def refresh(self):
'''Gets information about this device from the Linux kernel'''
# Open a netlink socket
netlink = IPRoute()
raw_ifaces = netlink.get_links()
for raw_iface in raw_ifaces:
if raw_iface.get_attr('IFLA_ADDRESS') == self.mac_address:
index = raw_iface['index']
self.state = raw_iface.get_attr('IFLA_OPERSTATE')
self.current_name = raw_iface.get_attr('IFLA_IFNAME')
self.mac_address = raw_iface.get_attr('IFLA_ADDRESS')
# Get the addrs per interface
addrs = netlink.get_addr(index=index)
for addr in addrs:
nic_ip_address = ipaddress.ip_address(
addr.get_attr('IFA_ADDRESS'))
# Getting the netmask is somewhat more involved unfortunately. Under Linux
# the netmask is NOT stored with the interface, but in the routing table
# which is not connected to the interface at all. We need the netmask
# to know which hosts we can see on a level 2 segment scan with nmap, as well
# as what we should expect to see on a ND probe with NMAP.
# To do this, we need to pull the network routing table, and walk it. For every
# configured IP address, we'll find multiple routing entries:
#
# The first will be a /32 (v4) or /128 (v6) referring to ourselves so that
# loopback works. We'll also find a broadcast route like this
#
# Secondly, we'll also have one entry per gateway with a dst_len of 0. We'll
# ignore these as these are global and not per interface
#
# Thirdly, we'll have our network and it's netmask
#
# Routing table entries have a preferred src (PREFSRC) value which may or may
# not be set saying which IP is preferred when using this route. This is a
# trap, we can't use this value because in multihoming scenarios, this won't
# get the information we want
if nic_ip_address.version == 4:
self_prefixlen = 32
routing_table = netlink.get_routes(family=AF_INET)
else: # v6
self_prefixlen = 128
routing_table = netlink.get_routes(family=AF_INET6)
for route in routing_table:
# Filter out gateway routes
if route.get_attr('RTA_GATEWAY') is not None:
continue
if 'dst_len' not in route:
continue
dst_len = route['dst_len']
if dst_len == self_prefixlen or dst_len == 0:
continue # Self or default
# Filter out the network if its a self address, or len of 0
rta_dst = route.get_attr('RTA_DST')
if rta_dst is None:
continue
rta_dst += "/" + str(dst_len)
route_ipnet = ipaddress.ip_network(rta_dst,
strict=True)
# Filter out link local addresses
if route_ipnet.is_link_local:
continue
if nic_ip_address in route_ipnet:
# We've got a winner!
#print("Got network match. Interface", self.name, " ", str(rta_dst))
# Create an IP address object and store it
ip_obj = IPAddressConfig(str(nic_ip_address),
dst_len)
self.current_ip_addresses.append(ip_obj)
# And clean up after ourselves
netlink.close()
def setup(self):
self.ip = IPRoute()
from pyroute2.netlink import NLM_F_REQUEST
from pyroute2.netlink import NLM_F_DUMP
from pyroute2.netlink.nl80211 import nl80211cmd
from pyroute2.netlink.nl80211 import NL80211_NAMES
logging.basicConfig(level=logging.DEBUG)
logger = logging.getLogger("scandump")
logger.setLevel(level=logging.INFO)
# interface name to dump scan results
ifname = sys.argv[1]
iw = IW()
ip = IPRoute()
ifindex = ip.link_lookup(ifname=ifname)[0]
ip.close()
