blob: c6845dce82f0dba8eef30965647a39ee8062d4f5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
---
- hosts: vpgn
gather_facts: no
remote_user: ubuntu
tasks:
- name: Install tcpdump, grepcidr
apt:
name: "{{ packages }}"
vars:
packages:
- tcpdump
- grepcidr
become: true
- include_vars: "{{ ConfigFileName }}"
- debug: var="trafficpresence"
failed_when: "'trafficpresence' is not defined"
- name: Get all Interfaces
set_fact:
interfaces: "{{destinations[0].vservers | map(attribute='l-interfaces') | list}}"
- name: Interfaces vserver 1
set_fact:
vserver1_interfaces: "{{destinations[0].vservers[0]['l-interfaces'] | list}}"
- name: Interfaces vserver 2
set_fact:
vserver2_interfaces: "{{destinations[0].vservers[1]['l-interfaces'] | list}}"
- block:
- name: length interfaces vserver1
set_fact:
length1: "{{ vserver1_interfaces |length }}"
- name: length interfaces vserver2
set_fact:
length2: "{{ vserver2_interfaces |length }}"
- block:
- name: adress 1 vserver
set_fact:
sink_addresses:
- "{{destinations[0].vservers[0]['l-interfaces'][0]['ipv4-addresses'][0]}}"
- "{{destinations[0].vservers[0]['l-interfaces'][1]['ipv4-addresses'][0]}}"
- "{{destinations[0].vservers[0]['l-interfaces'][2]['ipv4-addresses'][0]}}"
- name: adress 2 vserver
set_fact:
fw_addresses:
- "{{destinations[0].vservers[1]['l-interfaces'][0]['ipv4-addresses'][0]}}"
- "{{destinations[0].vservers[1]['l-interfaces'][1]['ipv4-addresses'][0]}}"
- "{{destinations[0].vservers[1]['l-interfaces'][2]['ipv4-addresses'][0]}}"
- "{{destinations[0].vservers[1]['l-interfaces'][3]['ipv4-addresses'][0]}}"
when:
- length1 == "3"
- length2 == "4"
- block:
- name: adress 1 vserver
set_fact:
fw_addresses:
- "{{destinations[0].vservers[0]['l-interfaces'][0]['ipv4-addresses'][0]}}"
- "{{destinations[0].vservers[0]['l-interfaces'][1]['ipv4-addresses'][0]}}"
- "{{destinations[0].vservers[0]['l-interfaces'][2]['ipv4-addresses'][0]}}"
- "{{destinations[0].vservers[0]['l-interfaces'][3]['ipv4-addresses'][0]}}"
- name: adress 2 vserver
set_fact:
sink_addresses:
- "{{destinations[0].vservers[1]['l-interfaces'][0]['ipv4-addresses'][0]}}"
- "{{destinations[0].vservers[1]['l-interfaces'][1]['ipv4-addresses'][0]}}"
- "{{destinations[0].vservers[1]['l-interfaces'][2]['ipv4-addresses'][0]}}"
when:
- length1 == "4"
- length2 == "3"
- name: Concatenate sink_addresses
set_fact:
sink_addresses_conc: "{{ sink_addresses | join('\n') }}"
- name: Get sink IP fom json
shell: printf "{{ sink_addresses_conc }}" | grepcidr -f /opt/config/protected_net_cidr.txt
register: sink_ip
- debug: var=sink_ip.stdout
- name: Find interface name
shell:
cat /etc/network/interfaces | grep 255.255.255.0 -B2 | grep iface | awk '{print $2}'
register: interface_name
- name: Interface name
debug: msg='interface_name {{ interface_name.stdout }}'
- name: Traffic check if trafficpresence is TRUE
when: trafficpresence == true
block:
- name: Traffic check if trafficpresence is TRUE
raw: |
#!/bin/bash
for i in {1..15}
do
sudo timeout 2 tcpdump -i {{ interface_name.stdout }} dst {{ sink_ip.stdout }} -c 10 > /dev/null 2>&1
timeout_result=$?
if [ $timeout_result == 0 ] ; then
echo 'traffic present'
break
fi
done
if [ $timeout_result == 124 ] ; then
echo 'traffic absent'
elif [ $timeout_result != 0 ] ; then
echo 'other error'
fi
exit $timeout_result
register: traffic_check
ignore_errors: yes
- debug:
msg: 'traffic absent {{ traffic_check.stdout_lines }} '
when: traffic_check.rc == 124
failed_when: traffic_check.rc == 124
- debug:
msg: 'traffic present {{ traffic_check.stdout_lines }} '
when: traffic_check.rc == 0
- name: Traffic check if trafficpresence is FALSE
when: trafficpresence == false
block:
- name: Traffic check trafficpresence is FALSE
raw: |
#!/bin/bash
for i in {1..3}
do
sudo timeout 10 tcpdump -i {{ interface_name.stdout }} dst {{ sink_ip.stdout }} -c 1 > /dev/null 2>&1
timeout_result=$?
if [ $timeout_result == 124 ] ; then
echo 'traffic absent'
break
fi
done
if [ $timeout_result == 0 ] ; then
echo 'traffic present'
elif [ $timeout_result != 124 ] ; then
echo 'other error'
fi
exit $timeout_result
register: traffic_check
ignore_errors: yes
- debug:
msg: 'traffic absent {{ traffic_check.stdout_lines }} traffic_check.rc {{ traffic_check.rc }}'
when: traffic_check.rc == 124
- debug:
msg: 'traffic present {{ traffic_check.stdout_lines }} traffic_check.rc {{ traffic_check.rc }}'
when: traffic_check.rc == 0
failed_when: traffic_check.rc == 0
|