def clean_int_v4netmaskbit(self): ip = self.cleaned_data.get("int_ipv4address") nw = self.cleaned_data.get("int_v4netmaskbit") if not nw or not ip: return nw network = IPNetwork('%s/%s' % (ip, nw)) used_networks = [] qs = models.Interfaces.objects.all() if self.instance.id: qs = qs.exclude(id=self.instance.id) for iface in qs: if iface.int_v4netmaskbit: used_networks.append( IPNetwork('%s/%s' % ( iface.int_ipv4address, iface.int_v4netmaskbit, ))) for alias in iface.alias_set.all(): if alias.alias_v4netmaskbit: used_networks.append( IPNetwork('%s/%s' % ( alias.alias_v4address, alias.alias_v4netmaskbit, ))) for unet in used_networks: if unet.overlaps(network): raise forms.ValidationError( _("The network %s is already in use by another NIC.") % (network.masked(), )) return nw
def get_nodes_deployed_state(self): if not self.environment().has_snapshot('nodes-deployed'): self.ci().get_empty_state() self.update_modules() self.remote().execute("killall bootstrap_admin_node.sh") write_config( self.remote(), "/root/fuel.defaults", iso_master.get_config( hostname="master", domain="localdomain", management_interface=INTERFACES["internal"], management_ip=self.nodes( ).masters[0].get_ip_address_by_network_name("internal"), management_mask=self.ci().internal_net_mask(), external_interface=INTERFACES["public"], dhcp_start_address=IPNetwork( self.ci().internal_network())[50], dhcp_end_address=IPNetwork( self.ci().internal_network())[100], mirror_type='custom', external_ip="", external_mask="", parent_proxy=PARENT_PROXY, puppet_master_version=PUPPET_MASTER_VERSION)) self.remote().execute( "/usr/local/sbin/bootstrap_admin_node.sh --batch-mode") self.prepare_cobbler_environment() self.environment().revert('nodes-deployed') for node in self.nodes(): node. await ('internal')
def clean(self): cdata = self.cleaned_data ipv4vip = cdata.get("alias_vip") ipv4addr = cdata.get("alias_v4address") ipv4net = cdata.get("alias_v4netmaskbit") ipv6addr = cdata.get("alias_v6address") ipv6net = cdata.get("alias_v6netmaskbit") ipv4 = True if ipv4addr and ipv4net else False ipv6 = True if ipv6addr and ipv6net else False # IF one field of ipv4 is entered, require the another if (ipv4addr or ipv4net) and not ipv4: if not ipv4addr and not self._errors.get('alias_v4address'): self._errors['alias_v4address'] = self.error_class([ _("You have to specify IPv4 address as well per alias"), ]) if not ipv4net and 'alias_v4netmaskbit' not in self._errors: self._errors['alias_v4netmaskbit'] = self.error_class([ _("You have to choose IPv4 netmask as well per alias"), ]) # IF one field of ipv6 is entered, require the another if (ipv6addr or ipv6net) and not ipv6: if not ipv6addr and not self._errors.get('alias_v6address'): self._errors['alias_v6address'] = self.error_class([ _("You have to specify IPv6 address as well per alias"), ]) if not ipv6net: self._errors['alias_v6netmaskbit'] = self.error_class([ _("You have to choose IPv6 netmask as well per alias"), ]) if ipv6 and ipv4: self._errors['__all__'] = self.error_class([ _("You have to choose between IPv4 or IPv6 per alias"), ]) configured_vip = False if ipv4vip and hasattr(self, 'parent'): iface = self.parent.instance ip = IPNetwork('%s/32' % ipv4vip) network = IPNetwork('%s/%s' % ( iface.int_ipv4address, iface.int_v4netmaskbit, )) if ip.overlaps(network): configured_vip = True if ( not configured_vip and not ipv6 and not (ipv6addr or ipv6net) and not ipv4 and not (ipv4addr or ipv4net) ): self._errors['__all__'] = self.error_class([ _("You must specify either an valid IPv4 or IPv6 with maskbit " "per alias"), ]) return cdata
