Added a10_plugin for A10 Networks TPS onramp

2024-05-26 20:26:16 +02:00 · 2016-07-07 18:49:13 -07:00 · 2016-07-07 18:49:13 -07:00 · 5d16513da0
parent 25d9b28517
commit 5d16513da0
3 changed files with 186 additions and 0 deletions
--- a/src/a10_plugin/a10.py
+++ b/src/a10_plugin/a10.py
@ -0,0 +1,43 @@
+
+#
+# v0.1 
+# ericc@a10networks.com
+#
+
+import json, urllib2
+
+def axapi_auth(host, username, password):
+    base_uri = 'https://'+host
+    auth_payload = {"credentials": {"username": username, "password": password}}
+    r = axapi_action(base_uri + '/axapi/v3/auth', payload=auth_payload)
+    signature = json.loads(r)['authresponse']['signature']
+    return base_uri, signature
+
+
+def axapi_action(uri, payload='', signature='', method='POST'):
+    try:
+        if method == 'POST':
+            req = urllib2.Request(uri)
+            req.add_header('content-type', 'application/json')
+            if signature:
+                req.add_header('Authorization', 'A10 {0}'.format(signature))
+            response = urllib2.urlopen(req, json.dumps(payload))
+        elif method == 'GET':
+            req = urllib2.Request(uri)
+            req.add_header('content-type', 'application/json')
+            if signature:
+                req.add_header('Authorization', 'A10 {0}'.format(signature))
+            response = urllib2.urlopen(req)
+        elif method == 'DELETE':
+            req = urllib2.Request(uri)
+            req.add_header('content-type', 'application/json')
+            req.get_method = lambda: 'DELETE'
+            if signature:
+                req.add_header('Authorization', 'A10 {0}'.format(signature))
+            response = urllib2.urlopen(req)
+        return response.read()
+    except Exception as e:
+        raise 
+
+
+
--- a/src/a10_plugin/a10.pyc
+++ b/src/a10_plugin/a10.pyc
--- a/src/a10_plugin/fastnetmon_a10_v0.2.py
+++ b/src/a10_plugin/fastnetmon_a10_v0.2.py
@ -0,0 +1,143 @@
+#!/usr/bin/python
+
+#
+# v0.2 created [ban |unban] [on ramp | off ramp action] for A10 TPS 
+# Eric Chou (ericc@a10networks.com)
+#
+
+import sys
+from sys import stdin
+import optparse
+import logging, json
+from a10 import axapi_auth, axapi_action
+
+LOG_FILE = "/var/log/fastnetmon-notify.log"
+
+
+logger = logging.getLogger("DaemonLog")
+logger.setLevel(logging.INFO)
+formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")
+handler = logging.FileHandler(LOG_FILE)
+handler.setFormatter(formatter)
+logger.addHandler(handler)
+
+
+
+client_ip_as_string=sys.argv[1]
+data_direction=sys.argv[2]
+pps_as_string=int(sys.argv[3])
+action=sys.argv[4]
+
+logger.info(" - " . join(sys.argv))
+
+
+# A10 Mitigator Information
+mitigator_ip = "192.168.199.152"
+zone_name = client_ip_as_string + "_zone"
+ip_addr = client_ip_as_string
+asn="64513"
+mitigator_base_url, signature = axapi_auth(mitigator_ip, "admin", "a10")
+
+
+if action == "unban":
+    try: 
+        r = axapi_action(mitigator_base_url+'/axapi/v3/router/bgp/'+asn+'/network/ip-cidr/'+ip_addr+'%2F32', method="DELETE", signature=signature)
+    except Exception as e: 
+        logger.info("route not removed in unban, returned: " + str(e))
+
+    axapi_action(mitigator_base_url+'/axapi/v3/logoff', signature=signature)
+ 
+    sys.exit(0)
+
+elif action == "ban":
+    
+    r = axapi_action(mitigator_base_url+'/axapi/v3/ddos/dst/zone/', method='GET', signature=signature)
+    if zone_name in [i['zone-name'] for i in json.loads(r)['zone-list']]:
+        r = axapi_action(mitigator_base_url+'/axapi/v3/ddos/dst/zone/'+zone_name, method="DELETE", signature=signature)
+        logger.info(str(r))
+    axapi_action(mitigator_base_url+'/axapi/v3/logoff', signature=signature)
+
+    # A10 Mitigation On Ramp 
+    mitigator_base_url, signature = axapi_auth(mitigator_ip, "admin", "a10")
+    zone_name = client_ip_as_string + "_zone"
+    ip_addr = client_ip_as_string
+    port_num = 53
+    port_protocol = 'udp'
+    ddos_violation_action_payload = {
+      "zone-list": [
+        {
+          "zone-name":zone_name,
+          "ip": [
+            {
+              "ip-addr":ip_addr
+            }
+          ],
+          "operational-mode":"monitor",
+          "port": {
+            "zone-service-list": [
+              {
+                "port-num":port_num,
+                "protocol":port_protocol,
+                "level-list": [
+                  {
+                    "level-num":"0",
+                    "zone-escalation-score":1,
+                    "indicator-list": [
+                      {
+                        "type":"pkt-rate",
+                        "score":50,
+                        "zone-threshold-num":1,
+                        "zone-violation-actions":"bmf_a10_script",
+                      }
+                    ],
+                  },
+                  {
+                    "level-num":"1",
+                  }
+                ],
+              }
+            ],
+          },
+        }
+      ]
+    }   
+    try:
+        r = axapi_action(mitigator_base_url+'/axapi/v3/ddos/dst/zone', signature=signature, payload=ddos_violation_action_payload)
+    except Exception as e:
+        logger("zone not created: " + str(e))
+
+    route_advertisement = {
+      "bgp":
+        {
+          "network": {
+            "ip-cidr-list": [
+              {
+                "network-ipv4-cidr":ip_addr+"/32",
+              }
+            ]
+          },
+        }
+    }
+    try: 
+        r = axapi_action(mitigator_base_url+'/axapi/v3/router/bgp/'+asn, payload=route_advertisement, signature=signature)
+    except Exception as e:
+        logger("route not added: " + str(e))
+
+    # Commit changes
+    axapi_action(mitigator_base_url+'/axapi/v3/write/memory', signature=signature)
+    # Log off
+    axapi_action(mitigator_base_url+'/axapi/v3/logoff', signature=signature)
+    
+    sys.exit(0)
+
+elif action == "attack_details":
+    
+    sys.exit(0)
+
+
+else:
+    sys.exit(0)
+
+
+
+