# CMD_GET_SCAN doesn't require root privileges.
# Can use 'nmcli device wifi' or 'nmcli d w' to trigger a scan which will fill
# the scan results cache for ~30 seconds.
# See also 'iw dev $yourdev scan dump'
msg = nl80211cmd()
msg['cmd'] = NL80211_NAMES['NL80211_CMD_GET_SCAN']
msg['attrs'] = [['NL80211_ATTR_IFINDEX', ifindex]]
scan_dump = iw.nlm_request(msg,
msg_type=iw.prid,
msg_flags=NLM_F_REQUEST | NLM_F_DUMP)
for network in scan_dump:
def __init__(self, log, inv_file):
inv = Inventory(log, inv_file)
self.log = log
self.ext_label_dev = inv.get_mgmt_switch_external_dev_label()
if inv.is_passive_mgmt_switches():
if self.ext_label_dev:
self.log.info('Passive Management Switch(es) Detected')
print(self.ext_label_dev)
sys.exit(0)
else:
self.log.error('Management switch not found')
sys.exit(1)
for self.ipv4 in inv.yield_mgmt_switch_ip():
pass
mgmt_network = inv.get_ipaddr_mgmt_network()
self.broadcast = str(netaddr.IPNetwork(mgmt_network).broadcast)
self.mask = str(netaddr.IPNetwork(mgmt_network).netmask)
if self.ext_label_dev:
self.log.debug('External dev label %s was specified' %
self.ext_label_dev)
else:
self.log.debug('External dev label was not specified')
self.ext_ip_dev = inv.get_mgmt_switch_external_dev_ip()
self.ext_prefix = inv.get_mgmt_switch_external_prefix()
for self.ext_ip_switch in inv.yield_mgmt_switch_external_switch_ip():
pass
self.ext_broadcast = str(
netaddr.IPNetwork(self.ext_ip_dev + '/' +
self.ext_prefix).broadcast)
self.ext_mask = str(
netaddr.IPNetwork(self.ext_ip_dev + '/' + self.ext_prefix).netmask)
self.ipr = IPRoute()
for link in self.ipr.get_links():
kind = None
try:
self.label = (link.get_attr('IFLA_IFNAME'))
kind = (
link.get_attr('IFLA_LINKINFO').get_attr('IFLA_INFO_KIND'))
except:
pass
if kind == self.BRIDGE:
if self.ipr.get_addr(label=self.label,
broadcast=self.broadcast):
self.log.info('Bridge %s on management subnet %s found' %
(self.label, mgmt_network))
if self._ping(self.ipv4, self.label):
self.log.info('Management switch found on %s' %
self.label)
sys.exit(0)
else:
self.log.debug('Management switch not found on %s' %
self.label)
if self.ext_label_dev:
self.dev = self.ipr.link_lookup(ifname=self.ext_label_dev)[0]
self._add_ip()
# Print to stdout for Ansible playbook to register
print(self.ext_label_dev)
else:
switch_found = False
for link in self.ipr.get_links():
kind = None
try:
self.label = (link.get_attr('IFLA_IFNAME'))
kind = (link.get_attr('IFLA_LINKINFO').get_attr(
'IFLA_INFO_KIND'))
except:
pass
if self.label != self.LOCAL and not kind:
self.dev = self.ipr.link_lookup(ifname=self.label)[0]
self._add_ip()
if self._ping(self.ext_ip_switch, self.label):
switch_found = True
self.log.info('Management switch found on %s' %
self.label)
self._configure_switch()
else:
self.log.debug('Management switch not found on %s' %
self.label)
self._del_ip()
if switch_found:
break
if not switch_found:
self.log.error('Management switch not found')
sys.exit(1)
# Print to stdout for Ansible playbook to register
print(self.label)
def test_multiple_instances(self):
ip1 = IPRoute()
ip2 = IPRoute()
ip1.close()
ip2.close()
def __init__(self):
Base.__init__(self)
self.ipr = IPRoute()
self.nodes = []
def remove_bridge(self):
"""Destroy the bridge."""
ipr = IPRoute()
logger.debug('Remove bridge %s', self.bridge_name)
ipr.link('del', ifname=self.bridge_name)
import argparse
import sys
import os
import re
import platform
from pyroute2 import IPRoute
from docker import errors
from lib.config import Config
from lib.genesis import GEN_PATH
from lib.container import Container
import lib.logger as logger
from lib.utilities import sub_proc_exec, remove_line, get_netmask
IPR = IPRoute()
OPSYS = platform.dist()[0]
IFCFG_PATH = '/etc/sysconfig/network-scripts/'
def teardown_deployer_network(config_path=None):
"""Teardown the network elements on the deployer.
This function is idempotent.
"""
cfg = Config(config_path)
global LOG
LOG = logger.getlogger()
LOG.debug('----------------------------------------')
LOG.info('Teardown Docker networks')
_remove_docker_networks(cfg)
LOG.info('Teardown deployer management networks')
def __init__(self):
self.ip_route = IPRoute()
def _get_ip_route(dst_ip: str) -> Any:
"""Get ip next hop."""
return IPRoute().route("get", dst=dst_ip)
def __init__(self, *args, **kwargs):
super(VrrpPlugin, self).__init__(*args, **kwargs)
self.plugin = NAME
self.ip_addresses = []
self.ipr = IPRoute()
def test_scan(self):
require_user('root')
with IPRoute() as ipr:
ipr.link('set', index=self.ifindex, state='up')
self.iw.scan(self.ifindex)
def setup(self):
require_user('root')
self.ip = IPRoute()
self.ifname = uifname()
self.ip.link('add', ifname=self.ifname, kind='dummy')
self.interface = self.ip.link_lookup(ifname=self.ifname)[0]
def __init__(self, params):
self.params = params
self.core_api = client.CoreV1Api()
self.obj_api = client.CustomObjectsApi()
self.iproute = IPRoute()
self.iproute_ns = None
class Interface():
""" Define ethernet interface using low level RAW sockets.
