From b59ae36ab73afc8a2109fc10dee351a9c164fef1 Mon Sep 17 00:00:00 2001 From: Tomas Cejka Date: Thu, 29 Aug 2024 23:46:32 +0200 Subject: [PATCH] anonymizer: option to skip SRC_IP (-S)/DST_IP (-D) Two optional parameters were added to skip anonymization of SRC_IP (option -S) or DST_IP (option -D). Example to leave SRC_IP without any modification: /usr/bin/nemea/anonymizer -i u:input,u:output -S Example to leave both SRC_IP and DST_IP without any modification: /usr/bin/nemea/anonymizer -i u:input,u:output -S -D --- anonymizer/README | 2 ++ anonymizer/anonymizer.c | 21 ++++++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/anonymizer/README b/anonymizer/README index ef75e04d..a20c96a9 100644 --- a/anonymizer/README +++ b/anonymizer/README @@ -28,5 +28,7 @@ Anonymization key: 32 characters long string or 32B sized hex string starting wi Parameters: -k KEY Specify anonymization key. -f FILE Specify file containg anonymization key. + -S Disable anonymization of SRC_IP. + -D Disable anonymization of DST_IP. -M Use MurmurHash3 instead of Rijndael cipher. -d Switch to de-anonymization mode, i.e. do reverse transofmration of the addresses. diff --git a/anonymizer/anonymizer.c b/anonymizer/anonymizer.c index 1fb19c74..bbb57a56 100644 --- a/anonymizer/anonymizer.c +++ b/anonymizer/anonymizer.c @@ -6,10 +6,11 @@ * \author Tomas Jansky * \author Martin Zadnik * \author Tomas Cejka + * \date 2024 * \date 2017 */ /* - * Copyright (C) 2013-2018 CESNET + * Copyright (C) 2013-2024 CESNET * * LICENSE TERMS * @@ -71,10 +72,15 @@ trap_module_info_t *module_info = NULL; PARAM('k', "key", "Specify secret key, the key must be 32 characters long string or 32B sized hex string starting with 0x", required_argument, "string") \ PARAM('f', "file", "Specify file containing secret key, the key must be 32 characters long string or 32B sized hex string starting with 0x", required_argument, "string") \ PARAM('M', "murmur", "Use MurmurHash3 instead of Rijndael cipher.", no_argument, "none") \ + PARAM('S', "srcip", "Disable anonymization of SRC_IP.", no_argument, "none") \ + PARAM('D', "dstip", "Disable anonymization of DST_IP.", no_argument, "none") \ PARAM('d', "de-anonym", "Switch to de-anonymization mode.", no_argument, "none") static int stop = 0; +static int disable_src_ip = 0; +static int disable_dst_ip = 0; + TRAP_DEFAULT_SIGNAL_HANDLER(stop = 1); const char *anon_field_names[] = {"SRC_IP", "DST_IP", "SIP_CALLED_PARTY", "SIP_CALLING_PARTY", "SIP_CALL_ID", "SIP_REQUEST_URI", "SIP_VIA"}; @@ -331,6 +337,13 @@ int set_fields_present(ur_template_t *tmplt) int j = 0; for (i = 0; i < ANON_FIELDS_COUNT; i++) { + // check skip flags for src_ip and dst_ip (-S / -D) and skip these fields + if (disable_src_ip == 1 && strncmp(anon_field_names[i], "SRC_IP", 7) == 0) { + continue; + } + if (disable_dst_ip == 1 && strncmp(anon_field_names[i], "DST_IP", 7) == 0) { + continue; + } anon_fields[j] = ur_get_id_by_name(anon_field_names[i]); if (anon_fields[j] != UR_E_INVALID_NAME && ur_is_present(tmplt, anon_fields[j])) { j++; @@ -415,6 +428,12 @@ int main(int argc, char **argv) case 'd': mode = DEANONYMIZATION; break; + case 'S': + disable_src_ip = 1; + break; + case 'D': + disable_dst_ip = 1; + break; default: fprintf(stderr, "Invalid arguments.\n"); ret = 1;