Use the libpcap on Linux when blocking host originating packets on vmnet interfaces. Ref #1131.

This commit is contained in:
grossmj 2017-07-19 16:56:24 +07:00
parent c2fbe4f313
commit a7d2391608
2 changed files with 12 additions and 12 deletions

View File

@ -632,8 +632,8 @@ class BaseNode:
:param block_host_traffic: block network traffic originating from the host OS (Windows only)
"""
if sys.platform.startswith("linux"):
# on Linux we use RAW sockets
if sys.platform.startswith("linux") and block_host_traffic is False:
# on Linux we use RAW sockets by default excepting if host traffic must be blocked
yield from self._ubridge_send('bridge add_nio_linux_raw {name} "{interface}"'.format(name=bridge_name, interface=ethernet_interface))
elif sys.platform.startswith("win"):
# on Windows we use Winpcap/Npcap
@ -657,11 +657,19 @@ class BaseNode:
if block_host_traffic:
if source_mac:
yield from self._ubridge_send('bridge set_pcap_filter {name} "not ether src {mac}"'.format(name=bridge_name, mac=source_mac))
log.info('PCAP filter applied on "{interface}" for source MAC {mac}'.format(interface=ethernet_interface, mac=source_mac))
else:
log.warn("Could not block host network traffic on {} (no MAC address found)".format(ethernet_interface))
log.warning("Could not block host network traffic on {} (no MAC address found)".format(ethernet_interface))
else:
# on other platforms we just rely on the pcap library
yield from self._ubridge_send('bridge add_nio_ethernet {name} "{interface}"'.format(name=bridge_name, interface=ethernet_interface))
source_mac = None
for interface in interfaces():
if interface["name"] == ethernet_interface:
source_mac = interface["mac_address"]
if source_mac:
yield from self._ubridge_send('bridge set_pcap_filter {name} "not ether src {mac}"'.format(name=bridge_name, mac=source_mac))
log.info('PCAP filter applied on "{interface}" for source MAC {mac}'.format(interface=ethernet_interface, mac=source_mac))
def _create_local_udp_tunnel(self):
"""

View File

@ -328,7 +328,6 @@ class VMwareVM(BaseNode):
:param adapter_number: adapter number
"""
block_host_traffic = self.manager.config.get_section_config("VMware").getboolean("block_host_traffic", False)
vnet = self._get_vnet(adapter_number)
yield from self._ubridge_send("bridge create {name}".format(name=vnet))
vmnet_interface = os.path.basename(self._vmx_pairs[vnet])
@ -337,6 +336,7 @@ class VMwareVM(BaseNode):
# special case on OSX, we cannot bind VMnet interfaces using the libpcap
yield from self._ubridge_send('bridge add_nio_fusion_vmnet {name} "{interface}"'.format(name=vnet, interface=vmnet_interface))
else:
block_host_traffic = self.manager.config.get_section_config("VMware").getboolean("block_host_traffic", False)
yield from self._add_ubridge_ethernet_connection(vnet, vmnet_interface, block_host_traffic)
if isinstance(nio, NIOUDP):
@ -349,14 +349,6 @@ class VMwareVM(BaseNode):
yield from self._ubridge_send('bridge start_capture {name} "{pcap_file}"'.format(name=vnet, pcap_file=nio.pcap_output_file))
yield from self._ubridge_send('bridge start {name}'.format(name=vnet))
# TODO: this only work when using PCAP (NIO Ethernet): current default on Linux is NIO RAW LINUX
# source_mac = None
# for interface in interfaces():
# if interface["name"] == vmnet_interface:
# source_mac = interface["mac_address"]
# if source_mac:
# yield from self._ubridge_send('bridge set_pcap_filter {name} "not ether src {mac}"'.format(name=vnet, mac=source_mac))
yield from self._ubridge_apply_filters(vnet, nio.filters)
@asyncio.coroutine