NOTE: To create RAW sockets, you must be superuser or have 'cap_net_raw' capabilities.
You can set the capabilities to python using:
$ sudo setcap cap_mac_admin,cap_net_raw,cap_net_admin=eip /usr/bin/python2.6
"""
netlink = IPRoute()
def __init__(self, name, eth_type=ETH_P_ALL):
""" Initialize interface. Open socket and set interface in promiscuous mode.
@param name Name of the interface. Ex: 'eth0'
@param eth_type Ethernet protocols read by this interface. Default: ALL PROTOCOLS.
"""
self.logger = logging.getLogger("PC eth")
self.eth_type = eth_type
self.name = name
self.added_ips = []
self.is_vlan = False
# If the interface is not part of IPDB, it can be a VLAN
if not self.netlink.link_lookup(ifname=self.name):
vlan_match = re.match(
"^(?P<base_interface>eth\d+)\.(?P<vlan_id>[1-9]\d{1,3})$",
self.name)
if vlan_match is None:
raise Exception("Invalid interface name " + self.name)
base = vlan_match.group('base_interface')
vid = int(vlan_match.group('vlan_id'))
base_idx = self.netlink.link_lookup(ifname=base)
if not base_idx:
raise Exception("Invalid base interface name " + self.name)
try:
request = {
'index': 0,
'ipaddr': [],
'link': base_idx[0],
'flags': 0,
'ifname': self.name,
'ports': [],
'IFLA_LINKINFO': {
'attrs': [[
'IFLA_INFO_DATA', {
'attrs': [['IFLA_VLAN_ID', vid]]
}
], ['IFLA_INFO_KIND', 'vlan']]
}
}
# Send request to create new interface with VLAN
self.netlink.link('add', **request)
self.is_vlan = True
except:
self.logger.critical("Couldn't create interface %s", self.name)
raise
# Get Interface Index, set to UP, get MTU and MAC Address
self.if_index = self.netlink.link_lookup(ifname=self.name)[0]
self.netlink.link('set', index=self.if_index, state='up')
info = dict(self.netlink.get_links(self.if_index)[0]['attrs'])
self.mac_address = info['IFLA_ADDRESS'].upper()
self.mtu = info['IFLA_MTU']
# Create socket to receive/send frames:
self.sockfd = socket.socket(socket.AF_PACKET, socket.SOCK_RAW,
socket.htons(self.eth_type))
self.sockfd.bind((self.name, self.eth_type))
# Enable promiscuous mode:
self.set_promiscuous(True)
# By default, start using auto-negotiation
self.using_forced_speed_duplex = False
def __del__(self):
""" Destructor. Disable promiscuous mode on interface.
"""
# Clean added IP addresses.
for ip in self.added_ips:
self.__set_ip_address(ip[0], ip[1], 'delete')
# Remove VLAN if it was created.
if self.is_vlan:
self.netlink.link('delete', index=self.if_index)
# Disable promiscuous mode:
self.set_promiscuous(False)
# Leave interface with auto-negotiation enabled:
if self.using_forced_speed_duplex:
self.enable_auto_negotiation()
def recv(self):
""" Receive a packet. If it's an outgoing packet ignore it.
"""
packet, address = self.sockfd.recvfrom(self.mtu)
return packet if address[2] != socket.PACKET_OUTGOING else None
def send(self, packet):
""" Send a packet through this interface.
"""
self.sockfd.sendto(str(packet), 0, (self.name, self.eth_type))
def flush(self):
""" Remove all packets from read buffer.
"""
self.sockfd.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 0)
while True:
r, w, e = select([self.sockfd.fileno()], [], [], 0)
if r:
os.read(self.sockfd.fileno(), self.mtu)
else:
break
self.sockfd.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 2**30)
def set_promiscuous(self, enable):
""" Enable/Disable promiscuous mode on interface.
@param enable True to enable, False to disable.
