def generate_ips(subnet, number):
"""
Generate number of random ips in given subnet
args:
subnet - cidr notation of subnet to generate ips from
number - number of ips to return
return:
ip_list - list containing generated ips
"""
network = IPv4Network(unicode(subnet), strict=False)
cidr = int(subnet.split('/')[1])
max_ip_num = pow(2, (32 - cidr)) - 2
ip_list = []
for i in range(number):
ip = str(network[random.randint(0, max_ip_num)])
if ip not in ip_list:
ip_list.append(ip)
return ip_list
def __init__(self, cidrBlock: str = None, comment: str = None, ipAddress: str = None, links: list = None):
"""
For a single whitelist entry. Contains a bit of helper intelligence for ip addresses.
:param cidrBlock:
:param comment:
:param ipAddress:
:param links:
"""
self.links = links
self.ipAddress = ipAddress
self.comment = comment
self.cidrBlock = cidrBlock
try:
self.cidrBlockObj: IPv4Network = IPv4Network(self.cidrBlock)
except Exception:
self.cidrBlockObj = None
try:
self.ipAddressObj: IPv4Address = IPv4Address(self.ipAddress)
except Exception:
self.ipAddressObj = None
def find_worker_name(key):
with open("../monitors/workers.yaml", "r") as yaml_in:
yaml_workers = yaml_in.read()
workers = yaml.safe_load(yaml_workers)
try:
IPv4Address(key) # Exception thrown if not an IP address
search_worker_key = str(IPv4Network(key+"/24", strict=False))
print(f"found subnet address: {search_worker_key}")
except ValueError:
search_worker_key = key
print(f"subnet address not found, using key: {key}")
if search_worker_key in workers:
return workers[search_worker_key]["worker-name"]
elif DEFAULT_KEY in workers:
print(f"looking for default key {DEFAULT_KEY} in workers {workers}")
return workers[DEFAULT_KEY]["worker-name"]
else:
return "quokka-worker"
def scan_parameters_is_correct(self):
''' Проверка корренктности пользовательских данных
введённых им в окне программы, в случае некоректных данных
будет выведено сообщение
'''
network = None
try:
network = IPv4Network(self.ui.hostsCBox.currentText())
except ValueError:
QMessageBox.critical(
self, self.tr('Error'),
self.
tr('Incorrect network\nfor example:\n\n192.168.1.0/27\n10.7.207.0/255.255.255.0'
))
return False
if not self.ui.communityCBox.currentText():
QMessageBox.critical(self, self.tr('Error'),
self.tr('Community is empty'))
return False
return True
def load_db():
here = Path(__file__).absolute().parent
csv_file = here / os.path.join(THIS_FOLDER, "GeoLite2-Country-CSV.zip")
with ZipFile(csv_file) as zf:
zinfo = find_zinfo(zf, countries_csv)
assert zinfo, f"cannot find {countries_csv}"
with zf.open(zinfo) as fp:
countries = load_countries(TextIOWrapper(fp))
zinfo = find_zinfo(zf, blocks_csv)
assert zinfo, f"cannot find {blocks_csv}"
blocks = []
with zf.open(zinfo) as fp:
for record in csv.DictReader(TextIOWrapper(fp)):
geo_id = record["geoname_id"]
if not geo_id:
continue
network = IPv4Network(record["network"])
country = countries[record["geoname_id"]]
blocks.append((network, country))
return blocks
def _get_broadcast_addresses(self) -> List[IPInterface]:
""" Return a list of broadcast addresses for each discovered interface"""
import netifaces
broadcastAddrs = []
interfaces = netifaces.interfaces()
for iface in interfaces:
addr = netifaces.ifaddresses(iface)
if netifaces.AF_INET in addr:
netmask = addr[netifaces.AF_INET][0].get("netmask")
ipaddr = addr[netifaces.AF_INET][0].get("addr")
if netmask and addr:
net = IPv4Network(f"{ipaddr}/{netmask}", strict=False)
if net.broadcast_address:
if not net.is_loopback or self._allow_loopback:
broadcastAddrs.append(
IPInterface(str(ipaddr),
str(net.broadcast_address)))
return broadcastAddrs
def get_ip_lookup(self, names, bridge="10.22.0.0/16"):
"""based on a bridge address that can serve other addresses (akin to
a router, metaphorically, generate a pre-determined address for
each container.
