From 731aec0ab54ecbfae6b76c82ea83e208dde1e283 Mon Sep 17 00:00:00 2001 From: FedeParola Date: Sun, 27 Sep 2020 11:29:09 +0200 Subject: [PATCH] ddosmitigator: handle insertion of already present address When an adress is already present no operation is performed. Formerly the address was erroneously removed from the ebpf table. --- .../pcn-ddosmitigator/src/Ddosmitigator.cpp | 86 ++++++++++--------- 1 file changed, 45 insertions(+), 41 deletions(-) diff --git a/src/services/pcn-ddosmitigator/src/Ddosmitigator.cpp b/src/services/pcn-ddosmitigator/src/Ddosmitigator.cpp index a3f019a37..3399725c0 100644 --- a/src/services/pcn-ddosmitigator/src/Ddosmitigator.cpp +++ b/src/services/pcn-ddosmitigator/src/Ddosmitigator.cpp @@ -176,30 +176,32 @@ Ddosmitigator::getBlacklistSrcList() { void Ddosmitigator::addBlacklistSrc(const std::string &ip, const BlacklistSrcJsonObject &conf) { - logger()->debug("BlacklistSrc create"); - - try { - logger()->debug("blacklist size {0} ", blacklistsrc_.size()); - // TODO check if src ip rules are already present - // and reinject datapath with srcblacklist ps - - if (blacklistsrc_.size() >= 0) { - setSrcMatch(true); - reloadCode(); + if (blacklistsrc_.count(ip) == 0) { + logger()->debug("BlacklistSrc create"); + + try { + logger()->debug("blacklist size {0} ", blacklistsrc_.size()); + // TODO check if src ip rules are already present + // and reinject datapath with srcblacklist ps + + if (blacklistsrc_.size() >= 0) { + setSrcMatch(true); + reloadCode(); + } + + auto srcblacklist = + get_percpuhash_table("srcblacklist"); + srcblacklist.set(utils::ip_string_to_nbo_uint(ip), 0); + } catch (...) { + throw std::runtime_error("unable to add element to map"); } - auto srcblacklist = - get_percpuhash_table("srcblacklist"); - srcblacklist.set(utils::ip_string_to_nbo_uint(ip), 0); - } catch (...) { - throw std::runtime_error("unable to add element to map"); - } + BlacklistSrcJsonObject configuration; + configuration.setIp(ip); - BlacklistSrcJsonObject configuration; - configuration.setIp(ip); - - blacklistsrc_.emplace(std::piecewise_construct, std::forward_as_tuple(ip), - std::forward_as_tuple(*this, configuration)); + blacklistsrc_.emplace(std::piecewise_construct, std::forward_as_tuple(ip), + std::forward_as_tuple(*this, configuration)); + } } void Ddosmitigator::addBlacklistSrcList( @@ -264,29 +266,31 @@ Ddosmitigator::getBlacklistDstList() { void Ddosmitigator::addBlacklistDst(const std::string &ip, const BlacklistDstJsonObject &conf) { - logger()->debug("BlacklistDst create"); - - try { - // TODO check if dst ip rules are already present - // and reinject datapath with dstblacklist ps - - if (blacklistdst_.size() >= 0) { - setDstMatch(true); - reloadCode(); + if (blacklistdst_.count(ip) == 0) { + logger()->debug("BlacklistDst create"); + + try { + // TODO check if dst ip rules are already present + // and reinject datapath with dstblacklist ps + + if (blacklistdst_.size() >= 0) { + setDstMatch(true); + reloadCode(); + } + + auto dstblacklist = + get_percpuhash_table("dstblacklist"); + dstblacklist.set(utils::ip_string_to_nbo_uint(ip), 0); + } catch (...) { + throw std::runtime_error("unable to add element to map"); } - auto dstblacklist = - get_percpuhash_table("dstblacklist"); - dstblacklist.set(utils::ip_string_to_nbo_uint(ip), 0); - } catch (...) { - throw std::runtime_error("unable to add element to map"); - } + BlacklistDstJsonObject configuration; + configuration.setIp(ip); - BlacklistDstJsonObject configuration; - configuration.setIp(ip); - - blacklistdst_.emplace(std::piecewise_construct, std::forward_as_tuple(ip), - std::forward_as_tuple(*this, configuration)); + blacklistdst_.emplace(std::piecewise_construct, std::forward_as_tuple(ip), + std::forward_as_tuple(*this, configuration)); + } } void Ddosmitigator::addBlacklistDstList(