country the IP address (ASN) is
 	// located in.
 	Country string
@ -106,23 +106,28 @@ type Entity struct { //nolint:maligned
 	loadAsnListOnce     sync.Once
 }

-// Init initializes the internal state and returns the entity.
-func (e *Entity) Init() *Entity {
-	// for backwards compatibility, remove that one
+// Init initializes internal metadata about the entity.
+// If the entity does not describe a destination, you can supply a different
+// destination port for endpoint matching.
+// It returns the entity itself for single line formatting.
+func (e *Entity) Init(dstPort uint16) *Entity {
+	// Get IP scope.
+	if e.IP != nil {
+		e.IPScope = netutils.GetIPScope(e.IP)
+	} else {
+		e.IPScope = netutils.Undefined
+	}
+
+	// Set dst port to given value or fall back to entity.
+	if dstPort > 0 {
+		e.dstPort = dstPort
+	} else {
+		e.dstPort = e.Port
+	}
+
 	return e
 }

-// SetIP sets the IP address together with its network scope.
-func (e *Entity) SetIP(ip net.IP) {
-	e.IP = ip
-	e.IPScope = netutils.GetIPScope(ip)
-}
-
-// SetDstPort sets the destination port.
-func (e *Entity) SetDstPort(dstPort uint16) {
-	e.dstPort = dstPort
-}
-
 // DstPort returns the destination port.
 func (e *Entity) DstPort() uint16 {
 	return e.dstPort
--- a/network/connection.go
+++ b/network/connection.go
@ -438,12 +438,12 @@ func (conn *Connection) GatherConnectionInfo(pkt packet.Packet) (err error) {
 	// Create remote entity.
 	if conn.Entity == nil {
 		// Remote
-		conn.Entity = &intel.Entity{
+		conn.Entity = (&intel.Entity{
+			IP:       pkt.Info().RemoteIP(),
 			Protocol: uint8(pkt.Info().Protocol),
 			Port:     pkt.Info().RemotePort(),
-		}
-		conn.Entity.SetIP(pkt.Info().RemoteIP())
-		conn.Entity.SetDstPort(pkt.Info().DstPort)
+		}).Init(pkt.Info().DstPort)
+
 		// Local
 		conn.SetLocalIP(pkt.Info().LocalIP())
 		conn.LocalPort = pkt.Info().LocalPort()
--- a/network/connection_android.go
+++ b/network/connection_android.go
@ -27,11 +27,11 @@ func NewDefaultConnection(localIP net.IP, localPort uint16, remoteIP net.IP, rem
 		LocalIPScope: netutils.Global,
 		LocalPort:    localPort,
 		PID:          process.UnidentifiedProcessID,
-		Entity: &intel.Entity{
-			Protocol: uint8(protocol),
+		Entity: (&intel.Entity{
 			IP:       remoteIP,
+			Protocol: uint8(protocol),
 			Port:     remotePort,
-		},
+		}).Init(0),
 		Resolver:         nil,
 		Started:          time.Now().Unix(),
 		VerdictPermanent: false,
--- a/profile/endpoints/endpoints_test.go
+++ b/profile/endpoints/endpoints_test.go
@ -19,8 +19,6 @@ func TestMain(m *testing.M) {
 func testEndpointMatch(t *testing.T, ep Endpoint, entity *intel.Entity, expectedResult EPResult) {
 	t.Helper()

-	entity.SetDstPort(entity.Port)
-
 	result, _ := ep.Matches(context.TODO(), entity)
 	if result != expectedResult {
 		t.Errorf(
@ -75,13 +73,13 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO

 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "example.com.",
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)

 	// DOMAIN

@ -93,31 +91,31 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO

 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "example.com.",
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "abc.example.com.",
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "abc-example.com.",
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "abc.example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "abc-example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)

 	ep, err = parseEndpoint("+ *.example.com")
 	if err != nil {
@ -126,31 +124,31 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO

 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "example.com.",
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "abc.example.com.",
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "abc-example.com.",
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "abc.example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "abc-example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)

 	ep, err = parseEndpoint("+ .example.com")
 	if err != nil {
@ -159,31 +157,31 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO

 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "example.com.",
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "abc.example.com.",
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "abc-example.com.",
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "abc.example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "abc-example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)

 	ep, err = parseEndpoint("+ example.*")
 	if err != nil {
@ -192,22 +190,22 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO

 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "example.com.",
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "abc.example.com.",
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "abc.example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)

 	ep, err = parseEndpoint("+ *.exampl*")
 	if err != nil {
@ -216,22 +214,22 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO

 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "example.com.",
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "abc.example.com.",
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "abc.example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)

 	ep, err = parseEndpoint("+ *.com.")
 	if err != nil {
@ -240,10 +238,10 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO

 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "example.com.",
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "example.org.",
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)

 	// protocol

@ -257,16 +255,16 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 17,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "example.com.",
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)

 	// ports

@ -280,24 +278,28 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 17,
 		Port:     441,
-	}).Init()
+	}).Init(0)
 	testEndpointMatch(t, ep, entity, NoMatch)

 	entity.Port = 442
+	entity.Init(0)
 	testEndpointMatch(t, ep, entity, Permitted)

 	entity.Port = 443
+	entity.Init(0)
 	testEndpointMatch(t, ep, entity, Permitted)

 	entity.Port = 444
+	entity.Init(0)
 	testEndpointMatch(t, ep, entity, Permitted)

 	entity.Port = 445
+	entity.Init(0)
 	testEndpointMatch(t, ep, entity, NoMatch)

 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "example.com.",
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)

 	// IP

@ -311,30 +313,30 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "example.com.",
 		IP:       net.ParseIP("10.2.3.4"),
 		Protocol: 17,
 		Port:     443,
-	}).Init(), Permitted)
+	}).Init(0), Permitted)

 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "",
 		IP:       net.ParseIP("10.2.3.3"),
 		Protocol: 6,
 		Port:     443,
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain:   "example.com.",
 		IP:       net.ParseIP("10.2.3.5"),
 		Protocol: 17,
 		Port:     443,
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)

 	testEndpointMatch(t, ep, (&intel.Entity{
 		Domain: "example.com.",
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)

 	// IP Range

@ -344,13 +346,13 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
 	}
 	testEndpointMatch(t, ep, (&intel.Entity{
 		IP: net.ParseIP("10.2.2.4"),
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		IP: net.ParseIP("10.2.3.4"),
-	}).Init(), Permitted)
+	}).Init(0), Permitted)
 	testEndpointMatch(t, ep, (&intel.Entity{
 		IP: net.ParseIP("10.2.4.4"),
-	}).Init(), NoMatch)
+	}).Init(0), NoMatch)

 	// Skip test that need the geoip database in CI.
 	if !testing.Short() {
@ -362,12 +364,10 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
 			t.Fatal(err)
 		}

-		entity = &intel.Entity{}
-		entity.SetIP(net.ParseIP("8.8.8.8"))
+		entity = (&intel.Entity{IP: net.IPv4(8, 8, 8, 8)}).Init(0)
 		testEndpointMatch(t, ep, entity, Permitted)

-		entity = &intel.Entity{}
-		entity.SetIP(net.ParseIP("1.1.1.1"))
+		entity = (&intel.Entity{IP: net.IPv4(1, 1, 1, 1)}).Init(0)
 		testEndpointMatch(t, ep, entity, NoMatch)

 		// Country
@ -377,12 +377,10 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
 			t.Fatal(err)
 		}

-		entity = &intel.Entity{}
-		entity.SetIP(net.ParseIP("194.232.104.1")) // orf.at
+		entity = (&intel.Entity{IP: net.IPv4(194, 232, 104, 1)}).Init(0) // orf.at
 		testEndpointMatch(t, ep, entity, Permitted)

-		entity = &intel.Entity{}
-		entity.SetIP(net.ParseIP("151.101.1.164")) // nytimes.com
+		entity = (&intel.Entity{IP: net.IPv4(151, 101, 1, 164)}).Init(0) // nytimes.com
 		testEndpointMatch(t, ep, entity, NoMatch)

 	}
@ -394,10 +392,10 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
 		t.Fatal(err)
 	}

-	entity = &intel.Entity{}
-	entity.SetIP(net.ParseIP("192.168.0.1"))
+	entity = (&intel.Entity{IP: net.IPv4(192, 168, 0, 1)}).Init(0)
 	testEndpointMatch(t, ep, entity, Permitted)
-	entity.SetIP(net.ParseIP("151.101.1.164")) // nytimes.com
+
+	entity = (&intel.Entity{IP: net.IPv4(151, 101, 1, 164)}).Init(0) // nytimes.com
 	testEndpointMatch(t, ep, entity, NoMatch)

 	// Port with protocol wildcard
@ -412,6 +410,7 @@ func TestEndpointMatching(t *testing.T) { //nolint:maintidx // TODO
 		Protocol: 6,
 		Port:     443,
 	}
+	entity.Init(0)
 	testEndpointMatch(t, ep, entity, Permitted)

 	// Lists