cmhi
/
dispose
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OCT 

REM:
1. 增加迪普旁路手动牵引清洗启动,停止功能
This commit is contained in:
HuangXin 2021-01-14 18:10:25 +08:00
parent 3f6d8f1813
commit 9c908f1c10
2 changed files with 229 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

232
src/main/java/com/dispose/ability/impl/DpTechBypassAbilityImpl.java
View File

@ -1,13 +1,22 @@
package com.dispose.ability.impl; package com.dispose.ability.impl;
import com.dispose.common.CommonEnumHandler;
import com.dispose.common.ConstValue; import com.dispose.common.ConstValue;
import com.dispose.common.DisposeConfigValue; import com.dispose.common.DisposeCapacityType;
import com.dispose.common.DisposeObjectType;
import com.dispose.common.DpTechAttackType;
import com.dispose.common.DpTechConfigValue; import com.dispose.common.DpTechConfigValue;
import com.dispose.common.ErrorCode;
import com.dispose.common.Helper;
import com.dispose.common.IpAddrType; import com.dispose.common.IpAddrType;
import com.dispose.common.NetflowDirection;
import com.dispose.pojo.dto.protocol.device.ability.DpBypassManager; import com.dispose.pojo.dto.protocol.device.ability.DpBypassManager;
import com.dispose.pojo.dto.protocol.device.ability.DpProtectObject; import com.dispose.pojo.dto.protocol.device.ability.DpProtectObject;
import com.dispose.pojo.dto.protocol.device.ability.DpProtectionStrategyInfo; import com.dispose.pojo.dto.protocol.device.ability.DpProtectionStrategyInfo;
import com.dispose.pojo.dto.protocol.device.ability.DpTractionStrategy;
import com.dispose.pojo.entity.ServiceInfo; import com.dispose.pojo.entity.ServiceInfo;
import com.dispose.pojo.po.MulReturnType;
import com.dptech.dispose.ArrayOfBypassManualTractionStrategyForService;
import com.dptech.dispose.ArrayOfProtectionObjectDataForService; import com.dptech.dispose.ArrayOfProtectionObjectDataForService;
import com.dptech.dispose.ArrayOfProtectionTargetWithStrategyForService; import com.dptech.dispose.ArrayOfProtectionTargetWithStrategyForService;
import com.dptech.dispose.NtcRequestResultInfo; import com.dptech.dispose.NtcRequestResultInfo;
@ -15,10 +24,9 @@ import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Hashtable; import java.util.Hashtable;
import java.util.List; import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Pattern; import java.util.regex.Pattern;
/** /**
@ -29,6 +37,8 @@ import java.util.regex.Pattern;
@Slf4j @Slf4j
public class DpTechBypassAbilityImpl extends DpTechAbilityImpl { public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
private final Hashtable<String, String> disposeObjectCache = new Hashtable<>();
/** /**
* The Dispose service group. * The Dispose service group.
*/ */
@ -41,7 +51,7 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
/** /**
* The All cleanup devices. * The All cleanup devices.
*/ */
private final HashSet<String> allCleanupDevices = new HashSet<>(); private String allCleanupDevices = "";
/** /**
* The Dp bypass manager. * The Dp bypass manager.
@ -58,15 +68,64 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
private void initCleanupDevices() { private void initCleanupDevices() {
try { try {
log.info("++++Begging DPTech Get All Protection Devices"); log.info("++++Begging DPTech Get All Protection Devices");
String dev = getCleanTypePort().getAllProtectDevices(); allCleanupDevices = getCleanTypePort().getAllProtectDevices();
log.info("----Finish DPTech Get All Protection Devices: {}", dev); log.info("----Finish DPTech Get All Protection Devices: {}", allCleanupDevices);
Collections.addAll(allCleanupDevices, dev.split(DisposeConfigValue.SPLIT_CHAR));
} catch (Exception ex) { } catch (Exception ex) {
log.error("----Exception DPTech Get All Protection Devices: {}", ex.getMessage()); log.error("----Exception DPTech Get All Protection Devices: {}", ex.getMessage());
} }
} }
/**
* Upgrade traction strategy.
*/
private void upgradeTractionStrategy() {
try {
log.info("++++Begging DPTech Upgrade Traction Strategy");
ArrayOfBypassManualTractionStrategyForService ret =
getCleanTypePort().getAllBypassManualTractionStrategyFromUMC();
if (ret != null && ret.getBypassManualTractionStrategyForService().size() > 0) {
ret.getBypassManualTractionStrategyForService().forEach(k -> {
String policyName = k.getPolicyName().getValue();
// 非法名称的旁路牵引策略
if (!policyName.startsWith(OBJ_PREFIX)) {
NtcRequestResultInfo rsp =
getCleanTypePort().delBypassManualTractionStrategyForUMC(policyName);
if (rsp.getResultRetVal() == 0) {
log.debug("Remove Traction Strategy {} Succeed", policyName);
} else {
log.error("!!!!Remove Traction Strategy {} Error: {}", policyName, rsp.getResultInfo()
.getValue());
}
} else {
DpTractionStrategy obj;
if (dpBypassManager.getTractionStrategyName().containsKey(policyName)) {
obj = dpBypassManager.getTractionStrategyName().get(policyName);
obj.setProtectName(k.getProtectName().getValue());
obj.setIpRange(k.getIpRange().getValue());
obj.setRunning(Boolean.parseBoolean(k.getEnabled().getValue()));
} else {
obj = DpTractionStrategy.builder()
.policyName(policyName)
.protectName(k.getProtectName().getValue())
.ipRange(k.getIpRange().getValue())
.running(Boolean.parseBoolean(k.getEnabled().getValue()))
.build();
dpBypassManager.getTractionStrategyName().put(policyName, obj);
}
}
});
}
log.info("----Finish DPTech Upgrade Traction Strategy");
} catch (Exception ex) {
log.error("----Exception DPTech Upgrade Traction Strategy: {}", ex.getMessage());
}
}
/** /**
* Gets protection strategy template. * Gets protection strategy template.
*/ */
@ -104,7 +163,7 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
} else { } else {
obj = dpBypassManager.getProtectStrategy().get(objName); obj = dpBypassManager.getProtectStrategy().get(objName);
// 如果关联关系 // 如果关联关系有变动
if (!obj.getProtectStrategyName().equals(k.getProtectionStrategyName().getValue())) { if (!obj.getProtectStrategyName().equals(k.getProtectionStrategyName().getValue())) {
obj.setProtectStrategyName(k.getProtectionStrategyName().getValue()); obj.setProtectStrategyName(k.getProtectionStrategyName().getValue());
} }
@ -113,15 +172,12 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
}); });
log.info("----Finish Begging DPTech Get All Protection Strategy Association Relation"); log.info("----Finish Begging DPTech Get All Protection Strategy Association Relation");
} catch (Exception ex) { } catch (Exception ex) {
log.error("----Exception Begging DPTech Get All Protection Strategy Association Relation: {}", log.error("----Exception Begging DPTech Get All Protection Strategy Association Relation: {}",
ex.getMessage()); ex.getMessage());
} }
} }
/** /**
* Init device env. * Init device env.
* *
@ -187,7 +243,7 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
.cleanupDevices(k.getCleaningDevices().getValue()) .cleanupDevices(k.getCleaningDevices().getValue())
.protectName(objName) .protectName(objName)
.detectionDevices(k.getDetectionDevices().getValue()) .detectionDevices(k.getDetectionDevices().getValue())
.ipType(k.getIpType() == 4 ? IpAddrType.IPV4 : IpAddrType.IPV6) .ipType(k.getIpType() == 0 ? IpAddrType.IPV4 : IpAddrType.IPV6)
.ipSegment(new Hashtable<>()) .ipSegment(new Hashtable<>())
.build(); .build();
// 添加到缓存 // 添加到缓存
@ -234,6 +290,153 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
} }
} }
@Override
public MulReturnType<ErrorCode, String> runDispose(String disposeObject, DisposeObjectType objectType,
