mirror/nttgin-BGPalerter
1
0
Fork 0
mirror of https://github.com/nttgin/BGPalerter.git synced 2024-05-19 06:50:08 +00:00
Code Issues Releases Wiki Activity

prevent triggering ris flooding protections

Browse Source
This commit is contained in:
Massimo Candela
2024-02-06 10:12:17 +01:00
parent 8f7d6d1ba9
commit fc6d8f6945
1 changed files with 55 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
src/connectors/connectorRIS.js
View File

@@ -35,6 +35,7 @@ import Connector from "./connector";
import { AS, Path } from "../model"; import { AS, Path } from "../model";
import brembo from "brembo"; import brembo from "brembo";
import ipUtils from "ip-sub"; import ipUtils from "ip-sub";
import batchPromises from 'batch-promises';
const beacons = { const beacons = {
v4: ["84.205.64.0/24", "84.205.65.0/24", "84.205.67.0/24", "84.205.68.0/24", "84.205.69.0/24", v4: ["84.205.64.0/24", "84.205.65.0/24", "84.205.67.0/24", "84.205.68.0/24", "84.205.69.0/24",
@@ -71,6 +72,7 @@ export default class ConnectorRIS extends Connector {
this.canaryBeacons = {}; this.canaryBeacons = {};
this.clientId = env.clientId; this.clientId = env.clientId;
this.instanceId = env.instanceId; this.instanceId = env.instanceId;
this.risSubscriptionDelay = 200;
this.url = brembo.build(this.params.url, { this.url = brembo.build(this.params.url, {
params: { params: {
@@ -193,9 +195,18 @@ export default class ConnectorRIS extends Connector {
}; };
_subscribeToPrefixes = (input) => { _subscribeToPrefixes = (input) => {
const monitoredPrefixes = input.getMonitoredLessSpecifics(); let monitoredPrefixes = input.getMonitoredLessSpecifics();
const risLimitPrefixes = 10000;
const params = JSON.parse(JSON.stringify(this.params.subscription)); const params = JSON.parse(JSON.stringify(this.params.subscription));
if (monitoredPrefixes.length > risLimitPrefixes) {
this.logger.log({
level: 'error',
message: "Prefix list of abnormal length, truncated to 10000 to prevent RIS overload"
});
monitoredPrefixes = monitoredPrefixes.slice(0, risLimitPrefixes);
}
if (monitoredPrefixes.filter(i => (ipUtils.isEqualPrefix(i.prefix, '0:0:0:0:0:0:0:0/0') || ipUtils.isEqualPrefix(i.prefix,'0.0.0.0/0'))).length === 2) { if (monitoredPrefixes.filter(i => (ipUtils.isEqualPrefix(i.prefix, '0:0:0:0:0:0:0:0/0') || ipUtils.isEqualPrefix(i.prefix,'0.0.0.0/0'))).length === 2) {
delete params.prefix; delete params.prefix;
@@ -214,33 +225,47 @@ export default class ConnectorRIS extends Connector {
} else { } else {
return Promise.all(monitoredPrefixes.map(p => { return batchPromises(1, monitoredPrefixes, p => {
if (!this.subscribed[p.prefix]) { return new Promise((resolve, reject) => {
console.log("Monitoring", p.prefix); if (!this.subscribed[p.prefix]) {
this.subscribed[p.prefix] = true; console.log("Monitoring", p.prefix);
} this.subscribed[p.prefix] = true;
}
params.prefix = p.prefix; params.prefix = p.prefix;
filteredBeacons = filteredBeacons.filter(prefix => { filteredBeacons = filteredBeacons.filter(prefix => {
return !ipUtils.isEqualPrefix(p.prefix, prefix) && !ipUtils.isSubnet(p.prefix, prefix); return !ipUtils.isEqualPrefix(p.prefix, prefix) && !ipUtils.isSubnet(p.prefix, prefix);
});
this.ws.send(JSON.stringify({
type: "ris_subscribe",
data: params
}));
setTimeout(() => resolve(true), this.risSubscriptionDelay); // Slow down subscriptions to avoid RIS drop/ban
}); });
});
return this.ws.send(JSON.stringify({
type: "ris_subscribe",
data: params
}));
}));
} }
}; };
_subscribeToASns = (input) => { _subscribeToASns = (input) => {
const monitoredASns = input.getMonitoredASns(); let monitoredASns = input.getMonitoredASns();
const risLimitAses = 10;
const params = JSON.parse(JSON.stringify(this.params.subscription)); const params = JSON.parse(JSON.stringify(this.params.subscription));
return Promise.all(monitoredASns if (monitoredASns.length > risLimitAses) {
.map(asn => { this.logger.log({
level: 'error',
message: "AS list of abnormal length, truncated to 10 to prevent RIS overload"
});
monitoredASns = monitoredASns.slice(0, risLimitAses);
}
return batchPromises(1, monitoredASns, asn => {
return new Promise((resolve, reject) => {
const asnString = asn.asn.getValue(); const asnString = asn.asn.getValue();
if (!this.subscribed[asnString]) { if (!this.subscribed[asnString]) {
@@ -250,20 +275,23 @@ export default class ConnectorRIS extends Connector {
params.path = `${asnString}\$`; params.path = `${asnString}\$`;
return this.ws.send(JSON.stringify({ this.ws.send(JSON.stringify({
type: "ris_subscribe", type: "ris_subscribe",
data: params data: params
})); }));
}));
setTimeout(() => resolve(true), this.risSubscriptionDelay); // Slow down subscriptions to avoid RIS drop/ban
});
});
}; };
_startCanary = () => { _startCanary = () => {
if (this.connected) { if (this.connected) {
Promise.all(selectedBeacons return batchPromises(1, selectedBeacons, prefix => {
.map(prefix => { return new Promise((resolve, reject) => {
this.canaryBeacons[prefix] = true; this.canaryBeacons[prefix] = true;
return this.ws.send(JSON.stringify({ this.ws.send(JSON.stringify({
type: "ris_subscribe", type: "ris_subscribe",
data: { data: {
moreSpecific: false, moreSpecific: false,
@@ -276,7 +304,10 @@ export default class ConnectorRIS extends Connector {
} }
} }
})); }));
}))
setTimeout(() => resolve(true), this.risSubscriptionDelay); // Slow down subscriptions to avoid RIS drop/ban
});
})
.then(() => { .then(() => {
this._checkCanary(); this._checkCanary();
this.logger.log({ this.logger.log({