def unset_filtering_rules(addresses):
"""remove the different filtering rules on the interfaces"""
plugins = get_plugins_by_capability("Filtering")
warn("unsetting filtering rules\n")
if NDprotector.mixed_mode:
interfaces = used_interfaces(addresses)
for type in icmp_type:
for interface in interfaces:
output = iptables_unset("INPUT", interface, type, "1")
if output:
raise FilteringException("unable to unset INPUT filtering rule on %s" % interface)
output = iptables_unset("OUTPUT", interface, type, "2")
if output:
raise FilteringException("unable to unset OUTPUT filtering rule on %s" % interface)
for interface in interfaces:
if NDprotector.is_router:
# 148 is a CPS message
output = iptables_unset("INPUT", interface, "148", "3")
if output:
raise FilteringException("unable to unset CPS filtering rule on %s" % interface)
else:
# 149 is a CPA message
output = iptables_unset("INPUT", interface, "149", "3")
if output:
raise FilteringException("unable to unset CPA filtering rule on %s" % interface)
for plugin in plugins:
plugin().unset_filter_interface(interface)
else:
for type in icmp_type:
# we only allow SEND protected addresses on this node
output = iptables_unset("INPUT", "lo", type, "1", negate= True)
if output:
raise FilteringException("unable to unset INPUT filtering rule on the node")
output = iptables_unset("OUTPUT", "lo", type, "2", negate= True)
if output:
raise FilteringException("unable to unset OUTPUT filtering rule on the node")
if NDprotector.is_router:
output = iptables_unset("INPUT", "lo", "148", "3", negate= True)
if output:
raise FilteringException("unable to unset CPS filtering rule on the node")
else:
output = iptables_unset("INPUT", "lo", "149", "3", negate= True)
if output:
raise FilteringException("unable to unset CPA filtering rule on the node")
for plugin in plugins:
plugin().unset_filter_interface("lo", negate= True)
def SendRTSol():
"""send a simple Router Solicitation message on all the configured interfaces"""
# get all the interfaces on
# which we should send a message on
nc = NeighCache()
configured_addresses = nc.dump_addresses()
interfaces = used_interfaces(configured_addresses)
for iface in interfaces:
p = Ether(src=get_if_hwaddr(iface)) / \
IPv6(src = "::",dst = "ff02::2")/ \
ICMPv6ND_RS()
sendp(p,iface=iface,verbose=NDprotector.verbose)
warn("Sending an RS on interface %s\n" % iface)
def SendRTSol():
"""send a simple Router Solicitation message on all the configured interfaces"""
# get all the interfaces on
# which we should send a message on
nc = NeighCache()
configured_addresses = nc.dump_addresses()
interfaces = used_interfaces(configured_addresses)
for iface in interfaces:
p = Ether(src=get_if_hwaddr(iface)) / \
IPv6(src = "::",dst = "ff02::2")/ \
ICMPv6ND_RS()
sendp(p, iface=iface, verbose=NDprotector.verbose)
warn("Sending an RS on interface %s\n" % iface)
def set_filtering_rules(addresses):
"""add the different filtering rules on the interfaces"""
plugins = get_plugins_by_capability("Filtering")
warn("setting filtering rules\n")
if NDprotector.mixed_mode:
interfaces = used_interfaces(addresses)
for interface in interfaces:
for type in icmp_type:
output = iptables_set("INPUT", interface, type, "1")
if output:
raise FilteringException(
"unable to set INPUT filtering rule on %s" % interface)
output = iptables_set("OUTPUT", interface, type, "2")
if output:
raise FilteringException(
"unable to set OUTPUT filtering rule on %s" %
interface)
if NDprotector.is_router:
# type 148 is a CPS message
output = iptables_set("INPUT", interface, "148", "3")
if output:
raise FilteringException(
"unable to set CPS filtering rule on %s" % interface)
else:
# type 149 is a CPA message
output = iptables_set("INPUT", interface, "149", "3")
if output:
raise FilteringException(
"unable to set CPA filtering rule on %s" % interface)
for plugin in plugins:
plugin().set_filter_interface(interface)
else:
# we only allow SEND protected addresses on this node
for type in icmp_type:
output = iptables_set("INPUT", "lo", type, "1", negate=True)
if output:
raise FilteringException(
"unable to set INPUT filtering rule on the node")
output = iptables_set("OUTPUT", "lo", type, "2", negate=True)
if output:
raise FilteringException(
"unable to set OUTPUT filtering rule on the node")
if NDprotector.is_router:
# 148 = CPS
output = iptables_set("INPUT", "lo", "148", "3", negate=True)
if output:
raise FilteringException(
"unable to set CPS filtering rule on the node")
else:
# 149 = CPA
output = iptables_set("INPUT", "lo", "149", "3", negate=True)
if output:
raise FilteringException(
"unable to set CPA filtering rule on the node")
for plugin in plugins:
plugin.set_filter_interface("lo", negate="True")
