diff --git a/dhcp/midasd.py b/dhcp/midasd.py index d921f74..b089c3b 100644 --- a/dhcp/midasd.py +++ b/dhcp/midasd.py @@ -1,5 +1,6 @@ import socket import struct +import yaml from dataclasses import dataclass from datetime import datetime @@ -141,7 +142,7 @@ class Packet(): reply_packet_object.OP = bytes([0x02]) reply_packet_object.YIADDR = bytes([yiaddr[0], yiaddr[1], yiaddr[2], yiaddr[3]]) # Client IP - reply_packet_object.SIADDR = bytes([172, 16, 0, 200]) # Server IP: 172.16.0.200 + reply_packet_object.SIADDR = bytes([192, 168, 1, 7]) # Server IP: 192.168.1.7 if _type == 'offer': packet_type = bytes([53, 1, 2]) # DHCP offer packet @@ -152,11 +153,11 @@ class Packet(): reply_packet_object.OPTIONS = b"".join( [ packet_type, - bytes([54, 4, 172, 16, 0, 200]), # Server identifier: 172.16.0.200 + bytes([54, 4, 192, 168, 1, 7]), # Server identifier: 192.168.1.7 bytes([51, 4, 0x00, 0x01, 0x51, 0x80]), # Lease time: 86400 bytes([1, 4, 255, 255, 255, 254]), # Subnet mask: 255.255.255.254 bytes([3, 4, giaddr[0], giaddr[1], giaddr[2], giaddr[3]]), # Default gateway - bytes([150, 4, 172, 16, 0, 200]), # TFTP server: 172.16.0.200 + bytes([150, 4, 192, 168, 1, 7]), # TFTP server: 192.168.1.7 Packet.construct_junos_suboptions(f'/configs/{client_device_name}.conf'), # Juniper specific suboptions ] ) @@ -164,11 +165,11 @@ class Packet(): reply_packet_object.OPTIONS = b"".join( [ packet_type, - bytes([54, 4, 172, 16, 0, 200]), # Server identifier: 172.16.0.200 + bytes([54, 4, 192, 168, 1, 7]), # Server identifier: 192.168.1.7 bytes([51, 4, 0x00, 0x01, 0x51, 0x80]), # Lease time: 86400 bytes([1, 4, 255, 255, 255, 254]), # Subnet mask: 255.255.255.254 bytes([3, 4, giaddr[0], giaddr[1], giaddr[2], giaddr[3]]), # Default gateway - bytes([150, 4, 172, 16, 0, 200]), # TFTP server: 172.16.0.200 + bytes([150, 4, 192, 168, 1, 7]), # TFTP server: 192.168.1.7 Packet.construct_tlv(67, f'/configs/{client_device_name}.conf'), # Cisco specific bootfile ] ) @@ -297,10 +298,14 @@ class Packet(): return giaddr, yiaddr -class DHCPServer(): - MAX_BYTES = 1024 - SERVER_IP = '172.16.0.200' - PORT = 67 +class DHCPServer(object): + def __init__(self, SETTINGS_FILE): + self.SETTINGS = yaml.load(open(SETTINGS_FILE), Loader=yaml.SafeLoader) + self.DHCP_SERVER_IP = self.SETTINGS.get('DHCP_SERVER_IP') + self.DHCP_SERVER_PORT = self.SETTINGS.get('DHCP_SERVER_PORT') + self.TFTP_SERVER_IP = self.SETTINGS.get('TFTP_SERVER_IP') + self.MAX_BYTES = self.SETTINGS.get('MAX_BYTES') + def create_socket(self): ''' @@ -321,7 +326,7 @@ class DHCPServer(): _socket=socket.socket(socket.AF_INET, socket.SOCK_DGRAM) _socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR,1) _socket.