Parameters
==========
names: a list of names of instances to generate addresses for.
bridge: the bridge address to derive them for.
"""
host_iter = IPv4Network(bridge).hosts()
lookup = {}
# Don't include the gateway
next(host_iter)
for name in names:
lookup[name] = str(next(host_iter))
return lookup
def scan_cluster() -> bool:
parameters = get_one("Parameters")
protocol = parameters.cluster_scan_protocol
for ip_address in IPv4Network(parameters.cluster_scan_subnet):
try:
instance = rest_get(
f"{protocol}://{ip_address}/rest/is_alive",
timeout=parameters.cluster_scan_timeout,
).json()
if app.config["CLUSTER_ID"] != instance.pop("cluster_id"):
continue
factory("Instance", **{
**instance,
**{
"ip_address": str(ip_address)
}
})
except ConnectionError:
continue
db.session.commit()
return True
def main():
parser = argparse.ArgumentParser()
parser.add_argument('--version', action='version', version=f'{os.path.basename(__file__)} {VERSION}')
parser.add_argument('-d', '--debug', action='store_true', help='verbose output')
parser.add_argument('--notls', action='store_false', help='disable TLS security')
parser.add_argument('-l', '--logfile', nargs="?", help='log to file')
parser.add_argument('-w', '--workers', type=int, default=300, help='number of parallel worker tasks')
parser.add_argument('host', nargs="*", help='List of targets (addresses or subnets)')
parser.add_argument('--hostFile', help='File of targets IPs to scan')
args = parser.parse_args()
if not args.host and not args.hostFile:
parser.print_help()
return
configure_logging(args.debug, args.logfile)
ips = []
if args.hostFile:
fopen = open(args.hostFile)
ips = list(fopen)
fopen.close()
else:
for ip in args.host:
cmd = True
ips += [addr.exploded for addr in IPv4Network(ip, strict=False)]
th = []
ips = set(ips)
log.info(f"Going to scan {len(ips)} hosts, in {args.workers} parallel tasks")
# with progressbar.ProgressBar(max_value=len(ips)) as bar:
with concurrent.futures.ThreadPoolExecutor(max_workers=args.workers) as executor:
for ip in ips:
ft_dp = executor.submit(check_host, ip.strip(), 3389, args.notls)
th.append(ft_dp)
for r in concurrent.futures.as_completed(th):
ip, status = r.result()
# if STATUS_NORDP in status:
# continue
mark = '+' if status == STATUS_VULNERABLE else '-'
log.info(f"[{mark}] [{ip}] Status: {status}")
def add_source_ips_v2(dis_client, dis_event, attack_id, src_traffic_report):
"""
Populate a DIS report from a Arbor sightline traffic report
Parameters:
dis_event: The DIS event to populate with src data
src_traffic_report: The Arbor Sightline source traffic report
Returns:
An array containing the IP addresses that were added to the DIS report
"""
ip_list=[]
for data_elem in src_traffic_report['data']:
elem_id = "unknown"
try:
elem_id = data_elem['id']
logger.debug(f"Attack {attack_id}: Processing network src prefix " + elem_id)
bps_elem = data_elem['attributes']['view']['network']['unit']['bps']
elem_name = bps_elem['name']
elem_max_bps = bps_elem['max_value']
logger.debug(f" name: {elem_name}, max bps: {elem_max_bps}")
net_addr = IPv4Network(elem_name, strict=True)
if net_addr.prefixlen != 32:
logger.debug(f"Attack {attack_id}: Network bitmask for {elem_id} is not 32 bits ({elem_name})")
else:
ip_addr_str = str(net_addr.network_address)
dis_client.add_attack_source_to_event(dis_event,
ip=ip_addr_str,
attribute_list=[
{
"enum": "BPS",
"name": "Bytes per second",
"value": str(elem_max_bps)
}])
ip_list.append(ip_addr_str)
except Exception as ex:
logger.info(f"Error processing '{elem_id}': {ex}")
return ip_list
def configure_dhcp_server():
kv = unitdata.kv()
public_ip = kv.get('public-ip')
mn_iface = kv.get('mn.iface')
mn_gateway = kv.get('mn.gateway')
managed_network = IPv4Network(config()["managed-network"])
dhcp_range = config()["dhcp-range"]
templating.render(
source='isc-dhcp-server',
target='/etc/default/isc-dhcp-server',
context={
'interfaces': mn_iface
}
)
templating.render(
source='dhcpd.conf',
target='/etc/dhcp/dhcpd.conf',
context={
'subnet': str(managed_network.network_address),
'netmask': str(managed_network.netmask),
'routers': mn_gateway, # This is either the host itself or the host's gateway
'broadcast_address': str(managed_network.broadcast_address),
'domain_name_servers': ", ".join(get_dns()), # We just copy the host's DNS settings
'dhcp_range': dhcp_range,
}
)
host.service_stop('isc-dhcp-server')
success = host.service_start('isc-dhcp-server')
if not success:
message = "starting isc-dhcp-server failed. Please Check Charm configuration."
