feat: improve filtering for IPv6 based on MAC, IP, and source

Author: miguelangel-nubla

README.md

@@ -140,13 +140,15 @@ For a complete reference with all available options and more providers, check th
 tasks:
   # Whichever name you like for this task, it is only for reference
   my_public_web_server:
-    # Only update IPv6 addresses within these subnets ("2000::/3" covers all Global Unicast Addresses)
-    subnets:
-      - 2000::/3
-    # MAC addresses of the hosts to monitor
-    mac_address:
-      - 00:11:22:33:44:55
-      - 00:11:22:33:44:56
+    filter:
+      - mac:
+          address: "00:11:22:33:44:55"
+        ip:
+          # Only use Global Unicast Addresses (publicly routable)
+          type:
+            - global
+          # Optional: Exclude privacy extensions (temporary addresses) by ensuring it is EUI64 derived
+          # - eui64
     endpoints:
       # "example-cloudflare" refers to a credential block defined below
       example-cloudflare:
@@ -185,7 +187,8 @@ credentials:
 # Optional: Discover hosts reading from network devices (pfSense, OPNsense, Mikrotik, etc.)
 discovery:
   plugins:
-    - type: mikrotik
+    mikrotik-router:
+      type: mikrotik
       params: mikrotik:90s,192.168.88.1:8729,admin,password,true,
 
 # For more info on available plugins and their configuration refer to the ipv6disc project

cmd/ipv6ddns/example.config.yaml

@@ -2,35 +2,41 @@ tasks:
   myhome:
     ipv4:
       args:
-      - -s
-      - --ipv4
-      - ifconfig.me
+        - -s
+        - --ipv4
+        - ifconfig.me
       command: curl
       interval: 3m
       lifetime: 10m
-    mac_address:
-    - 00:11:22:33:44:55
-    subnets:
-    - 2000::/3
+    filter:
+      mac: 
+        address: 00:11:22:33:44:55
+      ip:
+        prefix: 2000::/3
     endpoints:
       mycloudflaresettings:
-      - ""
+        - ""
   mylocalonlyserver:
     endpoints:
       mylocaldns:
       - myserver
       - "*.myserver"
     ipv4:
       args:
-      - '%s\n'
-      - 192.168.1.123
+        - '%s\n'
+        - 192.168.1.123
       command: printf
       interval: 60s
       lifetime: 4h
-    mac_address:
-    - 00:11:22:33:44:56
-    subnets:
-    - fc00::/7
+    filter:
+      mac:
+        address: 00:11:22:33:44:56
+      ip:
+        prefix: fc00::/7
+        type:
+          - eui64
+      source:
+        - mikrotik-lan
 credentials:
   duckdns:
     debounce_time: 10s
@@ -122,9 +128,12 @@ discovery:
   listen: true
   active: true
   plugins:
-    - params: mikrotik:90s,192.168.88.1:8729,admin,password,true,<optional>a1b2c3d4...
+    mikrotik-lan:
       type: mikrotik
-    - params: freebsd:90s,pfsense.local,admin,,/path/to/id_rsa
+      params: mikrotik:90s,192.168.88.1:8729,admin,password,true,<optional>a1b2c3d4...
+    pfsense-box:
       type: freebsd
-    - params: linux:90s,[2001:db8::1]:2222,user,,/path/to/id_rsa
-      type: linux
+      params: freebsd:90s,pfsense.local,admin,,/path/to/id_rsa
+    linux-server:
+      type: linux
+      params: linux:90s,[2001:db8::1]:2222,user,,/path/to/id_rsa

cmd/ipv6ddns/ipv6ddns.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/miguelangel-nubla/ipv6ddns"
 	"github.com/miguelangel-nubla/ipv6ddns/config"
+	"github.com/miguelangel-nubla/ipv6disc"
 	"github.com/miguelangel-nubla/ipv6disc/pkg/plugins"
 	_ "github.com/miguelangel-nubla/ipv6disc/pkg/plugins/mikrotik"
 	"github.com/miguelangel-nubla/ipv6disc/pkg/terminal"
@@ -52,11 +53,18 @@ func main() {
 	rediscover := lifetime / 3
 	worker := ipv6ddns.NewWorker(sugar, rediscover, lifetime, config)
 
