treating the direct neighbor as hijacker upon policy violation

FORTH-ICS-INSPIRE · Feb 24, 2019 · a1a2539 · a1a2539
1 parent e1cdb07
commit a1a2539
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/backend/core/detection.py b/backend/core/detection.py
@@ -564,7 +564,7 @@ def __hijack_pol_checker_gen(self, path_len: int) -> Callable:
             """
             Generator that returns policy dimension detection functions.
             """
-            if path_len > 2:
+            if path_len > 3:
                 yield self.detect_pol_leak_hijack
             yield self.detect_pol_other_hijack
 
@@ -671,7 +671,7 @@ def detect_pol_leak_hijack(
             """
             for item in prefix_node.data["confs"]:
                 if "no-export" in item["policies"]:
-                    return (monitor_event["path"][-3], "L")
+                    return (monitor_event["path"][-2], "L")
             return (-1, "-")
 
         @exception_handler(log)
@@ -714,6 +714,8 @@ def commit_hijack(
                 hijack_value["asns_inf"] = set(
                     monitor_event["path"][: -(int(hij_dimensions[1]) + 1)]
                 )
+            elif hij_dimensions[3] == "L":
+                hijack_value["asns_inf"] = set(monitor_event["path"][:-2])
             # assume the worst-case scenario of a type-2 hijack
             elif len(monitor_event["path"]) > 2:
                 hijack_value["asns_inf"] = set(monitor_event["path"][:-3])

diff --git a/backend/testing/testfiles/simple_exact_no_export_violation.json b/backend/testing/testfiles/simple_exact_no_export_violation.json
@@ -20,7 +20,7 @@
         },
         "detection_hijack_response": {
             "prefix": "10.0.5.0/24",
-            "hijack_as": 2,
+            "hijack_as": 1,
             "type": "E|-|-|L",
             "time_started": 1.0,
             "configured_prefix": "10.0.5.0/24"
@@ -29,10 +29,10 @@
             "type": "E|-|-|L",
             "active": true,
             "prefix": "10.0.5.0/24",
-            "asns_inf": [3, 4],
-            "hijack_as": 2,
+            "asns_inf": [2, 3, 4],
+            "hijack_as": 1,
             "peers_seen": [4],
-            "num_asns_inf": 2,
+            "num_asns_inf": 3,
             "num_peers_seen": 1,
             "configured_prefix": "10.0.5.0/24"
         }