"""
cmd = PACKET_ADD_MEMBERSHIP if enable else PACKET_DROP_MEMBERSHIP
mreq = struct.pack('IHH8s', self.if_index, PACKET_MR_PROMISC, 0, "")
self.sockfd.setsockopt(SOL_PACKET, cmd, mreq)
def add_ip_address(self, ip_address):
""" Adds an IP address/network mask (the default prefix is 24)
@param ip_address The IP address followed optionally by mask size. Ex: 192.168.0.24/24
"""
self.__set_ip_address(ip_address, socket.AF_INET, 'add')
self.added_ips.append((ip_address, socket.AF_INET))
def del_ip_address(self, ip_address):
""" Deletes an IP address/network mask (the default prefix is 24)
@param ip_address The IP address followed optionally by mask size. Ex: 192.168.0.24/24
"""
self.__set_ip_address(ip_address, socket.AF_INET, 'delete')
self.added_ips.remove((ip_address, socket.AF_INET))
def add_ipv6_address(self, ipv6_address):
""" Adds an IPv6 address/network mask (the default prefix is 24)
@param ip_address The IPv6 address followed optionally by mask size. Ex: 56::1/24
"""
self.__set_ip_address(ipv6_address, socket.AF_INET6, 'add')
self.added_ips.append((ipv6_address, socket.AF_INET6))
def del_ipv6_address(self, ipv6_address):
""" Deletes an IPv6 address/network mask (the default prefix is 24)
@param ip_address The IPv6 address followed optionally by mask size. Ex: 56::1/24
"""
self.__set_ip_address(ipv6_address, socket.AF_INET6, 'delete')
self.added_ips.remove((ipv6_address, socket.AF_INET6))
def enable_auto_negotiation(self):
""" Enable auto-negotiation for Ethernet link.
"""
ethtool = Ethtool(self.name)
ethtool.get()
ethtool.advertising = ethtool.supported
ethtool.autoneg = 1
ethtool.set()
self.using_forced_speed_duplex = False
self.logger.info("[%s] Enabled Auto-negotiation.", self.name)
def force_speed_duplex(self, speed, duplex):
""" Configure interface speed/duplex disabling auto-negotiation.
@param speed Set forced speed. Values: 10, 100, 1000, 2500, 10000.
@param duplex Set forced duplex.
"""
if not speed in [10, 100, 1000, 2500, 10000]:
raise ValueError(
"Speed can only be: 10, 100, 1000, 2500 or 10000 Mbps.")
ethtool = Ethtool(self.name)
ethtool.get()
ethtool.speed = speed
ethtool.duplex = 1 if duplex else 0
ethtool.autoneg = 0
ethtool.set()
self.using_forced_speed_duplex = True
self.logger.info("[%s] Configured forced speed: %d Mbps / %s duplex",
self.name, speed, "full" if duplex else "half")
def has_ip_address(self, ip_address):
""" Returns True if the address is already configured in the interface, and False otherwise
@param ip_address The IP address to be checked
"""
return (self.__check_ip_address(ip_address, socket.AF_INET)
or self.__check_ip_address(ip_address, socket.AF_INET6))
def set_mtu(self, mtu):
""" Configure interface MTU.
@param mtu New value for MTU.
"""
self.netlink.link('set', index=self.if_index, mtu=mtu)
def set_mac_address(self, mac_address):
""" Configure a new MAC address at this interface
@param mac_address The MAC address to be set
"""
self.netlink.link('set', index=self.if_index, address=mac_address)
self.mac_address = mac_address
def __check_ip_address(self, ip_address, ip_family):
""" Returns True if the address is already configured in the interface, and False otherwise
@param ip_address The IP address to be checked
@param ip_family socket.AF_INET if ip_address is an IPv4 address; socket.AF_INET6 otherwise
"""
address_types = [
'IFA_ADDRESS', 'IFA_LOCAL', 'IFA_BROADCAST', 'IFA_ANYCAST',
'IFA_MULTICAST'
]
for interface in self.netlink.get_addr(family=ip_family):
if interface['index'] != self.if_index:
continue
for address in interface['attrs']:
if address[0] in address_types and address[1] == ip_address:
return True
return False
def __set_ip_address(self, ip_address, ip_family, action):
""" Adds or deletes an IP address/network mask (optional)
@param ip_address The IP address followed optionally by mask size. Ex: 192.168.0.24/24; 56::1/24
@param ip_family socket.AF_INET to IPv4 addresses; socket.AF_INET6 to IPv6 addresses
@param action 'add' or 'del', to add or delete an IP address, respectively
"""
ip_and_mask = ip_address.split('/')
ip_version = 4 if ip_family == socket.AF_INET else 6
network_mask = 24 if len(ip_and_mask) < 2 else int(ip_and_mask[1])
exists = self.__check_ip_address(ip_and_mask[0], ip_family)
if (action == 'add' and exists) or (action == 'delete' and not exists):
self.logger.info(
'No need to %s the IP%d address %s/%d from/to %s because it already %sexists',
action, ip_version, ip_and_mask[0], network_mask, self.name,
'' if exists else 'does not ')
return
self.logger.info("%s IPv%d address %s/%d in %s", action, ip_version,
ip_and_mask[0], network_mask, self.name)
self.netlink.addr(action,
self.if_index,
address=ip_and_mask[0],
mask=network_mask,
family=ip_family)
def test_respawn_iproute_async(self):
for _ in range(RESPAWNS):
with IPRoute() as i:
i.bind(async=True)
i.link_lookup(ifname='lo')
def Server(cmdch, brdch):
'''
A server routine to run an IPRoute object and expose it via
custom RPC.
