cmhi
/
dispose
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'v2.0.7_dev' into 'master' 

V2.0.7 dev

See merge request DDOSAQ/phoenix_ddos_handle!16
This commit is contained in:
陈玲(杭研) 2021-04-23 16:52:11 +08:00
parent 9d66b8784d 2b8984725c
commit 208391b7c9
2 changed files with 55 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
src/main/java/com/dispose/ability/impl/DpTechBypassAbilityImpl.java
View File

@ -263,6 +263,25 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
return ipSegment + "-" + ipSegment;
}
/**
* Gets ipv6 segment format.
*
* @param ipSegment the ipv6 segment
* @return the ip segment format
*/
private String getIpV6SegmentFormat(String ipSegment) {
if (ipSegment.contains(ConstValue.IPV6_SEGMENT_SPILT)) {
return ipSegment;
}
//如果输入格式为IP-IP则返回值为null
if (ipSegment.contains(ConstValue.IPV6_ERR_SEGMENT_SPILT)) {
return null;
}
return ipSegment + "/" + 128;
}
/**
* Create traction strategy error code.
*
@ -482,7 +501,12 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
if (!k.contains(":")) {
ipV4.add(ipV4Idx++ + "_" + getIpSegmentFormat(k));
} else {
ipV6.add(ipV6Idx++ + "_" + getIpSegmentFormat(k));
if (getIpV6SegmentFormat(k) == null) {
log.error("!!!!ipV6:{} format error", k);
return;
} else {
ipV6.add(ipV6Idx++ + "_" + getIpV6SegmentFormat(k));
}
}
}
@ -500,19 +524,22 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
for (Map.Entry<IpAddrType, String> entry : ipSegment.entrySet()) {
String protectName = getProtectObjectName(v.getServiceId(), entry.getKey());
// 防护对象存在
if (dpBypassManager.getProtectObject().containsKey(protectName)) {
//进一步判断关联模板是都正确防护IP段是否发生变化
protectionObjExist(entry, protectName, template, ipV4, ipV6, ipSegment);
} else {
err = createProtectObject(protectName,
ipSegment.get(entry.getKey()),
IpAddrType.IPV4.equals(entry.getKey()) ? 0 : 1,
template);
if (err == ErrorCode.ERR_OK) {
log.debug("Add Protection Object {} Succeed", protectName);
//只处理C前缀的防护对象
if (protectName.startsWith(objectPrefix)) {
// 防护对象存在
if (dpBypassManager.getProtectObject().containsKey(protectName)) {
//进一步判断关联模板是都正确防护IP段是否发生变化
protectionObjExist(entry, protectName, template, ipV4, ipV6, ipSegment);
} else {
log.error("!!!!Add Protection Object {} Error: {}", protectName, err.getMsg());
err = createProtectObject(protectName,
ipSegment.get(entry.getKey()),
IpAddrType.IPV4.equals(entry.getKey()) ? 0 : 1,
template);
if (err == ErrorCode.ERR_OK) {
log.debug("Add Protection Object {} Succeed", protectName);
} else {
log.error("!!!!Add Protection Object {} Error: {}", protectName, err.getMsg());
}
}
}
}
@ -580,7 +607,6 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
}
}
// 更新防护对象
if (upgradeIpSegment) {
err = upgradeProtectObject(protectName,
@ -710,18 +736,8 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
if (ret != null && ret.getBypassManualTractionStrategyForService().size() > 0) {
ret.getBypassManualTractionStrategyForService().forEach(k -> {
String policyName = k.getPolicyName().getValue();
// 非法名称的旁路牵引策略
if (!policyName.startsWith(objectPrefix)) {
NtcRequestResultInfo rsp =
getCleanTypePort().delBypassManualTractionStrategyForUMC(policyName);
if (rsp.getResultRetVal() == 0) {
log.debug("Remove Traction Strategy {} Succeed", policyName);
} else {
log.error("!!!!Remove Traction Strategy {} Error: {}", policyName, rsp.getResultInfo()
.getValue());
}
} else {
// 只处理C旁路手动牵引策略不可删除第三方添加的旁路手动牵引策略
if (policyName.startsWith(objectPrefix)) {
DpTractionStrategy obj;
if (dpBypassManager.getTractionStrategyName().containsKey(policyName)) {
@ -771,7 +787,7 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
ret.getProtectionTargetWithStrategyForService().forEach(k -> {
String objName = k.getProtectionTargetName().getValue();
// 只处理CMHI相关对象和模板
// 只处理C相关对象和模板
if (objName.startsWith(objectPrefix)) {
DpProtectionStrategyInfo obj;
@ -839,20 +855,9 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
ret.getProtectionObjectDataForService().forEach(k -> {
String objName = k.getProtectionName().getValue();
// 删除非法的防护对象
if (!objName.startsWith(objectPrefix)) {
log.error("!!!!Found Unexpect Protection Object [{}, {}], Deleted it.",
objName,
k.getIpSegment().getValue());
NtcRequestResultInfo rsp = getCleanTypePort().deleteProtectionObjectForUMC(objName);
if (rsp.getResultRetVal() == 0) {
log.warn("!!!!Remove Protection Object {} Succeed", objName);
} else {
log.error("!!!!Remove Protection Object {} Error: {}", objName, rsp.getResultInfo().getValue());
}
} else {
// 只处理C相关对象,不可对UMC上的非杭研防护对象进行删除
if (objName.startsWith(objectPrefix)) {
DpProtectObject obj;
if (dpBypassManager.getProtectObject().containsKey(objName)) {
@ -894,7 +899,6 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
rsp.getResultInfo().getValue());
}
}
});
// 判断是否需要更新IP段信息

10
src/main/java/com/dispose/common/ConstValue.java
View File

@ -94,6 +94,16 @@ public class ConstValue {
*/
public static final String[] IP_SEGMENT_SPILT = new String[] {"-", "/"};
/**
* The constant IPV6_ERR_SEGMENT_SPILT.
*/
public static final String IPV6_ERR_SEGMENT_SPILT = "-";
/**
* The constant IPV6_SEGMENT_SPILT.
*/
public static final String IPV6_SEGMENT_SPILT = "/";
/**
* The type Protocol.
*