cmhi
/
dispose
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OCT 

REM:
1. 增加迪普清洗处置逻辑
This commit is contained in:
HuangXin 2021-01-18 14:44:11 +08:00
parent c3a3b90e50
commit 69d1ee7409
2 changed files with 280 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

356
src/main/java/com/dispose/ability/impl/DpTechBypassAbilityImpl.java
View File

@ -30,7 +30,6 @@ import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.Hashtable; import java.util.Hashtable;
import java.util.List; import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern; import java.util.regex.Pattern;
/** /**
@ -82,12 +81,34 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
} }
/** /**
* Remove umc protect object error code. * Upgrade protect object error code.
*
* @param objName the obj name
* @param ipSegment the ip segment
* @param ipType the ip type
* @param template the template
* @return the error code
*/
private ErrorCode upgradeProtectObject(String objName, String ipSegment, int ipType, String template) {
ErrorCode err = removeProtectObject(objName);
if (err != ErrorCode.ERR_OK) {
return err;
}
err = createProtectObject(objName, ipSegment, ipType, template);
return err;
}
/**
* Remove protect object error code.
* *
* @param objName the obj name * @param objName the obj name
* @return the error code * @return the error code
*/ */
private ErrorCode removeUMCProtectObject(String objName) { private ErrorCode removeProtectObject(String objName) {
NtcRequestResultInfo ret; NtcRequestResultInfo ret;
// 修改前同步更新设备信息 // 修改前同步更新设备信息
@ -143,6 +164,13 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
return ErrorCode.ERR_CALLDEVICE; return ErrorCode.ERR_CALLDEVICE;
} }
// 清理缓存中的对象
for(String v : disposeObjectCache.keySet()) {
if(disposeObjectCache.get(v).equals(objName)) {
disposeObjectCache.remove(v);
}
}
return ErrorCode.ERR_OK; return ErrorCode.ERR_OK;
} }
@ -156,6 +184,11 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
* @return the error code * @return the error code
*/ */
private ErrorCode createProtectObject(String objName, String ipSegment, int ipType, String template) { private ErrorCode createProtectObject(String objName, String ipSegment, int ipType, String template) {
// 检查防护对象是否已经存在
if (dpBypassManager.getProtectObject().containsKey(objName)) {
return ErrorCode.ERR_PROTECTOBJECTEXISTS;
}
// 创建对象 // 创建对象
NtcRequestResultInfo ret = getCleanTypePort() NtcRequestResultInfo ret = getCleanTypePort()
.addProtectionObjectForUMC("", .addProtectionObjectForUMC("",
@ -190,6 +223,144 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
return ErrorCode.ERR_OK; return ErrorCode.ERR_OK;
} }
/**
* Create traction strategy error code.
*
* @param objName the obj name
* @param disposeObject the dispose object
* @return the error code
*/
private ErrorCode createTractionStrategy(String objName, String disposeObject) {
NtcRequestResultInfo ret;
ErrorCode err;
log.debug("++++Begging Create Traction Strategy: {}, {}", objName, disposeObject);
// 获取旁路手动牵引策略名
String tractionName = getTractionStrategyName(objName, disposeObject);
// 删除旧的策略
err = removeTractionStrategy(tractionName);
if (err != ErrorCode.ERR_OK) {
return err;
}
// 创建旁路手动牵引策略
ret = getCleanTypePort().addBypassManualTractionStrategyForUMC(tractionName,
objName,
disposeObject);
if (ret.getResultRetVal() == 0) {
log.debug("----Finish Create Traction Strategy {} Succeed", tractionName);
return ErrorCode.ERR_OK;
} else {
log.error("----Create Traction Strategy Error: {}, {}, {}, {}", tractionName,
objName, disposeObject, ret.getResultInfo().getValue());
return ErrorCode.ERR_CALLDEVICE;
}
}
/**
* Start traction strategy error code.
*
* @param objName the obj name
* @param disposeObject the dispose object
* @return the error code
*/
private ErrorCode startTractionStrategy(String objName, String disposeObject) {
NtcRequestResultInfo ret;
ErrorCode err = ErrorCode.ERR_OK;
log.info("++++Begging Start Traction Strategy: {}, {}", objName, disposeObject);
// 获取旁路手动牵引策略名
String policyName = getTractionStrategyName(objName, disposeObject);
// 启动旁路手动牵引策略
log.debug("DpTech startBypassManualTractionStrategyForUMC request: {}, {}", policyName, disposeObject);
ret = getCleanTypePort().startBypassManualTractionStrategyForUMC(policyName, "");
log.debug("DpTech startBypassManualTractionStrategyForUMC response: {}", ret);
if (ret.getResultRetVal() != 0) {
err = ErrorCode.ERR_CALLDEVICE;
log.error("----Error Start Traction Strategy: {}, {}, {}", objName, disposeObject,
ret.getResultInfo().getValue());
} else {
log.info("----Finish Start Traction Strategy: {}, {}", objName, disposeObject);
}
return err;
}
/**
* Stop traction strategy error code.