many TODOs:
* document the protocol
* provide not only IPRoute
RPC
Messages sent via channels are dictionaries with predefined
structure. There are 4 s.c. stages::
init (server <-----> client)
command (server <-----> client)
broadcast (server ------> client)
shutdown (server <------ client)
Stage 'init' is used during initialization. The client
establishes connections to the server and announces them
by sending a single message via each channel::
{'stage': 'init',
'domain': ch_domain,
'client': client.uuid}
Here, the client uuid is used to group all the connections
of the same client and `ch_domain` is either 'command', or
'broadcast'. The latter will become a unidirectional
channel from the server to the client, all data that
arrives on the server side via netlink socket will be
forwarded to the broadcast channel.
The command channel will be used to make RPC calls and
to shut the worker thread down before the client
disconnects from the server.
When all the registration is done, the server sends a
single message via the command channel::
{'stage': 'init',
'error': exception or None}
If the `error` field is None, everything is ok. If it
is an exception, the init is failed and the exception
should be thrown on the client side.
In the runtime, all the data that arrives on the netlink
socket fd, is to be forwarded directly via the
broadcast channel.
Commands are handled with the `command` stage::
# request
{'stage': 'command',
'name': str,
'cookie': cookie,
'argv': [...],
'kwarg': {...}}
# response
{'stage': 'command',
'error': exception or None,
'return': retval,
'cookie': cookie}
Right now the protocol is synchronous, so there is not
need in cookie yet. But in some future it can turn into
async, and then cookies will be used to match messages.
The final stage is 'shutdown'. It terminates the worker
thread, has no response and no messages can passed after.
'''
def close(s, frame):
# just leave everything else as is
brdch.send({'stage': 'signal',
'data': s})
try:
ipr = IPRoute()
lock = ipr._sproxy.lock
ipr._s_channel = ProxyChannel(brdch, 'broadcast')
poll = select.poll()
poll.register(ipr, select.POLLIN | select.POLLPRI)
poll.register(cmdch, select.POLLIN | select.POLLPRI)
except Exception as e:
cmdch.send({'stage': 'init',
'error': e})
return 255
# all is OK so far
cmdch.send({'stage': 'init',
'error': None})
signal.signal(signal.SIGHUP, close)
signal.signal(signal.SIGINT, close)
signal.signal(signal.SIGTERM, close)
# 8<-------------------------------------------------------------
while True:
try:
events = poll.poll()
except:
continue
for (fd, event) in events:
if fd == ipr.fileno():
bufsize = ipr.getsockopt(SOL_SOCKET, SO_RCVBUF) // 2
with lock:
error = None
data = None
try:
data = ipr.recv(bufsize)
except Exception as e:
error = e
error.tb = traceback.format_exc()
brdch.send({'stage': 'broadcast',
'data': data,
'error': error})
elif fd == cmdch.fileno():
cmd = cmdch.recv()
if cmd['stage'] == 'shutdown':
poll.unregister(ipr)
poll.unregister(cmdch)
ipr.close()
return
elif cmd['stage'] == 'reconstruct':
error = None
try:
msg = cmd['argv'][0]()
msg.load(pickle.loads(cmd['argv'][1]))
msg.encode()
ipr.sendto_gate(msg, cmd['argv'][2])
except Exception as e:
error = e
error.tb = traceback.format_exc()
cmdch.send({'stage': 'reconstruct',
'error': error,
'return': None,
'cookie': cmd['cookie']})
elif cmd['stage'] == 'command':
error = None
try:
ret = getattr(ipr, cmd['name'])(*cmd['argv'],
**cmd['kwarg'])
except Exception as e:
error = e
error.tb = traceback.format_exc()
cmdch.send({'stage': 'command',
'error': error,
'return': ret,
'cookie': cmd['cookie']})
def initTask(self):
self.ipr = IPRoute()
super(TsdLinuxShaper, self).initTask()
def __init__(self, name, bridge, addr):
"""
Args:
name (str): namespace name
bridge (str): name of bridge to attach to
addr (str): cidr of namespace address
"""
self.log = logger.getlogger()
self.addr = addr
self.bridge = bridge
self.vlan = bridge.split('-')[-1]
self.name = name + self.vlan
self.ip = IPRoute()
self._disconnect_container()
self.log.debug('Creating network namespace {}'.format(self.name))
stdout, stderr, rc = sub_proc_exec('ip netns add {}'.format(self.name))
if rc:
self.log.debug(
'An error occurred while creating namespace '
f' {self.name}.\nreturn code: {rc}\nWarning: {stderr}')
if stderr:
if 'File exists' in stderr:
self.log.debug(stderr)
else:
self.log.error('Unable to create namespace')
sys.exit(1)
self.br_ifc = 'veth-br-' + self.name.split('-')[0] + '-' + self.vlan
self.peer_ifc = 'veth-' + self.name
try:
self.ip.link("add",
ifname=self.br_ifc,
peer=self.peer_ifc,
kind='veth')
except NetlinkError as exc:
if 'File exists' not in str(exc):
self.log.error('Failed creating veth pair. {}'.format(exc))
sys.exit(1)
try:
# peer interface side disappears from host space once attached to
# the namespace
idx_ns_ifc = self.ip.link_lookup(ifname=self.peer_ifc)[0]
self.ip.link('set', index=idx_ns_ifc, net_ns_fd=self.name)
except IndexError:
self.log.debug('Peer ifc already attached.')
