From 69d1ee7409f23c44353b2b83803ad4a9ec48b308 Mon Sep 17 00:00:00 2001 From: HuangXin Date: Mon, 18 Jan 2021 14:44:11 +0800 Subject: [PATCH] =?UTF-8?q?OCT=20REM:=201.=20=E5=A2=9E=E5=8A=A0=E8=BF=AA?= =?UTF-8?q?=E6=99=AE=E6=B8=85=E6=B4=97=E5=A4=84=E7=BD=AE=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ability/impl/DpTechBypassAbilityImpl.java | 356 +++++++++++++----- .../java/com/dispose/common/ErrorCode.java | 10 + 2 files changed, 280 insertions(+), 86 deletions(-) diff --git a/src/main/java/com/dispose/ability/impl/DpTechBypassAbilityImpl.java b/src/main/java/com/dispose/ability/impl/DpTechBypassAbilityImpl.java index 2db46e3c..2ae035af 100644 --- a/src/main/java/com/dispose/ability/impl/DpTechBypassAbilityImpl.java +++ b/src/main/java/com/dispose/ability/impl/DpTechBypassAbilityImpl.java @@ -30,7 +30,6 @@ import java.util.Arrays; import java.util.HashMap; import java.util.Hashtable; import java.util.List; -import java.util.concurrent.atomic.AtomicReference; import java.util.regex.Pattern; /** @@ -82,12 +81,34 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { } /** - * Remove umc protect object error code. + * Upgrade protect object error code. + * + * @param objName the obj name + * @param ipSegment the ip segment + * @param ipType the ip type + * @param template the template + * @return the error code + */ + private ErrorCode upgradeProtectObject(String objName, String ipSegment, int ipType, String template) { + ErrorCode err = removeProtectObject(objName); + + if (err != ErrorCode.ERR_OK) { + return err; + } + + err = createProtectObject(objName, ipSegment, ipType, template); + + return err; + } + + + /** + * Remove protect object error code. * * @param objName the obj name * @return the error code */ - private ErrorCode removeUMCProtectObject(String objName) { + private ErrorCode removeProtectObject(String objName) { NtcRequestResultInfo ret; // 修改前同步更新设备信息 @@ -143,6 +164,13 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { return ErrorCode.ERR_CALLDEVICE; } + // 清理缓存中的对象 + for(String v : disposeObjectCache.keySet()) { + if(disposeObjectCache.get(v).equals(objName)) { + disposeObjectCache.remove(v); + } + } + return ErrorCode.ERR_OK; } @@ -156,6 +184,11 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { * @return the error code */ private ErrorCode createProtectObject(String objName, String ipSegment, int ipType, String template) { + // 检查防护对象是否已经存在 + if (dpBypassManager.getProtectObject().containsKey(objName)) { + return ErrorCode.ERR_PROTECTOBJECTEXISTS; + } + // 创建对象 NtcRequestResultInfo ret = getCleanTypePort() .addProtectionObjectForUMC("", @@ -190,6 +223,144 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { return ErrorCode.ERR_OK; } + /** + * Create traction strategy error code. + * + * @param objName the obj name + * @param disposeObject the dispose object + * @return the error code + */ + private ErrorCode createTractionStrategy(String objName, String disposeObject) { + NtcRequestResultInfo ret; + ErrorCode err; + + log.debug("++++Begging Create Traction Strategy: {}, {}", objName, disposeObject); + + // 获取旁路手动牵引策略名 + String tractionName = getTractionStrategyName(objName, disposeObject); + + // 删除旧的策略 + err = removeTractionStrategy(tractionName); + + if (err != ErrorCode.ERR_OK) { + return err; + } + + // 创建旁路手动牵引策略 + ret = getCleanTypePort().addBypassManualTractionStrategyForUMC(tractionName, + objName, + disposeObject); + if (ret.getResultRetVal() == 0) { + log.debug("----Finish Create Traction Strategy {} Succeed", tractionName); + return ErrorCode.ERR_OK; + } else { + log.error("----Create Traction Strategy Error: {}, {}, {}, {}", tractionName, + objName, disposeObject, ret.getResultInfo().getValue()); + return ErrorCode.ERR_CALLDEVICE; + } + } + + /** + * Start traction strategy error code. + * + * @param objName the obj name + * @param disposeObject the dispose object + * @return the error code + */ + private ErrorCode startTractionStrategy(String objName, String disposeObject) { + NtcRequestResultInfo ret; + ErrorCode err = ErrorCode.ERR_OK; + + log.info("++++Begging Start Traction Strategy: {}, {}", objName, disposeObject); + + // 获取旁路手动牵引策略名 + String policyName = getTractionStrategyName(objName, disposeObject); + + // 启动旁路手动牵引策略 + log.debug("DpTech startBypassManualTractionStrategyForUMC request: {}, {}", policyName, disposeObject); + ret = getCleanTypePort().startBypassManualTractionStrategyForUMC(policyName, ""); + log.debug("DpTech startBypassManualTractionStrategyForUMC response: {}", ret); + + if (ret.getResultRetVal() != 0) { + err = ErrorCode.ERR_CALLDEVICE; + log.error("----Error Start Traction Strategy: {}, {}, {}", objName, disposeObject, + ret.getResultInfo().getValue()); + } else { + log.info("----Finish Start Traction Strategy: {}, {}", objName, disposeObject); + } + + return err; + } + + /** + * Stop traction strategy error code. + * + * @param objName the obj name + * @param disposeObject the dispose object + * @return the error code + */ + private ErrorCode stopTractionStrategy(String objName, String disposeObject) { + NtcRequestResultInfo ret; + + log.info("++++Begging Stop Traction Strategy: {}, {}", objName, disposeObject); + + // 获取旁路手动牵引策略名 + String policyName = getTractionStrategyName(objName, disposeObject); + + // 判断缓存中是否有该防护策略 + if (!dpBypassManager.getTractionStrategyName().containsKey(policyName)) { + log.error("----Error Stop Traction Strategy, No Such Traction Strategy: {}, {}", disposeObject, policyName); + return ErrorCode.ERR_NOSUCHPROTECTSTRATEGY; + } + + // 停止旁路手动牵引策略 + log.debug("DpTech stopBypassManualTractionStrategyForUMC request: {}", disposeObject); + ret = getCleanTypePort().stopBypassManualTractionStrategyForUMC(policyName, ""); + log.debug("DpTech stopBypassManualTractionStrategyForUMC response: {}", ret); + + if (ret.getResultRetVal() != 0) { + log.error("----Error DPTech Stop Cleanup Task: {}, {}", disposeObject, ret.getResultInfo().getValue()); + return ErrorCode.ERR_CALLDEVICE; + } + + return ErrorCode.ERR_OK; + } + + /** + * Remove traction strategy error code. + * + * @param tractionName the traction name + * @return the error code + */ + private ErrorCode removeTractionStrategy(String tractionName) { + NtcRequestResultInfo ret; + + // 判断旁路手动牵引策略是否存在 + if (dpBypassManager.getTractionStrategyName().containsKey(tractionName)) { + DpTractionStrategy ts = dpBypassManager.getTractionStrategyName().get(tractionName); + + // 如果正在运行,删除失败 + if (ts.isRunning()) { + log.error("!!!!Remove Traction Strategy Error, It's Running: {}", tractionName); + return ErrorCode.ERR_TRACTIONSTRATEGYRUNNING; + } else { + // 删除策略 + ret = getCleanTypePort().delBypassManualTractionStrategyForUMC(tractionName); + + if (ret.getResultRetVal() == 0) { + log.debug("Remove Traction Strategy {} Succeed", tractionName); + return ErrorCode.ERR_OK; + } else { + log.error("!!!!Remove Traction Strategy {} Error: {}", tractionName, + ret.getResultInfo().getValue()); + return ErrorCode.ERR_CALLDEVICE; + } + } + } + + return ErrorCode.ERR_OK; + } + /** * Association protection template error code. * @@ -237,6 +408,7 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { * Sync dp tech device info. */ private void syncDpTechDeviceInfo() { + // 处置平台数据同步到UMC disposeServiceGroup.values().forEach(v -> { ErrorCode err; List ipV4 = new ArrayList<>(); @@ -311,12 +483,12 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { } } + // 更新防护对象 if (upgradeIpSegment) { - removeUMCProtectObject(protectName); - err = createProtectObject(protectName, - ipSegment.get(t), - IpAddrType.IPV4.equals(t) ? 