macf/Midas
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactoring code for new lab environment, adding settings file

Browse Source
This commit is contained in:
Dom 2023-09-09 02:34:01 +01:00
parent 439cf7e389
commit 10a713b01c
12 changed files with 32 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
dhcp/midasd.py
View File

@ -1,5 +1,6 @@
import socket import socket
import struct import struct
import yaml
from dataclasses import dataclass from dataclasses import dataclass
from datetime import datetime from datetime import datetime
@ -141,7 +142,7 @@ class Packet():
reply_packet_object.OP = bytes([0x02]) reply_packet_object.OP = bytes([0x02])
reply_packet_object.YIADDR = bytes([yiaddr[0], yiaddr[1], yiaddr[2], yiaddr[3]]) # Client IP reply_packet_object.YIADDR = bytes([yiaddr[0], yiaddr[1], yiaddr[2], yiaddr[3]]) # Client IP
reply_packet_object.SIADDR = bytes([172, 16, 0, 200]) # Server IP: 172.16.0.200 reply_packet_object.SIADDR = bytes([192, 168, 1, 7]) # Server IP: 192.168.1.7
if _type == 'offer': if _type == 'offer':
packet_type = bytes([53, 1, 2]) # DHCP offer packet packet_type = bytes([53, 1, 2]) # DHCP offer packet
@ -152,11 +153,11 @@ class Packet():
reply_packet_object.OPTIONS = b"".join( reply_packet_object.OPTIONS = b"".join(
[ [
packet_type, packet_type,
bytes([54, 4, 172, 16, 0, 200]), # Server identifier: 172.16.0.200 bytes([54, 4, 192, 168, 1, 7]), # Server identifier: 192.168.1.7
bytes([51, 4, 0x00, 0x01, 0x51, 0x80]), # Lease time: 86400 bytes([51, 4, 0x00, 0x01, 0x51, 0x80]), # Lease time: 86400
bytes([1, 4, 255, 255, 255, 254]), # Subnet mask: 255.255.255.254 bytes([1, 4, 255, 255, 255, 254]), # Subnet mask: 255.255.255.254
bytes([3, 4, giaddr[0], giaddr[1], giaddr[2], giaddr[3]]), # Default gateway bytes([3, 4, giaddr[0], giaddr[1], giaddr[2], giaddr[3]]), # Default gateway
bytes([150, 4, 172, 16, 0, 200]), # TFTP server: 172.16.0.200 bytes([150, 4, 192, 168, 1, 7]), # TFTP server: 192.168.1.7
Packet.construct_junos_suboptions(f'/configs/{client_device_name}.conf'), # Juniper specific suboptions Packet.construct_junos_suboptions(f'/configs/{client_device_name}.conf'), # Juniper specific suboptions
] ]
) )
@ -164,11 +165,11 @@ class Packet():
reply_packet_object.OPTIONS = b"".join( reply_packet_object.OPTIONS = b"".join(
[ [
packet_type, packet_type,
bytes([54, 4, 172, 16, 0, 200]), # Server identifier: 172.16.0.200 bytes([54, 4, 192, 168, 1, 7]), # Server identifier: 192.168.1.7
bytes([51, 4, 0x00, 0x01, 0x51, 0x80]), # Lease time: 86400 bytes([51, 4, 0x00, 0x01, 0x51, 0x80]), # Lease time: 86400
bytes([1, 4, 255, 255, 255, 254]), # Subnet mask: 255.255.255.254 bytes([1, 4, 255, 255, 255, 254]), # Subnet mask: 255.255.255.254
bytes([3, 4, giaddr[0], giaddr[1], giaddr[2], giaddr[3]]), # Default gateway bytes([3, 4, giaddr[0], giaddr[1], giaddr[2], giaddr[3]]), # Default gateway
bytes([150, 4, 172, 16, 0, 200]), # TFTP server: 172.16.0.200 bytes([150, 4, 192, 168, 1, 7]), # TFTP server: 192.168.1.7
Packet.construct_tlv(67, f'/configs/{client_device_name}.conf'), # Cisco specific bootfile Packet.construct_tlv(67, f'/configs/{client_device_name}.conf'), # Cisco specific bootfile
] ]
) )
@ -297,10 +298,14 @@ class Packet():
return giaddr, yiaddr return giaddr, yiaddr
class DHCPServer(): class DHCPServer(object):
MAX_BYTES = 1024 def __init__(self, SETTINGS_FILE):
SERVER_IP = '172.16.0.200' self.SETTINGS = yaml.load(open(SETTINGS_FILE), Loader=yaml.SafeLoader)
PORT = 67 self.DHCP_SERVER_IP = self.SETTINGS.get('DHCP_SERVER_IP')
self.DHCP_SERVER_PORT = self.SETTINGS.get('DHCP_SERVER_PORT')
self.TFTP_SERVER_IP = self.SETTINGS.get('TFTP_SERVER_IP')
self.MAX_BYTES = self.SETTINGS.get('MAX_BYTES')
def create_socket(self): def create_socket(self):
''' '''
@ -321,7 +326,7 @@ class DHCPServer():
_socket=socket.socket(socket.AF_INET, socket.SOCK_DGRAM) _socket=socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR,1) _socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR,1)
_socket.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST,1) _socket.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST,1)
_socket.bind((self.SERVER_IP, self.PORT)) _socket.bind((self.DHCP_SERVER_IP, self.DHCP_SERVER_PORT))
return _socket return _socket
@ -334,6 +339,9 @@ class DHCPServer():
topology: networkx Graph object detailing the network topology topology: networkx Graph object detailing the network topology
''' '''
log('DHCP server is starting...', 'info') log('DHCP server is starting...', 'info')
log(f'DHCP server IP: {self.DHCP_SERVER_IP} running on port {self.DHCP_SERVER_PORT}', 'info')
log(f'TFTP server IP: {self.TFTP_SERVER_IP}', 'info')
socket = self.create_socket() socket = self.create_socket()
while True: while True:

6
dhcp/settings.yaml
View File

@ -1,2 +1,4 @@
DHCP_SERVER_IP: 172.16.0.200 DHCP_SERVER_IP: 192.168.1.7
TFTP_SERVER_IP: 172.16.0.200 DHCP_SERVER_PORT: 67
TFTP_SERVER_IP: 192.168.1.7
MAX_BYTES: 1024

11
logs/midas_2023-04-08_14:16:10.log
View File

@ -1,11 +0,0 @@
2023-04-08 14:16:10,531 [INFO] 👾 | Building topology...
2023-04-08 14:16:10,581 [INFO] 👾 | Topology name: Lab
2023-04-08 14:16:10,584 [INFO] 👾 | Drawing topology...
2023-04-08 14:16:11,510 [INFO] 👾 | Topology drawn, saved as: topology/topology.png
2023-04-08 14:16:11,512 [INFO] 👾 | Topology build complete
2023-04-08 14:16:11,515 [INFO] 👽 | Rendering configs...
2023-04-08 14:16:11,549 [INFO] 👽 | Rendered /srv/tftp/configs/LAB-897VA.conf
2023-04-08 14:16:11,573 [INFO] 👽 | Rendered /srv/tftp/configs/LAB-SRX300.conf
2023-04-08 14:16:11,575 [INFO] 👽 | Config rendering complete
2023-04-08 14:16:11,580 [INFO] 🤖 | DHCP server is starting...
2023-04-08 14:16:11,582 [INFO] 🤖 | Waiting for DHCP packets...

2
midas
View File

@ -11,7 +11,7 @@ if __name__ == '__main__':
topology.build() topology.build()
provisioning = Provisioning() provisioning = Provisioning()
provisioning.render(topology) provisioning.render(topology)
dhcp_server = DHCPServer() dhcp_server = DHCPServer(SETTINGS_FILE='dhcp/settings.yaml')
dhcp_server.run(topology) dhcp_server.run(topology)
# Todo # Todo

2
provisioning/midasp.py
View File

@ -3,7 +3,7 @@ import yaml
from jinja2 import Environment, FileSystemLoader from jinja2 import Environment, FileSystemLoader
from utils.log import log from utils.log import log
class Provisioning(): class Provisioning(object):
def render(self, topology): def render(self, topology):
''' '''
Summary: Summary:

3
provisioning/templates/cisco_ios.j2
View File

@ -127,9 +127,6 @@ interface GigabitEthernet8
interface Vlan1 interface Vlan1
no ip address no ip address
! !
interface Vlan10
ip address {{ management_ip }} 255.255.255.0
!
interface Vlan20 interface Vlan20
ip address 10.0.0.5 255.255.255.254 ip address 10.0.0.5 255.255.255.254
ip ospf authentication message-digest ip ospf authentication message-digest

179
provisioning/templates/junos.j2
View File

@ -4,13 +4,6 @@ system {
plain-text-password-value "Juniper1"; plain-text-password-value "Juniper1";
} }
login { login {
user datatech {
uid 2001;
class read-only;
authentication {
plain-text-password-value "Juniper1";
}
}
user neteng { user neteng {
uid 2000; uid 2000;
class super-user; class super-user;
@ -27,10 +20,6 @@ system {
ssh; ssh;
} }
} }
tacplus-server {
10.10.10.10 secret "Juniper1"; ## SECRET-DATA
11.11.11.11 secret "Juniper1"; ## SECRET-DATA
}
syslog { syslog {
archive size 100k files 3; archive size 100k files 3;
user * { user * {
@ -46,36 +35,6 @@ system {
} }
} }
security { security {
authentication-key-chains {
key-chain BGP-KC-LHR14-R101-NCL62-R2 {
key 1 {
secret "$9$Vyws4JZjq.57-YoZU.m"; ## SECRET-DATA
start-time "2022-7-1.00:00:00 +0000";
}
key 2 {
secret "$9$0Yfd1clVbs2oJdV69pOSybs2aUj5TF9AuiHP5FnpuNdVbs24aZ"; ## SECRET-DATA
start-time "2023-4-3.15:13:45 +0000";
}
}
key-chain BGP-KC-NCL62-R2-SC-FW2 {
key 1 {
secret "$9$8x0Xxdws4ZGiKM7Vs2GU"; ## SECRET-DATA
start-time "2022-7-1.00:00:00 +0000";
}
key 2 {
secret "$9$B74EeW24JikmlKDH.m3n1RhyvWxNV24JikSreKLX7-VYGjzF6"; ## SECRET-DATA
start-time "2023-4-3.15:42:04 +0000";
}
}
key-chain BRMA-KC-LHR30-R101-NCL60-R1 {
key 1 {
apply-flags omit;
secret "$9$1HCREyeK87NbuOhrKMN-"; ## SECRET-DATA
key-name 4953bd1120ffcc31e1d044870c52d67b215c04f0c2ba1fccc970fa16d18a6b6f;
start-time "2023-3-31.14:22:24 +0000";
}
}
}
forwarding-options { forwarding-options {
family { family {
mpls { mpls {
@ -83,21 +42,6 @@ security {
} }
} }
} }
macsec {
connectivity-association BRMA-WAN-LHR30-R101-NCL60-R1 {
security-mode static-cak;
mka {
transmit-interval 6000;
sak-rekey-interval 60;
}
pre-shared-key-chain BRMA-KC-LHR30-R101-NCL60-R1;
}
interfaces {
ge-0/0/7 {
connectivity-association BRMA-WAN-LHR30-R101-NCL60-R1;
}
}
}
} }
interfaces { interfaces {
ge-0/0/0 { ge-0/0/0 {
@ -124,14 +68,6 @@ interfaces {
} }
} }
} }
ge-0/0/5 {
description "Management Network";
unit 0 {
family inet {
address {{ management_ip }}/24;
}
}
}
lo0 { lo0 {
unit 0 { unit 0 {
family inet { family inet {
@ -140,98 +76,6 @@ interfaces {
} }
} }
} }
snmp {
v3 {
usm {
local-engine {
user snmp-user {
authentication-sha {
authentication-password "Juniper1"; ## SECRET-DATA
}
privacy-aes128 {
privacy-password "Juniper1"; ## SECRET-DATA
}
}
}
}
}
}
policy-options {
policy-statement BN-10-RMA-EXPORT {
term BGP {
from protocol bgp;
then {
community add BN-10-RMA-TARGET;
accept;
}
}
term OSPF {
from protocol ospf;
then {
community add BN-10-RMA-TARGET;
accept;
}
}
term AGGREGATE {
from protocol aggregate;
then {
community add BN-10-RMA-TARGET;
accept;
}
}
term REJECT-ALL {
then reject;
}
}
policy-statement BN-10-RMA-IMPORT {
term BGP {
from {
protocol bgp;
community BN-10-RMA-TARGET;
}
then accept;
}
term REJECT-ALL {
then reject;
}
}
community BN-10-RMA-TARGET members target:65100:1000;
}
access {
radius-server {
10.10.10.10 secret "Juniper1"; ## SECRET-DATA
11.11.11.11 secret "Juniper1"; ## SECRET-DATA
}
}
routing-instances {
BN-10-RMA {
protocols {
bgp {
group SEC-NET-FW {
type external;
description "eBGP to Security Network Firewall";
local-address 192.168.32.78;
hold-time 30;
peer-as 64900;
neighbor 192.168.32.79 {
description ncl62-sc-fw2;
authentication-key-chain BGP-KC-NCL62-R2-SC-FW2;
}
}
traceoptions {
file bgp.log;
flag state;
}
log-updown;
}
}
instance-type vrf;
route-distinguisher 65100:1000;
vrf-import BN-10-RMA-IMPORT;
vrf-export BN-10-RMA-EXPORT;
vrf-table-label;
}
}
protocols { protocols {
ospf { ospf {
area 0.0.0.0 { area 0.0.0.0 {
@ -252,29 +96,12 @@ protocols {
} }
} }
} }
bgp {
group IBGP-FULL-MESH {
type internal;
description "IBGP Full Mesh";
hold-time 30;
multipath {
multiple-as;
}
neighbor 172.17.0.0 {
description lhr14-bn-com-agg-r101;
authentication-key-chain BGP-KC-LHR14-R101-NCL62-R2;
}
}
traceoptions {
file bgp.log;
flag state;
}
log-updown;
}
lldp { lldp {
interface all; interface all;
} }
} }
routing-options { routing-options {
autonomous-system 65100; static {
route 192.168.1.0/24 next-hop 10.0.0.0;
}
} }

