vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-04-29 15:39:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixes jailed hosts addition concurrency issues

Browse source
This commit is contained in:
Simone Mainardi 2021-10-08 16:51:31 +02:00
parent 3f2815e89b
commit 80c38ee6fc
1 changed files with 54 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

108
scripts/lua/modules/pools/drop_host_pool_utils.lua
View file

@ -29,34 +29,34 @@ function drop_host_pool_utils.check_pre_banned_hosts_to_add()
local changed = false
local host_pool, jailed_pool
while(true) do
local num_pending = ntop.llenCache(queue_name)
while num_pending > 0 do
local elem = ntop.lpopCache(queue_name)
if not elem then
break
else
if not host_pool then
-- Lazily initialize the jailed pool
host_pool = host_pools:create()
jailed_pool = host_pool:get_pool_by_name(pools.DROP_HOST_POOL_NAME)
if not host_pool then
-- Lazily initialize the jailed pool
host_pool = host_pools:create()
jailed_pool = host_pool:get_pool_by_name(pools.DROP_HOST_POOL_NAME)
if not jailed_pool then
-- Jailed pool cannot be found, unable to continue
return
end
end
-- Add elem to the jailed host pool
local res, err = host_pool:bind_member(elem, jailed_pool.pool_id)
if is_ids_ips_log_enabled then
ntop.rpushCache(drop_host_pool_utils.ids_ips_jail_add_key, elem, drop_host_pool_utils.max_ids_ips_log_queue_len)
end
if not changed then
changed = true
if not jailed_pool then
-- Jailed pool cannot be found, unable to continue
return
end
end
-- Add elem to the jailed host pool
local res, err = host_pool:bind_member(elem, jailed_pool.pool_id)
if is_ids_ips_log_enabled then
ntop.rpushCache(drop_host_pool_utils.ids_ips_jail_add_key, elem, drop_host_pool_utils.max_ids_ips_log_queue_len)
end
if not changed then
changed = true
end
num_pending = num_pending - 1
end
-- Read rules from configured pools and policies
@ -94,40 +94,40 @@ function drop_host_pool_utils.check_periodic_hosts_list()
if not jailed_pool then
return
end
-- Check the hosts inside the list
while list_len > 0 do
local data = ntop.lpopCache(pool_info.list_key)
local curr_time = os.time()
local host
local time
host, time = data:match("(%w+)_(%w+)")
-- The host needs to be unbanned
if curr_time >= tonumber(time) + pool_info.expiration_time then
for i, value in pairs(jailed_pool.members) do
-- Member found, remove it
if string.find(value, host) then
host_pool:bind_member(value, 0)
if is_ids_ips_log_enabled then
ntop.rpushCache(drop_host_pool_utils.ids_ips_jail_remove_key, value, drop_host_pool_utils.max_ids_ips_log_queue_len)
end
local host
local time
changed = true
goto continue_check
host, time = data:match("(%w+)_(%w+)")
-- The host needs to be unbanned
if curr_time >= tonumber(time) + pool_info.expiration_time then
for i, value in pairs(jailed_pool.members) do
-- Member found, remove it
if string.find(value, host) then
host_pool:bind_member(value, 0)
if is_ids_ips_log_enabled then
ntop.rpushCache(drop_host_pool_utils.ids_ips_jail_remove_key, value, drop_host_pool_utils.max_ids_ips_log_queue_len)
end
end
else
-- The host needs to be added again at the start of the list (ordered by time)
ntop.lpushCache(pool_info.list_key, data)
goto policy_changed
end
::continue_check::
list_len = list_len - 1
end
changed = true
goto continue_check
end
end
else
-- The host needs to be added again at the start of the list (ordered by time)
ntop.lpushCache(pool_info.list_key, data)
goto policy_changed
end
::continue_check::
list_len = list_len - 1
end
::policy_changed::
-- Read rules from configured pools and policies
@ -136,14 +136,14 @@ function drop_host_pool_utils.check_periodic_hosts_list()
if ntop.isPro() then
package.path = dirs.installdir .. "/pro/scripts/lua/modules/?.lua;" .. package.path
local policy_utils = require "policy_utils"
local rsp = policy_utils.get_ips_rules()
if(rsp ~= nil) then
ntop.broadcastIPSMessage(rsp)
ntop.broadcastIPSMessage(rsp)
end
end
end
end
end
-- ############################################