diff --git a/gestion/gen_confs/surveillance.py b/gestion/gen_confs/surveillance.py index a8afc926..4e81a1d7 100644 --- a/gestion/gen_confs/surveillance.py +++ b/gestion/gen_confs/surveillance.py @@ -75,16 +75,27 @@ class machines(gen_config) : pgsql = psycopg2.connect(database='filtrage', user='crans') curseur = pgsql.cursor() curseur.execute("DELETE FROM machines;") + + ipv6_vu={} + def ipv6_already_set(ipv6): + ret = ipv6_vu.get(ipv6, False) + ipv6_vu[ipv6] = True + return ret # ajout des entrée for m in machines: if m.proprietaire().__class__ == Club: curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','club',%s);"%(m.ip(),m.proprietaire().id())) + if not ipv6_already_set(m.ipv6()): + curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','club',%s);"%(m.ipv6(),m.proprietaire().id())) elif m.proprietaire().__class__ == Adherent: curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','adherent',%s);"%(m.ip(),m.proprietaire().id())) + if not ipv6_already_set(m.ipv6()): + curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','adherent',%s);"%(m.ipv6(),m.proprietaire().id())) elif m.proprietaire().__class__ == AssociationCrans: curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','crans',%s);"%(m.ip(),m.id())) - + if not ipv6_already_set(m.ipv6()): + curseur.execute("INSERT INTO machines (ip, type, id) VALUES (inet'%s','crans',%s);"%(m.ipv6(),m.id())) # on commit pgsql.commit() diff --git a/gestion/ipt.py b/gestion/ipt.py index 0725c6af..12ff0bd6 100644 --- a/gestion/ipt.py +++ b/gestion/ipt.py @@ -440,9 +440,25 @@ def check_ip_proto(ip_proto): def ipv6_addr(mac, net): ''' Renvoie l'adresse ipv6 d'auto-configuration de la mac sur le réseau ''' mac_s = mac.split(':') - eui = '2'+':'.join(mac_s[1:3])+'ff:fe'+':'.join(mac_s[3:5])+mac_s[5] + eui = hex(int(mac_s[0],16) ^ 0x02)[2:] + ':'.join(mac_s[1:3]) + 'ff:fe' + ':'.join(mac_s[3:5]) + mac_s[5] return re.sub(':/64', eui , prefix[dprefix[net]][0]) +def mac_addr(ipv6): + ''' Renvoie l'adresse mac de l'ipv6 d'auto-configuration ''' + ipv6_s= ipv6.split(':')[4:] + mac='' + if ipv6_s[1].endswith('ff') and ipv6_s[2].startswith('fe'): + elt = "%04x" % int(ipv6_s[0], 16) + mac += "%02x" % (int(elt[0:2],16) ^ 0x02) + ':' + elt[2:] + elt = "%04x" % int(ipv6_s[1], 16) + mac += ':' + elt[0:2] + elt = "%04x" % int(ipv6_s[2], 16) + mac += ':' + elt[2:] + elt = "%04x" % int(ipv6_s[3], 16) + mac += ':' + elt[0:2] + ':' + elt[2:] + return mac + return None + # TODO Fusionner les deux fonctions. def iface(net): '''Retourne l'interface réseau associée à un certain type de réseau diff --git a/surveillance/deconnexion.py b/surveillance/deconnexion.py index 81b95f1d..0a0199c9 100755 --- a/surveillance/deconnexion.py +++ b/surveillance/deconnexion.py @@ -21,6 +21,7 @@ import sys import psycopg2 sys.path.append('/usr/scripts/gestion') from config import upload, virus, p2p, NETs +import ipt import smtplib from ldap_crans import crans_ldap from ldap_crans import MachineWifi @@ -95,27 +96,59 @@ def reperage_chambre(mac): ################################################################################ # upload par entité (adhérent/club/machine crans) +upload4="""SELECT + 'upload', sum(upload)/1024/1024 AS total, ip_crans +FROM + upload +WHERE + upload > download + AND date > timestamp 'now' - interval '1 day' + AND date < 'now' + AND NOT EXISTS + ( + SELECT 1 + FROM exemptes + WHERE upload.ip_crans <<= exemptes.ip_crans + AND upload.ip_ext <<= exemptes.ip_dest + ) +GROUP BY + ip_crans +""" +upload6 = """SELECT + 'upload', sum(upload)/1024/1024 AS total, ip_crans +FROM + ( + SELECT DISTINCT * FROM + ( + SELECT + upload6.date, mac_ip.ip AS ip_crans, upload6.ip_ext, upload6.id, upload6.port_crans, upload6.port_ext, upload6.download, upload6.upload + FROM mac_ip,upload6 + WHERE + upload6.ip_crans = mac_ip.ip + AND upload6.date > mac_ip.date + AND upload6.date - interval '1 day' < mac_ip.date + AND upload6.date > timestamp 'now' - interval '1 day' + AND upload6.date < 'now' + AND upload6.upload > upload6.download + AND NOT EXISTS + ( + SELECT 1 + FROM exemptes + WHERE upload6.ip_crans <<= exemptes.ip_crans + AND upload6.ip_ext <<= exemptes.ip_dest + ) + ) AS upload + ) AS upload +WHERE + upload > download +GROUP BY + ip_crans +""" requete = """SELECT round(total) AS total, machines.type AS type, machines.id AS id FROM ( - SELECT - 'upload', sum(upload)/1024/1024 AS total, ip_crans - FROM - upload - WHERE - upload > download - AND date > timestamp 'now' - interval '1 day' - AND date < 'now' - AND NOT EXISTS - ( - SELECT 1 - FROM exemptes - WHERE upload.ip_crans <<= exemptes.ip_crans - AND upload.ip_ext <<= exemptes.ip_dest - ) - GROUP BY - ip_crans + (%s) UNION (%s) ) AS upload @@ -127,10 +160,21 @@ WHERE total >= 250 GROUP BY total, type, id -;""" +;""" % (upload4, upload6) curseur.execute(requete) uploadeurs = curseur.fetchall() + +# On regarde s'il y a deux ipv6 identiques avec des mac non identiques +collision_mac_ip_request = "SELECT DISTINCT (a.*) FROM mac_ip as a, mac_ip as b where a.ip=b.ip AND a.mac != b.mac AND a.date >= b.date AND a.date - b.date < interval '3 day' ORDER BY a.date;" +curseur.execute(collision_mac_ip_request) +collision_mac_ip = curseur.fetchall() + +if collision_mac_ip != []: + print "Collision d'addresses ipv6 : " +for (date, mac, ip) in collision_mac_ip: + print "%s %s %s" % (date, ipt.mac_addr(mac), ip) + # Table des avertis ###################