mirrors/thatmattlove-hyperglass
1
0
Fork 1
mirror of https://github.com/thatmattlove/hyperglass.git synced 2026-04-17 21:38:27 +00:00
Code Issues Activity

refactor: remove unused rules and streamline Mikrotik and Huawei directives

Browse source
This commit is contained in:
Wilhelm Schonfeldt 2025-10-07 21:41:10 +02:00
parent d5a57608af
commit 42160ca0b3
No known key found for this signature in database
GPG key ID: 9A15BF796D5C3F1E
3 changed files with 0 additions and 274 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hyperglass/api/events.py
View file

@ -8,7 +8,6 @@ from litestar import Litestar
# Project
from hyperglass.state import use_state
from hyperglass.log import log
__all__ = ("check_redis",)
@ -17,8 +16,3 @@ async def check_redis(_: Litestar) -> t.NoReturn:
"""Ensure Redis is running before starting server."""
cache = use_state("cache")
cache.check()
# init_ip_enrichment removed: startup refresh is intentionally disabled and
# IP enrichment data is loaded on-demand when required. Keeping a no-op
# startup hook adds no value and may cause confusion.

112
hyperglass/defaults/directives/huawei.py
View file

@ -29,15 +29,11 @@ Huawei_BGPRoute = BuiltinDirective(
rules=[
RuleWithIPv4(
condition="0.0.0.0/0",
ge="8",
le="32",
action="permit",
command="display bgp routing-table {target} | no-more",
),
RuleWithIPv6(
condition="::/0",
ge="10",
le="128",
action="permit",
command="display bgp ipv6 routing-table {target} | no-more",
),
@ -128,121 +124,13 @@ HuaweiBGPRouteTable = BuiltinDirective(
id="__hyperglass_huawei_bgp_route_table__",
name="BGP Route",
rules=[
# Regra DENY RFC 6598
RuleWithIPv4(
condition="100.64.0.0/10",
ge="10",
le="32",
action="deny",
command="",
),
# Regra DENY RFC 1918 CLASSE A
RuleWithIPv4(
condition="10.0.0.0/8",
ge="8",
le="32",
action="deny",
command="",
),
# Regra DENY RFC 1918 CLASSE B
RuleWithIPv4(
condition="172.16.0.0/12",
ge="12",
le="32",
action="deny",
command="",
),
# Regra DENY RFC 1918 classe C
RuleWithIPv4(
condition="192.168.0.0/16",
ge="16",
le="32",
action="deny",
command="",
),
# Regra DENY LO
RuleWithIPv4(
condition="127.0.0.0/8",
ge="8",
le="32",
action="deny",
command="",
),
# Regra DENY DEFAULT
RuleWithIPv4(
condition="0.0.0.0/8",
ge="8",
le="32",
action="deny",
command="",
),
# Regra DENY AS PREFIXO
# RuleWithIPv4(
# condition="x.x.x.x/xx",
# ge="xx",
# le="32",
# action="deny",
# command="",
# ),
RuleWithIPv4(
condition="0.0.0.0/0",
ge="8",
le="32",
action="permit",
command="display bgp routing-table {target} | no-more",
),
# REGRA DENY SITE LOCAL DEPRECIADO RFC 3879
RuleWithIPv6(
condition="fec0::/10",
ge="10",
le="128",
action="deny",
command="",
),
# REGRA DENY ULA RFC 4193
RuleWithIPv6(
condition="fc00::/7",
ge="7",
le="128",
action="deny",
command="",
),
# REGRA DENY LINK LOCAL RFC 4291
RuleWithIPv6(
condition="fe80::/10",
ge="10",
le="128",
action="deny",
command="",
),
# REGRA DENY Unspecified RFC 4291
RuleWithIPv6(
condition="::/128",
ge="128",
le="128",
action="deny",
command="",
),
# REGRA DENY LO RFC 4291
RuleWithIPv6(
condition="::1/128",
ge="128",
le="128",
action="deny",
command="",
),
# REGRA DENY AS PREFIXO
# RuleWithIPv6(
# condition="x.x.x.x/xx",
# ge="XX",
# le="128",
# action="deny",
# command="",
# ),
RuleWithIPv6(
condition="::/0",
ge="10",
le="128",
action="permit",
command="display bgp ipv6 routing-table {target} | no-more",
),