if os.path.exists('/var/log/upstart/isc-dhcp-server.log'):
with open('/var/log/upstart/isc-dhcp-server.log', 'r') as logfile:
message += "Log: {}".format(logfile)
hookenv.status_set('blocked', message)
remove_state('dhcp-server.started')
remove_state('dhcp-server.configured')
else:
hookenv.status_set('active', 'Ready ({})'.format(public_ip))
set_state('dhcp-server.started')
set_state('dhcp-server.configured')
def __init__(self,
cidrBlock: str = None,
comment: str = None,
ipAddress: str = None,
links: list = None,
last_used: str = None,
count: int = None,
last_used_address: str = None):
"""
For a single whitelist entry. Contains a bit of helper intelligence for ip addresses.
:param cidrBlock:
:param comment:
:param ipAddress:
:param links:
"""
self.last_used_address: Optional[IPv4Address] = None
try:
self.last_used_address = IPv4Address(last_used_address)
except Exception:
logging.warning('No last used address')
self.count: Optional[int] = count
self.last_used: Optional[datetime] = None
try:
self.last_used = parse_datetime(last_used)
except Exception:
logging.warning('Could not get last used date.')
self.links = links
self.ipAddress = ipAddress
self.comment = comment
self.cidrBlock = cidrBlock
try:
self.cidrBlockObj: IPv4Network = IPv4Network(self.cidrBlock)
except Exception:
self.cidrBlockObj = None
try:
self.ipAddressObj: IPv4Address = IPv4Address(self.ipAddress)
except Exception:
self.ipAddressObj = None
def _process_dhcp_pkt(self, packet, state: DHCPState):
mac_addr = create_mac_from_sid(packet[Ether].dst)
mac_addr_key = mac_addr.as_redis_key()
with self._dhcp_notify:
if mac_addr_key in self.dhcp_client_state:
ip_offered = packet[BOOTP].yiaddr
subnet_mask = self._get_option(packet, "subnet_mask")
if subnet_mask is not None:
ip_subnet = IPv4Network(ip_offered + "/" + subnet_mask,
strict=False)
else:
ip_subnet = None
dhcp_router_opt = self._get_option(packet, "router")
if dhcp_router_opt is not None:
router_ip_addr = ip_address(dhcp_router_opt)
else:
router_ip_addr = None
lease_time = self._get_option(packet, "lease_time")
dhcp_state = DHCPDescriptor(mac_addr, ip_offered, state,
str(ip_subnet), packet[IP].src,
router_ip_addr, lease_time,
packet[BOOTP].xid)
LOG.info("Record mac %s IP %s", mac_addr_key, dhcp_state)
self.dhcp_client_state[mac_addr_key] = dhcp_state
self.dhcp_gw_info.update_ip(router_ip_addr)
self._dhcp_notify.notifyAll()
if state == DHCPState.OFFER:
# let other thread work on fulfilling IP allocation request.
threading.Event().wait(self.THREAD_YIELD_TIME)
self.send_dhcp_packet(mac_addr, DHCPState.REQUEST,
dhcp_state)
else:
LOG.debug("Unknown MAC: %s " % packet.summary())
return
def handle_timeout(self) -> None:
"""Called as soon as the rebinding timeout occurs.