except NetlinkError:
self.log.debug('Peer ifc already attached.')
idx_br = self.ip.link_lookup(ifname=bridge)[0]
self.idx_br_ifc = self.ip.link_lookup(ifname=self.br_ifc)[0]
self.ip.link('set', index=self.idx_br_ifc, master=idx_br)
# bring up the interfaces
cmd = 'ip netns exec {} ip link set dev {} up'.format(
self.name, self.peer_ifc)
stdout, stderr, rc = sub_proc_exec(cmd)
cmd = 'ip netns exec {} ip link set dev lo up'.format(self.name)
stdout, stderr, rc = sub_proc_exec(cmd)
cmd = 'ip netns exec {} ip addr add {} dev {} brd +' \
.format(self.name, addr, self.peer_ifc)
stdout, stderr, rc = sub_proc_exec(cmd)
# verify address setup
# cmd = 'ip netns exec {} ip addr show'.format(self.name)
# proc = Popen(cmd.split(), stdout=PIPE, stderr=PIPE)
# stdout, stderr = proc.communicate()
self.ip.link('set', index=self.idx_br_ifc, state='up')
def process(self, pkt):
if not hasattr(pkt, 'ip'):
return
ip = pkt.ip
# Ignore non-tcp, non-udp packets
if type(ip.data) not in (TCP, UDP):
return
pload = ip.data
src, dst, dport, flags = int(struct.unpack('I', ip.src)[0]), int(
struct.unpack('I', ip.dst)[0]), int(pload.dport), 0
proto = type(pload)
if proto == TCP: flags = pload.flags
key = self.host_hash(src, dst)
curr = time.time()
# Keep dropping old entries
self.recent_scans.collect()
if key in self.scans:
scan = self.scans[key]
if scan.src != src:
# Skip packets in reverse direction or invalid protocol
return
# Update only if not too old, else skip and remove entry
if curr - scan.timestamp > self.timeout:
del self.scans[key]
return
if scan.logged: return
# Update TCP flags if existing port
if dport in scan.ports:
# Same port, update flags
scan.tcpflags_or |= flags
return
scan.timestamp = curr
scan.tcpflags_or |= flags
scan.ports.append(dport)
#print dport #destination port printed
# Add weight for port
if dport < 1024:
scan.weight += 3
else:
scan.weight += 1
if scan.weight >= self.threshold:
scan.logged = True
if proto == TCP:
scan.type = self.scan_types.get(scan.tcpflags_or,
'unknown')
elif proto == UDP:
scan.type = 'UDP'
# Reset flags for UDP scan
scan.tcpflags_or = 0
# See if this was logged recently
scanentry = (key, scan.type, scan.tcpflags_or)
if scanentry not in self.recent_scans:
#ip change code here
ipdb = pyroute2.IPDB()
with ipdb.interfaces.ens33 as ens33:
#print ens33
ip = IPRoute()
oldip = ip.get_addr()[1]['attrs'][0][1]
oldoctet = int(oldip[11:])
oldip = oldip + '/24'
newoctet = np.random.randint(100, 110)
#print (oldoctet,newoctet,type(oldoctet),type(newoctet))
while oldoctet == newoctet:
#print 'entered while'
newoctet = np.random.randint(100, 110)
oldoctet = newoctet
newip = '192.168.50.' + str(newoctet) #+'/24'
print "**********************************"
x = datetime.datetime.now()
print(x)
print "old ip :" + oldip
print "Printing new octet : " + str(newoctet)
print "new ip :" + newip
print "**********************************"
ens33.del_ip(oldip)
#ens33.add_ip(newip)
index = ip.link_lookup(ifname='ens33')[0]
ip.addr('add',
index,
address=newip,
mask=24,
broadcast='192.168.50.255',
metric=100)
ip.close()
#ens33.set('broadcast', '192.168.50.255').commit()
#ens33['broadcast']='192.168.50.255'
self.log_scan(scan)
self.recent_scans.append(scanentry)
else:
self.log_scan(scan, True)
else:
# Add new entry
scan = ScanEntry(key)
scan.src = src
scan.dst = dst
scan.timestamp = curr
scan.tcpflags_or |= flags
scan.ports.append(dport)
self.scans[key] = scan
def configure_interface(self, ip4, plen, gw):
# Set link-up for interface on host-os
iproute = IPRoute()
idx = iproute.link_lookup(ifname=self.host_ifname)[0]
iproute.link('set', index=idx, state='up')
super(CniVEthPair, self).configure_interface(ip4, plen, gw)
def destroy_bridge(br_name):
log.info("Deleting bridge %s." % br_name)
ipdb = IPDB()
if br_name not in ipdb.interfaces.keys():
log.fatal("A bridge/interface with the name %s does not exist!" %
br_name)
return False
# Guess what the original physical interface could be
ifnames = [
ipdb.interfaces[p].ifname for p in ipdb.interfaces['br-clients'].ports
]
ifnames = [i for i in ifnames if i.startswith("enp")]
phy_eth = None
if len(ifnames) != 1:
log.warning(
"Could not determine which interface is the physical one in the bridge!"