def clean(self): cdata = self.cleaned_data ipv4key = 'int_ipv4address' ipv4addr = cdata.get(ipv4key) ipv4addr_b = cdata.get('int_ipv4address_b') ipv4net = cdata.get("int_v4netmaskbit") if ipv4addr and ipv4addr_b and ipv4net: network = IPNetwork('%s/%s' % (ipv4addr, ipv4net)) if not network.overlaps(IPNetwork('%s/%s' % (ipv4addr_b, ipv4net))): self._errors['int_ipv4address_b'] = self.error_class( [_('The IP must be within the same network')]) ipv6addr = cdata.get("int_ipv6address") ipv6net = cdata.get("int_v6netmaskbit") ipv4 = True if ipv4addr and ipv4net else False ipv6 = True if ipv6addr and ipv6net else False # IF one field of ipv4 is entered, require the another if (ipv4addr or ipv4net) and not ipv4: if not (ipv4addr or ipv4addr_b) and not self._errors.get(ipv4key): self._errors[ipv4key] = self.error_class([ _("You have to specify IPv4 address as well"), ]) if not ipv4net and 'int_v4netmaskbit' not in self._errors: self._errors['int_v4netmaskbit'] = self.error_class([ _("You have to choose IPv4 netmask as well"), ]) # IF one field of ipv6 is entered, require the another if (ipv6addr or ipv6net) and not ipv6: if not ipv6addr and not self._errors.get('int_ipv6address'): self._errors['int_ipv6address'] = self.error_class([ _("You have to specify IPv6 address as well"), ]) if not ipv6net: self._errors['int_v6netmaskbit'] = self.error_class([ _("You have to choose IPv6 netmask as well"), ]) if ipv6 and ipv4: self._errors['__all__'] = self.error_class([ _("You have to choose between IPv4 or IPv6"), ]) vip = cdata.get("int_vip") dhcp = cdata.get("int_dhcp") if not dhcp: if vip and not ipv4addr_b: self._errors['int_ipv4address_b'] = self.error_class( [_("This field is required for failover")]) if vip and not ipv4addr: self._errors['int_ipv4address'] = self.error_class( [_("This field is required for failover")]) return cdata
def router(self, router_name=None): router_name = router_name or self.admin_net if router_name == self.admin_net2: return str( IPNetwork(self.get_virtual_environment().network_by_name( router_name).ip_network)[2]) return str( IPNetwork(self.get_virtual_environment().network_by_name( router_name).ip_network)[1])
def __chk_ip(self, tnode, my_ip): if IPNetwork(my_ip) in tnode.key: return tnode else: sub = tnode.subs[IPNetwork(my_ip) > tnode.key] # k is in left or right? if sub != NIL_NODE: # we have a subtree that side return self.__chk_ip(sub, my_ip) else: return None
def clean_alias_v4netmaskbit(self): vip = self.cleaned_data.get("alias_vip") ip = self.cleaned_data.get("alias_v4address") nw = self.cleaned_data.get("alias_v4netmaskbit") if not nw or not ip: return nw network = IPNetwork('%s/%s' % (ip, nw)) if vip: if not network.overlaps(IPNetwork('%s/%s' % (vip, nw))): raise forms.ValidationError(_( 'Virtual IP is not in the same network' )) if ( self.instance.id and self.instance.alias_interface.int_interface.startswith('carp') ): return nw used_networks = [] qs = models.Interfaces.objects.all().exclude( int_interface__startswith='carp' ) if self.instance.id: qs = qs.exclude(id=self.instance.alias_interface.id) elif self.parent.instance.id: qs = qs.exclude(id=self.parent.instance.id) for iface in qs: if iface.int_v4netmaskbit: used_networks.append( IPNetwork('%s/%s' % ( iface.int_ipv4address, iface.int_v4netmaskbit, )) ) for alias in iface.alias_set.all(): if alias.alias_v4netmaskbit: used_networks.append( IPNetwork('%s/%s' % ( alias.alias_v4address, alias.alias_v4netmaskbit, )) ) for unet in used_networks: if unet.overlaps(network): raise forms.ValidationError( _("The network %s is already in use by another NIC.") % ( network.masked(), ) ) return nw