"""
if self.iszombie:
return
if self._lease_timeout is not None and self._lease_timeout <= time.time(
):
self._log.warning(
'Rebinding timeout for %s called too late - '
'lease has already expired on %d. Disconnecting client.',
self,
self._lease_timeout,
)
self.server.disconnect_client(self.full_username)
return
target_addr: Optional[IPv4Address]
if self._realm_data.subnet_ipv4:
target_addr = IPv4Network(
self._realm_data.subnet_ipv4).network_address
else:
target_addr = None
try:
self._refresh_lease(
success_handler_clb=self._handle_lease_refresh_succeeded,
failure_handler_clb=self._handle_lease_refresh_failed,
client_identifier=self.full_username,
device=self._realm_data.dhcp_listening_device,
local_ip=self._realm_data.dhcp_listening_ip,
server_ips=self._realm_data.dhcp_server_ips,
target_addr=target_addr,
client_ip=self._leased_ip_address,
lease_time=self._realm_data.expected_dhcp_lease_time,
)
except Exception:
self._log.exception('Adding a new DHCP refresh request failed')
self.server.disconnect_client(self.full_username)
def vpp_get_interface_ip_addresses(node, interface, ip_version):
"""Get list of IP addresses from an interface on a VPP node.
:param node: VPP node.
:param interface: Name of an interface on the VPP node.
:param ip_version: IP protocol version (ipv4 or ipv6).
:type node: dict
:type interface: str
:type ip_version: str
:returns: List of dictionaries, each containing IP address, subnet
prefix length and also the subnet mask for ipv4 addresses.
Note: A single interface may have multiple IP addresses assigned.
:rtype: list
"""
sw_if_index = InterfaceUtil.get_interface_index(node, interface)
if sw_if_index:
is_ipv6 = 1 if ip_version == 'ipv6' else 0
cmd = 'ip_address_dump'
args = dict(sw_if_index=sw_if_index, is_ipv6=is_ipv6)
err_msg = 'Failed to get L2FIB dump on host {host}'.format(
host=node['host'])
with PapiExecutor(node) as papi_exec:
details = papi_exec.add(cmd, **args).get_details(err_msg)
for item in details:
item['ip'] = item['prefix'].split('/')[0]
item['prefix_length'] = int(item['prefix'].split('/')[1])
item['is_ipv6'] = is_ipv6
item['netmask'] = \
str(IPv6Network(unicode('::/{pl}'.format(
pl=item['prefix_length']))).netmask) \
if is_ipv6 \
else str(IPv4Network(unicode('0.0.0.0/{pl}'.format(
pl=item['prefix_length']))).netmask)
return details
def guess_own_iface(match_ips):
if len(match_ips) == 0:
return None
for iface in ni.interfaces():
ifa = ni.ifaddresses(iface)
if ni.AF_LINK not in ifa or len(ifa[ni.AF_LINK]) == 0:
logging.debug("{} is has no MAC address, skipped.".format(iface))
continue
if ni.AF_INET not in ifa or len(ifa[ni.AF_INET]) == 0:
logging.warning("{} has no IPv4 address".format(iface))
continue
mac = ifa[ni.AF_LINK][0]['addr']
for addr in ifa[ni.AF_INET]:
net = IPv4Network(addr['addr'] + "/" + addr['netmask'],
strict=False)
if any([IPv4Address(ip) in net for ip in match_ips]):
return iface, addr['addr'], addr['netmask'], mac
return None
def build_config(self, apply=True, attributes=None, unconfig=False,
**kwargs):
assert not kwargs, kwargs
assert not apply
attributes = AttributesHelper(self, attributes)
configurations = CliConfigBuilder(unconfig=unconfig)
# ===================================
# ipv4
# prefix_length
# ipv4_secondary
# secondary_vrf
# ===================================
if attributes.value('ipv4') and attributes.value('prefix_length'):
# convert prefix_length to netmask
ret = IPv4Network('1.1.1.1/{}'.format(
attributes.value('prefix_length')), strict=False)
mask = ret.with_netmask.split('/')[1]
if attributes.value('ipv4_secondary'):
configurations.append_line('ip address'
' {ipv4} {prefix_length} secondary'
.format(ipv4=attributes.value('ipv4'),
prefix_length=mask))
if attributes.value('secondary_vrf'):
configurations.append_line('ip address'
' {ipv4} {prefix_length} secondary'
' vrf {secondary_vrf}'
.format(ipv4=attributes.value('ipv4'),
prefix_length=mask,
secondary_vrf=attributes.value('secondary_vrf')))
else:
configurations.append_line('ip address'
' {ipv4} {prefix_length}'
.format(ipv4=attributes.value('ipv4'),
prefix_length=mask))
return str(configurations)
def __init__(self, config, dry_run=False):
if self._is_vpc:
self.zk_hosts = config["zk_hosts"]["vpc"]
else:
self.zk_hosts = config["zk_hosts"]["ec2"]
self.zk = KazooClient(hosts=",".join(self.zk_hosts),
timeout=constants.ZK_TIMEOUT,
logger=kazoo_logger)
self.aws_access_key_id = config["aws_key"]
self.aws_secret_access_key = config["aws_secret_key"]
self.overlay_subnet = config["overlay_subnet"]
self.network = IPv4Network(unicode(self.overlay_subnet))
self.instance_id = self._get_instance_id()
self.public_ip = self._get_public_ip()
self.private_ip = self._get_private_ip()
try:
self.zk.start()
self.connected = True
self.lost = False
except self.zk.handler.timeout_exception:
logger.error("Timed out connecting to Zookeeper.")
