Make history module optional
This commit is contained in:
Patrick Pacher
@@ -355,7 +355,7 @@ func (db *Database) dumpTo(ctx context.Context, w io.Writer) error { //nolint:un
|
|||||||
//
|
//
|
||||||
// Save uses the database write connection instead of relying on the
|
// Save uses the database write connection instead of relying on the
|
||||||
// connection pool.
|
// connection pool.
|
||||||
func (db *Database) Save(ctx context.Context, conn Conn) error {
|
func (db *Database) Save(ctx context.Context, conn Conn, enableHistory bool) error {
|
||||||
connMap, err := orm.ToParamMap(ctx, conn, "", orm.DefaultEncodeConfig)
|
connMap, err := orm.ToParamMap(ctx, conn, "", orm.DefaultEncodeConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to encode connection for SQL: %w", err)
|
return fmt.Errorf("failed to encode connection for SQL: %w", err)
|
||||||
@@ -387,7 +387,13 @@ func (db *Database) Save(ctx context.Context, conn Conn) error {
|
|||||||
|
|
||||||
// TODO(ppacher): make sure this one can be cached to speed up inserting
|
// TODO(ppacher): make sure this one can be cached to speed up inserting
|
||||||
// and save some CPU cycles for the user
|
// and save some CPU cycles for the user
|
||||||
for _, dbName := range []string{"main", "history"} {
|
dbNames := []string{"main"}
|
||||||
|
|
||||||
|
if enableHistory {
|
||||||
|
dbNames = append(dbNames, "history")
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, dbName := range dbNames {
|
||||||
sql := fmt.Sprintf(
|
sql := fmt.Sprintf(
|
||||||
`INSERT INTO %s.connections (%s)
|
`INSERT INTO %s.connections (%s)
|
||||||
VALUES(%s)
|
VALUES(%s)
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ type (
|
|||||||
// insert or an update.
|
// insert or an update.
|
||||||
// The ID of Conn is unique and can be trusted to never collide with other
|
// The ID of Conn is unique and can be trusted to never collide with other
|
||||||
// connections of the save device.
|
// connections of the save device.
|
||||||
Save(context.Context, Conn) error
|
Save(context.Context, Conn, bool) error
|
||||||
}
|
}
|
||||||
|
|
||||||
// Manager handles new and updated network.Connections feeds and persists them
|
// Manager handles new and updated network.Connections feeds and persists them
|
||||||
@@ -100,7 +100,7 @@ func (mng *Manager) HandleFeed(ctx context.Context, feed <-chan *network.Connect
|
|||||||
|
|
||||||
log.Tracef("netquery: updating connection %s", conn.ID)
|
log.Tracef("netquery: updating connection %s", conn.ID)
|
||||||
|
|
||||||
if err := mng.store.Save(ctx, *model); err != nil {
|
if err := mng.store.Save(ctx, *model, conn.Process().Profile().HistoryEnabled()); err != nil {
|
||||||
log.Errorf("netquery: failed to save connection %s in sqlite database: %s", conn.ID, err)
|
log.Errorf("netquery: failed to save connection %s in sqlite database: %s", conn.ID, err)
|
||||||
|
|
||||||
continue
|
continue
|
||||||
|
|||||||
@@ -105,6 +105,10 @@ var (
|
|||||||
|
|
||||||
// Setting "Permanent Verdicts" at order 96.
|
// Setting "Permanent Verdicts" at order 96.
|
||||||
|
|
||||||
|
CfgOptionEnableHistoryKey = "filter/enableHistory"
|
||||||
|
cfgOptionEnableHistory config.BoolOption
|
||||||
|
cfgOptionEnableHistoryOrder = 66
|
||||||
|
|
||||||
// Setting "Enable SPN" at order 128.
|
// Setting "Enable SPN" at order 128.