def load_cluster_networks(self): self.cluster_net = None self.public_net = None osd = self.get_alive_osd() if osd is not None: cluster_net_str = osd.config.get('cluster_network') if cluster_net_str is not None and cluster_net_str != "": self.cluster_net = IPNetwork(cluster_net_str) public_net_str = osd.config.get('public_network', None) if public_net_str is not None and public_net_str != "": self.public_net = IPNetwork(public_net_str)
def one(): environment = Environment.create('cdrom') internal_pool = Network.create_network_pool( networks=[IPNetwork('10.108.0.0/16')], prefix=24) private_pool = Network.create_network_pool( networks=[IPNetwork('10.108.0.0/16')], prefix=24) external_pool = Network.create_network_pool( networks=[IPNetwork('172.18.95.0/24')], prefix=27) internal = Network.network_create(environment=environment, name='internal', pool=internal_pool) external = Network.network_create(environment=environment, name='external', pool=external_pool, forward='nat') private = Network.network_create(environment=environment, name='private', pool=private_pool) for i in range(1, 2): node = Node.node_create(name='test_node' + str(i), environment=environment) Interface.interface_create(node=node, network=internal) Interface.interface_create(node=node, network=external) Interface.interface_create(node=node, network=private) volume = Volume.volume_get_predefined( '/var/lib/libvirt/images/centos63-cobbler-base.qcow2') v3 = Volume.volume_create_child('test_vp895' + str(i), backing_store=volume, environment=environment) v4 = Volume.volume_create_child('test_vp896' + str(i), backing_store=volume, environment=environment) DiskDevice.node_attach_volume(node=node, volume=v3) DiskDevice.node_attach_volume(node, v4) DiskDevice.node_attach_volume( node, Volume.volume_get_predefined( '/var/lib/libvirt/images/fuel-centos-6.3-x86_64.iso'), device='cdrom', bus='sata') environment.define() environment.start() remotes = [] for node in environment.get_nodes(): node. await ('internal') node.remote('internal', 'root', 'r00tme').check_stderr('ls -la', verbose=True) remotes.append(node.remote('internal', 'root', 'r00tme')) SSHClient.execute_together(remotes, 'ls -la')
def _fix_connected_route(self, ifaceobj, vifacename, addr): # # XXX: Hack to make sure the primary address # is the first in the routing table. # # We use `ip route get` on the vrr network to see which # device the kernel returns. if it is the mac vlan device, # flap the macvlan device to adjust the routing table entry. # # flapping the macvlan device makes sure the macvlan # connected route goes through delete + add, hence adjusting # the order in the routing table. # try: self.logger.info('%s: checking route entry ...' % ifaceobj.name) ip = IPNetwork(addr) route_prefix = '%s/%d' % (ip.network, ip.prefixlen) dev = self.ipcmd.ip_route_get_dev(route_prefix) if dev and dev == vifacename: self.logger.info( '%s: preferred routing entry ' % ifaceobj.name + 'seems to be of the macvlan dev %s' % vifacename + ' .. flapping macvlan dev to fix entry.') self.ipcmd.link_down(vifacename) self.ipcmd.link_up(vifacename) except Exception, e: self.logger.debug('%s: fixing route entry failed (%s)' % str(e)) pass
