def __init__(self, val, config):
self.private_networks = [
Network("127.0.0.0/8"),
Network("10.0.0.0/8"),
Network("172.16.0.0/12"),
Network("192.168.0.0/16"),
]
def _do_interfaces():
net = Network('{}'.format(kwargs['ipvpn_ipnet']))
ipv6net = Network(u'{}'.format(kwargs['ipvpn_ipv6net']))
template = env.get_template('ipvpn/interfaces.j2')
vpns = [str(vpn) for vpn in range(args.vid, args.vid + args.nvpns)]
outer_offest, inner_offset = kwargs['vlan_offsets'].split(' ')
return template.render({
'vpns':
vpns,
'units':
range(args.nid, args.nid + args.nu),
'base_interface':
kwargs['base_interface'],
'subnets': [net + i * 256 for i in range(1, args.nu + 1)],
'v6subnets': [ipv6net + i * 65536 for i in range(1, args.nu + 1)],
'gw':
1,
'inner_vlans':
list(range(1, args.nu + 1)),
'nu':
args.nu,
'inner_offset':
int(inner_offset),
'outer_offset':
int(outer_offest)
})
def do_GET(self):
do_block = True
if len(allowedIP) > 1:
for net in allowedIP:
if self.client_address[0] in Network(net):
do_block = False
else:
if self.client_address[0] in Network(allowedIP[0]):
do_block = False
if do_block:
self.send_error(401)
return
# Проверка на валидность переданой строки
if not re.match(r"^/[\w_\-\:]*$", self.path):
self.send_error(400, "Wrong request string: %s" % self.path)
return
# In [1]: "/vz-list:some".lstrip("/").split(":")
# Out[1]: ['vz-list', 'some']
# In [2]: "/vz-list".lstrip("/").split(":")
# Out[2]: ['vz-list']
cmds = self.path.lstrip("/").split(":")
resp = ""
for cmd in cmds:
if cmd == "" and defaultCmd:
cmd = defaultCmd
if cmd in conf["commands"].keys():
resp += cmd_exec(conf["commands"][cmd])
else:
self.send_error(404, "The command \"%s\" doesn't exist" % cmd)
return
if resp:
self.send_response(200)
self.end_headers()
self.wfile.write("%s" % resp)
def add_network_cidr_mapping(self, network_config):
"""
Method calculates and adds a CloudFormation mapping that is used to set VPC and Subnet CIDR blocks. Calculated based on CIDR block sizes and additionally checks to ensure all network segments fit inside of the specified overall VPC CIDR
@param network_config [dict] dictionary of values containing data for creating
"""
az_count = int(network_config.get('az_count', '2'))
network_cidr_base = str(
network_config.get('network_cidr_base', '172.16.0.0'))
network_cidr_size = str(network_config.get('network_cidr_size', '20'))
first_network_address_block = str(
network_config.get('first_network_address_block',
network_cidr_base))
ret_val = {}
cidr_info = Network(network_cidr_base + '/' + network_cidr_size)
base_cidr = cidr_info.network().to_tuple()[0] + '/' + str(
cidr_info.to_tuple()[1])
ret_val['vpcBase'] = {'cidr': base_cidr}
current_base_address = first_network_address_block
subnet_types = network_config.get('subnet_types',
['public', 'private'])
for index in range(0, len(subnet_types)):
subnet_type = subnet_types[index]
subnet_size = network_config.get(subnet_type + '_subnet_size',
'22')
if index != 0:
range_reset = Network(current_base_address + '/' +
str(subnet_size))
current_base_address = IP(
int(range_reset.host_last().hex(), 16) + 2).to_tuple()[0]
for subnet_id in range(0, az_count):
if not cidr_info.check_collision(current_base_address):
raise RuntimeError(
'Cannot continue creating network--current base address is outside the range of the master Cidr block. Found on pass '
+ str(index + 1) + ' when creating ' + subnet_type +
' subnet cidrs')
ip_info = Network(current_base_address + '/' +
str(subnet_size))
range_info = ip_info.network().to_tuple()
if 'subnet' + str(subnet_id) not in ret_val:
ret_val['subnet' + str(subnet_id)] = dict()
ret_val['subnet' +
str(subnet_id)][subnet_type] = ip_info.network(
).to_tuple()[0] + '/' + str(ip_info.to_tuple()[1])
current_base_address = IP(
int(ip_info.host_last().hex(), 16) + 2).to_tuple()[0]
return self.template.add_mapping('networkAddresses', ret_val)
def is_private_ip(ip):
try:
network = Network(ip)
if network.info() == "PRIVATE":
return ip
except ValueError as e:
return