*
* @param objName the obj name
* @param disposeObject the dispose object
* @return the error code
*/
private ErrorCode stopTractionStrategy(String objName, String disposeObject) {
NtcRequestResultInfo ret;
log.info("++++Begging Stop Traction Strategy: {}, {}", objName, disposeObject);
// 获取旁路手动牵引策略名
String policyName = getTractionStrategyName(objName, disposeObject);
// 判断缓存中是否有该防护策略
if (!dpBypassManager.getTractionStrategyName().containsKey(policyName)) {
log.error("----Error Stop Traction Strategy, No Such Traction Strategy: {}, {}", disposeObject, policyName);
return ErrorCode.ERR_NOSUCHPROTECTSTRATEGY;
}
// 停止旁路手动牵引策略
log.debug("DpTech stopBypassManualTractionStrategyForUMC request: {}", disposeObject);
ret = getCleanTypePort().stopBypassManualTractionStrategyForUMC(policyName, "");
log.debug("DpTech stopBypassManualTractionStrategyForUMC response: {}", ret);
if (ret.getResultRetVal() != 0) {
log.error("----Error DPTech Stop Cleanup Task: {}, {}", disposeObject, ret.getResultInfo().getValue());
return ErrorCode.ERR_CALLDEVICE;
}
return ErrorCode.ERR_OK;
}
/**
* Remove traction strategy error code.
*
* @param tractionName the traction name
* @return the error code
*/
private ErrorCode removeTractionStrategy(String tractionName) {
NtcRequestResultInfo ret;
// 判断旁路手动牵引策略是否存在
if (dpBypassManager.getTractionStrategyName().containsKey(tractionName)) {
DpTractionStrategy ts = dpBypassManager.getTractionStrategyName().get(tractionName);
// 如果正在运行删除失败
if (ts.isRunning()) {
log.error("!!!!Remove Traction Strategy Error, It's Running: {}", tractionName);
return ErrorCode.ERR_TRACTIONSTRATEGYRUNNING;
} else {
// 删除策略
ret = getCleanTypePort().delBypassManualTractionStrategyForUMC(tractionName);
if (ret.getResultRetVal() == 0) {
log.debug("Remove Traction Strategy {} Succeed", tractionName);
return ErrorCode.ERR_OK;
} else {
log.error("!!!!Remove Traction Strategy {} Error: {}", tractionName,
ret.getResultInfo().getValue());
return ErrorCode.ERR_CALLDEVICE;
}
}
}
return ErrorCode.ERR_OK;
}
/** /**
* Association protection template error code. * Association protection template error code.
* *
@ -237,6 +408,7 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
* Sync dp tech device info. * Sync dp tech device info.
*/ */
private void syncDpTechDeviceInfo() { private void syncDpTechDeviceInfo() {
// 处置平台数据同步到UMC
disposeServiceGroup.values().forEach(v -> { disposeServiceGroup.values().forEach(v -> {
ErrorCode err; ErrorCode err;
List<String> ipV4 = new ArrayList<>(); List<String> ipV4 = new ArrayList<>();
@ -311,12 +483,12 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
} }
} }
// 更新防护对象
if (upgradeIpSegment) { if (upgradeIpSegment) {
removeUMCProtectObject(protectName); err = upgradeProtectObject(protectName,
err = createProtectObject(protectName, ipSegment.get(t),
ipSegment.get(t), IpAddrType.IPV4.equals(t) ? 0 : 1,
IpAddrType.IPV4.equals(t) ? 0 : 1, template);
template);
if (err == ErrorCode.ERR_OK) { if (err == ErrorCode.ERR_OK) {
log.debug("Add Protection Object {} Succeed", protectName); log.debug("Add Protection Object {} Succeed", protectName);
} else { } else {
@ -336,6 +508,24 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
} }
} }
}); });
// UMC 同步到处置平台
dpBypassManager.getProtectObject().values().forEach(v -> {
String serviceId = v.getProtectName()
.replace(OBJ_PREFIX + "_", "")
.replace("_" + IpAddrType.IPV4.getDescription(), "")
.replace("_" + IpAddrType.IPV6.getDescription(), "");
// UMC上面存在对象已经失效
if (disposeServiceGroup.values().stream().noneMatch(k -> serviceId.equals(k.getServiceId()))) {
log.debug("++++Remove UMC Unused Protect Object: {}", v.getProtectName());
ErrorCode err = removeProtectObject(v.getProtectName());
if (err != ErrorCode.ERR_OK) {
log.error("!!!!Remove Protect Object Error: {}", v.getProtectName());
}
}
});
} }
/** /**
@ -356,11 +546,12 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
/** /**
* Gets traction strategy name. * Gets traction strategy name.