def networkmethod():
# ip address'
ip_address = IPv4Address("220.24.9.37")
print("Integer of IPv4 address: {ip}".format(ip=int(ip_address)))
print("packed form of IPv4 address: {ip}".format(ip=ip_address.packed))
print("IPv4 address: {ip}".format(ip=ip_address))
print("")
addrs = (
IPv4Address("220.14.9.37"),
IPv4Address("8.240.12.2"),
IPv4Address("100.201.0.4"),
)
for a in sorted(addrs):
print("IPv4 address: {addrs}".format(addrs=a))
print("")
# networks
net = IPv4Network("192.4.2.0/24")
print("Number of address: {net}".format(net=net.num_addresses))
print("prefix length: {net}".format(net=net.prefixlen))
print("Network mask: {net}".format(net=net.netmask))
def cidr_to_netmask(subnet):
"""
This function converts the /cidr to proper netmask.
Reference: https://gist.github.com/nboubakr/4344773
Manual method:
mask = [0, 0, 0, 0]
net_id, cidr = subnet.split("/")
for i in range(int(cidr)):
mask[i//8] = mask[i//8] + (1 << (7 - i % 8))
netmask = [str(i) for i in mask]
return net_id, ".".join(netmask)
This manual method is good for cidr to netmask but there is no checks if the net_id within
the network bound by cidr.
By using ipaddress module is the easiest and recommended,
because ipaddress.IPv4Network checks if the network id is a valid id
within the range of its cidr.
:param subnet: must be a subnet/cidr eg. 192.168.1.0/26
:return: tuple of network id and netmask
"""
_subnet = IPv4Network(subnet)
return str(_subnet.network_address), str(_subnet.netmask)
def __init__(self, conf):
dhcp4 = conf['Dhcp4']
self.options = [
Option(DHO_DHCP_LEASE_TIME).setUint32(
dhcp4.get('valid-lifetime', 7200)),
Option(DHO_DHCP_RENEWAL_TIME).setUint32(
dhcp4.get('renew-timer', 1800)),
Option(DHO_DHCP_REBINDING_TIME).setUint32(
dhcp4.get('rebind-timer', 3600))
]
self.subnet = IPv4Network('10.0.0.0/20')
self.options.append(
Option(DHO_SUBNET_MASK).setBytes(self.subnet.netmask.packed))
# hard code nameservers
servers = [IPv4Address('192.168.3.1'), IPv4Address('192.168.3.2')]
packed_servers = b''.join([addr.packed for addr in servers])
self.options.append(
Option(DHO_DOMAIN_NAME_SERVERS).setBytes(packed_servers))
# hard code routers and domainname
self.options.append(
Option(DHO_ROUTERS).setBytes(self.subnet[1].packed))
self.options.append(Option(DHO_DOMAIN_NAME).setString('facebook.com'))
def _manage(self,
addr=None,
mask='255.255.255.0',
ident=None,
interval=10.0):
""" Start discovery on network
"""
host = IPv4Address(addr)
net = IPv4Network(addr + '/' + mask, False)
#self.__log.debug('addr = {addr!r}'.format(addr=addr))
#print('Mask:', MASK)
#print('Subnet:', ipaddress.IPv4Address(int(host) & int(net.netmask)))
#print('Host:', ipaddress.IPv4Address(int(host) & int(net.hostmask)))