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST,1) - _socket.bind((self.SERVER_IP, self.PORT)) + _socket.bind((self.DHCP_SERVER_IP, self.DHCP_SERVER_PORT)) return _socket @@ -334,6 +339,9 @@ class DHCPServer(): topology: networkx Graph object detailing the network topology ''' log('DHCP server is starting...', 'info') + log(f'DHCP server IP: {self.DHCP_SERVER_IP} running on port {self.DHCP_SERVER_PORT}', 'info') + log(f'TFTP server IP: {self.TFTP_SERVER_IP}', 'info') + socket = self.create_socket() while True: diff --git a/dhcp/settings.yaml b/dhcp/settings.yaml index 2a3cd5b..f41f5a7 100644 --- a/dhcp/settings.yaml +++ b/dhcp/settings.yaml @@ -1,2 +1,4 @@ -DHCP_SERVER_IP: 172.16.0.200 -TFTP_SERVER_IP: 172.16.0.200 \ No newline at end of file +DHCP_SERVER_IP: 192.168.1.7 +DHCP_SERVER_PORT: 67 +TFTP_SERVER_IP: 192.168.1.7 +MAX_BYTES: 1024 \ No newline at end of file diff --git a/logs/midas_2023-04-08_14:16:10.log b/logs/midas_2023-04-08_14:16:10.log deleted file mode 100644 index 500dff6..0000000 --- a/logs/midas_2023-04-08_14:16:10.log +++ /dev/null @@ -1,11 +0,0 @@ -2023-04-08 14:16:10,531 [INFO] 👾 | Building topology... -2023-04-08 14:16:10,581 [INFO] 👾 | Topology name: Lab -2023-04-08 14:16:10,584 [INFO] 👾 | Drawing topology... -2023-04-08 14:16:11,510 [INFO] 👾 | Topology drawn, saved as: topology/topology.png -2023-04-08 14:16:11,512 [INFO] 👾 | Topology build complete -2023-04-08 14:16:11,515 [INFO] 👽 | Rendering configs... -2023-04-08 14:16:11,549 [INFO] 👽 | Rendered /srv/tftp/configs/LAB-897VA.conf -2023-04-08 14:16:11,573 [INFO] 👽 | Rendered /srv/tftp/configs/LAB-SRX300.conf -2023-04-08 14:16:11,575 [INFO] 👽 | Config rendering complete -2023-04-08 14:16:11,580 [INFO] 🤖 | DHCP server is starting... -2023-04-08 14:16:11,582 [INFO] 🤖 | Waiting for DHCP packets... diff --git a/midas b/midas index 6be1afd..1698d5d 100755 --- a/midas +++ b/midas @@ -11,7 +11,7 @@ if __name__ == '__main__': topology.build() provisioning = Provisioning() provisioning.render(topology) - dhcp_server = DHCPServer() + dhcp_server = DHCPServer(SETTINGS_FILE='dhcp/settings.yaml') dhcp_server.run(topology) # Todo diff --git a/provisioning/midasp.py b/provisioning/midasp.py index 7d82c32..6c56427 100644 --- a/provisioning/midasp.py +++ b/provisioning/midasp.py @@ -3,7 +3,7 @@ import yaml from jinja2 import Environment, FileSystemLoader from utils.log import log -class Provisioning(): +class Provisioning(object): def render(self, topology): ''' Summary: diff --git a/provisioning/templates/cisco_ios.j2 b/provisioning/templates/cisco_ios.j2 index 8dbdd9d..85e5ea7 100644 --- a/provisioning/templates/cisco_ios.j2 +++ b/provisioning/templates/cisco_ios.j2 @@ -127,9 +127,6 @@ interface GigabitEthernet8 interface Vlan1 no ip address ! -interface Vlan10 - ip address {{ management_ip }} 255.255.255.0 -! interface Vlan20 ip address 10.0.0.5 255.255.255.254 ip ospf authentication message-digest diff --git a/provisioning/templates/junos.j2 b/provisioning/templates/junos.j2 index d61e95c..5db16d8 100644 --- a/provisioning/templates/junos.j2 +++ b/provisioning/templates/junos.j2 @@ -4,13 +4,6 @@ system { plain-text-password-value "Juniper1"; } login { - user datatech { - uid 2001; - class read-only; - authentication { - plain-text-password-value "Juniper1"; - } - } user neteng { uid 2000; class super-user; @@ -27,10 +20,6 @@ system { ssh; } } - tacplus-server { - 10.10.10.10 secret "Juniper1"; ## SECRET-DATA - 11.11.11.11 secret "Juniper1"; ## SECRET-DATA - } syslog { archive size 100k files 3; user * { @@ -46,36 +35,6 @@ system { } } security { - authentication-key-chains { - key-chain BGP-KC-LHR14-R101-NCL62-R2 { - key 1 { - secret "$9$Vyws4JZjq.57-YoZU.m"; ## SECRET-DATA - start-time "2022-7-1.00:00:00 +0000"; - } - key 2 { - secret "$9$0Yfd1clVbs2oJdV69pOSybs2aUj5TF9AuiHP5FnpuNdVbs24aZ"; ## SECRET-DATA - start-time "2023-4-3.15:13:45 +0000"; - } - } - key-chain BGP-KC-NCL62-R2-SC-FW2 { - key 1 { - secret "$9$8x0Xxdws4ZGiKM7Vs2GU"; ## SECRET-DATA - start-time "2022-7-1.00:00:00 +0000"; - } - key 2 { - secret "$9$B74EeW24JikmlKDH.m3n1RhyvWxNV24JikSreKLX7-VYGjzF6"; ## SECRET-DATA - start-time "2023-4-3.15:42:04 +0000"; - } - } - key-chain BRMA-KC-LHR30-R101-NCL60-R1 { - key 1 { - apply-flags omit; - secret "$9$1HCREyeK87NbuOhrKMN-"; ## SECRET-DATA - key-name 4953bd1120ffcc31e1d044870c52d67b215c04f0c2ba1fccc970fa16d18a6b6f; - start-time "2023-3-31.14:22:24 +0000"; - } - } - } forwarding-options { family { mpls { @@ -83,21 +42,6 @@ security { } } } - macsec { - connectivity-association BRMA-WAN-LHR30-R101-NCL60-R1 { - security-mode static-cak; - mka { - transmit-interval 6000; - sak-rekey-interval 60; - } - pre-shared-key-chain BRMA-KC-LHR30-R101-NCL60-R1; - } - interfaces { - ge-0/0/7 { - connectivity-association BRMA-WAN-LHR30-R101-NCL60-R1; - } - } - } } interfaces { ge-0/0/0 { @@ -124,14 +68,6 @@ interfaces { } } } - ge-0/0/5 { - description "Management Network"; - unit 0 { - family inet { - address {{ management_ip }}/24; - } - } - } lo0 { unit 0 { family inet { @@ -140,98 +76,6 @@ interfaces { } } } -snmp { - v3 { - usm { - local-engine { - user snmp-user { - authentication-sha { - authentication-password "Juniper1"; ## SECRET-DATA - } - privacy-aes128 { - privacy-password "Juniper1"; ## SECRET-DATA - } - } - } - } - } -} -policy-options { - policy-statement BN-10-RMA-EXPORT { - term BGP { - from protocol bgp; - then { - community add BN-10-RMA-TARGET; - accept; - } - } - term OSPF { - from protocol ospf; - then { - community add BN-10-RMA-TARGET; - accept; - } - } - term AGGREGATE { - from protocol aggregate; - then { - community add BN-10-RMA-TARGET; - accept; - } - } - term REJECT-ALL { - then reject; - } - } - policy-statement BN-10-RMA-IMPORT { - term BGP { - from { - protocol bgp; - community BN-10-RMA-TARGET; - } - then accept; - } - term REJECT-ALL { - then reject; - } - } - community BN-10-RMA-TARGET members