mirror of
https://github.com/ntop/ntopng.git
synced 2026-04-29 07:29:32 +00:00
129 lines
3.5 KiB
Lua
129 lines
3.5 KiB
Lua
--
|
|
-- (C) 2017-21 - ntop.org
|
|
--
|
|
|
|
local dirs = ntop.getDirs()
|
|
package.path = dirs.installdir .. "/scripts/lua/modules/pools/?.lua;" .. package.path
|
|
|
|
local pools = require "pools"
|
|
local host_pools = require "host_pools"
|
|
|
|
-- Retrieve the info from the pool
|
|
local pool_info = ntop.getDropPoolInfo()
|
|
|
|
local drop_host_pool_utils = {}
|
|
local drop_host_pool_id
|
|
|
|
-- ############################################
|
|
|
|
function drop_host_pool_utils.check_pre_banned_hosts_to_add()
|
|
local queue_name = "ntopng.cache.tmp_add_host_list"
|
|
local host_pool = nil
|
|
local changed = false
|
|
|
|
while(true) do
|
|
local elem = ntop.lpopCache(queue_name)
|
|
|
|
if(elem == nil) then
|
|
break
|
|
else
|
|
if(host_pool == nil) then host_pool = host_pools:create() end
|
|
-- io.write("Adding "..elem.." to pool ["..pools.DROP_HOST_POOL_NAME.."]\n")
|
|
host_pool:add_to_pool(pools.DROP_HOST_POOL_NAME, { elem }, { 0 } )
|
|
changed = true
|
|
end
|
|
end
|
|
|
|
-- Read rules from configured pools and policies
|
|
-- and push rules to the nProbe listeners
|
|
if(changed) then
|
|
if ntop.isPro() then
|
|
package.path = dirs.installdir .. "/pro/scripts/lua/modules/?.lua;" .. package.path
|
|
local policy_utils = require "policy_utils"
|
|
|
|
local rsp = policy_utils.get_ips_rules()
|
|
if(rsp ~= nil) then
|
|
ntop.broadcastIPSMessage(rsp)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
-- ############################################
|
|
|
|
-- This function checks if the are banned hosts that need ti be unbanned
|
|
|
|
function drop_host_pool_utils.check_periodic_hosts_list()
|
|
-- Check the list length
|
|
local list_len = ntop.llenCache(pool_info.list_key)
|
|
local changed = false
|
|
|
|
if list_len == 0 then
|
|
return
|
|
end
|
|
|
|
-- Retrieve the pool
|
|
local blocked_hosts_pool_id = -2
|
|
-- Get the pool name
|
|
local blocked_hosts_pool_name = pools.DROP_HOST_POOL_NAME
|
|
local blocked_hosts_pool_members = {}
|
|
|
|
-- Check the existance of the pool
|
|
for _, value in pairs(all_pools) do
|
|
if value["name"] == blocked_hosts_pool_name then
|
|
blocked_hosts_pool_id = value["id"]
|
|
blocked_hosts_pool_members = value.members
|
|
goto continue
|
|
end
|
|
end
|
|
|
|
::continue::
|
|
|
|
-- Check the hosts inside the list
|
|
while list_len > 0 do
|
|
local data = ntop.lpopCache(pool_info.list_key)
|
|
local curr_time = os.time()
|
|
local host
|
|
local time
|
|
|
|
host, time = data:match("(%w+)_(%w+)")
|
|
|
|
-- The host needs to be unbanned
|
|
if curr_time >= tonumber(time) + pool_info.expiration_time then
|
|
for i, value in pairs(blocked_hosts_pool_members) do
|
|
-- Member found, remove it
|
|
if string.find(value, host) then
|
|
host_pool:bind_member(value, 0)
|
|
changed = true
|
|
goto continue_check
|
|
end
|
|
end
|
|
else
|
|
-- The host needs to be added again at the start of the list (ordered by time)
|
|
ntop.lpushCache(pool_info.list_key, data)
|
|
goto policy_changed
|
|
end
|
|
|
|
::continue_check::
|
|
list_len = list_len - 1
|
|
end
|
|
|
|
::policy_changed::
|
|
-- Read rules from configured pools and policies
|
|
-- and push rules to the nProbe listeners
|
|
if(changed) then
|
|
if ntop.isPro() then
|
|
package.path = dirs.installdir .. "/pro/scripts/lua/modules/?.lua;" .. package.path
|
|
local policy_utils = require "policy_utils"
|
|
|
|
local rsp = policy_utils.get_ips_rules()
|
|
if(rsp ~= nil) then
|
|
ntop.broadcastIPSMessage(rsp)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
-- ############################################
|
|
|
|
return drop_host_pool_utils
|