#324 use a (better) host group for internal localnet filter
This commit is contained in:
Oliver Gorwits
1
Changes
1
Changes
@@ -3,6 +3,7 @@
|
|||||||
[ENHANCEMENTS]
|
[ENHANCEMENTS]
|
||||||
|
|
||||||
* Documentation note on OS upgrade
|
* Documentation note on OS upgrade
|
||||||
|
* #324 use a (better) host group for internal localnet filter
|
||||||
|
|
||||||
2.036005 - 2017-07-05
|
2.036005 - 2017-07-05
|
||||||
|
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ use Dancer qw/:syntax :script/;
|
|||||||
use Dancer::Plugin::DBIC 'schema';
|
use Dancer::Plugin::DBIC 'schema';
|
||||||
|
|
||||||
use App::Netdisco::Util::Node 'check_mac';
|
use App::Netdisco::Util::Node 'check_mac';
|
||||||
|
use App::Netdisco::Util::Permission 'check_acl_no';
|
||||||
use App::Netdisco::Util::FastResolver 'hostnames_resolve_async';
|
use App::Netdisco::Util::FastResolver 'hostnames_resolve_async';
|
||||||
use NetAddr::IP::Lite ':lower';
|
use NetAddr::IP::Lite ':lower';
|
||||||
use Time::HiRes 'gettimeofday';
|
use Time::HiRes 'gettimeofday';
|
||||||
@@ -153,14 +154,12 @@ sub _gather_subnets {
|
|||||||
my @subnets = ();
|
my @subnets = ();
|
||||||
|
|
||||||
my $ip_netmask = $snmp->ip_netmask;
|
my $ip_netmask = $snmp->ip_netmask;
|
||||||
my $localnet = NetAddr::IP::Lite->new('127.0.0.0/8');
|
|
||||||
|
|
||||||
foreach my $entry (keys %$ip_netmask) {
|
foreach my $entry (keys %$ip_netmask) {
|
||||||
my $ip = NetAddr::IP::Lite->new($entry);
|
my $ip = NetAddr::IP::Lite->new($entry);
|
||||||
my $addr = $ip->addr;
|
my $addr = $ip->addr;
|
||||||
|
|
||||||
next if $addr eq '0.0.0.0';
|
next if $addr eq '0.0.0.0';
|
||||||
next if $ip->within($localnet);
|
next if check_acl_no($ip, 'group:__LOCAL_ADDRESSES__');
|
||||||
next if setting('ignore_private_nets') and $ip->is_rfc1918;
|
next if setting('ignore_private_nets') and $ip->is_rfc1918;
|
||||||
|
|
||||||
my $netmask = $ip_netmask->{$addr};
|
my $netmask = $ip_netmask->{$addr};
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ use Dancer::Plugin::DBIC 'schema';
|
|||||||
|
|
||||||
use App::Netdisco::Util::Device
|
use App::Netdisco::Util::Device
|
||||||
qw/get_device match_devicetype is_discoverable/;
|
qw/get_device match_devicetype is_discoverable/;
|
||||||
use App::Netdisco::Util::Permission 'check_acl_only';
|
use App::Netdisco::Util::Permission qw/check_acl_only check_acl_no/;
|
||||||
use App::Netdisco::Util::FastResolver 'hostnames_resolve_async';
|
use App::Netdisco::Util::FastResolver 'hostnames_resolve_async';
|
||||||
use App::Netdisco::Util::DNS ':all';
|
use App::Netdisco::Util::DNS ':all';
|
||||||
use App::Netdisco::JobQueue qw/jq_queued jq_insert/;
|
use App::Netdisco::JobQueue qw/jq_queued jq_insert/;
|
||||||
@@ -129,8 +129,6 @@ sub store_device {
|
|||||||
my $interfaces = $snmp->interfaces;
|
my $interfaces = $snmp->interfaces;
|
||||||
my $ip_netmask = $snmp->ip_netmask;
