mirror of
https://github.com/GNS3/gns3-server
synced 2024-11-28 11:18:11 +00:00
Use the libpcap on Linux when blocking host originating packets on vmnet interfaces. Ref #1131.
This commit is contained in:
parent
c2fbe4f313
commit
a7d2391608
@ -632,8 +632,8 @@ class BaseNode:
|
|||||||
:param block_host_traffic: block network traffic originating from the host OS (Windows only)
|
:param block_host_traffic: block network traffic originating from the host OS (Windows only)
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if sys.platform.startswith("linux"):
|
if sys.platform.startswith("linux") and block_host_traffic is False:
|
||||||
# on Linux we use RAW sockets
|
# on Linux we use RAW sockets by default excepting if host traffic must be blocked
|
||||||
yield from self._ubridge_send('bridge add_nio_linux_raw {name} "{interface}"'.format(name=bridge_name, interface=ethernet_interface))
|
yield from self._ubridge_send('bridge add_nio_linux_raw {name} "{interface}"'.format(name=bridge_name, interface=ethernet_interface))
|
||||||
elif sys.platform.startswith("win"):
|
elif sys.platform.startswith("win"):
|
||||||
# on Windows we use Winpcap/Npcap
|
# on Windows we use Winpcap/Npcap
|
||||||
@ -657,11 +657,19 @@ class BaseNode:
|
|||||||
if block_host_traffic:
|
if block_host_traffic:
|
||||||
if source_mac:
|
if source_mac:
|
||||||
yield from self._ubridge_send('bridge set_pcap_filter {name} "not ether src {mac}"'.format(name=bridge_name, mac=source_mac))
|
yield from self._ubridge_send('bridge set_pcap_filter {name} "not ether src {mac}"'.format(name=bridge_name, mac=source_mac))
|
||||||
|
log.info('PCAP filter applied on "{interface}" for source MAC {mac}'.format(interface=ethernet_interface, mac=source_mac))
|
||||||
else:
|
else:
|
||||||
log.warn("Could not block host network traffic on {} (no MAC address found)".format(ethernet_interface))
|
log.warning("Could not block host network traffic on {} (no MAC address found)".format(ethernet_interface))
|
||||||
else:
|
else:
|
||||||
# on other platforms we just rely on the pcap library
|
# on other platforms we just rely on the pcap library
|
||||||
yield from self._ubridge_send('bridge add_nio_ethernet {name} "{interface}"'.format(name=bridge_name, interface=ethernet_interface))
|
yield from self._ubridge_send('bridge add_nio_ethernet {name} "{interface}"'.format(name=bridge_name, interface=ethernet_interface))
|
||||||
|
source_mac = None
|
||||||
|
for interface in interfaces():
|
||||||
|
if interface["name"] == ethernet_interface:
|
||||||
|
source_mac = interface["mac_address"]
|
||||||
|
if source_mac:
|
||||||
|
yield from self._ubridge_send('bridge set_pcap_filter {name} "not ether src {mac}"'.format(name=bridge_name, mac=source_mac))
|
||||||
|
log.info('PCAP filter applied on "{interface}" for source MAC {mac}'.format(interface=ethernet_interface, mac=source_mac))
|
||||||
|
|
||||||
def _create_local_udp_tunnel(self):
|
def _create_local_udp_tunnel(self):
|
||||||
"""
|
"""
|
||||||
|
@ -328,7 +328,6 @@ class VMwareVM(BaseNode):
|
|||||||
:param adapter_number: adapter number
|
:param adapter_number: adapter number
|
||||||
"""
|
"""
|
||||||
|
|
||||||
block_host_traffic = self.manager.config.get_section_config("VMware").getboolean("block_host_traffic", False)
|
|
||||||
vnet = self._get_vnet(adapter_number)
|
vnet = self._get_vnet(adapter_number)
|
||||||
yield from self._ubridge_send("bridge create {name}".format(name=vnet))
|
yield from self._ubridge_send("bridge create {name}".format(name=vnet))
|
||||||
vmnet_interface = os.path.basename(self._vmx_pairs[vnet])
|
vmnet_interface = os.path.basename(self._vmx_pairs[vnet])
|
||||||
@ -337,6 +336,7 @@ class VMwareVM(BaseNode):
|
|||||||
# special case on OSX, we cannot bind VMnet interfaces using the libpcap
|
# special case on OSX, we cannot bind VMnet interfaces using the libpcap
|
||||||
yield from self._ubridge_send('bridge add_nio_fusion_vmnet {name} "{interface}"'.format(name=vnet, interface=vmnet_interface))
|
yield from self._ubridge_send('bridge add_nio_fusion_vmnet {name} "{interface}"'.format(name=vnet, interface=vmnet_interface))
|
||||||
else:
|
else:
|
||||||
|
block_host_traffic = self.manager.config.get_section_config("VMware").getboolean("block_host_traffic", False)
|
||||||
yield from self._add_ubridge_ethernet_connection(vnet, vmnet_interface, block_host_traffic)
|
yield from self._add_ubridge_ethernet_connection(vnet, vmnet_interface, block_host_traffic)
|
||||||
|
|
||||||
if isinstance(nio, NIOUDP):
|
if isinstance(nio, NIOUDP):
|
||||||
@ -349,14 +349,6 @@ class VMwareVM(BaseNode):
|
|||||||
yield from self._ubridge_send('bridge start_capture {name} "{pcap_file}"'.format(name=vnet, pcap_file=nio.pcap_output_file))
|
yield from self._ubridge_send('bridge start_capture {name} "{pcap_file}"'.format(name=vnet, pcap_file=nio.pcap_output_file))
|
||||||
|
|
||||||
yield from self._ubridge_send('bridge start {name}'.format(name=vnet))
|
yield from self._ubridge_send('bridge start {name}'.format(name=vnet))
|
||||||
|
|
||||||
# TODO: this only work when using PCAP (NIO Ethernet): current default on Linux is NIO RAW LINUX
|
|
||||||
# source_mac = None
|
|
||||||
# for interface in interfaces():
|
|
||||||
# if interface["name"] == vmnet_interface:
|
|
||||||
# source_mac = interface["mac_address"]
|
|
||||||
# if source_mac:
|
|
||||||
# yield from self._ubridge_send('bridge set_pcap_filter {name} "not ether src {mac}"'.format(name=vnet, mac=source_mac))
|
|
||||||
yield from self._ubridge_apply_filters(vnet, nio.filters)
|
yield from self._ubridge_apply_filters(vnet, nio.filters)
|
||||||
|
|
||||||
@asyncio.coroutine
|
@asyncio.coroutine
|
||||||
|
Loading…
Reference in New Issue
Block a user