From 42160ca0b3ab610bc876d0f63a6766548dc5e594 Mon Sep 17 00:00:00 2001 From: Wilhelm Schonfeldt Date: Tue, 7 Oct 2025 21:41:10 +0200 Subject: [PATCH] refactor: remove unused rules and streamline Mikrotik and Huawei directives --- hyperglass/api/events.py | 6 - hyperglass/defaults/directives/huawei.py | 112 --------------- hyperglass/defaults/directives/mikrotik.py | 156 --------------------- 3 files changed, 274 deletions(-) diff --git a/hyperglass/api/events.py b/hyperglass/api/events.py index 6185265..3d20c4a 100644 --- a/hyperglass/api/events.py +++ b/hyperglass/api/events.py @@ -8,7 +8,6 @@ from litestar import Litestar # Project from hyperglass.state import use_state -from hyperglass.log import log __all__ = ("check_redis",) @@ -17,8 +16,3 @@ async def check_redis(_: Litestar) -> t.NoReturn: """Ensure Redis is running before starting server.""" cache = use_state("cache") cache.check() - - -# init_ip_enrichment removed: startup refresh is intentionally disabled and -# IP enrichment data is loaded on-demand when required. Keeping a no-op -# startup hook adds no value and may cause confusion. diff --git a/hyperglass/defaults/directives/huawei.py b/hyperglass/defaults/directives/huawei.py index 5f749c7..6cb3f2a 100644 --- a/hyperglass/defaults/directives/huawei.py +++ b/hyperglass/defaults/directives/huawei.py @@ -29,15 +29,11 @@ Huawei_BGPRoute = BuiltinDirective( rules=[ RuleWithIPv4( condition="0.0.0.0/0", - ge="8", - le="32", action="permit", command="display bgp routing-table {target} | no-more", ), RuleWithIPv6( condition="::/0", - ge="10", - le="128", action="permit", command="display bgp ipv6 routing-table {target} | no-more", ), @@ -128,121 +124,13 @@ HuaweiBGPRouteTable = BuiltinDirective( id="__hyperglass_huawei_bgp_route_table__", name="BGP Route", rules=[ - # Regra DENY RFC 6598 - RuleWithIPv4( - condition="100.64.0.0/10", - ge="10", - le="32", - action="deny", - command="", - ), - # Regra DENY RFC 1918 CLASSE A - RuleWithIPv4( - condition="10.0.0.0/8", - ge="8", - le="32", - action="deny", - command="", - ), - # Regra DENY RFC 1918 CLASSE B - RuleWithIPv4( - condition="172.16.0.0/12", - ge="12", - le="32", - action="deny", - command="", - ), - # Regra DENY RFC 1918 classe C - RuleWithIPv4( - condition="192.168.0.0/16", - ge="16", - le="32", - action="deny", - command="", - ), - # Regra DENY LO - RuleWithIPv4( - condition="127.0.0.0/8", - ge="8", - le="32", - action="deny", - command="", - ), - # Regra DENY DEFAULT - RuleWithIPv4( - condition="0.0.0.0/8", - ge="8", - le="32", - action="deny", - command="", - ), - # Regra DENY AS PREFIXO - # RuleWithIPv4( - # condition="x.x.x.x/xx", - # ge="xx", - # le="32", - # action="deny", - # command="", - # ), RuleWithIPv4( condition="0.0.0.0/0", - ge="8", - le="32", action="permit", command="display bgp routing-table {target} | no-more", ), - # REGRA DENY SITE LOCAL DEPRECIADO RFC 3879 - RuleWithIPv6( - condition="fec0::/10", - ge="10", - le="128", - action="deny", - command="", - ), - # REGRA DENY ULA RFC 4193 - RuleWithIPv6( - condition="fc00::/7", - ge="7", - le="128", - action="deny", - command="", - ), - # REGRA DENY LINK LOCAL RFC 4291 - RuleWithIPv6( - condition="fe80::/10", - ge="10", - le="128", - action="deny", - command="", - ), - # REGRA DENY Unspecified RFC 4291 - RuleWithIPv6( - condition="::/128", - ge="128", - le="128", - action="deny", - command="", - ), - # REGRA DENY LO RFC 4291 - RuleWithIPv6( - condition="::1/128", - ge="128", - le="128", - action="deny", - command="", - ), - # REGRA DENY AS PREFIXO - # RuleWithIPv6( - # condition="x.x.x.x/xx", - # ge="XX", - # le="128", - # action="deny", - # command="", - # ), RuleWithIPv6( condition="::/0", - ge="10", - le="128", action="permit", command="display bgp ipv6 routing-table {target} | no-more", ), diff --git a/hyperglass/defaults/directives/mikrotik.py b/hyperglass/defaults/directives/mikrotik.py index 114c47e..9aafb00 100644 --- a/hyperglass/defaults/directives/mikrotik.py +++ b/hyperglass/defaults/directives/mikrotik.py @@ -29,21 +29,13 @@ Mikrotik_BGPRoute = BuiltinDirective( rules=[ RuleWithIPv4( condition="0.0.0.0/0", - ge="8", - le="32", action="permit", - # v7 command="routing route print detail without-paging where {target} in dst-address bgp and dst-address !