)
else:
phy_eth = ifnames[0]
log.debug("Assuming %s is the physical interface on the bridge." %
phy_eth)
# Guess what the original physical IP could be
phy_ip = None
if phy_eth is not None:
for ip, netmask in ipdb.interfaces[br_name].ipaddr:
if ip.startswith('10.') or ip.startswith('192.'):
phy_ip = (ip, netmask)
if phy_ip is None:
log.warning(
"Could not find a valid IP on the bridge. The physical interface will be without IP!"
)
else:
log.debug("Found IP %s on the bridge." % str(phy_ip))
#FIXME: Not sure if this is still needed or not
# Using IPRoute and IPDB at the same time feels very ugly anyway..
#ipdb.commit()
#ipdb.release()
ip = IPRoute()
ip.link('del', index=ip.link_lookup(ifname=br_name)[0])
if phy_eth is not None and phy_ip is not None:
log.info("Setting %s on %s." % ('%s/%s' %
(phy_ip[0], phy_ip[1]), phy_eth))
with IPDB() as ipdb:
with ipdb.interfaces[phy_eth] as eth:
eth.add_ip('%s/%s' % (phy_ip[0], phy_ip[1]))
ip.close()
return True
def test_simple(self):
ip = IPRoute()
ip.close()
def __init__(self,
log_level: int = INFO,
plugins_to_load: List[str] = None,
custom_cp: bool = True):
# Initializing logger
self.__logger = getLogger(self.__class__.__name__)
self.__logger.setLevel(log_level)
ch = StreamHandler()
ch.setLevel(log_level)
ch.setFormatter(
Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s'))
self.__logger.addHandler(ch)
# Initializing local variables
# TODO: add lock to instances map, clusters and programs
self.__declarations: Dict[str, PluginConfig] = {}
self.__programs: Dict[int, InterfaceHolder] = {}
self.__probes: Dict[str, Dict[str, Plugin]] = {}
self.__clusters: Dict[str, Cluster] = {}
self.__custom_cp: bool = custom_cp
self.__is_destroyed: bool = False
# Initialize IpRoute and check whether there's another instance of the
# framework running
self.__ip: IPRoute = IPRoute()
try:
self.__ip.link("add", ifname="DeChainy", kind="dummy")
except NetlinkError as e:
self.__is_destroyed = True
err, _ = e.args
self.__logger.error(
"Either another instance of DeChainy is running, or the previous one has not terminated correctly."
"In the latter case, try 'sudo ip link del DeChainy', and 'sudo tc qdisc del dev <interface> clsact'"
"for every interface you used before." if err ==
17 else "Need sudo privileges to run.")
exit(1)
# Compiling startup program with buffers
self.__startup: BPF = BPF(text=get_startup_code())
self.__startup['control_plane'].open_perf_buffer(self.__parse_packet)
self.__startup['log_buffer'].open_perf_buffer(self.__log_function)
Thread(target=self.__start_poll, args=(), daemon=True).start()
register(self.__del__)
# Verifying received plugins_to_load, else load all plugins
default_plugins = [
x.__name__.lower() for x in plugins.Plugin.__subclasses__()
]
if plugins_to_load:
for plugin in plugins_to_load:
if plugin not in default_plugins:
self.__log_and_raise(
f'Plugin {plugin} not found, unable to load',
exceptions.PluginNotFoundException)
else:
plugins_to_load = default_plugins
base_dir = dirname(__file__)
# For each plugin to load, retrieve:
# - Class declaration
# - Ingress and Egress code if the probe is not Programmable like Adaptmon
for plugin_name in plugins_to_load:
class_def = getattr(plugins, plugin_name.capitalize())
self.__probes[plugin_name] = {}
codes = {"ingress": None, "egress": None}
path = f'{base_dir}/sourcebpf/{plugin_name}.c'
if not class_def.is_programmable() and isfile(path):
with open(path, 'r') as fp:
code = fp.read()
for hook in class_def.accepted_hooks():
codes[hook] = code
self.__logger.info(
f'Loaded BPF code from file for Plugin {plugin_name}')
self.__declarations[plugin_name] = PluginConfig(
class_def, codes["ingress"], codes["egress"])
def test_fileno_fail(self):
require_python(2)
try:
IPRoute(fileno=13)
except NotImplementedError:
pass
def remove_rt(sig, fr):
ipr = IPRoute()
idx = ipr.link_lookup(ifname=iface)[0]
ipr.route("del", dst=sid, oif=idx)
sys.exit(0)
#!/usr/bin/python
'''
Sample client script.
Connects to a netlink proxy on the port 7000 useng TLS.
You have to generate keys prior to start it. The easiest way is
to use OpnVPN's pkitool
'''
from pyroute2 import IPRoute
from pprint import pprint
ip = IPRoute(host='tls://localhost:7000',
key='client.key',
cert='client.crt',
ca='ca.crt')
pprint(ip.get_addr())
ip.release()
def setup(self):
self.ip = IPRoute()
self.names = []
from bcc import BPF
from builtins import input
from ctypes import c_int
from pyroute2 import IPRoute, IPDB
from simulation import Simulation
from netaddr import IPAddress
ipr = IPRoute()
ipdb = IPDB(nl=ipr)
num_hosts = 2
null = open("/dev/null", "w")
class BridgeSimulation(Simulation):
def __init__(self, ipdb):
super(BridgeSimulation, self).__init__(ipdb)
def start(self):
# Ingress = attached to tc ingress class on bridge
# Egress = attached to tc engress class on namespace (outside) interface
# Loading bpf functions/maps.
bridge_code = BPF(src_file="bridge.c")
ingress_fn = bridge_code.load_func("handle_ingress", BPF.SCHED_CLS)
egress_fn = bridge_code.load_func("handle_egress", BPF.SCHED_CLS)
mac2host = bridge_code.get_table("mac2host")
conf = bridge_code.get_table("conf")
# Creating dummy interface behind which ebpf code will do bridging.
ebpf_bridge = ipdb.create(ifname="ebpf_br", kind="dummy").up().commit()
ipr.tc("add", "ingress", ebpf_bridge.index, "ffff:")
ipr.tc("add-filter", "bpf", ebpf_bridge.index, ":1", fd=egress_fn.fd,
name=egress_fn.name, parent="ffff:", action="drop", classid=1)
def test_freeze(self):
require_user('root')
interface = self.ip.interfaces[self.ifd]
# set up the interface
with interface as i:
i.add_ip('172.16.0.1/24')
i.add_ip('172.16.1.1/24')
i.up()
# check
assert ('172.16.0.1', 24) in interface.ipaddr
assert ('172.16.1.1', 24) in interface.ipaddr
assert interface.flags & 1
# assert routine
def probe():
# The freeze results are dynamic: it is not a real freeze,
# it is a restore routine. So it takes time for results
# to stabilize
err = None
for _ in range(3):
err = None
interface.ipaddr.set_target(
(('172.16.0.1', 24), ('172.16.1.1', 24)))
interface.ipaddr.target.wait()
try:
assert ('172.16.0.1', 24) in interface.ipaddr
assert ('172.16.1.1', 24) in interface.ipaddr
assert interface.flags & 1
break
except AssertionError as e:
err = e
continue
except Exception as e:
err = e
break
if err is not None:
interface.unfreeze()
i2.close()
raise err
# freeze
interface.freeze()
# change the interface somehow
i2 = IPRoute()
i2.addr('delete', interface.index, '172.16.0.1', 24)
i2.addr('delete', interface.index, '172.16.1.1', 24)
probe()
# unfreeze
self.ip.interfaces[self.ifd].unfreeze()
try:
i2.addr('delete', interface.index, '172.16.0.1', 24)
i2.addr('delete', interface.index, '172.16.1.1', 24)
except:
pass
finally:
i2.close()
# should be up, but w/o addresses
interface.ipaddr.set_target(set())
interface.ipaddr.target.wait(3)
assert ('172.16.0.1', 24) not in self.ip.interfaces[self.ifd].ipaddr
assert ('172.16.1.1', 24) not in self.ip.interfaces[self.ifd].ipaddr
assert self.ip.interfaces[self.ifd].flags & 1
