From 7aae0f5d9b52ef8390ad9597a4ed0bec291f3ca1 Mon Sep 17 00:00:00 2001 From: Pavel Odintsov Date: Sun, 13 Dec 2020 18:10:17 +0000 Subject: [PATCH] We've started calling GoBGP callback for IPv6 traffic --- src/actions/gobgp_action.cpp | 44 ++++++++++++++++++++++-------------- src/actions/gobgp_action.h | 2 +- src/fastnetmon_logic.cpp | 8 +++---- 3 files changed, 32 insertions(+), 22 deletions(-) diff --git a/src/actions/gobgp_action.cpp b/src/actions/gobgp_action.cpp index ce68be2a..da8ff425 100644 --- a/src/actions/gobgp_action.cpp +++ b/src/actions/gobgp_action.cpp @@ -225,7 +225,7 @@ void gobgp_action_shutdown() { delete gobgp_client; } -void gobgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack) { +void gobgp_ban_manage(std::string action, bool ipv6, std::string ip_as_string, subnet_ipv6_cidr_mask_t client_ipv6, attack_details_t current_attack) { bool is_withdrawal = false; std::string action_name; @@ -238,27 +238,37 @@ void gobgp_ban_manage(std::string action, std::string ip_as_string, attack_detai action_name = "withdraw"; } - if (gobgp_announce_whole_subnet) { - std::string subnet_as_string_with_mask = convert_subnet_to_string(current_attack.customer_network); - logger << log4cpp::Priority::INFO << action_name << " " - << convert_subnet_to_string(current_attack.customer_network) << " to GoBGP"; + if (ipv6) { + if (gobgp_announce_whole_subnet_ipv6) { + logger << log4cpp::Priority::ERROR << "Sorry but we do not support IPv6 per subnet announces"; + } - // https://github.com/osrg/gobgp/blob/0aff30a74216f499b8abfabc50016b041b319749/internal/pkg/table/policy_test.go#L2870 - uint32_t community_as_32bit_int = uint32_t(bgp_community_subnet.asn_number << 16 | bgp_community_subnet.community_number); + if (gobgp_announce_host_ipv6) { + logger << log4cpp::Priority::ERROR << "Sorry but we do not support IPv6 per host announces"; + } + } else { + if (gobgp_announce_whole_subnet) { + std::string subnet_as_string_with_mask = convert_subnet_to_string(current_attack.customer_network); + logger << log4cpp::Priority::INFO << action_name << " " + << convert_subnet_to_string(current_attack.customer_network) << " to GoBGP"; - gobgp_client->AnnounceUnicastPrefix(convert_ip_as_uint_to_string( - current_attack.customer_network.subnet_address), - gobgp_nexthop, is_withdrawal, - current_attack.customer_network.cidr_prefix_length, community_as_32bit_int); - } + // https://github.com/osrg/gobgp/blob/0aff30a74216f499b8abfabc50016b041b319749/internal/pkg/table/policy_test.go#L2870 + uint32_t community_as_32bit_int = uint32_t(bgp_community_subnet.asn_number << 16 | bgp_community_subnet.community_number); - if (gobgp_announce_host) { - std::string ip_as_string_with_mask = ip_as_string + "/32"; + gobgp_client->AnnounceUnicastPrefix(convert_ip_as_uint_to_string( + current_attack.customer_network.subnet_address), + gobgp_nexthop, is_withdrawal, + current_attack.customer_network.cidr_prefix_length, community_as_32bit_int); + } - logger << log4cpp::Priority::INFO << action_name << " " << ip_as_string_with_mask << " to GoBGP"; + if (gobgp_announce_host) { + std::string ip_as_string_with_mask = ip_as_string + "/32"; - uint32_t community_as_32bit_int = uint32_t(bgp_community_host.asn_number << 16 | bgp_community_host.community_number); + logger << log4cpp::Priority::INFO << action_name << " " << ip_as_string_with_mask << " to GoBGP"; - gobgp_client->AnnounceUnicastPrefix(ip_as_string, gobgp_nexthop, is_withdrawal, 32, community_as_32bit_int); + uint32_t community_as_32bit_int = uint32_t(bgp_community_host.asn_number << 16 | bgp_community_host.community_number); + + gobgp_client->AnnounceUnicastPrefix(ip_as_string, gobgp_nexthop, is_withdrawal, 32, community_as_32bit_int); + } } } diff --git a/src/actions/gobgp_action.h b/src/actions/gobgp_action.h index 2045e806..efc909b8 100644 --- a/src/actions/gobgp_action.h +++ b/src/actions/gobgp_action.h @@ -6,6 +6,6 @@ void gobgp_action_init(); void gobgp_action_shutdown(); -void gobgp_ban_manage(std::string action, std::string ip_as_string, attack_details_t current_attack); +void gobgp_ban_manage(std::string action, bool ipv6, std::string ip_as_string, subnet_ipv6_cidr_mask_t client_ipv6, attack_details_t current_attack); #endif diff --git a/src/fastnetmon_logic.cpp b/src/fastnetmon_logic.cpp index b4405688..dc6be8c6 100644 --- a/src/fastnetmon_logic.cpp +++ b/src/fastnetmon_logic.cpp @@ -1114,10 +1114,10 @@ void call_unban_handlers(uint32_t client_ip, } #ifdef ENABLE_GOBGP - if (gobgp_enabled && ipv4) { + if (gobgp_enabled) { logger << log4cpp::Priority::INFO << "Call GoBGP for unban client started: " << client_ip_as_string; - boost::thread gobgp_thread(gobgp_ban_manage, "unban", client_ip_as_string, current_attack); + boost::thread gobgp_thread(gobgp_ban_manage, "unban", ipv6, client_ip_as_string, client_ipv6, current_attack); gobgp_thread.detach(); logger << log4cpp::Priority::INFO << "Call to GoBGP for unban client is finished: " << client_ip_as_string; @@ -1953,10 +1953,10 @@ void call_ban_handlers(uint32_t client_ip, } #ifdef ENABLE_GOBGP - if (gobgp_enabled && ipv4) { + if (gobgp_enabled) { logger << log4cpp::Priority::INFO << "Call GoBGP for ban client started: " << client_ip_as_string; - boost::thread gobgp_thread(gobgp_ban_manage, "ban", client_ip_as_string, current_attack); + boost::thread gobgp_thread(gobgp_ban_manage, "ban", ipv6, client_ip_as_string, client_ipv6, current_attack); gobgp_thread.detach(); logger << log4cpp::Priority::INFO << "Call to GoBGP for ban client is finished: " << client_ip_as_string;