lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Firewall - aliases: move dynamic ipv6 handling (https://github.com/opnsense/core/issues/4923) to a separate branch.

Browse Source
This commit is contained in:
Ad Schellevis 2021-05-26 18:18:26 +02:00
parent bf449e20ee
commit 4f126c758c
6 changed files with 0 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/opnsense/mvc/app/models/OPNsense/Firewall/Alias.xml
View File

@ -37,13 +37,7 @@
<networkgroup>Network group</networkgroup>
<mac>MAC address</mac>
<external>External (advanced)</external>
<dynipv6host>IPv6 Dynamic Host</dynipv6host>
</OptionValues>
<Constraints>
<check001>
<reference>interface.check001</reference>
</check001>
</Constraints>
</type>
<proto type="OptionField">
<Multiple>Y</Multiple>
@ -52,16 +46,6 @@
<IPv6>IPv6</IPv6>
</OptionValues>
</proto>
<interface type="InterfaceField">
<Constraints>
<check001>
<ValidationMessage>IPv6 Dynamic Host require an interface to track.</ValidationMessage>
<type>SetIfConstraint</type>
<field>type</field>
<check>dynipv6host</check>
</check001>
</Constraints>
</interface>
<counters type="BooleanField">
<default>0</default>
</counters>

26
src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php
View File

@ -225,26 +225,6 @@ class AliasContentField extends BaseField
return $messages;
}
/**
* Validate partial ipv6 network definition
* @param array $data to validate
* @return bool|Callback
* @throws \OPNsense\Base\ModelException
*/
private function validatePartialIPv6Network($data)
{
$messages = array();
foreach ($this->getItems($data) as $pnetwork) {
if (!Util::isSubnet("0000" . $pnetwork)) {
$messages[] = sprintf(
gettext('Entry "%s" is not a valid partial ipv6 net definition (e.g. ::1000/64).'),
$pnetwork
);
}
}
return $messages;
}
/**
* Validate host options
* @param array $data to validate
@ -327,12 +307,6 @@ class AliasContentField extends BaseField
}
]);
break;
case "dynipv6host":
$validators[] = new CallbackValidator(["callback" => function ($data) {
return $this->validatePartialIPv6Network($data);
}
]);
break;
default:
break;
}

24
src/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt
View File

@ -195,7 +195,6 @@
$("#alias\\.type").change(function(){
$(".alias_type").hide();
$("#row_alias\\.updatefreq").hide();
$("#row_alias\\.interface").hide();
$("#copy-paste").hide();
switch ($(this).val()) {
case 'geoip':
@ -208,11 +207,6 @@
$("#alias_type_networkgroup").show();
$("#alias\\.proto").selectpicker('hide');
break;
case 'dynipv6host':
$("#row_alias\\.interface").show();
$("#alias\\.proto").selectpicker('hide');
$("#alias_type_default").show();
break;
case 'urltable':
$("#row_alias\\.updatefreq").show();
/* FALLTROUGH */
@ -479,7 +473,6 @@
<option value="urltable">{{ lang._('URL Table (IPs)') }}</option>
<option value="geoip">{{ lang._('GeoIP') }}</option>
<option value="networkgroup">{{ lang._('Network group') }}</option>
<option value="dynipv6host">{{ lang._('Dynamic IPv6 Host') }}</option>
<option value="external">{{ lang._('External (advanced)') }}</option>
</select>
</div>
@ -699,23 +692,6 @@
<span class="help-block" id="help_block_alias.content"></span>
</td>
</tr>
<tr id="row_alias.interface">
<td>
<div class="alias interface" id="alias_interface">
<a id="help_for_alias.interface" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a>
<b>{{lang._('Interface')}}</b>
</div>
</td>
<td>
<select class="selectpicker" id="alias.interface" data-width="200px"></select>
<div class="hidden" data-for="help_for_alias.interface">
<small>{{lang._('Select the interface for the V6 dynamic IP')}}</small>
</div>
</td>
<td>
<span class="help-block" id="help_block_alias.interface"></span>
</td>
</tr>
<tr id="row_alias.counters">
<td>
<div class="control-label" id="control_label_alias.counters">

