feat(vault01/legal_scripting): update legal request script

2025-03-11 13:22:12 +01:00 · 2025-03-11 13:22:12 +01:00 · b845a08bfb
commit b845a08bfb
parent 64635bdd26
1 changed files with 14 additions and 3 deletions
--- a/machines/nixos/vault01/ulogd/nat-request-daddr.nix
+++ b/machines/nixos/vault01/ulogd/nat-request-daddr.nix
@ -10,8 +10,13 @@ writeShellApplication {
  name = "nat-request-daddr";
  runtimeInputs = [ postgresql ];
  text = ''
-    TARGET_TIMESTAMP=$2
-    TARGET_PREFIX=$1
+    TARGET_TIMESTAMP=$3
+    TARGET_PREFIX=$2
+    SRC_PREFIX=$1
+    if [ -z "$TARGET_TIMESTAMP" ] || [ -z "$TARGET_PREFIX" ] || [ -z "$SRC_PREFIX" ]; then
+      echo "$(basename "$0") SOURCE_IP DISTANT_IP TIMESTAMP"
+      exit 1
+    fi
    psql -d ulogd -U ulogd -c "
      select
        vlan_id,
@ -21,8 +26,12 @@ writeShellApplication {
        orig_l4_dport as dport,
        flow_start_sec, flow_end_sec
      from ulog2_ct
-      join vlan_prefixes on ulog2_ct.orig_ip_saddr_str <<= vlan_prefixes.prefix
+      join kea_log on ulog2_ct.orig_ip_saddr_str <<= kea_log.ip_addr
        where
+        lease_start_sec <= $TARGET_TIMESTAMP
+        and
+        $TARGET_TIMESTAMP <= lease_end_sec
+        and
        -- if we don't have conn start, we considered it started before the target time
        ( flow_start_sec IS NULL or flow_start_sec <= $TARGET_TIMESTAMP )
        and
@ -30,6 +39,8 @@ writeShellApplication {
        ( flow_end_sec IS NULL or flow_end_sec >= $TARGET_TIMESTAMP )
        and
        orig_ip_daddr_str <<= inet '$TARGET_PREFIX'
+        and
+        reply_ip_daddr_str <<= inet '$SRC_PREFIX'
      ;"
  '';
 }