def unset_filtering_rules(addresses): """remove the different filtering rules on the interfaces""" plugins = get_plugins_by_capability("Filtering") warn("unsetting filtering rules\n") if NDprotector.mixed_mode: interfaces = used_interfaces(addresses) for type in icmp_type: for interface in interfaces: output = iptables_unset("INPUT", interface, type, "1") if output: raise FilteringException("unable to unset INPUT filtering rule on %s" % interface) output = iptables_unset("OUTPUT", interface, type, "2") if output: raise FilteringException("unable to unset OUTPUT filtering rule on %s" % interface) for interface in interfaces: if NDprotector.is_router: # 148 is a CPS message output = iptables_unset("INPUT", interface, "148", "3") if output: raise FilteringException("unable to unset CPS filtering rule on %s" % interface) else: # 149 is a CPA message output = iptables_unset("INPUT", interface, "149", "3") if output: raise FilteringException("unable to unset CPA filtering rule on %s" % interface) for plugin in plugins: plugin().unset_filter_interface(interface) else: for type in icmp_type: # we only allow SEND protected addresses on this node output = iptables_unset("INPUT", "lo", type, "1", negate= True) if output: raise FilteringException("unable to unset INPUT filtering rule on the node") output = iptables_unset("OUTPUT", "lo", type, "2", negate= True) if output: raise FilteringException("unable to unset OUTPUT filtering rule on the node") if NDprotector.is_router: output = iptables_unset("INPUT", "lo", "148", "3", negate= True) if output: raise FilteringException("unable to unset CPS filtering rule on the node") else: output = iptables_unset("INPUT", "lo", "149", "3", negate= True) if output: raise FilteringException("unable to unset CPA filtering rule on the node") for plugin in plugins: plugin().unset_filter_interface("lo", negate= True)
def SendRTSol(): """send a simple Router Solicitation message on all the configured interfaces""" # get all the interfaces on # which we should send a message on nc = NeighCache() configured_addresses = nc.dump_addresses() interfaces = used_interfaces(configured_addresses) for iface in interfaces: p = Ether(src=get_if_hwaddr(iface)) / \ IPv6(src = "::",dst = "ff02::2")/ \ ICMPv6ND_RS() sendp(p,iface=iface,verbose=NDprotector.verbose) warn("Sending an RS on interface %s\n" % iface)
def SendRTSol(): """send a simple Router Solicitation message on all the configured interfaces""" # get all the interfaces on # which we should send a message on nc = NeighCache() configured_addresses = nc.dump_addresses() interfaces = used_interfaces(configured_addresses) for iface in interfaces: p = Ether(src=get_if_hwaddr(iface)) / \ IPv6(src = "::",dst = "ff02::2")/ \ ICMPv6ND_RS() sendp(p, iface=iface, verbose=NDprotector.verbose) warn("Sending an RS on interface %s\n" % iface)
def set_filtering_rules(addresses): """add the different filtering rules on the interfaces""" plugins = get_plugins_by_capability("Filtering") warn("setting filtering rules\n") if NDprotector.mixed_mode: interfaces = used_interfaces(addresses) for interface in interfaces: for type in icmp_type: output = iptables_set("INPUT", interface, type, "1") if output: raise FilteringException( "unable to set INPUT filtering rule on %s" % interface) output = iptables_set("OUTPUT", interface, type, "2") if output: raise FilteringException( "unable to set OUTPUT filtering rule on %s" % interface) if NDprotector.is_router: # type 148 is a CPS message output = iptables_set("INPUT", interface, "148", "3") if output: raise FilteringException( "unable to set CPS filtering rule on %s" % interface) else: # type 149 is a CPA message output = iptables_set("INPUT", interface, "149", "3") if output: raise FilteringException( "unable to set CPA filtering rule on %s" % interface) for plugin in plugins: plugin().set_filter_interface(interface) else: # we only allow SEND protected addresses on this node for type in icmp_type: output = iptables_set("INPUT", "lo", type, "1", negate=True) if output: raise FilteringException( "unable to set INPUT filtering rule on the node") output = iptables_set("OUTPUT", "lo", type, "2", negate=True) if output: raise FilteringException( "unable to set OUTPUT filtering rule on the node") if NDprotector.is_router: # 148 = CPS output = iptables_set("INPUT", "lo", "148", "3", negate=True) if output: raise FilteringException( "unable to set CPS filtering rule on the node") else: # 149 = CPA output = iptables_set("INPUT", "lo", "149", "3", negate=True) if output: raise FilteringException( "unable to set CPA filtering rule on the node") for plugin in plugins: plugin.set_filter_interface("lo", negate="True")