* *
* @param objName the obj name
* @param disposeIp the dispose ip * @param disposeIp the dispose ip
* @return the traction strategy name * @return the traction strategy name
*/ */
private String getTractionStrategyName(String disposeIp) { private String getTractionStrategyName(String objName, String disposeIp) {
return OBJ_PREFIX + "_" + disposeIp + ""; return OBJ_PREFIX + "_" + disposeIp + "_" + objName;
} }
/** /**
@ -608,11 +799,9 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
NetflowDirection nfDirection, NetflowDirection nfDirection,
Integer attackType, Integer attackType,
Long duration) { Long duration) {
ErrorCode err = ErrorCode.ERR_OK;
NtcRequestResultInfo ret;
try { try {
AtomicReference<String> protectionObject = new AtomicReference<>(""); ErrorCode err;
String protectObjName = "";
log.info("++++Begging DPTech Start Cleanup Task: {}", disposeObject); log.info("++++Begging DPTech Start Cleanup Task: {}", disposeObject);
if (capType != DisposeCapacityType.CLEANUP) { if (capType != DisposeCapacityType.CLEANUP) {
@ -620,81 +809,57 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null); return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null);
} }
String policyName = getTractionStrategyName(disposeObject);
// 判断缓存中当前处置IP的旁路牵引策略是否存在 如果存在直接删除
if (dpBypassManager.getTractionStrategyName().containsKey(policyName)) {
ret = getCleanTypePort().delBypassManualTractionStrategyForUMC(policyName);
if (ret.getResultRetVal() != 0) {
log.error("----Error DPTech Delete Old Traction Strategy Error: {}, {}", policyName,
ret.getResultInfo().getValue());
return new MulReturnType<>(ErrorCode.ERR_CALLDEVICE, null);
}
}
// 判断缓存中是否存在该处置IP对应的防护对象 // 判断缓存中是否存在该处置IP对应的防护对象
if (disposeObjectCache.containsKey(disposeObject)) { if (disposeObjectCache.containsKey(disposeObject)) {
protectionObject.set(disposeObjectCache.get(disposeObject)); protectObjName = disposeObjectCache.get(disposeObject);
} else { } else {
// 从设备防护对象缓存中查找当前处置IP对应的防护对象名称 // 从设备防护对象缓存中查找当前处置IP对应的防护对象名称
dpBypassManager.getProtectObject().values().forEach(k -> { for (DpProtectObject k : dpBypassManager.getProtectObject().values()) {
for (String v : k.getIpSegment().values()) { for (String v : k.getIpSegment().values()) {
if (Helper.ipInRange(v, disposeObject)) { if (Helper.ipInRange(v, disposeObject)) {
protectionObject.set(k.getProtectName()); protectObjName = k.getProtectName();
// 将查找到的防护对象添加到缓存中 // 将查找到的防护对象添加到缓存中
disposeObjectCache.put(disposeObject, k.getProtectName()); disposeObjectCache.put(disposeObject, k.getProtectName());
break; break;
} }
} }
}); }
} }
// 校验当前处置对象对应的防护对象名称是否正确 // 校验当前处置对象对应的防护对象名称是否正确
if (protectionObject.get().length() == 0) { if (protectObjName.length() == 0) {
log.error("----Error DPTech Task Not Found Protection Object: {}", disposeObject); log.error("----Error DPTech Task Not Found Protection Object: {}", disposeObject);
log.debug("!!!!DpTech UMC Protection Objects: {}", dpBypassManager.getProtectObject().values()); log.debug("!!!!DpTech UMC Protection Objects: {}", dpBypassManager.getProtectObject().values());
return new MulReturnType<>(ErrorCode.ERR_NOSUCHUMCPROTECTOBJECT, null); return new MulReturnType<>(ErrorCode.ERR_NOSUCHUMCPROTECTOBJECT, null);
} }
log.debug("++++Begging DPTech Create Traction Strategy: {}, {}, {}", policyName, // 为当前处置IP创建旁路手动牵引策略
protectionObject.get(), disposeObject); err = createTractionStrategy(protectObjName, disposeObject);
// 创建旁路手动牵引策略 if (err != ErrorCode.ERR_OK) {
ret = getCleanTypePort().addBypassManualTractionStrategyForUMC(policyName, protectionObject.get(), log.error("----Error DPTech Start Cleanup Task, Create Traction Strategy Error: {}, {}, {}",
