wanderer/ fastnetmon-ng
1
1
Fork 0
Code Issues 2 Pull Requests Projects 1 Releases Activity

Extracted API implementation into separate file

This commit is contained in:
Pavel Odintsov 2020-12-13 18:36:08 +00:00 committed by surtur
parent fa68b2fc9f
commit d3992745fc
Signed by: wanderer
GPG Key ID: 19CE1EC1D9E0486D
4 changed files with 111 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
src/api.hpp Normal file
View File

@ -0,0 +1,82 @@
Status FastnetmonApiServiceImpl::GetBanlist(::grpc::ServerContext* context,
const ::fastmitigation::BanListRequest* request,
::grpc::ServerWriter< ::fastmitigation::BanListReply>* writer) {
logger << log4cpp::Priority::INFO << "API we asked for banlist";
for (std::map<uint32_t, banlist_item_t>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
std::string client_ip_as_string = convert_ip_as_uint_to_string(itr->first);
BanListReply reply;
reply.set_ip_address(client_ip_as_string + "/32");
writer->Write(reply);
}
return Status::OK;
}
Status FastnetmonApiServiceImpl::ExecuteBan(ServerContext* context,
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) {
logger << log4cpp::Priority::INFO << "API we asked for ban for IP: " << request->ip_address();
if (!is_v4_host(request->ip_address())) {
logger << log4cpp::Priority::ERROR << "IP bad format";
return Status::CANCELLED;
}
uint32_t client_ip = convert_ip_as_string_to_uint(request->ip_address());
attack_details_t current_attack;
ban_list_mutex.lock();
ban_list[client_ip] = current_attack;
ban_list_mutex.unlock();
ban_list_details_mutex.lock();
ban_list_details[client_ip] = std::vector<simple_packet_t>();
ban_list_details_mutex.unlock();
subnet_ipv6_cidr_mask_t zero_ipv6_address;
boost::circular_buffer<simple_packet_t> empty_simple_packets_buffer;
logger << log4cpp::Priority::INFO << "API call ban handlers manually";
std::string flow_attack_details = "manually triggered attack";
call_ban_handlers(client_ip, zero_ipv6_address, false, current_attack, flow_attack_details, attack_detection_source_t::Automatic, "", empty_simple_packets_buffer);
return Status::OK;
}
Status FastnetmonApiServiceImpl::ExecuteUnBan(ServerContext* context,
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) {
logger << log4cpp::Priority::INFO << "API: We asked for unban for IP: " << request->ip_address();
if (!is_v4_host(request->ip_address())) {
logger << log4cpp::Priority::ERROR << "IP bad format";
return Status::CANCELLED;
}
uint32_t banned_ip = convert_ip_as_string_to_uint(request->ip_address());
if (ban_list.count(banned_ip) == 0) {
logger << log4cpp::Priority::ERROR << "API: Could not find IP in ban list";
return Status::CANCELLED;
}
banlist_item_t ban_details = ban_list[banned_ip];
logger << log4cpp::Priority::INFO << "API: call unban handlers";
subnet_ipv6_cidr_mask_t zero_ipv6_address;
call_unban_handlers(banned_ip, zero_ipv6_address, false, ban_details, attack_detection_source_t::Automatic);
logger << log4cpp::Priority::INFO << "API: remove IP from ban list";
ban_list_mutex.lock();
ban_list.erase(banned_ip);
ban_list_mutex.unlock();
return Status::OK;
}