def _parse_ip(self, directive: str):
parts = directive.split('-')
if len(parts) > 1:
return IPRange(IP(parts[0]), IP(parts[1]))
if '/' in parts[0]:
return Network(parts[0])
return IP(parts[0])
def test_ipv6_4(self):
net = Network('2001:dead:beef:1:c01d:c01a::', 'ffff:ffff:ffff::')
self.assertTrue(
str(net) == '2001:dead:beef:0001:c01d:c01a:0000:0000/48')
self.assertTrue(
str(net.to_compressed()) == '2001:dead:beef:1:c01d:c01a::')
self.assertTrue(
str(net.to_ipv6().to_compressed()) ==
'2001:dead:beef:1:c01d:c01a::')
self.assertTrue(net.info() == 'UNKNOWN')
self.assertTrue(net.subnet() == 48)
self.assertTrue(net.size() == 1 << (128 - 48))
self.assertTrue(int(net) == 0x2001deadbeef0001c01dc01a00000000)
self.assertTrue(
net.hex().lower() == '2001deadbeef0001c01dc01a00000000')
self.assertTrue(
str(net.netmask()) == 'ffff:ffff:ffff:0000:0000:0000:0000:0000')
self.assertTrue(net.version() == 6)
self.assertTrue(
str(net.network()) == '2001:dead:beef:0000:0000:0000:0000:0000')
self.assertTrue(
str(net.broadcast()) == '2001:dead:beef:ffff:ffff:ffff:ffff:ffff')
self.assertFalse('123:456::' in net)
self.assertFalse('::aaaa:bbbb:cccc:dddd' in net)
self.assertFalse('::dddd' in net)
self.assertFalse('::1' in net)
self.assertFalse('123::456' in net)
self.assertTrue('2001:dead:beef:babe::1234' in net)
def test_ipv6_1(self):
net = Network('123::', 128)
self.assertTrue(
str(net) == '0123:0000:0000:0000:0000:0000:0000:0000/128')
self.assertTrue(str(net.to_compressed()) == '123::')
self.assertTrue(str(net.to_ipv6().to_compressed()) == '123::')
self.assertTrue(net.info() == 'UNKNOWN')
self.assertTrue(net.subnet() == 128)
self.assertTrue(net.size() == 1 << (128 - 128))
self.assertTrue(int(net) == (0x123 << 112))
self.assertTrue(
net.hex().lower() == '01230000000000000000000000000000')
self.assertTrue(
str(net.netmask()) == 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff')
self.assertTrue(net.version() == 6)
self.assertTrue(
str(net.network()) == '0123:0000:0000:0000:0000:0000:0000:0000')
self.assertTrue(
str(net.broadcast()) == '0123:0000:0000:0000:0000:0000:0000:0000')
self.assertFalse('123:456::' in net)
self.assertTrue('123::' in net)
self.assertFalse('::1' in net)
self.assertFalse('123::456' in net)
self.assertTrue(str((net + 6).to_compressed()).lower() == '123::6')
self.assertFalse((net + 6) in net)
self.assertTrue(
str((net - 6).to_compressed()).lower() ==
'122:ffff:ffff:ffff:ffff:ffff:ffff:fffa')
self.assertFalse((net - 6) in net)
def get_network(network_addr):
if not network_addr:
print exit("no network IP address defined", 1)
try:
return Network(network_addr)
except ValueError as e:
print exit(e, 1)
def test_ipv6_2(self):
net = Network('::42', 64)
self.assertTrue(
str(net) == '0000:0000:0000:0000:0000:0000:0000:0042/64')
self.assertTrue(str(net.to_compressed()) == '::42')
self.assertTrue(str(net.to_ipv6().to_compressed()) == '::42')
self.assertTrue(net.info() == 'IPV4COMP')
self.assertTrue(net.subnet() == 64)
self.assertTrue(net.size() == 1 << (128 - 64))
self.assertTrue(int(net) == 0x42)
self.assertTrue(
net.hex().lower() == '00000000000000000000000000000042')
self.assertTrue(
str(net.netmask()) == 'ffff:ffff:ffff:ffff:0000:0000:0000:0000')
self.assertTrue(net.version() == 6)
self.assertTrue(
str(net.network()) == '0000:0000:0000:0000:0000:0000:0000:0000')
self.assertTrue(
str(net.broadcast()) == '0000:0000:0000:0000:ffff:ffff:ffff:ffff')
self.assertFalse('123:456::' in net)
self.assertTrue('::aaaa:bbbb:cccc:dddd' in net)
self.assertTrue('::dddd' in net)
self.assertTrue('::1' in net)
self.assertFalse('123::456' in net)
self.assertTrue(str((net + 6).to_compressed()).lower() == '::48')
self.assertTrue((net + 6) in net)
self.assertTrue(str((net - 6).to_compressed()).lower() == '::3c')
self.assertTrue((net - 6) in net)
def is_private(ip):
try:
network = Network(ip)
if network.info() == "PRIVATE":
return True
return False
except ValueError as e:
return
def validate_ip_in_range(subnet_ip, address_prefix):
try:
