#!/bin/bash
set -eu
echo "$0 $@ [$$] START" >&2
if [ "${1:-}" = "--help" ]; then
	echo 'Info: Отлов ddos'
	echo 'Usage:'
	echo 'Example:'
	exit 0
fi

. /opt/fox_node/__node_config
if [ "${NODE_CATEGORY:-}" = demo ] || [ "${NODE_CATEGORY:-}" = parking ]; then
	date "+%Y-%m-%d %H:%M:%S"

	tail -n 1000000 /var/log/messages | grep 'LIMIT_SRC_DROP:' \
		| grep -o 'SRC=[0-9.]*' \
		| grep -o '[0-9.]*' \
		| grep '^10\.' | sort | uniq -c > /tmp/stop_ddos_src.$$
	while read -r count ip; do
		if [ "$count" -ge 15 ]; then
			set -o pipefail
			vm="$(vm list </dev/null 2>/dev/null \
				| grep -E "\s$ip\s" | grep running | grep 'vps[0-9]*')" || true
			vm="$(echo "$vm" | cut -d' ' -f 2)" || true
			set +o pipefail
			[ -z "$vm" ] && continue
			echo "BLOCK $ip $vm COUNT LIMIT $count"

			txt="Обнаружен ddos-ер! $ip $vm Кол-во сработок: $count"
			txt="${txt} Нужно обработать лида в crm! VPS остановлена! vm: $vm"
			/opt/fox_utils/fox_alarm "$txt"

			vm stop "$vm" </dev/null
		fi
	done < /tmp/stop_ddos_src.$$
	rm -f /tmp/stop_ddos_src.$$

	tail -n 1000000 /var/log/messages | grep 'LIMIT_DST_DROP:' \
		| grep -o 'SRC=[0-9.]*' \
		| grep -o '[0-9.]*' \
		| grep '^10\.' | sort | uniq -c > /tmp/stop_ddos_dst.$$
	while read -r count ip; do
		if [ "$count" -ge 30 ]; then
			set -o pipefail
			vm="$(vm list </dev/null 2>/dev/null \
				| grep -E "\s$ip\s" | grep running | grep 'vps[0-9]*')" || true
			vm="$(echo "$vm" | cut -d' ' -f 2)" || true
			set +o pipefail
			[ -z "$vm" ] && continue
			echo "BLOCK $ip $vm COUNT LIMIT $count"

			txt="Обнаружен ddos-ер! $ip $vm Кол-во сработок: $count"
			txt="${txt} Нужно обработать лида в crm! VPS остановлена! vm: $vm"
			/opt/fox_utils/fox_alarm "$txt"

			vm stop "$vm" </dev/null
		fi
	done < /tmp/stop_ddos_dst.$$
	rm -f /tmp/stop_ddos_dst.$$
fi

echo "$0 $@ [$$] SUCCESS" >&2
exit 0