1
provisioning/vars/LAB-897VA.yaml
View File

@ -1,3 +1,2 @@
hostname: LAB-897VA hostname: LAB-897VA
management_ip: 172.16.0.3
loopback_ip: 2.2.2.2 loopback_ip: 2.2.2.2

1
provisioning/vars/LAB-SRX300.yaml
View File

@ -1,3 +1,2 @@
hostname: LAB-SRX300 hostname: LAB-SRX300
management_ip: 172.16.0.1
loopback_ip: 1.1.1.1 loopback_ip: 1.1.1.1

2
topology/midast.py
View File

@ -4,7 +4,7 @@ import yaml
from networkx.drawing.nx_agraph import to_agraph from networkx.drawing.nx_agraph import to_agraph
from utils.log import log from utils.log import log
class Topology(): class Topology(object):
def __init__(self): def __init__(self):
self.G = nx.MultiGraph() self.G = nx.MultiGraph()

BIN
topology/topology.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 82 KiB

After

Width:  |  Height:  |  Size: 91 KiB

8
topology/topology.yaml
View File

@ -1,6 +1,6 @@
Lab: Lab:
nodes: nodes:
PI-DHCP: UBUNTU:
os: ubuntu os: ubuntu
no_render: True no_render: True
LAB-RELAY: LAB-RELAY:
@ -28,10 +28,10 @@ Lab:
b_end_interface: GigabitEthernet8 b_end_interface: GigabitEthernet8
edge_index: 0 edge_index: 0
3: 3:
a_end: PI-DHCP a_end: UBUNTU
b_end: LAB-RELAY b_end: LAB-RELAY
a_end_ip: 172.16.0.200 a_end_ip: 192.168.1.7
b_end_ip: 172.16.0.2 b_end_ip: 192.168.1.150
a_end_interface: eth0 a_end_interface: eth0
b_end_interface: GigabitEthernet8 b_end_interface: GigabitEthernet8
edge_index: 0 edge_index: 0