disposeObject); protectObjName, disposeObject, err);
if (ret.getResultRetVal() != 0) {
log.error("----Error DPTech Create Traction Strategy Error: {}, {}, {}, {}", policyName,
protectionObject.get(), disposeObject, ret.getResultInfo().getValue());
return new MulReturnType<>(ErrorCode.ERR_CALLDEVICE, null); return new MulReturnType<>(ErrorCode.ERR_CALLDEVICE, null);
} }
log.debug("----Finish DPTech Create Traction Strategy: {}, {}, {}", policyName,
protectionObject.get(), disposeObject);
// 启动旁路手动牵引策略 // 启动旁路手动牵引策略
log.debug("DpTech startBypassManualTractionStrategyForUMC request: {}, {}", policyName, disposeObject); err = startTractionStrategy(protectObjName, disposeObject);
ret = getCleanTypePort().startBypassManualTractionStrategyForUMC(policyName, "");
log.debug("DpTech startBypassManualTractionStrategyForUMC response: {}", ret);
if (ret.getResultRetVal() != 0) { if (err != ErrorCode.ERR_OK) {
err = ErrorCode.ERR_CALLDEVICE; log.error("----Error DPTech Start Cleanup Task, Start Traction Strategy Error: {}, {}, {}",
log.error("----Error DPTech Start Cleanup Task: {}, {}, {}, {}", disposeObject, nfDirection, protectObjName, disposeObject, err);
CommonEnumHandler.codeOf(DpTechAttackType.class, attackType), return new MulReturnType<>(ErrorCode.ERR_CALLDEVICE, null);
ret.getResultInfo().getValue());
} else {
log.info("----Finish DPTech Start Cleanup Task: {}, {}, {}, {}", disposeObject, nfDirection,
CommonEnumHandler.codeOf(DpTechAttackType.class, attackType),
ret.getResultInfo().getValue());
} }
log.info("----Finish DPTech Start Cleanup Task: {}, {}, {}", disposeObject, nfDirection,
CommonEnumHandler.codeOf(DpTechAttackType.class, attackType));
return new MulReturnType<>(ErrorCode.ERR_OK, null);
} catch (Exception ex) { } catch (Exception ex) {
err = ErrorCode.ERR_SYSTEMEXCEPTION;
log.error("----Exception DPTech Start Cleanup Task: {}, {}, {}", disposeObject, nfDirection, log.error("----Exception DPTech Start Cleanup Task: {}, {}, {}", disposeObject, nfDirection,
CommonEnumHandler.codeOf(DpTechAttackType.class, attackType)); CommonEnumHandler.codeOf(DpTechAttackType.class, attackType));
return new MulReturnType<>(ErrorCode.ERR_SYSTEMEXCEPTION, null);
} }
return new MulReturnType<>(err, null);
} }
/** /**
@ -713,9 +878,8 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
NetflowDirection nfDirection, NetflowDirection nfDirection,
Integer attackType, Integer attackType,
String taskId) { String taskId) {
ErrorCode err = ErrorCode.ERR_OK;
try { try {
ErrorCode err;
log.info("++++Begging DPTech Stop Cleanup Task: {}", disposeObject); log.info("++++Begging DPTech Stop Cleanup Task: {}", disposeObject);
if (capType != DisposeCapacityType.CLEANUP) { if (capType != DisposeCapacityType.CLEANUP) {
@ -723,40 +887,37 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null); return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null);
} }
String policyName = getTractionStrategyName(disposeObject); // 判断缓存中是否存在该处置IP对应的防护对象
if (!disposeObjectCache.containsKey(disposeObject)) {
if (!dpBypassManager.getTractionStrategyName().containsKey(policyName)) { log.error("----Error DPTech Not Found Cache Protection Object: {}", disposeObject);
log.error("----Error DPTech Stop Cleanup Task, No Such Task: {}, {}", disposeObject, policyName);
return new MulReturnType<>(ErrorCode.ERR_TASKNOTRUNNING, null); return new MulReturnType<>(ErrorCode.ERR_TASKNOTRUNNING, null);
} } else {
String protectObjName = disposeObjectCache.get(disposeObject);
log.debug("DpTech stopBypassManualTractionStrategyForUMC request: {}", disposeObject); err = stopTractionStrategy(protectObjName, disposeObject);
NtcRequestResultInfo ret = getCleanTypePort().stopBypassManualTractionStrategyForUMC(policyName, "");
log.debug("DpTech stopBypassManualTractionStrategyForUMC response: {}", ret);
if (ret.getResultRetVal() != 0) { if (err != ErrorCode.ERR_OK) {
err = ErrorCode.ERR_CALLDEVICE; log.error("----Error DPTech Stop Cleanup Task, Stop Traction Strategy Error: {}, {}", disposeObject,
log.error("----Error DPTech Stop Cleanup Task: {}, {}", disposeObject, ret.getResultInfo().getValue()); err);
return new MulReturnType<>(err, null); return new MulReturnType<>(err, null);
} }
// 删除不再使用的手动旁路牵引策略 err = removeTractionStrategy(getTractionStrategyName(protectObjName, disposeObject));
log.debug("DpTech delBypassManualTractionStrategyForUMC request: {}", policyName);
ret = getCleanTypePort().delBypassManualTractionStrategyForUMC(policyName);
log.debug("DpTech delBypassManualTractionStrategyForUMC response: {}", ret);
if (ret.getResultRetVal() != 0) { if (err != ErrorCode.ERR_OK) {
log.error("----Error DPTech Remove Traction Strategy: {}, {}", policyName, log.error("----Error DPTech Stop Cleanup Task, Clean Traction Strategy Error: {}, {}",
ret.getResultInfo().getValue()); disposeObject, err);
}
} }
log.info("----Finish DPTech Stop Cleanup Task Succeed: {}", disposeObject); log.info("----Finish DPTech Stop Cleanup Task Succeed: {}", disposeObject);
return new MulReturnType<>(ErrorCode.ERR_OK, null);
} catch (Exception ex) { } catch (Exception ex) {
err = ErrorCode.ERR_SYSTEMEXCEPTION;
log.error("----Exception DPTech Stop Cleanup Task: {}, {}", disposeObject, ex.getMessage()); log.error("----Exception DPTech Stop Cleanup Task: {}, {}", disposeObject, ex.getMessage());
return new MulReturnType<>(ErrorCode.ERR_SYSTEMEXCEPTION, null);
} }
return new MulReturnType<>(err, null);
} }
/** /**
@ -766,15 +927,12 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
public void periodTaskRuntime() { public void periodTaskRuntime() {
synchronized (this) { synchronized (this) {
super.periodTaskRuntime(); super.periodTaskRuntime();
if (timerCnt++ % DpTechConfigValue.PROTECTION_UPGRADE_PERIOD == 0) { if (timerCnt++ % DpTechConfigValue.PROTECTION_UPGRADE_PERIOD == 0) {
// 更新防护对象与目标关联关系 // 更新防护对象与目标关联关系
getProtectionStrategyTemplateAssociation(); getProtectionStrategyTemplateAssociation();
} }
// 清理旁路手动牵引策略 // 清理旁路手动牵引策略
upgradeTractionStrategy(); upgradeTractionStrategy();
// 与迪普设备同步数据 // 与迪普设备同步数据
syncDpTechDeviceInfo(); syncDpTechDeviceInfo();
} }
@ -798,4 +956,30 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
} }
} }
} }
/**
* Is carry protect ip boolean.
*
* @param ipAddr the ip addr
* @return the boolean
*/
@Override
public boolean isCarryProtectIp(String ipAddr) {
// 判断缓存中是否存在该处置IP对应的防护对象
if (disposeObjectCache.containsKey(ipAddr)) {
return true;
} else {
// 从设备防护对象缓存中查找当前处置IP对应的防护对象名称
for (DpProtectObject k : dpBypassManager.getProtectObject().values()) {
for (String v : k.getIpSegment().values()) {
if (Helper.ipInRange(v, ipAddr)) {
// 将查找到的防护对象添加到缓存中
disposeObjectCache.put(k.getProtectName(), k.getProtectName());
return true;
}
}
}
}
return false;
}
} }

10
src/main/java/com/dispose/common/ErrorCode.java
View File

@ -245,6 +245,16 @@ public enum ErrorCode {
* The Err nosuchumcprotectobject. * The Err nosuchumcprotectobject.
*/ */
ERR_NOSUCHUMCPROTECTOBJECT(200, "没有找到UMC防护对象"), ERR_NOSUCHUMCPROTECTOBJECT(200, "没有找到UMC防护对象"),
/**
* Err protectobjectexists error code.
*/
ERR_PROTECTOBJECTEXISTS(201, "该防护对象已经存在"),
ERR_TRACTIONSTRATEGYRUNNING(201, "该防护策略正在运行"),
ERR_NOSUCHPROTECTSTRATEGY(202, "没有该防护策略"),
; ;
/** /**