From 81479525510d36b03604acc950cc2ab57ea906f3 Mon Sep 17 00:00:00 2001 From: Daniel STAN Date: Mon, 17 Feb 2014 17:02:48 +0100 Subject: [PATCH] collisions_ipv6: stop reporting useless stuff MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ie on filtre sur nos cidr, et éventuellement sur le lien local, mais on laisse tomber les trucs comme ::1 que crachent parfois certains noyaux linux (sic). --- surveillance/collisions_ipv6.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/surveillance/collisions_ipv6.py b/surveillance/collisions_ipv6.py index 6916bdc5..85bad24a 100755 --- a/surveillance/collisions_ipv6.py +++ b/surveillance/collisions_ipv6.py @@ -1,12 +1,23 @@ -#!/usr/bin/env python +#!/bin/bash /usr/scripts/python.sh # -*- coding: utf-8 -*- """ Pour détecter et signaler les collisions d'adresses IPv6 """ import psycopg2 import sys -sys.path.append('/usr/scripts') +import netaddr +import itertools import gestion.ipt as ipt +from gestion.config import prefix as crans_prefixes + +## Construit un filtre sql succint des réseaux à vérifier + +# (crans_prefixes est un dictionnaire de listes de networks, mais on se fout des +# clés, donc on concatène méchamment) +prefixes = itertools.chain(['fe80::/64'], *crans_prefixes.values()) +# Et on ne garde que le plus utile (histoire de faire moins de tests plus tard) +prefixes = netaddr.cidr_merge(prefixes) +prefixes = " OR \n".join( "a.ip <<= inet '%s'" % str(cidr) for cidr in prefixes) # Connection à la base sql via pgsql pgsql = psycopg2.connect(database='filtrage', user='crans') @@ -20,10 +31,11 @@ collision_mac_ip_request = """SELECT DISTINCT b.date as date2, b.mac as mac2, b.ip as ip2 FROM mac_ip as a, mac_ip as b WHERE a.ip = b.ip AND + (%s) AND a.mac != b.mac AND a.date >= b.date AND a.date - b.date < interval '3 day' -ORDER BY a.date;""" +ORDER BY a.date;""" % prefixes curseur.execute(collision_mac_ip_request) collision_mac_ip = curseur.fetchall()