self.__log.debug('broadcast_address = {broadcast_address!r}'.format(
broadcast_address=net.broadcast_address))
#
network = str(net.broadcast_address)
# Start update
self._loop.create_task(
self._discovery_network_start(network=network, interval=interval))
def test_get_all_prefixes(self):
test_cases = [
[IPv4Network("64.57.31.248/32"),
IPv4Network("64.57.31.246/31")],
[
IPv4Network("10.1.0.0/16"),
],
[
IPv4Network("10.0.0.252/30"),
IPv4Network("10.0.1.0/24"),
],
[IPv4Network("0.0.1.0/24"),
IPv4Network("0.0.2.0/23")],
]
for prefixes in test_cases:
ec = EquivalenceClass()
for prefix in prefixes:
ec.add_prefix(prefix)
self.assertCountEqual(prefixes, ec.get_all_prefixes())
def github_security_groups(name, vpc, protocol):
"""Create a dict of security group authorizing access to github services.
As the number of rules per security group is limited to 50,
we create blocks of 50 rules.
:param vpc: vpc in which to create the group
:type vpc: VPC
:param protocol: protocol to allow (https, ssh)
:type protocol: str
:return: a dict of security groups indexed by name
:rtype: dict(str, SecurityGroup)
"""
ip_ranges = requests.get("https://api.github.com/meta").json()["git"]
# Authorize ssh on the resulting list of ip ranges
sgs = {}
i = 0
limit = 50
sg_name = name + str(i)
sg = SecurityGroup(sg_name, vpc, description="Allow access to github")
sgs[sg_name] = sg
for ip_range in ip_ranges:
try:
IPv4Network(ip_range)
except AddressValueError:
IPv6Network(ip_range)
logging.info(
f"Skipping IPv6 range {ip_range} for github access SG")
continue
if len(sg.egress + sg.ingress) == limit:
i += 1
sg_name = name + str(i)
sg = SecurityGroup(
sg_name, vpc, description=f"Allow access to GitHub {protocol}")
sgs[sg_name] = sg
sg.add_rule(Ipv4EgressRule(protocol, ip_range))
return sgs
def sync(self, networks):
'''Scan some networks and sync them to NetBox.
:param networks: a list of valid networks, like ['10.0.0.0/8']
:return: synching statistics
'''
for s in self.stats:
self.stats[s] = 0
parsing = self.parser(networks)
if parsing:
self.logger('mistyped', badnets=parsing)
return False
for net in networks:
hosts = self.scan(net)
self.logger('scanned', net=net, hosts=len(hosts))
for host in hosts:
self.sync_host(host)
for ipv4 in IPv4Network(net): # cleanup
address = str(ipv4)
if not any(h[0] == address for h in hosts):
try:
nbhost = self.netbox.ipam.ip_addresses.get(
address=address)
if self.tag in nbhost.tags:
nbhost.delete()
self.logger('deleted',
address=nbhost.address,
description=nbhost.description)
else:
self.logger('undiscovered',
address=nbhost.address,
description=nbhost.description)
except (AttributeError, ValueError):
pass
return True
def setup(self, supernet='172.18.0.0/16', subnet=None, gateway=None):
"""Sets up the network."""