156
hyperglass/defaults/directives/mikrotik.py
View file

@ -29,21 +29,13 @@ Mikrotik_BGPRoute = BuiltinDirective(
rules=[
RuleWithIPv4(
condition="0.0.0.0/0",
ge="8",
le="32",
action="permit",
# v7
command="routing route print detail without-paging where {target} in dst-address bgp and dst-address !=0.0.0.0/0",
# v6
# command="ip route print detail without-paging where {target} in dst-address bgp and dst-address !=0.0.0.0/0",
),
RuleWithIPv6(
condition="::/0",
action="permit",
# v7
command="routing route print detail without-paging where {target} in dst-address bgp and dst-address !=::/0",
# v6
# command="ipv6 route print detail without-paging where {target} in dst-address bgp and dst-address !=::/0",
),
],
field=Text(description="IP Address, Prefix, or Hostname"),
@ -94,24 +86,6 @@ Mikrotik_Ping = BuiltinDirective(
id="__hyperglass_mikrotik_ping__",
name="Ping",
rules=[
# Deny RFC4193 ULA (Unique Local IPv6 Addresses)
RuleWithIPv6(
condition="fc00::/7",
action="deny",
command="",
),
# Deny RFC4291 Link-Local IPv6
RuleWithIPv6(
condition="fe80::/10",
action="deny",
command="",
),
# Deny RFC4291 IPv6 Loopback
RuleWithIPv6(
condition="::1/128",
action="deny",
command="",
),
RuleWithIPv4(
condition="0.0.0.0/0",
action="permit",
@ -131,24 +105,6 @@ Mikrotik_Traceroute = BuiltinDirective(
id="__hyperglass_mikrotik_traceroute__",
name="Traceroute",
rules=[
# Deny RFC4193 ULA (Unique Local IPv6 Addresses)
RuleWithIPv6(
condition="fc00::/7",
action="deny",
command="",
),
# Deny RFC4291 Link-Local IPv6
RuleWithIPv6(
condition="fe80::/10",
action="deny",
command="",
),
# Deny RFC4291 IPv6 Loopback
RuleWithIPv6(
condition="::1/128",
action="deny",
command="",
),
RuleWithIPv4(
condition="0.0.0.0/0",
action="permit",
@ -170,127 +126,15 @@ MikrotikBGPRouteTable = BuiltinDirective(
id="__hyperglass_mikrotik_bgp_route_table__",
name="BGP Route",
rules=[
# Regra DENY RFC 6598
RuleWithIPv4(
condition="100.64.0.0/10",
ge="10",
le="32",
action="deny",
command="",
),
# Regra DENY RFC 1918 classe A
RuleWithIPv4(
condition="10.0.0.0/8",
ge="8",
le="32",
action="deny",
command="",
),
# Regra DENY RFC 1918 classe B
RuleWithIPv4(
condition="172.16.0.0/12",
ge="12",
le="32",
action="deny",
command="",
),
# Regra DENY RFC 1918 classe C
RuleWithIPv4(
condition="192.168.0.0/16",
ge="16",
le="32",
action="deny",
command="",
),
# Regra DENY LO
RuleWithIPv4(
condition="127.0.0.0/8",
ge="8",
le="32",
action="deny",
command="",
),
# Regra DENY DEFAULT
RuleWithIPv4(
condition="0.0.0.0/8",
ge="8",
le="32",
action="deny",
command="",
),
# Regra DENY AS PREFIXO
# RuleWithIPv4(
# condition="x.x.x.x/x",
# ge="xx",
# le="32",
# action="deny",
# command="",
# ),
RuleWithIPv4(
condition="0.0.0.0/0",
ge="8",
le="32",
action="permit",
# v7
command="routing route print detail without-paging where {target} in dst-address bgp and dst-address !=0.0.0.0/0",
# v6
# command="ip route print detail without-paging where {target} in dst-address bgp and dst-address !=0.0.0.0/0",
),
# REGRA DENY SITE LOCAL DEPRECIADO RFC 3879
RuleWithIPv6(
condition="fec0::/10",
ge="10",
le="128",
action="deny",
command="",
),
# REGRA DENY ULA RFC 4193
RuleWithIPv6(
condition="fc00::/7",
ge="7",
le="128",
action="deny",
command="",
),
# REGRA DENY LINK LOCAL RFC 4291
RuleWithIPv6(
condition="fe80::/10",
ge="10",
le="128",
action="deny",
command="",
),
# REGRA DENY Unspecified RFC 4291
RuleWithIPv6(
condition="::/128",
ge="128",
le="128",
action="deny",
command="",
),
# REGRA DENY LO RFC 4291
RuleWithIPv6(
condition="::1/128",
ge="128",
le="128",
action="deny",
command="",
),
# REGRA DENY AS PREFIXO
# RuleWithIPv6(
# condition="xxxx:xxxx::/xx",
# ge="xx",
# le="128",
# action="deny",
# command="",
# ),
RuleWithIPv6(
condition="::/0",
action="permit",
# v7
command="routing route print detail without-paging where {target} in dst-address bgp and dst-address !=::/0",
# v6
# command="ipv6 route print detail without-paging where {target} in dst-address bgp and dst-address !=::/0",
),
],
field=Text(description="IP Address, Prefix, or Hostname"),