0 : 1, - template); + err = upgradeProtectObject(protectName, + ipSegment.get(t), + IpAddrType.IPV4.equals(t) ? 0 : 1, + template); if (err == ErrorCode.ERR_OK) { log.debug("Add Protection Object {} Succeed", protectName); } else { @@ -336,6 +508,24 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { } } }); + + // UMC 同步到处置平台 + dpBypassManager.getProtectObject().values().forEach(v -> { + String serviceId = v.getProtectName() + .replace(OBJ_PREFIX + "_", "") + .replace("_" + IpAddrType.IPV4.getDescription(), "") + .replace("_" + IpAddrType.IPV6.getDescription(), ""); + + // UMC上面存在对象已经失效 + if (disposeServiceGroup.values().stream().noneMatch(k -> serviceId.equals(k.getServiceId()))) { + log.debug("++++Remove UMC Unused Protect Object: {}", v.getProtectName()); + ErrorCode err = removeProtectObject(v.getProtectName()); + + if (err != ErrorCode.ERR_OK) { + log.error("!!!!Remove Protect Object Error: {}", v.getProtectName()); + } + } + }); } /** @@ -356,11 +546,12 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { /** * Gets traction strategy name. * + * @param objName the obj name * @param disposeIp the dispose ip * @return the traction strategy name */ - private String getTractionStrategyName(String disposeIp) { - return OBJ_PREFIX + "_" + disposeIp + ""; + private String getTractionStrategyName(String objName, String disposeIp) { + return OBJ_PREFIX + "_" + disposeIp + "_" + objName; } /** @@ -608,11 +799,9 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { NetflowDirection nfDirection, Integer attackType, Long duration) { - ErrorCode err = ErrorCode.ERR_OK; - NtcRequestResultInfo ret; - try { - AtomicReference protectionObject = new AtomicReference<>(""); + ErrorCode err; + String protectObjName = ""; log.info("++++Begging DPTech Start Cleanup Task: {}", disposeObject); if (capType != DisposeCapacityType.CLEANUP) { @@ -620,81 +809,57 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null); } - String policyName = getTractionStrategyName(disposeObject); - - // 判断缓存中当前处置IP的旁路牵引策略是否存在, 如果存在直接删除 - if (dpBypassManager.getTractionStrategyName().containsKey(policyName)) { - ret = getCleanTypePort().delBypassManualTractionStrategyForUMC(policyName); - - if (ret.getResultRetVal() != 0) { - log.error("----Error DPTech Delete Old Traction Strategy Error: {}, {}", policyName, - ret.getResultInfo().getValue()); - return new MulReturnType<>(ErrorCode.ERR_CALLDEVICE, null); - } - } - // 判断缓存中是否存在该处置IP对应的防护对象 if (disposeObjectCache.containsKey(disposeObject)) { - protectionObject.set(disposeObjectCache.get(disposeObject)); + protectObjName = disposeObjectCache.get(disposeObject); } else { // 从设备防护对象缓存中查找当前处置IP对应的防护对象名称 - dpBypassManager.getProtectObject().values().forEach(k -> { + for (DpProtectObject k : dpBypassManager.getProtectObject().values()) { for (String v : k.getIpSegment().values()) { if (Helper.ipInRange(v, disposeObject)) { - protectionObject.set(k.getProtectName()); + protectObjName = k.getProtectName(); // 将查找到的防护对象添加到缓存中 disposeObjectCache.put(disposeObject, k.getProtectName()); break; } } - }); + } } // 校验当前处置对象对应的防护对象名称是否正确 - if (protectionObject.get().length() == 0) { + if (protectObjName.length() == 0) { log.error("----Error DPTech Task Not Found Protection Object: {}", disposeObject); log.debug("!!!!DpTech UMC Protection Objects: {}", dpBypassManager.getProtectObject().values()); return new MulReturnType<>(ErrorCode.ERR_NOSUCHUMCPROTECTOBJECT, null); } - log.debug("++++Begging DPTech Create Traction Strategy: {}, {}, {}", policyName, - protectionObject.get(), disposeObject); + // 为当前处置IP创建旁路手动牵引策略 + err = createTractionStrategy(protectObjName, disposeObject); - // 创建旁路手动牵引策略 - ret = getCleanTypePort().addBypassManualTractionStrategyForUMC(policyName, protectionObject.get(), - disposeObject); - - if (ret.getResultRetVal() != 0) { - log.error("----Error DPTech Create Traction Strategy Error: {}, {}, {}, {}", policyName, - protectionObject.get(), disposeObject, ret.getResultInfo().getValue()); + if (err != ErrorCode.ERR_OK) { + log.error("----Error DPTech Start Cleanup Task, Create Traction Strategy Error: {}, {}, {}", + protectObjName, disposeObject, err); return new MulReturnType<>(ErrorCode.ERR_CALLDEVICE, null); } - log.debug("----Finish DPTech Create Traction Strategy: {}, {}, {}", policyName, - protectionObject.get(), disposeObject); - // 启动旁路手动牵引策略 - log.debug("DpTech startBypassManualTractionStrategyForUMC request: {}, {}", policyName, disposeObject); - ret = getCleanTypePort().startBypassManualTractionStrategyForUMC(policyName, ""); - log.debug("DpTech startBypassManualTractionStrategyForUMC response: {}", ret); + err = startTractionStrategy(protectObjName, disposeObject); - if (ret.getResultRetVal() != 0) { - err = ErrorCode.ERR_CALLDEVICE; - log.error("----Error DPTech Start Cleanup Task: {}, {}, {}, {}", disposeObject, nfDirection, - CommonEnumHandler.codeOf(DpTechAttackType.class, attackType), - ret.getResultInfo().getValue()); - } else { - log.info("----Finish DPTech Start Cleanup Task: {}, {}, {}, {}", disposeObject, nfDirection, - CommonEnumHandler.codeOf(DpTechAttackType.class, attackType), - ret.getResultInfo().getValue()); + if (err != ErrorCode.ERR_OK) { + log.error("----Error DPTech Start Cleanup Task, Start Traction Strategy Error: {}, {}, {}", + protectObjName, disposeObject, err); + return new MulReturnType<>(ErrorCode.ERR_CALLDEVICE, null); } + + log.info("----Finish DPTech Start Cleanup Task: {}, {}, {}", disposeObject, nfDirection, + CommonEnumHandler.codeOf(DpTechAttackType.class, attackType)); + + return new MulReturnType<>(ErrorCode.ERR_OK, null); } catch (Exception ex) { - err = ErrorCode.ERR_SYSTEMEXCEPTION; log.error("----Exception DPTech Start Cleanup Task: {}, {}, {}", disposeObject, nfDirection, CommonEnumHandler.codeOf(DpTechAttackType.class, attackType)); + return new MulReturnType<>(ErrorCode.ERR_SYSTEMEXCEPTION, null); } - - return new MulReturnType<>(err, null); } /** @@ -713,9 +878,8 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { NetflowDirection nfDirection, Integer attackType, String taskId) { - ErrorCode err = ErrorCode.ERR_OK; - try { + ErrorCode err; log.info("++++Begging DPTech Stop Cleanup Task: {}", disposeObject); if (capType != DisposeCapacityType.CLEANUP) { @@ -723,40 +887,37 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null); } - String policyName = getTractionStrategyName(disposeObject); - - if (!dpBypassManager.getTractionStrategyName().containsKey(policyName)) { - log.error("----Error DPTech Stop Cleanup Task, No Such Task: {}, {}", disposeObject, policyName); + // 判断缓存中是否存在该处置IP对应的防护对象 + if (!disposeObjectCache.containsKey(disposeObject)) { + log.error("----Error DPTech Not Found Cache Protection Object: {}", disposeObject); return new MulReturnType<>(ErrorCode.ERR_TASKNOTRUNNING, null); - } + } else { + String protectObjName = disposeObjectCache.get(disposeObject); - log.debug("DpTech stopBypassManualTractionStrategyForUMC request: {}", disposeObject); - NtcRequestResultInfo ret = getCleanTypePort().stopBypassManualTractionStrategyForUMC(policyName, ""); - log.debug("DpTech stopBypassManualTractionStrategyForUMC response: {}", ret); + err = stopTractionStrategy(protectObjName, disposeObject); - if (ret.getResultRetVal() != 0) { - err = ErrorCode.ERR_CALLDEVICE; - log.error("----Error DPTech Stop Cleanup Task: {}, {}", disposeObject, ret.getResultInfo().getValue()); - return new MulReturnType<>(err, null); - } + if (err != ErrorCode.ERR_OK) { + log.error("----Error DPTech Stop Cleanup Task, Stop Traction Strategy Error: {}, {}", disposeObject, + err); + return new MulReturnType<>(err, null); + } - // 删除不再使用的手动旁路牵引策略 - log.debug("DpTech delBypassManualTractionStrategyForUMC request: {}", policyName); - ret = getCleanTypePort().delBypassManualTractionStrategyForUMC(policyName); - log.debug("DpTech delBypassManualTractionStrategyForUMC response: {}", ret); + err = removeTractionStrategy(getTractionStrategyName(protectObjName, disposeObject)); - if (ret.getResultRetVal() != 0) { - log.error("----Error DPTech Remove Traction Strategy: {}, {}", policyName, - ret.getResultInfo().getValue()); + if (err != ErrorCode.ERR_OK) { + log.error("----Error DPTech Stop Cleanup Task, Clean Traction Strategy Error: {}, {}", + disposeObject, err); + } } log.info("----Finish DPTech Stop Cleanup Task Succeed: {}", disposeObject); + return new MulReturnType<>(ErrorCode.ERR_OK, null); } catch (Exception ex) { - err = ErrorCode.ERR_SYSTEMEXCEPTION; log.error("----Exception DPTech Stop Cleanup Task: {}, {}", disposeObject, ex.getMessage()); + return new MulReturnType<>(ErrorCode.ERR_SYSTEMEXCEPTION, null); } - return new MulReturnType<>(err, null); + } /** @@ -766,15 +927,12 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { public void periodTaskRuntime() { synchronized (this) { super.periodTaskRuntime(); - if (timerCnt++ % DpTechConfigValue.PROTECTION_UPGRADE_PERIOD == 0) { // 更新防护对象与目标关联关系 getProtectionStrategyTemplateAssociation(); } - // 清理旁路手动牵引策略 upgradeTractionStrategy(); - // 与迪普设备同步数据 syncDpTechDeviceInfo(); } @@ -798,4 +956,30 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { } } } + + /** + * Is carry protect ip boolean. + * + * @param ipAddr the ip addr + * @return the boolean + */ + @Override + public boolean isCarryProtectIp(String ipAddr) { + // 判断缓存中是否存在该处置IP对应的防护对象 + if (disposeObjectCache.containsKey(ipAddr)) { + return true; + } else { + // 从设备防护对象缓存中查找当前处置IP对应的防护对象名称 + for (DpProtectObject k : dpBypassManager.getProtectObject().values()) { + for (String v : k.getIpSegment().values()) { + if (Helper.ipInRange(v, ipAddr)) { + // 将查找到的防护对象添加到缓存中 + disposeObjectCache.put(k.getProtectName(), k.getProtectName()); + return true; + } + } + } + } + return false; + } } diff --git a/src/main/java/com/dispose/common/ErrorCode.java b/src/main/java/com/dispose/common/ErrorCode.java index eac55935..df067baa 100644 --- a/src/main/java/com/dispose/common/ErrorCode.java +++ b/src/main/java/com/dispose/common/ErrorCode.java @@ -245,6 +245,16 @@ public enum ErrorCode { * The Err nosuchumcprotectobject. */ ERR_NOSUCHUMCPROTECTOBJECT(200, "没有找到UMC防护对象"), + + /** + * Err protectobjectexists error code. + */ + ERR_PROTECTOBJECTEXISTS(201, "该防护对象已经存在"), + + ERR_TRACTIONSTRATEGYRUNNING(201, "该防护策略正在运行"), + + ERR_NOSUCHPROTECTSTRATEGY(202, "没有该防护策略"), + ; /**