diff --git a/Changes b/Changes index a4f73943..d7de6ea9 100644 --- a/Changes +++ b/Changes @@ -3,6 +3,7 @@ [ENHANCEMENTS] * Documentation note on OS upgrade + * #324 use a (better) host group for internal localnet filter 2.036005 - 2017-07-05 diff --git a/lib/App/Netdisco/Core/Arpnip.pm b/lib/App/Netdisco/Core/Arpnip.pm index b3a82307..335fff87 100644 --- a/lib/App/Netdisco/Core/Arpnip.pm +++ b/lib/App/Netdisco/Core/Arpnip.pm @@ -4,6 +4,7 @@ use Dancer qw/:syntax :script/; use Dancer::Plugin::DBIC 'schema'; use App::Netdisco::Util::Node 'check_mac'; +use App::Netdisco::Util::Permission 'check_acl_no'; use App::Netdisco::Util::FastResolver 'hostnames_resolve_async'; use NetAddr::IP::Lite ':lower'; use Time::HiRes 'gettimeofday'; @@ -153,14 +154,12 @@ sub _gather_subnets { my @subnets = (); my $ip_netmask = $snmp->ip_netmask; - my $localnet = NetAddr::IP::Lite->new('127.0.0.0/8'); - foreach my $entry (keys %$ip_netmask) { my $ip = NetAddr::IP::Lite->new($entry); my $addr = $ip->addr; next if $addr eq '0.0.0.0'; - next if $ip->within($localnet); + next if check_acl_no($ip, 'group:__LOCAL_ADDRESSES__'); next if setting('ignore_private_nets') and $ip->is_rfc1918; my $netmask = $ip_netmask->{$addr}; diff --git a/lib/App/Netdisco/Core/Discover.pm b/lib/App/Netdisco/Core/Discover.pm index 9619da79..be7c7bcd 100644 --- a/lib/App/Netdisco/Core/Discover.pm +++ b/lib/App/Netdisco/Core/Discover.pm @@ -5,7 +5,7 @@ use Dancer::Plugin::DBIC 'schema'; use App::Netdisco::Util::Device qw/get_device match_devicetype is_discoverable/; -use App::Netdisco::Util::Permission 'check_acl_only'; +use App::Netdisco::Util::Permission qw/check_acl_only check_acl_no/; use App::Netdisco::Util::FastResolver 'hostnames_resolve_async'; use App::Netdisco::Util::DNS ':all'; use App::Netdisco::JobQueue qw/jq_queued jq_insert/; @@ -129,8 +129,6 @@ sub store_device { my $interfaces = $snmp->interfaces; my $ip_netmask = $snmp->ip_netmask; - my $localnet = NetAddr::IP::Lite->new('127.0.0.0/8'); - # build device aliases suitable for DBIC my @aliases; foreach my $entry (keys %$ip_index) { @@ -139,7 +137,7 @@ sub store_device { my $addr = $ip->addr; next if $addr eq '0.0.0.0'; - next if $ip->within($localnet); + next if check_acl_no($ip, 'group:__LOCAL_ADDRESSES__'); next if setting('ignore_private_nets') and $ip->is_rfc1918; my $iid = $ip_index->{$addr}; @@ -755,7 +753,6 @@ sub store_neighbors { } my $remote_ip = $c_ip->{$entry}; - my $remote_ipad = NetAddr::IP::Lite->new($remote_ip); my $remote_port = undef; my $remote_type = Encode::decode('UTF-8', $c_platform->{$entry} || ''); my $remote_id = Encode::decode('UTF-8', $c_id->{$entry}); @@ -791,7 +788,7 @@ sub store_neighbors { # useable remote IP... if ($remote_ip eq '0.0.0.0' or - $remote_ipad->within(NetAddr::IP::Lite->new('127.0.0.0/8'))) { + check_acl_no($remote_ip, 'group:__LOCAL_ADDRESSES__')) { if ($remote_id) { my $devices = schema('netdisco')->resultset('Device'); diff --git a/share/config.yml b/share/config.yml index b9f4a6f6..ddc1ef26 100644 --- a/share/config.yml +++ b/share/config.yml @@ -118,7 +118,11 @@ login_logo: "" # mibhome is discovered from environment # mibdirs defaults to contents of mibhome -host_groups: {} +host_groups: + __LOCAL_ADDRESSES__: + - '::1' + - 'fe80::/10' + - '127.0.0.0/8' device_identity: [] community: ['public'] community_rw: ['private'] @@ -214,7 +218,7 @@ workers: dns: max_outstanding: 50 hosts_file: '/etc/hosts' - no: ['fe80::/64','169.254.0.0/16'] + no: ['group:__LOCAL_ADDRESSES__','169.254.0.0/16'] #schedule: # discoverall: