1
0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-11-27 03:23:00 +01:00

Migrated call_unban_handlers to unified call_blackhole_actions_per_host

This commit is contained in:
Pavel Odintsov 2023-07-09 15:40:09 +01:00
parent 44ff72ea34
commit f8995223b4
3 changed files with 21 additions and 66 deletions

@ -242,7 +242,15 @@ Status FastnetmonApiServiceImpl::ExecuteUnBan(ServerContext* context,
ban_list_ipv6.remove_from_blackhole(ipv6_address); ban_list_ipv6.remove_from_blackhole(ipv6_address);
} }
call_unban_handlers(client_ip, ipv6_address, ipv6, current_attack, attack_detection_source_t::Automatic); // It's empty for unban
std::string flow_attack_details;
// These are empty too
boost::circular_buffer<simple_packet_t> simple_packets_buffer;
boost::circular_buffer<fixed_size_packet_storage_t> raw_packets_buffer;
call_blackhole_actions_per_host(attack_action_t::unban, client_ip, ipv6_address, ipv6,
current_attack, flow_attack_details, attack_detection_source_t::Automatic, simple_packets_buffer);
return Status::OK; return Status::OK;
} }

@ -691,12 +691,22 @@ void execute_unban_operation_ipv6() {
} }
// Add this IP to remove list // Add this IP to remove list
// We will remove keyas really after this loop // We will remove keys really after this loop
ban_list_items_for_erase.push_back(itr.first); ban_list_items_for_erase.push_back(itr.first);
// Call all hooks for unban // Call all hooks for unban
uint32_t zero_ipv4_ip_address = 0; uint32_t zero_ipv4_ip_address = 0;
call_unban_handlers(zero_ipv4_ip_address, itr.first, true, itr.second, attack_detection_source_t::Automatic);
// It's empty for unban
std::string flow_attack_details;
// These are empty too
boost::circular_buffer<simple_packet_t> simple_packets_buffer;
boost::circular_buffer<fixed_size_packet_storage_t> raw_packets_buffer;
call_blackhole_actions_per_host(attack_action_t::unban, zero_ipv4_ip_address, itr.first, true, itr.second,
flow_attack_details, attack_detection_source_t::Automatic,
simple_packets_buffer);
} }
// Remove all unbanned hosts from the ban list // Remove all unbanned hosts from the ban list
@ -807,62 +817,6 @@ void cleanup_ban_list() {
} }
} }
void call_unban_handlers(uint32_t client_ip,
subnet_ipv6_cidr_mask_t client_ipv6,
bool ipv6,
attack_details_t& current_attack,
attack_detection_source_t attack_detection_source) {
bool ipv4 = !ipv6;
std::string client_ip_as_string;
if (ipv4) {
client_ip_as_string = convert_ip_as_uint_to_string(client_ip);
} else {
client_ip_as_string = print_ipv6_address(client_ipv6.subnet_address);
}
logger << log4cpp::Priority::INFO << "We will unban banned IP: " << client_ip_as_string << " because it ban time "
<< current_attack.ban_time << " seconds is ended";
if (notify_script_enabled) {
std::string data_direction_as_string = get_direction_name(current_attack.attack_direction);
std::string pps_as_string = convert_int_to_string(current_attack.attack_power);
std::string script_call_params = fastnetmon_platform_configuration.notify_script_path + " " + client_ip_as_string +
" " + data_direction_as_string + " " + pps_as_string + " unban";
logger << log4cpp::Priority::INFO << "Call script for unban client: " << client_ip_as_string;
// We should execute external script in separate thread because any lag in this
// code will be very distructive
boost::thread exec_thread(exec_no_error_check, script_call_params);
exec_thread.detach();
logger << log4cpp::Priority::INFO << "Script for unban client is finished: " << client_ip_as_string;
}
if (exabgp_enabled && ipv4) {
logger << log4cpp::Priority::INFO << "Call ExaBGP for unban client started: " << client_ip_as_string;
boost::thread exabgp_thread(exabgp_ban_manage, "unban", client_ip_as_string, current_attack);
exabgp_thread.detach();
logger << log4cpp::Priority::INFO << "Call to ExaBGP for unban client is finished: " << client_ip_as_string;
}
#ifdef ENABLE_GOBGP
if (gobgp_enabled) {
logger << log4cpp::Priority::INFO << "Call GoBGP for unban client started: " << client_ip_as_string;
boost::thread gobgp_thread(gobgp_ban_manage, "unban", ipv6, client_ip_as_string, client_ipv6, current_attack);
gobgp_thread.detach();
logger << log4cpp::Priority::INFO << "Call to GoBGP for unban client is finished: " << client_ip_as_string;
}
#endif
}
// This code is a source of race conditions of worst kind, we had to rework it ASAP // This code is a source of race conditions of worst kind, we had to rework it ASAP
std::string print_ddos_attack_details() { std::string print_ddos_attack_details() {
std::stringstream output_buffer; std::stringstream output_buffer;

@ -34,13 +34,6 @@ void convert_integer_to_conntrack_hash_struct(packed_session* packed_connection_
void cleanup_ban_list(); void cleanup_ban_list();
void call_unban_handlers(uint32_t client_ip,
subnet_ipv6_cidr_mask_t client_ipv6,
bool ipv6,
attack_details_t& current_attack,
attack_detection_source_t attack_detection_source);
std::string print_ddos_attack_details(); std::string print_ddos_attack_details();
std::string get_attack_description(uint32_t client_ip, attack_details_t& current_attack); std::string get_attack_description(uint32_t client_ip, attack_details_t& current_attack);