-	for _, pCfg := range config.Discovery.Plugins {
+	for name, pCfg := range config.Discovery.Plugins {
 		p, err := plugins.Create(pCfg.Type, pCfg.Params, lifetime)
 		if err != nil {
 			sugar.Fatalf("can't create plugin %s: %s", pCfg.Type, err)
 		}
+
+		// Wrap the plugin to override the name with the instance name from config
+		p = &PluginInstance{
+			Plugin: p,
+			name:   name,
+		}
+
 		worker.RegisterPlugin(p)
 	}
 
@@ -139,3 +147,12 @@ var (
 func PrintVersion() string {
 	return fmt.Sprintf("ipv6ddns %s, commit %s, built at %s\n", version, commit, date)
 }
+
+type PluginInstance struct {
+	ipv6disc.Plugin
+	name string
+}
+
+func (p *PluginInstance) Name() string {
+	return p.name
+}

config/config.go

@@ -25,9 +25,9 @@ type Config struct {
 }
 
 type Discovery struct {
-	Listen  bool           `json:"listen"`
-	Active  bool           `json:"active"`
-	Plugins []PluginConfig `json:"plugins"`
+	Listen  bool                    `json:"listen"`
+	Active  bool                    `json:"active"`
+	Plugins map[string]PluginConfig `json:"plugins"`
 }
 
 type PluginConfig struct {
@@ -57,16 +57,42 @@ func (c *Config) PrettyPrint(prefix string, hideSensible bool) string {
 			result.WriteString(task.IPv4.PrettyPrint(prefix + "            "))
 		}
 
-		macAddresses := make([]string, len(task.MACAddresses))
-		for i, mac := range task.MACAddresses {
-			macAddresses[i] = mac.String()
-		}
-		result.WriteString(prefix + "            MAC Addresses: " + strings.Join(macAddresses, ", ") + "\n")
-		subnets := make([]string, len(task.Subnets))
-		for i, subnet := range task.Subnets {
-			subnets[i] = subnet.String()
+		for _, filter := range task.Filters {
+			result.WriteString(prefix + "            - Filter Set:\n")
+			if filter.MAC.Address != "" || len(filter.MAC.Mask) > 0 || len(filter.MAC.Type) > 0 {
+				result.WriteString(prefix + "                MAC:\n")
+				if filter.MAC.Address != "" {
+					result.WriteString(prefix + "                    Address: " + filter.MAC.Address + "\n")
+				}
+				if len(filter.MAC.Mask) > 0 {
+					result.WriteString(prefix + "                    Mask: " + strings.Join(filter.MAC.Mask, ", ") + "\n")
+				}
+				if len(filter.MAC.Type) > 0 {
+					result.WriteString(prefix + "                    Type: " + strings.Join(filter.MAC.Type, ", ") + "\n")
+				}
+			}
+
+			if filter.IP.Prefix.IsValid() || filter.IP.Suffix != "" || len(filter.IP.Mask) > 0 || len(filter.IP.Type) > 0 {
+				result.WriteString(prefix + "                IP:\n")
+				if filter.IP.Prefix.IsValid() {
+					result.WriteString(prefix + "                    Prefix: " + filter.IP.Prefix.String() + "\n")
+				}
+				if filter.IP.Suffix != "" {
+					result.WriteString(prefix + "                    Suffix: " + filter.IP.Suffix + "\n")
+				}
+				if len(filter.IP.Mask) > 0 {
+					result.WriteString(prefix + "                    Mask: " + strings.Join(filter.IP.Mask, ", ") + "\n")
+				}
+				if len(filter.IP.Type) > 0 {
+					result.WriteString(prefix + "                    Type: " + strings.Join(filter.IP.Type, ", ") + "\n")
+				}
+			}
+
+			if len(filter.Source) > 0 {
+				result.WriteString(prefix + "                Source: " + strings.Join(filter.Source, ", ") + "\n")
+			}
 		}
-		result.WriteString(prefix + "            Subnets: " + strings.Join(subnets, ", ") + "\n")
+
 		result.WriteString(prefix + "            Hostnames:\n")
 