DisposeCapacityType capType,
NetflowDirection nfDirection,
Integer attackType,
Long duration) {
ErrorCode err = ErrorCode.ERR_OK;
NtcRequestResultInfo ret;
try {
AtomicReference<String> protectionObject = new AtomicReference<>("");
log.debug("++++Begging DPTech Start Cleanup Task: {}", disposeObject);
if (capType != DisposeCapacityType.CLEANUP) {
log.error("----Error DPTech don't support dispose capacity type: {}", capType);
return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null);
}
String policyName = OBJ_PREFIX + "_" + disposeObject;
// 判断缓存中当前处置IP的旁路牵引策略是否存在 如果存在直接删除
if (dpBypassManager.getTractionStrategyName().containsKey(policyName)) {
ret = getCleanTypePort().delBypassManualTractionStrategyForUMC(policyName);
if (ret.getResultRetVal() != 0) {
log.error("----Error DPTech Delete Old Traction Strategy Error: {}, {}", policyName,
ret.getResultInfo().getValue());
return new MulReturnType<>(ErrorCode.ERR_CALLDEVICE, null);
}
}
// 判断缓存中是否存在该处置IP对应的防护对象
if (disposeObjectCache.containsKey(disposeObject)) {
protectionObject.set(disposeObjectCache.get(disposeObject));
} else {
// 从设备防护对象缓存中查找当前处置IP对应的防护对象名称
dpBypassManager.getProtectObject().values().forEach(k -> {
for (String v : k.getIpSegment().values()) {
if (Helper.ipInRange(v, disposeObject)) {
protectionObject.set(k.getProtectName());
// 将查找到的防护对象添加到缓存中
disposeObjectCache.put(disposeObject, k.getProtectName());
break;
}
}
});
}
// 校验当前处置对象对应的防护对象名称是否正确
if (protectionObject.get().length() == 0) {
log.error("----Error DPTech Task Not Found Protection Object: {}", disposeObject);
log.debug("!!!!DpTech UMC Protection Objects: {}", dpBypassManager.getProtectObject().values());
return new MulReturnType<>(ErrorCode.ERR_NOSUCHUMCPROTECTOBJECT, null);
}
log.debug("++++Begging DPTech Create Traction Strategy: {}, {}, {}", policyName,
protectionObject.get(), disposeObject);
// 创建旁路手动牵引策略
ret = getCleanTypePort().addBypassManualTractionStrategyForUMC(policyName, protectionObject.get(),
disposeObject);
if (ret.getResultRetVal() != 0) {
log.error("----Error DPTech Create Traction Strategy Error: {}, {}, {}, {}", policyName,
protectionObject.get(), disposeObject, ret.getResultInfo().getValue());
return new MulReturnType<>(ErrorCode.ERR_CALLDEVICE, null);
}
log.debug("----Finish DPTech Create Traction Strategy: {}, {}, {}", policyName,
protectionObject.get(), disposeObject);
// 启动旁路手动牵引策略
log.debug("DpTech startBypassManualTractionStrategyForUMC request: {}, {}", policyName, disposeObject);
ret = getCleanTypePort().startBypassManualTractionStrategyForUMC(policyName, "");
log.debug("DpTech startBypassManualTractionStrategyForUMC response: {}", ret);
if (ret.getResultRetVal() != 0) {
err = ErrorCode.ERR_CALLDEVICE;
log.error("----Error DPTech Start Cleanup Task: {}, {}, {}, {}", disposeObject, nfDirection,
CommonEnumHandler.codeOf(DpTechAttackType.class, attackType),
ret.getResultInfo().getValue());
} else {
log.debug("----Finish DPTech Start Cleanup Task: {}, {}, {}, {}", disposeObject, nfDirection,
CommonEnumHandler.codeOf(DpTechAttackType.class, attackType),
ret.getResultInfo().getValue());
}
} catch (Exception ex) {
err = ErrorCode.ERR_SYSTEMEXCEPTION;
log.error("----Exception DPTech Start Cleanup Task: {}, {}, {}", disposeObject, nfDirection,
CommonEnumHandler.codeOf(DpTechAttackType.class, attackType));
}
return new MulReturnType<>(err, null);
}
@Override
public MulReturnType<ErrorCode, Long> stopDispose(String disposeObject,
DisposeCapacityType capType,