ips = Network(address_prefix)
if subnet_ip in ips:
return True
except ValueError as e:
current_app.logger.debug(e)
return
def is_overlapping_range(ip_range, subnetworks):
"""
This method checks for IP range collision
:return:
"""
if not subnetworks:
return
try:
ip_range = Network(ip_range)
for subnet in subnetworks:
subnet = Network(subnet)
if ip_range.check_collision(subnet):
return True
except ValueError as e:
current_app.logger.debug(e)
return
def test_ip(method, ip):
my_ip = IP(ip)
network = Network("10.0.0.0/12")
net_list = list(network)
if method == "bin":
return bin_search(net_list, my_ip)
else:
return lin_search(net_list, my_ip)
def validate_ip_range(ip_range):
"""
Validate Ip range
:return:
"""
try:
ips = Network(ip_range)
except ValueError as e:
current_app.logger.debug(e)
return
return True
def get_network(ip_range):
"""
Get network from provided IP
:param ip_range:
:return:
"""
try:
ip = Network(ip_range)
network = "{}/{}".format(str(ip.network()), str(ip.subnet()))
except ValueError as e:
current_app.logger.debug(e)
return
return network
def echo(self, ip: str) -> None:
"""
Send ping echo request to destination
:param ip: destination IP
:return: None
"""
ip_count = 5
args = ip.split(" ")
if len(args) == 3:
if args[0] == "-c":
ip_count = (int)(args[1])
ip = args[2]
elif len(args) == 1:
ip = args[0]
# convert str to IP address object
ip = IP(ip)
# iterate over all interfaces on device to find connected route
#print(self.interfaces)
for name, data in self.interfaces.items():
# print(name)
# find connected interface by checking if destination IP is included in our interface subnets
if ip in Network(data['ip']): # so I convert IP/nm to a Network to be able to use 'in' for checking
# no link (connected device)
if data['connected'] is None:
print(f'Error - interface link down on {name}')
return
# there is link, try to ping
if 'device' in data['connected']:
print(f'Pinging {ip}...')
for n in range(ip_count):
# Pinging ourselves... is fast :)
if data['ip'] == ip:
print('!', end='')
continue
reply = data['connected']['device'].echo_reply(ip) # call echo-reply with destination IP
if reply == "!": # the other end sent back '!' which means destination IP is there
print("!", end='')
sleep(0.100) # simulate network response time
else: # the other end did not send '!' so there is a problem over there
print(".", end='')
sleep(1) # simulate timeout :)
print()
return
print(f'Error - no route to {ip}')
def test_ipv4_3(self):
net = Network('10.10.0.0/255.255.255.0')
self.assertTrue(str(net) == '10.10.0.0/24')
self.assertTrue(str(net.to_ipv6().to_compressed()) == '2002:a0a::')
self.assertTrue(net.info() == 'PRIVATE')
self.assertTrue(net.subnet() == 24)
self.assertTrue(net.size() == 1 << (32 - 24))
self.assertTrue(int(net) == 0x0a0a0000)
self.assertTrue(net.hex().lower() == '0a0a0000')
self.assertTrue(str(net.netmask()) == '255.255.255.0')
self.assertTrue(net.version() == 4)
self.assertTrue(str(net.network()) == '10.10.0.0')
self.assertTrue(str(net.broadcast()) == '10.10.0.255')
self.assertFalse('192.168.0.1' in net)
self.assertFalse('192.168.114.128' in net)
self.assertFalse('10.0.0.1' in net)
self.assertTrue('10.10.0.254' in net)
self.assertTrue('10.10.0.100' in net)
async def find_hosts(redis: Redis, network: str) -> None:
""" Scan the network to detect live hosts
"""
async def is_alive(host: str) -> Union[None, str]:
try:
await ping(dest_addr=host, timeout=10)
except TimeoutError:
return None
else:
return host
tasks: List = []
for host in Network(network):
tasks.append(asyncio.ensure_future(is_alive(str(host))))
hosts = await asyncio.gather(*tasks)
hosts = list(filter(None, hosts))
await save_hosts(redis, hosts, expire=900)
def add_network_cidr_mapping(self, network_config):
"""
Method calculates and adds a CloudFormation mapping that is used to set VPC and Subnet CIDR blocks.
Calculated based on CIDR block sizes and additionally checks to ensure all network segments
fit inside of the specified overall VPC CIDR.