 		// Sort endpoint keys
@@ -126,12 +152,22 @@ func (c *Config) PrettyPrint(prefix string, hideSensible bool) string {
 	result.WriteString(prefix + "        Active: " + fmt.Sprintf("%t", c.Discovery.Active) + "\n")
 	if len(c.Discovery.Plugins) > 0 {
 		result.WriteString(prefix + "        Plugins:\n")
-		for _, plugin := range c.Discovery.Plugins {
-			result.WriteString(prefix + "            Type: " + plugin.Type + "\n")
+
+		// Sort plugin keys
+		pluginKeys := make([]string, 0, len(c.Discovery.Plugins))
+		for k := range c.Discovery.Plugins {
+			pluginKeys = append(pluginKeys, k)
+		}
+		sort.Strings(pluginKeys)
+
+		for _, name := range pluginKeys {
+			plugin := c.Discovery.Plugins[name]
+			result.WriteString(prefix + "            " + name + ":\n")
+			result.WriteString(prefix + "                Type: " + plugin.Type + "\n")
 			if !hideSensible {
-				result.WriteString(prefix + "            Params: " + plugin.Params + "\n")
+				result.WriteString(prefix + "                Params: " + plugin.Params + "\n")
 			} else {
-				result.WriteString(prefix + "            Params: <sensible data hidden>\n")
+				result.WriteString(prefix + "                Params: <sensible data hidden>\n")
 			}
 		}
 	}

config/config_test.go

@@ -20,8 +20,16 @@ func TestNewConfig(t *testing.T) {
 	jsonContent := `{
   "tasks": {
     "my_task": {
-      "subnets": ["2001:db8::/64"],
-      "mac_address": ["00:11:22:33:44:55"],
+      "filter": [
+        {
+          "ip": {
+            "prefix": "2001:db8::/64"
+          },
+          "mac": {
+            "address": "00:11:22:33:44:55"
+          }
+        }
+      ],
       "endpoints": {
         "my_credential": [
           "sub.domain.com"
@@ -43,10 +51,11 @@ func TestNewConfig(t *testing.T) {
 	yamlContent := `
 tasks:
   my_task:
-    subnets:
-      - "2001:db8::/64"
-    mac_address:
-      - "00:11:22:33:44:55"
+    filter:
+      - ip:
+          prefix: "2001:db8::/64"
+        mac:
+          address: "00:11:22:33:44:55"
     endpoints:
       my_credential:
         - sub.domain.com
@@ -95,4 +104,72 @@ credentials:
 			t.Error("Expected 'my_task' to exist")
 		}
 	})
+
+	t.Run("Load Config Plugins Map", func(t *testing.T) {
+		yamlContent := `
+tasks: {}
+credentials: {}
+discovery:
+  plugins:
+    mikrotik-lan:
+      type: mikrotik
+      params: param1
+`
+		path := filepath.Join(tempDir, "config_plugins.yaml")
+		_ = os.WriteFile(path, []byte(yamlContent), 0644)
+
+		cfg, err := NewConfig(path)
+		if err != nil {
+			t.Fatalf("NewConfig failed: %v", err)
+		}
+
+		if len(cfg.Discovery.Plugins) != 1 {
+			t.Errorf("Expected 1 plugin, got %d", len(cfg.Discovery.Plugins))
+		}
+		if _, ok := cfg.Discovery.Plugins["mikrotik-lan"]; !ok {
+			t.Error("Expected plugin 'mikrotik-lan'")
+		}
+	})
+
+	t.Run("Load Config Nested Filters", func(t *testing.T) {
+		yamlContent := `
+tasks:
+  new_task:
+    filter:
+      - mac:
+          address: "00:11:22:33:44:66"
+        ip:
+          type: ["global", "eui64"]
+        source: ["mikrotik-lan"]
+    endpoints:
+      creds: ["host"]
+credentials:
+  creds:
+    provider: test
+    settings: {}
+`
+		path := filepath.Join(tempDir, "config_filters.yaml")
+		_ = os.WriteFile(path, []byte(yamlContent), 0644)
+
+		cfg, err := NewConfig(path)
+		if err != nil {
+			t.Fatalf("NewConfig failed: %v", err)
+		}
+
+		// Check filters
+		task := cfg.Tasks["new_task"]
+		if len(task.Filters) == 0 {
+			t.Fatal("No filters found")
+		}
+		f := task.Filters[0]
+		if f.MAC.Address != "00:11:22:33:44:66" {
+			t.Error("Filter MAC mismatch")
+		}
+		if len(f.IP.Type) != 2 {
+			t.Error("Filter IPType mismatch")
+		}
+		if len(f.Source) != 1 || f.Source[0] != "mikrotik-lan" {
+			t.Error("Filter Source mismatch")
+		}
+	})
 }