def prepare_environment(hsrp_packet):
netmask = utility.get_interface_netmask(user_var.interface)
print('Preparing environment - Adding sub interface 99 to {}'.format(user_var.interface))
subprocess.Popen(['ifconfig {}:99 {} netmask {} up'.format(user_var.interface,hsrp_packet.virtual_ip, netmask)], stdout=subprocess.PIPE,
shell=True)
if not hsrp_config.ipv4_forward_enabled:
print('Preparing environment - Enabling IP forwarding')
subprocess.Popen(['sysctl -w net.ipv4.ip_forward=1'], stdout=subprocess.PIPE, shell=True)
if not utility.get_default_gateway() == hsrp_packet.virtual_ip:
# Our gateway isn't the same and results may not be the same.
print('Found that the default gateway set is not the same as the virtual IP in the HSRP configuration')
hsrp_config.set_default_gateway(utility.get_default_gateway())
else:
hsrp_config.set_default_gateway(hsrp_packet.virtual_ip)
# FIXME gateways without a netmask of 0? See if we can extract full info? Right now hard coded
print('Preparing environment - Changing the default gateway from {} to {}'.format(utility.get_default_gateway(), hsrp_packet.source_ip))
utility.edit_specific_route('0.0.0.0', utility.get_default_gateway(), '0.0.0.0', 'del')
utility.edit_specific_route('0.0.0.0', hsrp_packet.source_ip, '0.0.0.0', 'add')
# We need to source NAT it in some way
print('Preparing environment - Adding iptable rule to do source NAT on interface {}'.format(user_var.interface))
utility.iptablesSNAT('insert', user_var)
def clean_up():
# FIXME look into cleaning up the other interface
# FIXME look into this one
subprocess.Popen(['sudo ip -s -s neigh flush all'],
stdout=subprocess.PIPE,
shell=True)
if not hsrp_config.ipv4_forward_enabled:
print('Cleaning up environment - Disabling IP forwarding')
subprocess.Popen(['sysctl net.ipv4.ip_forward=0'],
stdout=subprocess.PIPE,
shell=True)
# Revert gateway changes
print('Cleaning up environment - Changing the default gateway back to {}'.
format(hsrp_config.default_gateway))
utility.edit_specific_route('0.0.0.0', utility.get_default_gateway(),
'0.0.0.0', 'del')
utility.edit_specific_route('0.0.0.0', hsrp_config.default_gateway,
'0.0.0.0', 'add')
print(
'Cleaning up environment - Removing iptable rule to do source NAT on interface {}'
.format(user_var.interface))
utility.iptablesSNAT('remove', user_var)
print('Cleaning up environment - Removing created interface')
subprocess.Popen(['ifconfig {}:99 down'.format(user_var.interface)],
stdout=subprocess.PIPE,
shell=True)
def build_configurations(packet):
eigrpd_config = ''
eigrpd_config += '!\n'
eigrpd_config += 'router eigrp {}\n'.format(str(packet.asn))
eigrpd_config += ' network {}/32\n'.format(
utility.get_ip_address_from_interface(user_var.interface))
staticd_config = ''
pbrd_config = ''
if user_var.inject or user_var.redirect:
count = 0
eigrpd_config += ' redistribute static\n'
staticd_config += '!\n'
pbrd_config += '!\n'
pbrd_config += 'interface {}\n'.format(user_var.interface)
pbrd_config += ' pbr-policy PBRMAP\n'
for ip in user_var.ipaddress:
staticd_config += 'ip route {} Null0\n'.format(ip)
count += 1
pbrd_config += '!\n'
pbrd_config += 'pbr-map PBRMAP seq {}\n'.format(count)
pbrd_config += ' match dst-ip {}\n'.format(ip)
pbrd_config += ' set nexthop {}\n'.format(
utility.get_default_gateway())
for ip in user_var.redirectaddresses:
staticd_config += 'ip route {} Null0\n'.format(ip)
count += 1
pbrd_config += '!\n'
pbrd_config += 'pbr-map PBRMAP seq {}\n'.format(count)
pbrd_config += ' match dst-ip {}\n'.format(ip)
pbrd_config += ' set nexthop {}\n'.format(
utility.get_default_gateway())
eigrpd_config += '!\n'
staticd_config += '!\n'
pbrd_config += '!\n'
return eigrpd_config, staticd_config, pbrd_config
def build_configurations(packet):
ospfd_config = '!\n'
ospfd_config += 'interface {}\n'.format(user_var.interface)
ospfd_config += ' ip ospf hello-interval {}\n'.format(packet.hello_interval)
ospfd_config += ' ip ospf dead-interval {}\n'.format(packet.dead_interval)
if user_var.password:
ospfd_config += ' ip ospf authentication message-digest\n'
ospfd_config += ' ip ospf message-digest-key 1 md5 {}\n'.format(user_var.password)
elif packet.authtype == 1:
ospfd_config += ' ip ospf authentication-key {}\n'.format(packet.authdata)
ospfd_config += '!\n'
ospfd_config += 'router ospf\n'
ospfd_config += ' network {}/32 area {}\n'.format(utility.get_ip_address_from_interface(user_var.interface), packet.area_id)
if user_var.inject_local or user_var.redirect_local:
ospfd_config += ' network 172.17.0.0/16 area {}\n'.format(packet.area_id)
if user_var.password:
ospfd_config += ' area {} authentication message-digest\n'.format(packet.area_id)
elif packet.authtype == 1:
ospfd_config += ' area {} authentication\n'.format(packet.area_id)
staticd_config = ''
pbrd_config = ''
if user_var.inject or user_var.redirect:
count = 0
ospfd_config += ' redistribute static metric 0\n'
staticd_config += '!\n'
pbrd_config += '!\n'
pbrd_config += 'interface {}\n'.format(user_var.interface)
pbrd_config += ' pbr-policy PBRMAP\n'
for ip in user_var.ipaddress:
# FIXME look into ensuring CIDR is in there.
staticd_config += 'ip route {} Null0\n'.format(ip)
count += 1
pbrd_config += '!\n'
pbrd_config += 'pbr-map PBRMAP seq {}\n'.format(count)
pbrd_config += ' match dst-ip {}\n'.format(ip)
pbrd_config += ' set nexthop {}\n'.format(utility.get_default_gateway())
for ip in user_var.redirectaddresses:
# FIXME look into ensuring CIDR is in there.
staticd_config += 'ip route {} Null0\n'.format(ip)
count += 1
pbrd_config += '!\n'
pbrd_config += 'pbr-map PBRMAP seq {}\n'.format(count)
pbrd_config += ' match dst-ip {}\n'.format(ip)
pbrd_config += ' set nexthop {}\n'.format(utility.get_default_gateway())
ospfd_config += '!\n'
staticd_config += '!\n'
pbrd_config += '!\n'
return ospfd_config, staticd_config, pbrd_config
def build_configurations(packet):
ripd_config = ''
ripd_config += '!\n'
ripd_config += 'router rip\n'
ripd_config += ' network {}/32\n'.format(utility.get_ip_address_from_interface(user_var.interface))
if user_var.inject_local or user_var.redirect_local:
ripd_config += ' network 172.17.0.0/16\n'
ripd_config += ' version {}\n'.format(packet.version)
staticd_config = ''
pbrd_config = ''
if user_var.inject or user_var.redirect:
count = 0
# FIXME leaving this here for now
ripd_config += ' redistribute static\n'
staticd_config += '!\n'
pbrd_config += '!\n'
pbrd_config += 'interface {}\n'.format(user_var.interface)
pbrd_config += ' pbr-policy PBRMAP\n'
for ip in user_var.ipaddress:
# FIXME look into ensuring CIDR is in there.
staticd_config += 'ip route {} Null0\n'.format(ip)
count += 1
pbrd_config += '!\n'
pbrd_config += 'pbr-map PBRMAP seq {}\n'.format(count)
pbrd_config += ' match dst-ip {}\n'.format(ip)
pbrd_config += ' set nexthop {}\n'.format(utility.get_default_gateway())
for ip in user_var.redirectaddresses:
# FIXME look into ensuring CIDR is in there.
staticd_config += 'ip route {} Null0\n'.format(ip)
count += 1
pbrd_config += '!\n'
pbrd_config += 'pbr-map PBRMAP seq {}\n'.format(count)
pbrd_config += ' match dst-ip {}\n'.format(ip)
pbrd_config += ' set nexthop {}\n'.format(utility.get_default_gateway())
# if user_var.inject:
# # FIXME leaving this here for now
# ripd_config += ' redistribute static\n'
# staticd_config += '!\n'
# for ip in user_var.ipaddress:
# # FIXME look into ensuring CIDR is in there.
# staticd_config += 'ip route {} Null0\n'.format(ip)
ripd_config += '!\n'
staticd_config += '!\n'
#if packet.version == 2:
if packet.authentication_type == 2:
ripd_config += '!\n'
ripd_config += 'interface {}\n'.format(user_var.interface)
ripd_config += ' ip rip authentication mode text\n'
ripd_config += ' ip rip authentication string {}\n'.format(packet.password)
ripd_config += '!\n'
# FIXME: look into crypto
#elif packet.authentication_type == 3:
return ripd_config, staticd_config, pbrd_config