Directly make use of the ExternalIPsConfig in ConnTracker

ovalenti · ovalenti · commit 41109ea8bf1e · 2025-05-20T19:01:24.000+02:00
diff --git a/collector/lib/ConnTracker.cpp b/collector/lib/ConnTracker.cpp
@@ -158,12 +158,12 @@ void ConnectionTracker::CloseExternalUnnormalizedConnections(bool is_server, Con
 }
 
 void ConnectionTracker::CloseConnectionsOnRuntimeConfigChange(ConnMap* old_conn_state, ConnMap* delta_conn) {
-  if (enable_external_ips_egress_) {
+  if (external_IPs_config_.IsEnabled(ExternalIPsConfig::Direction::EGRESS)) {
     CloseNormalizedConnections(/* egress is when we are not server */ false, old_conn_state, delta_conn);
   } else {
     CloseExternalUnnormalizedConnections(/* egress is when we are not server */ false, old_conn_state, delta_conn);
   }
-  if (enable_external_ips_ingress_) {
+  if (external_IPs_config_.IsEnabled(ExternalIPsConfig::Direction::INGRESS)) {
     CloseNormalizedConnections(/* ingress is when we are server */ true, old_conn_state, delta_conn);
   } else {
     CloseExternalUnnormalizedConnections(/* ingress is when we are server */ true, old_conn_state, delta_conn);
@@ -182,11 +182,11 @@ Connection ConnectionTracker::NormalizeConnectionNoLock(const Connection& conn)
   if (is_server) {
     // If this is the server, only the local port is relevant, while the remote port does not matter.
     local = Endpoint(IPNet(Address()), conn.local().port());
-    remote = Endpoint(NormalizeAddressNoLock(conn.remote().address(), enable_external_ips_ingress_), 0);
+    remote = Endpoint(NormalizeAddressNoLock(conn.remote().address(), external_IPs_config_.IsEnabled(ExternalIPsConfig::Direction::INGRESS)), 0);
   } else {
     // If this is the client, the local port and address are not relevant.
     local = Endpoint();
-    remote = Endpoint(NormalizeAddressNoLock(remote.address(), enable_external_ips_egress_), remote.port());
+    remote = Endpoint(NormalizeAddressNoLock(remote.address(), external_IPs_config_.IsEnabled(ExternalIPsConfig::Direction::EGRESS)), remote.port());
   }
 
   return Connection(conn.container(), local, remote, conn.l4proto(), is_server);
diff --git a/collector/lib/ConnTracker.h b/collector/lib/ConnTracker.h
@@ -4,6 +4,7 @@
 #include <vector>
 
 #include "Containers.h"
+#include "ExternalIPsConfig.h"
 #include "Hash.h"
 #include "NRadix.h"
 #include "NetworkConnection.h"
@@ -131,10 +132,7 @@ class ConnectionTracker {
 
   void UpdateKnownPublicIPs(UnorderedSet<Address>&& known_public_ips);
   void UpdateKnownIPNetworks(UnorderedMap<Address::Family, std::vector<IPNet>>&& known_ip_networks);
-  void EnableExternalIPs(bool enable_ingress, bool enable_egress) {
-    enable_external_ips_ingress_ = enable_ingress;
-    enable_external_ips_egress_ = enable_egress;
-  }
+  void SetExternalIPsConfig(ExternalIPsConfig config) { external_IPs_config_ = config; }
   void UpdateIgnoredL4ProtoPortPairs(UnorderedSet<L4ProtoPortPair>&& ignored_l4proto_port_pairs);
   void UpdateIgnoredNetworks(const std::vector<IPNet>& network_list);
   void UpdateNonAggregatedNetworks(const std::vector<IPNet>& network_list);
@@ -205,8 +203,7 @@ class ConnectionTracker {
 
   UnorderedSet<Address> known_public_ips_;
   NRadixTree known_ip_networks_;
-  bool enable_external_ips_ingress_ = false;
-  bool enable_external_ips_egress_ = false;
+  ExternalIPsConfig external_IPs_config_;
   UnorderedMap<Address::Family, bool> known_private_networks_exists_;
   UnorderedSet<L4ProtoPortPair> ignored_l4proto_port_pairs_;
   NRadixTree ignored_networks_;
diff --git a/collector/lib/NetworkStatusNotifier.cpp b/collector/lib/NetworkStatusNotifier.cpp
@@ -245,9 +245,7 @@ void NetworkStatusNotifier::RunSingle(IDuplexClientWriter<sensor::NetworkConnect
     ExternalIPsConfig externalIPsConfig = config_.ExternalIPsConf();
 
     WITH_TIMER(CollectorStats::net_fetch_state) {
-      conn_tracker_->EnableExternalIPs(
-          externalIPsConfig.IsEnabled(ExternalIPsConfig::Direction::INGRESS),
-          externalIPsConfig.IsEnabled(ExternalIPsConfig::Direction::EGRESS));
+      conn_tracker_->SetExternalIPsConfig(externalIPsConfig);
 
       new_conn_state = conn_tracker_->FetchConnState(true, true);
       if (config_.EnableAfterglow()) {
diff --git a/collector/test/ConnTrackerTest.cpp b/collector/test/ConnTrackerTest.cpp
@@ -415,7 +415,7 @@ TEST(ConnTrackerTest, TestNormalizedEnableExternalIPs) {
   int64_t time_micros = 1000;
 
   ConnectionTracker tracker;
-  tracker.EnableExternalIPs(true, true);
+  tracker.SetExternalIPsConfig(ExternalIPsConfig(std::nullopt, true));
 
   UnorderedMap<Address::Family, std::vector<IPNet>> known_networks = {{Address::Family::IPV4, {IPNet(Address(35, 127, 1, 0), 24)}}};
   tracker.UpdateKnownIPNetworks(std::move(known_networks));