85
src/fastnetmon.cpp
View File

@ -465,91 +465,6 @@ void silent_logging_function(gpr_log_func_args* args) {
// We do not want any logging here
}
// Logic and data behind the server's behavior.
class FastnetmonApiServiceImpl final : public Fastnetmon::Service {
Status GetBanlist(::grpc::ServerContext* context,
const ::fastmitigation::BanListRequest* request,
::grpc::ServerWriter< ::fastmitigation::BanListReply>* writer) override {
logger << log4cpp::Priority::INFO << "API we asked for banlist";
for (std::map<uint32_t, banlist_item_t>::iterator itr = ban_list.begin(); itr != ban_list.end(); ++itr) {
std::string client_ip_as_string = convert_ip_as_uint_to_string(itr->first);
BanListReply reply;
reply.set_ip_address(client_ip_as_string + "/32");
writer->Write(reply);
}
return Status::OK;
}
Status ExecuteBan(ServerContext* context,
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) override {
logger << log4cpp::Priority::INFO << "API we asked for ban for IP: " << request->ip_address();
if (!is_v4_host(request->ip_address())) {
logger << log4cpp::Priority::ERROR << "IP bad format";
return Status::CANCELLED;
}
uint32_t client_ip = convert_ip_as_string_to_uint(request->ip_address());
attack_details_t current_attack;
ban_list_mutex.lock();
ban_list[client_ip] = current_attack;
ban_list_mutex.unlock();
ban_list_details_mutex.lock();
ban_list_details[client_ip] = std::vector<simple_packet_t>();
ban_list_details_mutex.unlock();
subnet_ipv6_cidr_mask_t zero_ipv6_address;
boost::circular_buffer<simple_packet_t> empty_simple_packets_buffer;
logger << log4cpp::Priority::INFO << "API call ban handlers manually";
std::string flow_attack_details = "manually triggered attack";
call_ban_handlers(client_ip, zero_ipv6_address, false, current_attack, flow_attack_details, attack_detection_source_t::Automatic, "", empty_simple_packets_buffer);
return Status::OK;
}
Status ExecuteUnBan(ServerContext* context,
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) override {
logger << log4cpp::Priority::INFO << "API: We asked for unban for IP: " << request->ip_address();
if (!is_v4_host(request->ip_address())) {
logger << log4cpp::Priority::ERROR << "IP bad format";
return Status::CANCELLED;
}
uint32_t banned_ip = convert_ip_as_string_to_uint(request->ip_address());
if (ban_list.count(banned_ip) == 0) {
logger << log4cpp::Priority::ERROR << "API: Could not find IP in ban list";
return Status::CANCELLED;
}
banlist_item_t ban_details = ban_list[banned_ip];
logger << log4cpp::Priority::INFO << "API: call unban handlers";
subnet_ipv6_cidr_mask_t zero_ipv6_address;
call_unban_handlers(banned_ip, zero_ipv6_address, false, ban_details, attack_detection_source_t::Automatic);
logger << log4cpp::Priority::INFO << "API: remove IP from ban list";
ban_list_mutex.lock();
ban_list.erase(banned_ip);
ban_list_mutex.unlock();
return Status::OK;
}
};
// We could not define this variable in top of the file because we should define class before
FastnetmonApiServiceImpl api_service;

2
src/fastnetmon_logic.cpp
View File

@ -165,6 +165,8 @@ extern map_for_subnet_counters_t PerSubnetSpeedMap;
extern unsigned int ban_details_records_count;
extern FastnetmonPlatformConfigurtion fastnetmon_platform_configuration;
#include "api.hpp"
#define my_max_on_defines(a, b) (a > b ? a : b)
unsigned int get_max_used_protocol(uint64_t tcp, uint64_t udp, uint64_t icmp) {
unsigned int max = my_max_on_defines(my_max_on_defines(udp, tcp), icmp);

27
src/fastnetmon_logic.hpp
View File

@ -12,6 +12,9 @@
#include "all_logcpp_libraries.h"
#include "packet_bucket.h"
#include "fastnetmon.grpc.pb.h"
#include <grpc++/grpc++.h>
typedef std::map<std::string, uint32_t> active_flow_spec_announces_t;
void build_speed_counters_from_packet_counters(map_element_t& new_speed_element,
@ -165,3 +168,27 @@ void check_traffic_buckets();
void process_filled_buckets_ipv6();
template <typename TemplatedKeyType>
bool should_remove_orphaned_bucket(const std::pair<TemplatedKeyType, packet_bucket_t>& pair);
// API declaration
using fastmitigation::BanListReply;
using fastmitigation::BanListRequest;
using fastmitigation::Fastnetmon;
using grpc::Server;
using grpc::ServerBuilder;
using grpc::ServerContext;
using grpc::Status;
class FastnetmonApiServiceImpl final : public Fastnetmon::Service {
Status GetBanlist(::grpc::ServerContext* context,
const ::fastmitigation::BanListRequest* request,
::grpc::ServerWriter< ::fastmitigation::BanListReply>* writer) override;
Status ExecuteBan(ServerContext* context,
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) override;
Status ExecuteUnBan(ServerContext* context,
const fastmitigation::ExecuteBanRequest* request,
fastmitigation::ExecuteBanReply* reply) override;
};