@param network_config [dict] dictionary of values containing data for creating
"""
az_count = int(network_config.get('az_count', '2'))
network_cidr_base = str(
network_config.get('network_cidr_base', '172.16.0.0'))
network_cidr_size = str(network_config.get('network_cidr_size', '20'))
first_network_address_block = str(
network_config.get('first_network_address_block',
network_cidr_base))
ret_val = {}
base_cidr = network_cidr_base + '/' + network_cidr_size
cidr_info = Network(base_cidr)
ret_val['vpcBase'] = {'cidr': base_cidr}
current_base_address = first_network_address_block
subnet_config = self._get_subnet_config_w_cidr(network_config)
subnet_config = self._subnet_configs = list(subnet_config)
for index, subnet_config in enumerate(subnet_config):
subnet_type = subnet_config.get('type', 'private')
subnet_size = subnet_config.get('size', '22')
subnet_name = subnet_config.get('name', 'subnet')
subnet_az = subnet_config.get('AZ', '-1')
subnet_cidr = subnet_config.get('cidr', 'ERROR')
az_key = 'AZ{}'.format(subnet_az)
# TODO: check for subnet collisions
if az_key not in ret_val:
ret_val[az_key] = dict()
if subnet_name not in ret_val[az_key]:
ret_val[az_key][subnet_name] = dict()
ret_val[az_key][subnet_name] = subnet_cidr
return self.add_mapping('networkAddresses', ret_val)
def test_ipv4_1(self):
net = Network('192.168.114.42', 23)
self.assertTrue(str(net) == '192.168.114.42/23')
self.assertTrue(
str(net.to_ipv6().to_compressed()) == '2002:c0a8:722a::')
self.assertTrue(net.info() == 'PRIVATE')
self.assertTrue(net.subnet() == 23)
self.assertTrue(net.size() == 1 << (32 - 23))
self.assertTrue(int(net) == 0xc0a8722a)
self.assertTrue(net.hex().lower() == 'c0a8722a')
self.assertTrue(str(net.netmask()) == '255.255.254.0')
self.assertTrue(net.version() == 4)
self.assertTrue(str(net.network()) == '192.168.114.0')
self.assertTrue(str(net.broadcast()) == '192.168.115.255')
self.assertFalse('192.168.0.1' in net)
self.assertTrue('192.168.114.128' in net)
self.assertFalse('10.0.0.1' in net)
self.assertTrue(str(net + 6) == '192.168.114.48/23')
self.assertTrue((net + 6) in net)
self.assertTrue(str(net - 6) == '192.168.114.36/23')
self.assertTrue((net - 6) in net)
def get_subnet_cidr_block(address_prefix, host_count):
"""
This method exctracts the required host addresses from the address prefix, returns the
updated host prefix and ip range
:return:
"""
try:
address_prefix = Network(address_prefix)
cidr_block_size = get_cidr_block_size(host_count)
split_address = str(address_prefix).split("/")
if not len(split_address) == 2:
return
ip_range = split_address[0] + cidr_block_size
address_prefix = address_prefix.__add__(int(host_count))
except ValueError as e:
current_app.logger.debug(e)
return
return ip_range, address_prefix
def search_by_ip(self, ip):
address_objects = []
search_objects = []
if "\"" not in ip:
# find networks containing the search
for line in self.config.get_filtered_lines(
"address", ["/"],
[ip, "/32", "description", "address-set"]):
m = re.search('address (.*) (.*)', line)
network = m.group(2)
if m:
if ip in Network(network):
address_objects.append(m.group(1))
search_objects.append(m.group(1))
else:
ip = ip.strip("\"")
if "/" not in ip:
ip += "/32"
for line in self.config.get_filtered_lines("address", [self.lpad(ip)],
["address-set"]):
m = re.search('address (.+?) ', line)
if m:
address_objects.append(m.group(1))
search_objects.append(m.group(1))
for a in address_objects:
for line in self.config.get_filtered_lines("address",
[self.lpad(a)],
["global address "]):
m = re.search('address-set (.+?) ', line)
if m:
search_objects.append(m.group(1))
return self.search(self.get_policies_for_search_terms(search_objects))
def network(self):
return Network(self.ip)
'is_hosting_provider',
'is_public_proxy',
'is_tor_exit_node',
)
)
i = 0
with open('imp.csv', 'r') as raw_db:
raw_db.readline()
for raw_row in csv.reader(raw_db, delimiter=','):
impression_ip = raw_row[1]
with open(
'GeoIP2-Anonymous-IP-Blocks-IPv4.csv', 'r'
) as anon_db:
anon_db.readline()
for anon_row in csv.reader(
anon_db, delimiter=','
):
anon_row = [
'0' if x == '' else x for x in anon_row
] # fill empty row with 0
anonynous_ip = anon_row[0]
if impression_ip in Network(anonynous_ip):
write_find(raw_row, anon_row)
break
i += 1
if i > COUNTER:
out.close()
break
def cidr_to_dotted_mask(prefix):
from ipcalc import Network
return str(Network(prefix).netmask())
def is_subprefix(prefix, subprefix):
from ipcalc import Network
return subprefix in Network(prefix)