target:65100:1000; -} -access { - radius-server { - 10.10.10.10 secret "Juniper1"; ## SECRET-DATA - 11.11.11.11 secret "Juniper1"; ## SECRET-DATA - } -} -routing-instances { - BN-10-RMA { - protocols { - bgp { - group SEC-NET-FW { - type external; - description "eBGP to Security Network Firewall"; - local-address 192.168.32.78; - hold-time 30; - peer-as 64900; - neighbor 192.168.32.79 { - description ncl62-sc-fw2; - authentication-key-chain BGP-KC-NCL62-R2-SC-FW2; - } - } - traceoptions { - file bgp.log; - flag state; - } - log-updown; - } - } - instance-type vrf; - route-distinguisher 65100:1000; - vrf-import BN-10-RMA-IMPORT; - vrf-export BN-10-RMA-EXPORT; - vrf-table-label; - } -} protocols { ospf { area 0.0.0.0 { @@ -252,29 +96,12 @@ protocols { } } } - bgp { - group IBGP-FULL-MESH { - type internal; - description "IBGP Full Mesh"; - hold-time 30; - multipath { - multiple-as; - } - neighbor 172.17.0.0 { - description lhr14-bn-com-agg-r101; - authentication-key-chain BGP-KC-LHR14-R101-NCL62-R2; - } - } - traceoptions { - file bgp.log; - flag state; - } - log-updown; - } lldp { interface all; } } routing-options { - autonomous-system 65100; + static { + route 192.168.1.0/24 next-hop 10.0.0.0; + } } \ No newline at end of file diff --git a/provisioning/vars/LAB-897VA.yaml b/provisioning/vars/LAB-897VA.yaml index 6dd7661..1ad2c4a 100644 --- a/provisioning/vars/LAB-897VA.yaml +++ b/provisioning/vars/LAB-897VA.yaml @@ -1,3 +1,2 @@ hostname: LAB-897VA -management_ip: 172.16.0.3 loopback_ip: 2.2.2.2 \ No newline at end of file diff --git a/provisioning/vars/LAB-SRX300.yaml b/provisioning/vars/LAB-SRX300.yaml index b37f005..a038bde 100644 --- a/provisioning/vars/LAB-SRX300.yaml +++ b/provisioning/vars/LAB-SRX300.yaml @@ -1,3 +1,2 @@ hostname: LAB-SRX300 -management_ip: 172.16.0.1 loopback_ip: 1.1.1.1 \ No newline at end of file diff --git a/topology/midast.py b/topology/midast.py index 0761206..adcd5eb 100644 --- a/topology/midast.py +++ b/topology/midast.py @@ -4,7 +4,7 @@ import yaml from networkx.drawing.nx_agraph import to_agraph from utils.log import log -class Topology(): +class Topology(object): def __init__(self): self.G = nx.MultiGraph() diff --git a/topology/topology.png b/topology/topology.png index bd16923..d9331f7 100644 Binary files a/topology/topology.png and b/topology/topology.png differ diff --git a/topology/topology.yaml b/topology/topology.yaml index afc2db4..e02614e 100644 --- a/topology/topology.yaml +++ b/topology/topology.yaml @@ -1,6 +1,6 @@ Lab: nodes: - PI-DHCP: + UBUNTU: os: ubuntu no_render: True LAB-RELAY: @@ -28,10 +28,10 @@ Lab: b_end_interface: GigabitEthernet8 edge_index: 0 3: - a_end: PI-DHCP + a_end: UBUNTU b_end: LAB-RELAY - a_end_ip: 172.16.0.200 - b_end_ip: 172.16.0.2 + a_end_ip: 192.168.1.7 + b_end_ip: 192.168.1.150 a_end_interface: eth0 b_end_interface: GigabitEthernet8 edge_index: 0