|
my $ip_netmask = $snmp->ip_netmask;
|
||||||
|
|
||||||
my $localnet = NetAddr::IP::Lite->new('127.0.0.0/8');
|
|
||||||
|
|
||||||
# build device aliases suitable for DBIC
|
# build device aliases suitable for DBIC
|
||||||
my @aliases;
|
my @aliases;
|
||||||
foreach my $entry (keys %$ip_index) {
|
foreach my $entry (keys %$ip_index) {
|
||||||
@@ -139,7 +137,7 @@ sub store_device {
|
|||||||
my $addr = $ip->addr;
|
my $addr = $ip->addr;
|
||||||
|
|
||||||
next if $addr eq '0.0.0.0';
|
next if $addr eq '0.0.0.0';
|
||||||
next if $ip->within($localnet);
|
next if check_acl_no($ip, 'group:__LOCAL_ADDRESSES__');
|
||||||
next if setting('ignore_private_nets') and $ip->is_rfc1918;
|
next if setting('ignore_private_nets') and $ip->is_rfc1918;
|
||||||
|
|
||||||
my $iid = $ip_index->{$addr};
|
my $iid = $ip_index->{$addr};
|
||||||
@@ -755,7 +753,6 @@ sub store_neighbors {
|
|||||||
}
|
}
|
||||||
|
|
||||||
my $remote_ip = $c_ip->{$entry};
|
my $remote_ip = $c_ip->{$entry};
|
||||||
my $remote_ipad = NetAddr::IP::Lite->new($remote_ip);
|
|
||||||
my $remote_port = undef;
|
my $remote_port = undef;
|
||||||
my $remote_type = Encode::decode('UTF-8', $c_platform->{$entry} || '');
|
my $remote_type = Encode::decode('UTF-8', $c_platform->{$entry} || '');
|
||||||
my $remote_id = Encode::decode('UTF-8', $c_id->{$entry});
|
my $remote_id = Encode::decode('UTF-8', $c_id->{$entry});
|
||||||
@@ -791,7 +788,7 @@ sub store_neighbors {
|
|||||||
# useable remote IP...
|
# useable remote IP...
|
||||||
|
|
||||||
if ($remote_ip eq '0.0.0.0' or
|
if ($remote_ip eq '0.0.0.0' or
|
||||||
$remote_ipad->within(NetAddr::IP::Lite->new('127.0.0.0/8'))) {
|
check_acl_no($remote_ip, 'group:__LOCAL_ADDRESSES__')) {
|
||||||
|
|
||||||
if ($remote_id) {
|
if ($remote_id) {
|
||||||
my $devices = schema('netdisco')->resultset('Device');
|
my $devices = schema('netdisco')->resultset('Device');
|
||||||
|
|||||||
@@ -118,7 +118,11 @@ login_logo: ""
|
|||||||
|
|
||||||
# mibhome is discovered from environment
|
# mibhome is discovered from environment
|
||||||
# mibdirs defaults to contents of mibhome
|
# mibdirs defaults to contents of mibhome
|
||||||
host_groups: {}
|
host_groups:
|
||||||
|
__LOCAL_ADDRESSES__:
|
||||||
|
- '::1'
|
||||||
|
- 'fe80::/10'
|
||||||
|
- '127.0.0.0/8'
|
||||||
device_identity: []
|
device_identity: []
|
||||||
community: ['public']
|
community: ['public']
|
||||||
community_rw: ['private']
|
community_rw: ['private']
|
||||||
@@ -214,7 +218,7 @@ workers:
|
|||||||
dns:
|
dns:
|
||||||
max_outstanding: 50
|
max_outstanding: 50
|
||||||
hosts_file: '/etc/hosts'
|
hosts_file: '/etc/hosts'
|
||||||
no: ['fe80::/64','169.254.0.0/16']
|
no: ['group:__LOCAL_ADDRESSES__','169.254.0.0/16']
|
||||||
|
|
||||||
#schedule:
|
#schedule:
|
||||||
# discoverall:
|
# discoverall:
|
||||||
|
|||||||
Reference in New Issue
Block a user