NetflowDirection nfDirection,
Integer attackType,
String taskId) {
ErrorCode err = ErrorCode.ERR_OK;
try {
log.info("++++Begging DPTech Stop Cleanup Task: {}", disposeObject);
if (capType != DisposeCapacityType.CLEANUP) {
log.error("----Error DPTech don't support dispose capacity type: {}", capType);
return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null);
}
String policyName = OBJ_PREFIX + "_" + disposeObject;
if (!dpBypassManager.getTractionStrategyName().containsKey(policyName)) {
log.error("----Error DPTech Stop Cleanup Task, No Such Task: {}, {}", disposeObject, policyName);
return new MulReturnType<>(ErrorCode.ERR_TASKNOTRUNNING, null);
}
log.debug("DpTech stopBypassManualTractionStrategyForUMC request: {}", disposeObject);
NtcRequestResultInfo ret = getCleanTypePort().stopBypassManualTractionStrategyForUMC(policyName, "");
log.debug("DpTech stopBypassManualTractionStrategyForUMC response: {}", ret);
if (ret.getResultRetVal() != 0) {
err = ErrorCode.ERR_CALLDEVICE;
log.error("----Error DPTech Stop Cleanup Task: {}, {}", disposeObject, ret.getResultInfo().getValue());
return new MulReturnType<>(err, null);
}
// 删除不再使用的手动旁路牵引策略
log.debug("DpTech delBypassManualTractionStrategyForUMC request: {}", policyName);
ret = getCleanTypePort().delBypassManualTractionStrategyForUMC(policyName);
log.debug("DpTech delBypassManualTractionStrategyForUMC response: {}", ret);
if (ret.getResultRetVal() != 0) {
log.error("----Error DPTech Remove Traction Strategy: {}, {}", policyName,
ret.getResultInfo().getValue());
}
log.info("----Finish DPTech Stop Cleanup Task Succeed: {}", disposeObject);
} catch (Exception ex) {
err = ErrorCode.ERR_SYSTEMEXCEPTION;
log.error("----Exception DPTech Stop Cleanup Task: {}, {}", disposeObject, ex.getMessage());
}
return new MulReturnType<>(err, null);
}
/** /**
* Period task runtime. * Period task runtime.
*/ */
@ -246,6 +449,9 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
// 更新防护对象与目标关联关系 // 更新防护对象与目标关联关系
getProtectionStrategyTemplate(); getProtectionStrategyTemplate();
} }
// 清理旁路手动牵引策略
upgradeTractionStrategy();
} }
} }

15
src/main/java/com/dispose/common/ErrorCode.java
View File

@ -165,7 +165,7 @@ public enum ErrorCode {
*/ */
ERR_UNTRUSTTOKEN(38, "未经授权的Token"), ERR_UNTRUSTTOKEN(38, "未经授权的Token"),
/** /**
* Err unknowninterface error code. * The Err unknowninterface.
*/ */
ERR_UNKNOWNINTERFACE(39, "未提供该接口"), ERR_UNKNOWNINTERFACE(39, "未提供该接口"),
/** /**
@ -217,19 +217,19 @@ public enum ErrorCode {
*/ */
ERR_DECRYPT_AES256(111, "AES256解密失败"), ERR_DECRYPT_AES256(111, "AES256解密失败"),
/** /**
* The Err no device by areaCode. * The Err nodevice areacode.
*/ */
ERR_NODEVICE_AREACODE(112, "区域无该设备"), ERR_NODEVICE_AREACODE(112, "区域无该设备"),
/** /**
* The Err specified IP already exists. * The Err specifiedip exists.
*/ */
ERR_SPECIFIEDIP_EXISTS(113, "指定的IP已经存在"), ERR_SPECIFIEDIP_EXISTS(113, "指定的IP已经存在"),
/** /**
* The Err specified IP does not exists. * The Err specifiedip notexists.
*/ */
ERR_SPECIFIEDIP_NOTEXISTS(114, "指定的IP地址不存在"), ERR_SPECIFIEDIP_NOTEXISTS(114, "指定的IP地址不存在"),
/** /**
* The Err server processing request. * The Err server processreq.
*/ */
ERR_SERVER_PROCESSREQ(115, "服务器处理请求错误"), ERR_SERVER_PROCESSREQ(115, "服务器处理请求错误"),
/** /**
@ -240,6 +240,11 @@ public enum ErrorCode {
* The Err pengxin error. * The Err pengxin error.
*/ */
ERR_PENGXIN_ERROR(117, "鹏信设备返回错误"), ERR_PENGXIN_ERROR(117, "鹏信设备返回错误"),
/**
* The Err nosuchumcprotectobject.
*/
ERR_NOSUCHUMCPROTECTOBJECT(200, "没有找到UMC防护对象"),
; ;
/** /**