def configure_second_admin_cobbler(self): dhcp_template = '/etc/cobbler/dnsmasq.template' remote = self.get_admin_remote() main_admin_ip = str(self.nodes().admin.get_ip_address_by_network_name( self.admin_net)) second_admin_ip = str(self.nodes().admin.get_ip_address_by_network_name( self.admin_net2)) second_admin_network = self.get_network(self.admin_net2).split('/')[0] second_admin_netmask = self.get_net_mask(self.admin_net2) network = IPNetwork('{0}/{1}'.format(second_admin_network, second_admin_netmask)) discovery_subnet = [net for net in network.iter_subnets(1)][-1] first_discovery_address = str(discovery_subnet.network) last_discovery_address = str(discovery_subnet.broadcast - 1) new_range = ('dhcp-range=internal2,{0},{1},{2}\\n' 'dhcp-option=net:internal2,option:router,{3}\\n' 'dhcp-boot=net:internal2,pxelinux.0,boothost,{4}\\n').\ format(first_discovery_address, last_discovery_address, second_admin_netmask, second_admin_ip, main_admin_ip) cmd = ("dockerctl shell cobbler sed -r '$a \{0}' -i {1};" "dockerctl shell cobbler cobbler sync").format( new_range, dhcp_template) result = remote.execute(cmd) assert_equal(result['exit_code'], 0, ('Failed to add second admin' 'network to cobbler: {0}').format(result))
def afi_match(host): if host == "any": return True elif IPNetwork(host).version == afi: return True else: return False
def test_ip_blacklist(self): http.DISALLOWED_IPS = set([ IPNetwork('127.0.0.1'), IPNetwork('::1'), IPNetwork('10.0.0.0/8') ]) with pytest.raises(SuspiciousOperation): http.safe_urlopen('http://127.0.0.1') with pytest.raises(SuspiciousOperation): http.safe_urlopen('http://10.0.0.10') with pytest.raises(SuspiciousOperation): # '2130706433' is dword for '127.0.0.1' http.safe_urlopen('http://2130706433') with pytest.raises(SuspiciousOperation): # ipv6 http.safe_urlopen('http://[::1]')
def is_valid_url(url): """ Tests a URL to ensure it doesn't appear to be a blacklisted IP range. """ parsed = urlparse(url) if not parsed.hostname: return False server_hostname = get_server_hostname() if parsed.hostname == server_hostname: return True try: ip_address = socket.gethostbyname(parsed.hostname) except socket.gaierror: return False if ip_address == server_hostname: return True ip_network = IPNetwork(ip_address) for addr in DISALLOWED_IPS: if ip_network in addr: return False return True
def __init__(self, network): #XXX: overload type? self.network = IPNetwork(network) self.managed_addresses = [] self.unmanaged_addresses = self.addresses #XXX: should auto call save? print "Instantiated NetworkManager for %s" % self.network
def get_normalized_ipv6_line(line): """ Return a normalized IPv6 line as produced by frr, with all letters in lower case and trailing and leading zeros removed, and only the network portion present if the IPv6 word is a network """ norm_line = "" words = line.split(' ') for word in words: if ":" in word: norm_word = None if "/" in word: try: v6word = IPNetwork(word) norm_word = '%s/%s' % (v6word.network, v6word.prefixlen) except ValueError: pass if not norm_word: try: norm_word = '%s' % IPv6Address(word) except ValueError: norm_word = word else: norm_word = word norm_line = norm_line + " " + norm_word return norm_line.strip()
def get(self): esstore = current_app.extensions['es_access_store'] mpstore = current_app.extensions['mp_access_store'] args = self.parser.parse_args() event = args['event'][:120] auth_token = request.headers.get('Auth-Token') ip_resolver = current_app.config['IP_RESOLVER'] ip = RateLimiter.get_remote_addr() ip_net = IPNetwork(ip) resolved_org = ip_resolver['default'] for net, org in ip_resolver.items(): if isinstance(net, (IPv4Network, IPv6Network)): if net.overlaps(ip_net): resolved_org = org break data = dict(ip=ip, org=resolved_org, host=request.host, timestamp=datetime.now(), event=event) if auth_token: payload = TokenAuthentication.get_payload_from_token(auth_token) data['app_name'] = payload['app_name'] # esstore.store_event(data) mpstore.store_event(data) data['timestamp'] = str(data['timestamp']) return CTTVResponse.OK(SimpleResult(None, data=data))
