File: drop_host_pool_utils.lua

package info (click to toggle)
ntopng 5.2.1%2Bdfsg1-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 121,832 kB
  • sloc: javascript: 143,431; cpp: 71,175; ansic: 11,108; sh: 4,687; makefile: 911; python: 587; sql: 512; pascal: 234; perl: 118; ruby: 52; exp: 4
file content (147 lines) | stat: -rw-r--r-- 4,495 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
 
--
-- (C) 2017-22 - ntop.org
--

local dirs = ntop.getDirs()
package.path = dirs.installdir .. "/scripts/lua/modules/pools/?.lua;" .. package.path

local pools = require "pools"
local host_pools = require "host_pools"
local checks = require "checks"

-- Retrieve the info from the pool
local pool_info = ntop.getDropPoolInfo()

local is_ids_ips_log_enabled = checks.isSystemScriptEnabled("ids_ips_log")

local drop_host_pool_utils = {}

-- A couple of queues keeping events
drop_host_pool_utils.ids_ips_jail_add_key = "ntopng.cache.ids_ips_jail_add"
drop_host_pool_utils.ids_ips_jail_remove_key = "ntopng.cache.ids_ips_jail_remove"

drop_host_pool_utils.max_ids_ips_log_queue_len = 1024

-- ############################################

local DROP_HOST_POOL_HOST_IN_JAIL = "ntopng.cache.jail.time.%s" -- Sync with ntop_defines.h DROP_HOST_POOL_PRE_JAIL_POOL
local DROP_HOST_POOL_PRE_JAIL_POOL = "ntopng.prefs.jail.pre_jail_pool.%s" -- Sync with ntop_defines.h DROP_HOST_POOL_PRE_JAIL_POOL

-- ############################################

function drop_host_pool_utils.check_pre_banned_hosts_to_add()
   local queue_name = "ntopng.cache.tmp_add_host_list"
   local changed = false
   local host_pool, jailed_pool

   local num_pending = ntop.llenCache(queue_name)

   while num_pending > 0 do
      local elem = ntop.lpopCache(queue_name)

      if not host_pool then
	 -- Lazily initialize the jailed pool
	 host_pool = host_pools:create()
	 jailed_pool = host_pool:get_pool_by_name(host_pools.DROP_HOST_POOL_NAME)

	 if not jailed_pool then
	    -- Jailed pool cannot be found, unable to continue
	    return
	 end
      end

      -- Add elem to the jailed host pool
      local res, err = host_pool:bind_member(elem, jailed_pool.pool_id)

      if is_ids_ips_log_enabled then
	 ntop.rpushCache(drop_host_pool_utils.ids_ips_jail_add_key, elem, drop_host_pool_utils.max_ids_ips_log_queue_len)
      end

      if not changed then
	 changed = true
      end

      num_pending = num_pending - 1
   end

   -- Read rules from configured pools and policies
   -- and push rules to the nProbe listeners
   if(changed) then
      if ntop.isPro() then
	 package.path = dirs.installdir .. "/pro/scripts/lua/modules/?.lua;" .. package.path
	 local policy_utils = require "policy_utils"

	 local rsp = policy_utils.get_ips_rules()
	 if(rsp ~= nil) then
	    ntop.broadcastIPSMessage(rsp)
	 end
      end
   end
end

-- ############################################

-- This function checks if the are banned hosts that need to be unbanned

function drop_host_pool_utils.check_periodic_hosts_list()
   local changed = false

   -- Get the jailed pool
   local host_pool = host_pools:create()
   local jailed_pool = host_pool:get_pool_by_name(host_pools.DROP_HOST_POOL_NAME)

   if not jailed_pool then
      return
   end

   for _, member in pairs(jailed_pool.members) do
      -- Check if the DROP_HOST_POOL_HOST_IN_JAIL no longer exists
      local still_jailed_key = string.format(DROP_HOST_POOL_HOST_IN_JAIL, member)
      local still_jailed = ntop.getCache(still_jailed_key)

      -- If the key is nil, it means the TTL has expired and it is time to remove the host from the jail
      if isEmptyString(still_jailed) then
	 -- Check if there's a key indicating the host pool before the jail
	 local pre_jail_pool_key = string.format(DROP_HOST_POOL_PRE_JAIL_POOL, member)
	 local pre_jail_pool = ntop.getCache(pre_jail_pool_key)

	 local ret = false
	 if not isEmptyString(pre_jail_pool) then
	    -- Bind to the old pool. If bind is successful, i.e., pool still exists,
	    -- then ret becomes true.
	    ret = host_pool:bind_member(member, pre_jail_pool)
	 end

	 if not ret then
	    -- Bind to the default pool
	    ret = host_pool:bind_member(member, pools.DEFAULT_POOL_ID)
	 end

	 if ret then
	    if is_ids_ips_log_enabled then
	       ntop.rpushCache(drop_host_pool_utils.ids_ips_jail_remove_key, value, drop_host_pool_utils.max_ids_ips_log_queue_len)
	    end

	    changed = true
	 end
      end
   end

   -- Read rules from configured pools and policies
   -- and push rules to the nProbe listeners
   if(changed) then
      if ntop.isPro() then
	 package.path = dirs.installdir .. "/pro/scripts/lua/modules/?.lua;" .. package.path
	 local policy_utils = require "policy_utils"

	 local rsp = policy_utils.get_ips_rules()
	 if(rsp ~= nil) then
	    ntop.broadcastIPSMessage(rsp)
	 end
      end
   end
end

-- ############################################

return drop_host_pool_utils