feature: add source IP exclusion with CIDR support

Features: - Add exclude_source_ips configuration option - Support single IPs (192.168.1.1) and CIDR ranges (10.0.0.0/8) - Filter packets in parser before TLS processing - Log exclusion configuration at startup - New ipfilter package with IP/CIDR matching - Unit tests for ipfilter package Configuration example: exclude_source_ips: - "10.0.0.0/8" # Exclude private network - "192.168.1.1" # Exclude specific IP - "172.16.0.0/12" # Exclude another range - "2001:db8::/32" # IPv6 support Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com> Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-03-04 11:57:48 +01:00
parent bf93ee6c4a
commit 432509f8f4
6 changed files with 291 additions and 2 deletions
--- a/api/types.go
+++ b/api/types.go
@ -22,6 +22,7 @@ type Config struct {
 	ListenPorts      []uint16 `json:"listen_ports"`
 	BPFFilter        string   `json:"bpf_filter,omitempty"`
 	LocalIPs         []string `json:"local_ips,omitempty"` // Local IPs to monitor (empty = auto-detect, excludes loopback)
+	ExcludeSourceIPs []string `json:"exclude_source_ips,omitempty"` // Source IPs or CIDR ranges to exclude (e.g., ["10.0.0.0/8", "192.168.1.1"])
 	FlowTimeoutSec   int      `json:"flow_timeout_sec,omitempty"` // Timeout for TLS handshake extraction (default: 30)
 	PacketBufferSize int      `json:"packet_buffer_size,omitempty"` // Buffer size for packet channel (default: 1000)
 	LogLevel         string   `json:"log_level,omitempty"` // Log level: debug, info, warn, error (default: info)