|
||||||
|
|
||||||
CfgOptionUseSPNKey = "spn/use"
|
CfgOptionUseSPNKey = "spn/use"
|
||||||
@@ -239,6 +243,26 @@ func registerConfiguration() error { //nolint:maintidx
|
|||||||
cfgOptionDisableAutoPermit = config.Concurrent.GetAsInt(CfgOptionDisableAutoPermitKey, int64(status.SecurityLevelsAll))
|
cfgOptionDisableAutoPermit = config.Concurrent.GetAsInt(CfgOptionDisableAutoPermitKey, int64(status.SecurityLevelsAll))
|
||||||
cfgIntOptions[CfgOptionDisableAutoPermitKey] = cfgOptionDisableAutoPermit
|
cfgIntOptions[CfgOptionDisableAutoPermitKey] = cfgOptionDisableAutoPermit
|
||||||
|
|
||||||
|
// Enable History
|
||||||
|
err = config.Register(&config.Option{
|
||||||
|
Name: "Enable Connection History",
|
||||||
|
Key: CfgOptionEnableHistoryKey,
|
||||||
|
Description: "Whether or not to save connections to the history database",
|
||||||
|
OptType: config.OptTypeBool,
|
||||||
|
ReleaseLevel: config.ReleaseLevelExperimental,
|
||||||
|
ExpertiseLevel: config.ExpertiseLevelExpert,
|
||||||
|
DefaultValue: false,
|
||||||
|
Annotations: config.Annotations{
|
||||||
|
config.DisplayOrderAnnotation: cfgOptionEnableHistoryOrder,
|
||||||
|
config.CategoryAnnotation: "Advanced",
|
||||||
|
},
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
cfgOptionEnableHistory = config.Concurrent.GetAsBool(CfgOptionEnableHistoryKey, false)
|
||||||
|
cfgBoolOptions[CfgOptionEnableHistoryKey] = cfgOptionEnableHistory
|
||||||
|
|
||||||
rulesHelp := strings.ReplaceAll(`Rules are checked from top to bottom, stopping after the first match. They can match:
|
rulesHelp := strings.ReplaceAll(`Rules are checked from top to bottom, stopping after the first match. They can match:
|
||||||
|
|
||||||
- By address: "192.168.0.1"
|
- By address: "192.168.0.1"
|
||||||
|
|||||||
@@ -49,6 +49,7 @@ type LayeredProfile struct {
|
|||||||
DomainHeuristics config.BoolOption `json:"-"`
|
DomainHeuristics config.BoolOption `json:"-"`
|
||||||
UseSPN config.BoolOption `json:"-"`
|
UseSPN config.BoolOption `json:"-"`
|
||||||
SPNRoutingAlgorithm config.StringOption `json:"-"`
|
SPNRoutingAlgorithm config.StringOption `json:"-"`
|
||||||
|
HistoryEnabled config.BoolOption `json:"-"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewLayeredProfile returns a new layered profile based on the given local profile.
|
// NewLayeredProfile returns a new layered profile based on the given local profile.
|
||||||
@@ -120,6 +121,10 @@ func NewLayeredProfile(localProfile *Profile) *LayeredProfile {
|
|||||||
CfgOptionRoutingAlgorithmKey,
|
CfgOptionRoutingAlgorithmKey,
|
||||||
cfgOptionRoutingAlgorithm,
|
cfgOptionRoutingAlgorithm,
|
||||||
)
|
)
|
||||||
|
lp.HistoryEnabled = lp.wrapBoolOption(
|
||||||
|
CfgOptionEnableHistoryKey,
|
||||||
|
cfgOptionEnableHistory,
|
||||||
|
)
|
||||||
|
|
||||||
lp.LayerIDs = append(lp.LayerIDs, localProfile.ScopedID())
|
lp.LayerIDs = append(lp.LayerIDs, localProfile.ScopedID())
|
||||||
lp.layers = append(lp.layers, localProfile)
|
lp.layers = append(lp.layers, localProfile)
|
||||||
|
|||||||
@@ -136,6 +136,7 @@ type Profile struct { //nolint:maligned // not worth the effort
|
|||||||
filterListIDs []string
|
filterListIDs []string
|
||||||
spnUsagePolicy endpoints.Endpoints
|
spnUsagePolicy endpoints.Endpoints
|
||||||
spnExitHubPolicy endpoints.Endpoints
|
spnExitHubPolicy endpoints.Endpoints
|
||||||
|
enableHistory bool
|
||||||
|
|
||||||
// Lifecycle Management
|
// Lifecycle Management
|
||||||
outdated *abool.AtomicBool
|
outdated *abool.AtomicBool
|
||||||
@@ -233,6 +234,11 @@ func (profile *Profile) parseConfig() error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
enableHistory, ok := profile.configPerspective.GetAsBool(CfgOptionEnableHistoryKey)
|
||||||
|
if ok {
|
||||||
|
profile.enableHistory = enableHistory
|
||||||
|
}
|
||||||
|
|
||||||
return lastErr
|
return lastErr
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -315,6 +321,11 @@ func (profile *Profile) IsOutdated() bool {
|
|||||||
return profile.outdated.IsSet()
|
return profile.outdated.IsSet()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// HistoryEnabled returns true if connection history is enabled for the profile.
|
||||||
|
func (profile *Profile) HistoryEnabled() bool {
|
||||||
|
return profile.enableHistory
|
||||||
|
}
|
||||||
|
|
||||||
// GetEndpoints returns the endpoint list of the profile. This functions
|
// GetEndpoints returns the endpoint list of the profile. This functions
|
||||||
// requires the profile to be read locked.
|
// requires the profile to be read locked.
|
||||||
func (profile *Profile) GetEndpoints() endpoints.Endpoints {
|
func (profile *Profile) GetEndpoints() endpoints.Endpoints {
|
||||||
|
|||||||
Reference in New Issue
Block a user