=0.0.0.0/0", - # v6 - # command="ip route print detail without-paging where {target} in dst-address bgp and dst-address !=0.0.0.0/0", ), RuleWithIPv6( condition="::/0", action="permit", - # v7 command="routing route print detail without-paging where {target} in dst-address bgp and dst-address !=::/0", - # v6 - # command="ipv6 route print detail without-paging where {target} in dst-address bgp and dst-address !=::/0", ), ], field=Text(description="IP Address, Prefix, or Hostname"), @@ -94,24 +86,6 @@ Mikrotik_Ping = BuiltinDirective( id="__hyperglass_mikrotik_ping__", name="Ping", rules=[ - # Deny RFC4193 ULA (Unique Local IPv6 Addresses) - RuleWithIPv6( - condition="fc00::/7", - action="deny", - command="", - ), - # Deny RFC4291 Link-Local IPv6 - RuleWithIPv6( - condition="fe80::/10", - action="deny", - command="", - ), - # Deny RFC4291 IPv6 Loopback - RuleWithIPv6( - condition="::1/128", - action="deny", - command="", - ), RuleWithIPv4( condition="0.0.0.0/0", action="permit", @@ -131,24 +105,6 @@ Mikrotik_Traceroute = BuiltinDirective( id="__hyperglass_mikrotik_traceroute__", name="Traceroute", rules=[ - # Deny RFC4193 ULA (Unique Local IPv6 Addresses) - RuleWithIPv6( - condition="fc00::/7", - action="deny", - command="", - ), - # Deny RFC4291 Link-Local IPv6 - RuleWithIPv6( - condition="fe80::/10", - action="deny", - command="", - ), - # Deny RFC4291 IPv6 Loopback - RuleWithIPv6( - condition="::1/128", - action="deny", - command="", - ), RuleWithIPv4( condition="0.0.0.0/0", action="permit", @@ -170,127 +126,15 @@ MikrotikBGPRouteTable = BuiltinDirective( id="__hyperglass_mikrotik_bgp_route_table__", name="BGP Route", rules=[ - # Regra DENY RFC 6598 - RuleWithIPv4( - condition="100.64.0.0/10", - ge="10", - le="32", - action="deny", - command="", - ), - # Regra DENY RFC 1918 classe A - RuleWithIPv4( - condition="10.0.0.0/8", - ge="8", - le="32", - action="deny", - command="", - ), - # Regra DENY RFC 1918 classe B - RuleWithIPv4( - condition="172.16.0.0/12", - ge="12", - le="32", - action="deny", - command="", - ), - # Regra DENY RFC 1918 classe C - RuleWithIPv4( - condition="192.168.0.0/16", - ge="16", - le="32", - action="deny", - command="", - ), - # Regra DENY LO - RuleWithIPv4( - condition="127.0.0.0/8", - ge="8", - le="32", - action="deny", - command="", - ), - # Regra DENY DEFAULT - RuleWithIPv4( - condition="0.0.0.0/8", - ge="8", - le="32", - action="deny", - command="", - ), - # Regra DENY AS PREFIXO - # RuleWithIPv4( - # condition="x.x.x.x/x", - # ge="xx", - # le="32", - # action="deny", - # command="", - # ), RuleWithIPv4( condition="0.0.0.0/0", - ge="8", - le="32", action="permit", - # v7 command="routing route print detail without-paging where {target} in dst-address bgp and dst-address !=0.0.0.0/0", - # v6 - # command="ip route print detail without-paging where {target} in dst-address bgp and dst-address !=0.0.0.0/0", ), - # REGRA DENY SITE LOCAL DEPRECIADO RFC 3879 - RuleWithIPv6( - condition="fec0::/10", - ge="10", - le="128", - action="deny", - command="", - ), - # REGRA DENY ULA RFC 4193 - RuleWithIPv6( - condition="fc00::/7", - ge="7", - le="128", - action="deny", - command="", - ), - # REGRA DENY LINK LOCAL RFC 4291 - RuleWithIPv6( - condition="fe80::/10", - ge="10", - le="128", - action="deny", - command="", - ), - # REGRA DENY Unspecified RFC 4291 - RuleWithIPv6( - condition="::/128", - ge="128", - le="128", - action="deny", - command="", - ), - # REGRA DENY LO RFC 4291 - RuleWithIPv6( - condition="::1/128", - ge="128", - le="128", - action="deny", - command="", - ), - # REGRA DENY AS PREFIXO - # RuleWithIPv6( - # condition="xxxx:xxxx::/xx", - # ge="xx", - # le="128", - # action="deny", - # command="", - # ), RuleWithIPv6( condition="::/0", action="permit", - # v7 command="routing route print detail without-paging where {target} in dst-address bgp and dst-address !=::/0", - # v6 - # command="ipv6 route print detail without-paging where {target} in dst-address bgp and dst-address !=::/0", ), ], field=Text(description="IP Address, Prefix, or Hostname"),