new segment: modify/aslookup

[sebinbash]

Since we don't have a router with a full BGP table, I implemented a segment which can look up AS numbers of IP addresses from an MRT file. These files contain BGP dumps and can be obtained from your regional internet registry, for example here. The asnlookup package can parse these files into an optimized database format which is only a few megabytes large. I integrated the mapping from IP to AS number in both formats (.mrt and .db). While a direct lookup from an .mrt file is possible I wouldn't recommend it since the parsing alone takes a minute at startup and the AS lookup table takes up quite a bit of RAM. A lookup from the .db file only takes a few milliseconds and works quite well as far as I could tell.

[georg-e]

Hello, thank you for this nice PR. This segment would definitely be a valuable function. I took a short look on it and also gave it a shot to test on my local setup. It woud be great to include a few changes to the code and the segment documentation before merge.

• aslookup.go:
  • mandatory config options should be checked if they are set, to terminate the program as early as possible in case of misconfiguration. examples can be taken from the addcid segment.
  • as you have descibed the memory and startup overhead with the mrt format, i would prefer having the .db variant as the default setting.
  • the mrt type should also be sanity checked (typo)
  • maybe better reject misspellings or arbitrary values
  • the type config option then might be no longer optional
  • the log level in the Run routine should be "warning" if a lookup reports an error.

*aslookup_test.go

• there should be at minimum a "passthrough" test to ensure the segment is not blocking messages. example can be taken from. other segments. You can place a minimal as.db file within in the examples directory if needed.
• better use the db type instead of the mrt type in favor of test runtime. :-)

*CONFIGURATION.md

• documentation should be more precise and emphasize that its recommended to use the .db variant as default.
• possible configuration options for the type should be mentioned.

Greetings georg-e

[sebinbash]

Hi, I made the requested changes and clarified the documentation. db is now the default type so any value other than db and mrt defaults to the db type. Is this okay with you?

[georg-e]

Hi, Looks mostly good. If tests are running, we can merge the PR. 😄

Tests are failing. Lookup.db file is missing. Its not reasonable to have a full dump in the repo for running the tests. Do you have a small test file for a lookup.db, which covers the test cases? if we provide a sample db, it will be good having it for all tests int the same path like in the TestSegment_AsLookup_nonexistingIp test.

Greetings

[sebinbash]

Hi,

sorry for the confusion, I forgot to commit the example lookup file. I added the dump in examples/enricher and corrected the path in the tests accordingly.

Greetings

[georg-e]

Looks fine. Thank you very much.