diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-07-27 09:05:22 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-07-27 09:05:22 +0200 |
| commit | bc91192acadda102169adacfed967f57f395f1bd (patch) | |
| tree | cc2fb723b533c8dbfd86dc5b4e659841f1a2ce4e /utils | |
| parent | 3326fa258ec92e553e39fc8a1bfa3921dc81f15c (diff) | |
ProtonVPN: split the ip list (#2060)
Use two separate lists:
* one for the ingress nodes, which triggers a ProtonVPN classification
* one for the egress nodes, which triggers the
`NDPI_ANONYMOUS_SUBSCRIBER` risk
Add a command line option (to `ndpiReader`) to easily test IP/port
matching.
Add another example of custom rule.
Diffstat (limited to 'utils')
| -rwxr-xr-x | utils/icloud_private_relay_ip_addresses_download.sh | 2 | ||||
| -rwxr-xr-x | utils/ipaddr2list.py | 10 | ||||
| -rwxr-xr-x | utils/protonvpn_ip_addresses_download.sh | 18 |
3 files changed, 20 insertions, 10 deletions
diff --git a/utils/icloud_private_relay_ip_addresses_download.sh b/utils/icloud_private_relay_ip_addresses_download.sh index 5954a03a5..24f6f56f6 100755 --- a/utils/icloud_private_relay_ip_addresses_download.sh +++ b/utils/icloud_private_relay_ip_addresses_download.sh @@ -24,7 +24,7 @@ cut -d ',' -f 1 $TMP | grep -v ':' > $LIST is_file_empty "${LIST}" ./mergeipaddrlist.py $LIST > $LIST_MERGED is_file_empty "${LIST_MERGED}" -./ipaddr2list.py $LIST_MERGED NDPI_ANONYMOUS_SUBSCRIBER > $DEST +./ipaddr2list.py $LIST_MERGED NDPI_ANONYMOUS_SUBSCRIBER "_icloud_private_relay" > $DEST is_file_empty "${DEST}" rm -f "${TMP}" "${LIST}" "${LIST_MERGED}" diff --git a/utils/ipaddr2list.py b/utils/ipaddr2list.py index bc7114bd4..1f610c88e 100755 --- a/utils/ipaddr2list.py +++ b/utils/ipaddr2list.py @@ -6,13 +6,17 @@ import socket, struct # This scripts is mainly used to create "ip -> protocols" lists. # However it is also used to create "ip -> risk" lists proto = "NDPI_PROTOCOL_XYX" +append_name = "" if len (sys.argv) < 2 : - print("Usage: ipaddr2list.py <file> <protocol>") + print("Usage: ipaddr2list.py <file> <protocol> [<append_name>]") sys.exit (1) -if len (sys.argv) == 3: +if len (sys.argv) >= 3: proto = sys.argv[2] +if len (sys.argv) >= 4: + append_name = sys.argv[3] + print("""/* @@ -38,7 +42,7 @@ print("""/* """) -print("static ndpi_network "+proto.lower()+"_protocol_list[] = {") +print("static ndpi_network "+proto.lower()+append_name+"_protocol_list[] = {") lines = 0 with open(sys.argv[1]) as fp: diff --git a/utils/protonvpn_ip_addresses_download.sh b/utils/protonvpn_ip_addresses_download.sh index fef5a2167..94e7cfa37 100755 --- a/utils/protonvpn_ip_addresses_download.sh +++ b/utils/protonvpn_ip_addresses_download.sh @@ -5,7 +5,8 @@ set -e cd "$(dirname "${0}")" || exit 1 . ./common.sh || exit 1 -DEST=../src/lib/inc_generated/ndpi_protonvpn_match.c.inc +DEST_IN=../src/lib/inc_generated/ndpi_protonvpn_in_match.c.inc +DEST_OUT=../src/lib/inc_generated/ndpi_protonvpn_out_match.c.inc TMP=/tmp/proton.json LIST=/tmp/proton.list LIST_MERGED=/tmp/proton.list.merged @@ -18,14 +19,19 @@ check_http_response "${http_response}" is_file_empty "${TMP}" echo "(2) Processing IP addresses..." -#Not sure if we should use EntryIP or ExitIP: use both, for the time being and let see what happens... jq -r '.LogicalServers[].Servers[].EntryIP' $TMP > $LIST # TODO: ipv6 -jq -r '.LogicalServers[].Servers[].ExitIP' $TMP >> $LIST # TODO: ipv6 is_file_empty "${LIST}" ./mergeipaddrlist.py $LIST > $LIST_MERGED -./ipaddr2list.py $LIST_MERGED NDPI_PROTOCOL_PROTONVPN > $DEST +./ipaddr2list.py $LIST_MERGED NDPI_PROTOCOL_PROTONVPN > $DEST_IN +is_file_empty "${DEST_IN}" + +jq -r '.LogicalServers[].Servers[].ExitIP' $TMP > $LIST # TODO: ipv6 +is_file_empty "${LIST}" +./mergeipaddrlist.py $LIST > $LIST_MERGED +./ipaddr2list.py $LIST_MERGED NDPI_ANONYMOUS_SUBSCRIBER "_protonvpn"> $DEST_OUT +is_file_empty "${DEST_IN}" + rm -f $TMP $LIST $LIST_MERGED -is_file_empty "${DEST}" -echo "(3) ProtonVPN IPs are available in $DEST" +echo "(3) ProtonVPN IPs are available in $DEST_IN, $DEST_OUT" exit 0 |