Steps to unify ban and unban logic

2024-06-03 15:56:38 +02:00 · 2023-07-09 14:55:11 +01:00 · 2023-07-09 14:55:11 +01:00 · 353cc054ce
parent 6c4dfd29a3
commit 353cc054ce
4 changed files with 12 additions and 5 deletions
--- a/src/api.hpp
+++ b/src/api.hpp
@ -141,7 +141,7 @@ Status FastnetmonApiServiceImpl::ExecuteBan(ServerContext* context,
    }

    logger << log4cpp::Priority::INFO << "API call ban handlers manually";
-    call_ban_handlers(client_ip, ipv6_address, ipv6, current_attack, flow_attack_details,
+    call_blackhole_actions_per_host(attack_action_t::ban, client_ip, ipv6_address, ipv6, current_attack, flow_attack_details,
                      attack_detection_source_t::Automatic, empty_simple_packets_buffer);

    return Status::OK;
--- a/src/fastnetmon_logic.cpp
+++ b/src/fastnetmon_logic.cpp
@ -863,6 +863,7 @@ void call_unban_handlers(uint32_t client_ip,
 #endif
 }

+// This code is a source of race conditions of worst kind, we had to rework it ASAP
 std::string print_ddos_attack_details() {
    std::stringstream output_buffer;

@ -1433,11 +1434,13 @@ void execute_ip_ban(uint32_t client_ip, subnet_counter_t average_speed_element,

    boost::circular_buffer<simple_packet_t> empty_simple_packets_buffer;

-    call_ban_handlers(client_ip, zero_ipv6_address, false, ban_list[client_ip], flow_attack_details,
+    call_blackhole_actions_per_host(attack_action_t::ban, client_ip, zero_ipv6_address, false, ban_list[client_ip], flow_attack_details,
                      attack_detection_source_t::Automatic, empty_simple_packets_buffer);
 }

-void call_ban_handlers(uint32_t client_ip,
+void call_blackhole_actions_per_host(
+                       attack_action_t attack_action,
+                       uint32_t client_ip,
                       subnet_ipv6_cidr_mask_t client_ipv6,
                       bool ipv6,
                       attack_details_t& current_attack,
@ -3152,7 +3155,7 @@ void execute_ipv6_ban(subnet_ipv6_cidr_mask_t ipv6_client,
    logger << log4cpp::Priority::INFO << "IPv6 address " << print_ipv6_cidr_subnet(ipv6_client) << " was banned";

    uint32_t zero_ipv4_address = 0;
-    call_ban_handlers(zero_ipv4_address, ipv6_client, true, current_attack, "", attack_detection_source_t::Automatic, simple_packets_buffer);
+    call_blackhole_actions_per_host(attack_action_t::ban, zero_ipv4_address, ipv6_client, true, current_attack, "", attack_detection_source_t::Automatic, simple_packets_buffer);
 }

 void process_filled_buckets_ipv6() {
--- a/src/fastnetmon_logic.hpp
+++ b/src/fastnetmon_logic.hpp
@ -65,7 +65,9 @@ redisContext* redis_init_connection();

 void execute_ip_ban(uint32_t client_ip, subnet_counter_t average_speed_element, std::string flow_attack_details, subnet_cidr_mask_t customer_subnet);

-void call_ban_handlers(uint32_t client_ip,
+void call_blackhole_actions_per_host(
+                       attack_action_t attack_action,
+                       uint32_t client_ip,
                       subnet_ipv6_cidr_mask_t client_ipv6,
                       bool ipv6,
                       attack_details_t& current_attack,
--- a/src/fastnetmon_types.hpp
+++ b/src/fastnetmon_types.hpp
@ -30,6 +30,8 @@

 enum attack_severity_t { ATTACK_SEVERITY_LOW, ATTACK_SEVERITY_MIDDLE, ATTACK_SEVERITY_HIGH };

+// Attack action types
+enum class attack_action_t { ban, unban };

 // Kafka traffic export formats
 enum class kafka_traffic_export_format_t : uint32_t { Unknown = 0, JSON = 1, Protobuf = 2 };