def idx_lastDecimalIp(self): last_decimal_ip = None if isip(self.id): net = IPNetwork(ipunwrap(self.id)) first_decimal_ip = long(int(net.network)) last_decimal_ip = str(long(first_decimal_ip + math.pow(2, net.max_prefixlen - self.netmask) - 1)) return last_decimal_ip
def clean_whitelist_ip(self): data = self.cleaned_data['whitelist_ip'] if data: try: address = IPNetwork(data) if address.version == 4: if address.prefixlen < settings.WHITELIST_IP_MAX_SUBNET_V4: error = _( "Currently no prefix lengths < %s are allowed" ) % settings.WHITELIST_IP_MAX_SUBNET_V4 raise forms.ValidationError(error) if address.version == 6: if address.prefixlen < settings.WHITELIST_IP_MAX_SUBNET_V6: error = _( "Currently no prefix lengths < %s are allowed" ) % settings.WHITELIST_IP_MAX_SUBNET_V6 raise forms.ValidationError(error) if address.is_unspecified: raise forms.ValidationError('Address is unspecified') except ValueError: raise forms.ValidationError( _('%(address)s is not a valid address') % {'address': data}) data = address.compressed return data
def forwards(self, orm): "Write your forwards methods here." # Note: Remember to use orm['appname.ModelName'] rather than "from appname.models..." for share in orm['sharing.NFS_Share'].objects.all(): net = share.nfs_network net = re.sub(r'\s{2,}|\n', ' ', net).strip() networks = [] hosts = [] for n in net.split(' '): try: IPNetwork(n.encode('utf-8')) if n.find("/") == -1: raise ValueError(n) networks.append(n) except: hosts.append(n) share.nfs_network = ' '.join(networks) share.nfs_hosts = ' '.join(hosts) spath = orm['sharing.NFS_Share_Path']() spath.path = share.nfs_path spath.share = share spath.save() share.save()
def _syntax_check_multiple_gateway(self, family, found, addr, type_obj): if type(IPNetwork(addr)) == type_obj: if found: raise Exception('%s: multiple gateways for %s family' % (addr, family)) return True return False
def gen_nets(self, locations, infile): for row in csv.DictReader(infile): nets = [IPNetwork(row['network'])] org = decode_text(row['autonomous_system_organization']) asn = row['autonomous_system_number'] entry = u'AS{} {}'.format(asn, org) yield nets, (serialize_text(entry),)
def create_networks(self, name, l2_device_config, address_pools): # TODO(ddmitriev): use 'address_pool' attribute to get the address_pool # for 'l2_device' as an object # Get address_pool from 'address_pools' object if 'address_pool' in l2_device_config: address_pool = address_pools[l2_device_config['address_pool']] networks, prefix = address_pool['net'].split(':') ip_networks = [IPNetwork(x) for x in networks.split(',')] new_prefix = int(prefix) pool = Network.create_network_pool(networks=ip_networks, prefix=new_prefix) else: pool = None if 'forward' in l2_device_config: forward = l2_device_config['forward']['mode'] else: forward = None has_dhcp_server = (l2_device_config.get('dhcp', 'false') == 'true') net = Network.network_create( name=name, environment=self, pool=pool, forward=forward, has_dhcp_server=has_dhcp_server) net.define() return net
def get_ip_obj(cls, module_name, ifname, addr): if addr: try: return IPNetwork(addr) if '/' in addr else IPAddress(addr) except Exception as e: cls.logger.warning('%s: %s: %s' % (module_name, ifname, str(e))) return None
def gen_nets(self, locations, infile): for row in csv.DictReader(infile): location = locations.get(row['geoname_id']) if location is None: continue nets = [IPNetwork(row['network'])] country_iso_code = location['country_iso_code'] or location[ 'continent_code'] fips_code = geoname2fips.get(location['geoname_id']) if fips_code is None: logging.debug('Missing fips-10-4 for {}'.format( location['subdivision_1_name'])) fips_code = '00' else: logging.debug('fips-10-4 for {} is {}'.format( location['subdivision_1_name'], fips_code)) yield nets, ( country_iso_code, serialize_text(fips_code), # region serialize_text(decode_text(location['city_name'])), serialize_text(row['postal_code']), row['latitude'], row['longitude'], location['metro_code'], '') # area_code