def find_subnet():
docker_subnets = []
for network in self._docker_client.networks.list():
network_info = self._docker_api_client.inspect_network(
network.name)
if len(network_info['IPAM']['Config']) > 0:
docker_subnets.append(
str(network_info['IPAM']['Config'][0]['Subnet']))
for subnet in IPv4Network(
unicode(supernet)).subnets(new_prefix=24):
if str(subnet) not in docker_subnets:
return str(subnet)
raise UnknownNetworkError(
"Cannot find available subnet from supernet {}".format(
supernet))
if subnet is None:
subnet = find_subnet()
self._hosts = iter(
[str(host) for host in IPv4Network(unicode(subnet)).hosts()])
if gateway is None:
gateway = str(next(self._hosts))
ipam_pool = docker.types.IPAMPool(subnet=subnet, gateway=gateway)
ipam_config = docker.types.IPAMConfig(pool_configs=[ipam_pool])
logger.info("Creating network")
labels = {
'atomix-test': 'true',
'atomix-process': self.process_id or '',
'atomix-cluster': self.name
}
self._docker_client.networks.create(self.name,
driver='bridge',
ipam=ipam_config,
labels=labels)
def get_service_cpe_routers(services):
""" Return a dict of CPE routers
"""
cpe_routers = {}
for vpn_type, vpn_data in services.items():
if vpn_type == 'l3vpn':
for service_type, service_vrfs in vpn_data.items():
for vrf in service_vrfs:
for site in vrf['sites']:
for cpe_name, cpe_data in site['nodes'].items():
interfaces = {}
if cpe_name in cpe_routers.keys():
cpe_data = cpe_routers[cpe_name]
interfaces = cpe_routers[cpe_name].get(
'interfaces')
if service_type == 'wan':
cpe_data['asn'] = vrf['remote_asn']
cpe_data['customer'] = vrf['customer']
elif service_type == 'internet':
cpe_data['asn'] = site['asn']
cpe_data['customer'] = site['customer']
for link in site['links']:
if link['a_end'] == cpe_name:
intf_name = link['a_end_intf']
host_ip = str(
IPv4Network(link['wan_ip_pfx'])[1])
interfaces[intf_name] = dict(
ip=host_ip,
cost=5,
service_type=service_type,
remote_node=link['b_end'],
remote_intf=link['b_end_intf'],
remote_vrf=vrf['vrf_name'])
cpe_data['interfaces'] = interfaces
cpe_routers[cpe_name] = cpe_data
return cpe_routers
def in_subnet(cursor: str, bind_vars: Json, fn: FunctionTerm,
model: QueryModel) -> str:
"""
Assumptions and requirements:
- this fn only works for IPv4 addresses
- ip addresses are stored as 4 octet with digit string in the reported section
- one argument is given which defines the ip/mask
:param cursor: the cursor to read from
:param bind_vars: the bind_vars to send to arango
:param fn: the function definition
:param model: the related query model.
:return: the AQL filter statement
"""
if len(fn.args) != 1:
raise AttributeError(
"Function in_subnet expects exactly one argument. Example: 1.2.3.4/24"
)
network = IPv4Network(fn.args[0], strict=False)
mask = int(network.netmask)
expected = int(network.network_address) & mask
length = str(len(bind_vars))
bind_vars[length] = expected
return f"BIT_AND(IPV4_TO_NUMBER({cursor}.{fn.property_path}), {mask}) == @{length}"
def prehandle_roa(asn_table: dict, args):
roa = route_to_roa(asn_table)
max_prefixlen = IPv4Network(0).max_prefixlen
roa4 = filter(lambda item: isinstance(item["prefix"], IPv4Network), roa)
roa6 = filter(lambda item: isinstance(item["prefix"], IPv6Network), roa)
if args.ipv4:
roa6 = []
elif args.ipv6:
roa4 = []
roa4 = [
r for r in roa4 if r["prefix"].prefixlen <= args.max
or r["prefix"].prefixlen == max_prefixlen
]
roa6 = [r for r in roa6 if r["prefix"].prefixlen <= args.max6]
for r in roa4:
r["maxLength"] = args.max
if r["prefix"].prefixlen == max_prefixlen:
r["maxLength"] = max_prefixlen
for r in roa6:
r["maxLength"] = args.max6
for r in (*roa4, *roa6):
r["prefix"] = r["prefix"].with_prefixlen
return roa4, roa6
class CloudFlareNetwork:
path = os.path.dirname(str(os.path.realpath(__file__)))
IPV4_NETWORKS = [
IPv4Network(network)
for network in open(path + '/lists/ips-v4').read().splitlines()
]
IPV6_NETWORKS = [
IPv6Network(network)
for network in open(path + '/lists/ips-v6').read().splitlines()
]
def in_range(self, ip):
address = ip_address(ip)
if not address:
return False
if address.version == 4:
return in_network(address, self.IPV4_NETWORKS)
else:
return in_network(address, self.IPV6_NETWORKS)
