From 1ce26a23a164ad85b17216d35a17be76601379ef Mon Sep 17 00:00:00 2001 From: David Schmitz <schmitz@lrz.de> Date: Fri, 19 May 2023 09:46:58 +0000 Subject: [PATCH] fix/ipv6_rules_implicit_icmp6: add setting NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6 to enable/disable implicit ipv6 addresses+proto=icmp <-> proto=icmpv6 --- flowspy/settings.py.dist | 3 +++ utils/flowspec_utils.py | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/flowspy/settings.py.dist b/flowspy/settings.py.dist index ecf4dfa4..4555ec22 100644 --- a/flowspy/settings.py.dist +++ b/flowspy/settings.py.dist @@ -531,6 +531,9 @@ NETCONF_MAX_RETRY_BEFORE_ERROR = 5 # Actually apply the rules COMMIT = True +# +NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6 = False + ############################################################################## ############################################################################## # Netconf Device credentials diff --git a/utils/flowspec_utils.py b/utils/flowspec_utils.py index a0777317..bf1645fe 100644 --- a/utils/flowspec_utils.py +++ b/utils/flowspec_utils.py @@ -7,14 +7,16 @@ logger = flowspec.logging_utils.logger_init_default(__name__, "flowspec_utils.lo def map__ip_proto__for__ip_version__to_flowspec(ip_version, protocol_str): logger.info("map__ip_proto__for__ip_version__to_flowspec(): called ip_version="+str(ip_version)+" protocol_str="+str(protocol_str)) if ip_version==6 and protocol_str=='icmp': - protocol_str='icmp6' + if hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6') and settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6: + protocol_str='icmp6' logger.info("map__ip_proto__for__ip_version__to_flowspec(): returning protocol_str="+str(protocol_str)) return protocol_str def map__ip_proto__for__ip_version__from_flowspec(ip_version, protocol_str): logger.info("map__ip_proto__for__ip_version__from_flowspec(): called ip_version="+str(ip_version)+" protocol_str="+str(protocol_str)) if ip_version==6 and protocol_str=='icmp6': - protocol_str='icmp' + if hasattr(settings, 'NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6') and settings.NETCONF_FLOWSPEC_MAP_ICMP_TO_ICMPV6: + protocol_str='icmp' logger.info("map__ip_proto__for__ip_version__from_flowspec(): returning protocol_str="+str(protocol_str)) return protocol_str -- GitLab