8
src/opnsense/scripts/filter/lib/alias.py
View File

@ -28,7 +28,6 @@
"""
import socket
import fcntl
import struct
import os
import re
import time
@ -36,12 +35,10 @@ import requests
import ipaddress
import dns.resolver
import syslog
import subprocess
from hashlib import md5
from . import geoip
from . import net_wildcard_iterator
from .arpcache import ArpCache
from .interface import InterfaceParser
class Alias(object):
@ -64,7 +61,6 @@ class Alias(object):
self._timeout = timeout
self._name = None
self._type = None
self._interface = None
self._proto = 'IPv4,IPv6'
self._items = list()
self._resolve_content = set()
@ -75,8 +71,6 @@ class Alias(object):
self._proto = subelem.text
elif subelem.tag == 'name':
self._name = subelem.text
elif subelem.tag == 'interface':
self._interface = subelem.text
elif subelem.tag == 'ttl':
tmp = subelem.text.strip()
if len(tmp.split('.')) <= 2 and tmp.replace('.', '').isdigit():
@ -287,8 +281,6 @@ class Alias(object):
return self._fetch_url
elif self._type == 'geoip':
return self._fetch_geo
elif self._type == 'dynipv6host':
return InterfaceParser(self._interface).iter_dynipv6host
elif self._type == 'mac':
return ArpCache().iter_addresses
else:

74
src/opnsense/scripts/filter/lib/interface.py
View File

@ -1,74 +0,0 @@
"""
Copyright (c) 2021 Ad Schellevis <ad@opnsense.org>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
"""
import ipaddress
import subprocess
class InterfaceParser:
""" Interface address parser
"""
_ipv6_networks = dict()
@classmethod
def _update(cls):
this_interface = None
for line in subprocess.run(['/sbin/ifconfig'], capture_output=True, text=True).stdout.split('\n'):
if not line.startswith("\t") and line.find(':') > -1:
this_interface = line.strip().split(':')[0]
elif this_interface is not None and line.startswith("\tinet6"):
parts = line.strip().split()
addr = None
mask = None
for i in range(len(parts)):
if parts[i] == 'inet6':
addr = parts[i+1].split("%")[0]
elif parts[i] == 'prefixlen':
mask = parts[i+1]
if this_interface not in cls._ipv6_networks:
cls._ipv6_networks[this_interface] = []
if mask and addr:
cls._ipv6_networks[this_interface].append({"addr": ipaddress.IPv6Address(addr), "mask": mask})
def __init__(self, interface):
self._interface = interface
# collect addresses on class init (singleton)
if len(self._ipv6_networks) == 0:
self._update()
def iter_dynipv6host(self, pattern):
if self._interface in self._ipv6_networks and pattern.find("/") > -1:
for network in self._ipv6_networks[self._interface]:
# only global addresses apply
if network["addr"].is_global:
base_mask = int(network["mask"])
base_size=int((128-base_mask)/16)
offset_address = ipaddress.IPv6Address('0' + pattern.split("/")[0])
calculated_address = ':'.join(
network["addr"].exploded.split(':')[:8-base_size] +
offset_address.exploded.split(':')[8-base_size:]
)
yield "%s/%s" % (calculated_address, pattern.split("/")[1])

5
src/opnsense/service/templates/OPNsense/Filter/filter_tables.conf
View File

@ -6,7 +6,6 @@
</general>
{% set new_style_aliases = 0 %}
{# Macro import #}
{% from 'OPNsense/Macros/interface.macro' import physical_interface %}
{% if helpers.exists('OPNsense.Firewall.Alias.aliases.alias') %}
{% set new_style_aliases = OPNsense.Firewall.Alias.aliases.alias|length %}
{% for alias in helpers.toList('OPNsense.Firewall.Alias.aliases.alias') %}
@ -23,8 +22,6 @@
<aliasurl>{{ alias.content|e|encode_idna }}</aliasurl>
{% elif alias.content %}
<address>{{ alias.content|e|encode_idna }}</address>
{% endif %}{% if alias.interface and alias.type == 'dynipv6host' %}
<interface>{{ physical_interface(alias.interface)|default('LAN')}}</interface>
{% endif %}{% if alias.proto %}
<proto>{{ alias.proto|e }}</proto>
{% endif %}{% if alias.updatefreq %}
@ -35,8 +32,6 @@
<ttl>{{ system.aliasesresolveinterval|default('300') }}</ttl>
{% elif alias.type == 'mac' %}
<ttl>30</ttl>
{% elif alias.type == 'dynipv6host' %}
<ttl>1</ttl>
{% endif %}
</table>
{% endif %}