def get_network(ip): try: address = IPNetwork(ip) except Exception: return (False, _('Invalid network address format')) else: return (True, address)
def _contain_public_ip(data, _used_networks): _has_public_ip = False _ip_regex = (r'\b((\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5])\.){3}' r'(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5])\b') _not_public_regex = [ r'\b10(\.\d{1,3}){3}', r'\b127(\.\d{1,3}){3}', r'\b169\.254(\.\d{1,3}){2}', r'172\.(1[6-9]|2[0-9]|3[0-1])(\.\d{1,3}){2}', r'192\.168(\.\d{1,3}){2}', r'2(2[4-9]|[3-5][0-9])(\.\d{1,3}){3}' ] for _match in re.finditer(_ip_regex, data): # If IP address isn't public and doesn't belong to defined for # deployment pools (e.g. admin, public, storage), then skip it if any(re.search(_r, _match.group()) for _r in _not_public_regex) \ and not any(IPAddress(_match.group()) in IPNetwork(net) for net in _used_networks): continue logger.debug('Usage statistics with public IP(s):\n {0}'. format(data)) logger.error('Found public IP in usage statistics: "{0}"'.format( _match.group())) _has_public_ip = True return _has_public_ip
def is_valid_url(url): """ Tests a URL to ensure it doesn't appear to be a blacklisted IP range. """ # If we have no disallowed ips, we can skip any further validation # and there's no point in doing a DNS lookup to validate against # an empty list. if not DISALLOWED_IPS: return True parsed = urlparse(url) if not parsed.hostname: return False server_hostname = get_server_hostname() if parsed.hostname == server_hostname: return True try: ip_address = socket.gethostbyname(parsed.hostname) except socket.gaierror: return False if ip_address == server_hostname: return True ip_network = IPNetwork(ip_address) for addr in DISALLOWED_IPS: if ip_network in addr: return False return True
def do_add_netrange(self, cidr): ''' Add a known CIDR owned by the target eg: 8.8.8.0/23 ''' ip = cidr.split('/')[0] whoisObj = IPWhois(ip) whois = whoisObj.lookup_whois for x in whois()['nets']: print(x['description']) host_lookup = input("Do a host lookup on each address (y/n)? ") if cidr != "": target.networks.append(cidr) netrange = IPNetwork(cidr) else: print("You have to specify a cidr") netrange = input("Network? (eg:192.168.0.1/30)") if cidr != "": if host_lookup.lower() == 'y': for ip in netrange: ip = str(ip) self.add_new_ip(ip, source="{}".format('manual_cidr')) fqdn = str(socket.getfqdn(ip)) if fqdn not in target.master[ip]['fqdns']: target.master[ip]['fqdns'].append(fqdn) print("Added: {}\t{}".format(ip, fqdn)) else: for ip in netrange: ip = str(ip) if ip not in target.master.keys(): self.add_new_ip(ip, source="{}".format('manual_cidr'))
def call_proxy_url(request, uuid): context = request.GET.get('context') ip = IPAddress(request.META['REMOTE_ADDR']) for subnet in TrustedSubnet.objects.all(): if ip in IPNetwork(subnet.subnet): break else: return HttpResponseForbidden() proxy_url = get_object_or_404( ProxyUrl.objects.filter(uuid=uuid, context=context, subnet=subnet)) proxy_url.last_access = datetime.now() proxy_url.save() view, args, kwargs = resolve(proxy_url.url) user = proxy_url.user user.backend = proxy_url.user_backend or \ settings.AUTHENTICATION_BACKENDS[0] login(request, user) request.proxy_url = proxy_url kwargs['request'] = request return view(*args, **kwargs)