From 6c447d39d85cefe59a9ef6f8a3f335236a42c478 Mon Sep 17 00:00:00 2001
From: Gabriel Detraz <detraz@crans.org>
Date: Thu, 4 Jan 2018 23:03:43 +0100
Subject: [PATCH] Support et test d'arp protect

---
 gestion/config/hp_switchs.py      | 24 ++++++++++++++----------
 gestion/gen_confs/switch_conf.tpl | 12 +++++++++++-
 2 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/gestion/config/hp_switchs.py b/gestion/config/hp_switchs.py
index 528e7112..6436be57 100644
--- a/gestion/config/hp_switchs.py
+++ b/gestion/config/hp_switchs.py
@@ -9,6 +9,7 @@ ALL_FEATURES = [
     'POE', 'DHCP_SNOOPING', 'IPv6_MGMT', 'RA_GUARD',
     'MLD_SNOOPING', 'SNTP_NEW_SYNTAX', 'GIGABIT', 'OOBM',
     'FILTER_MDNS', 'RADIUS_DAE', 'DHCPv6_SNOOPING', 'IGMP_SNOOPING',
+    'ARP_PROTECT',
 ]
 
 # Support du PoE(+)
@@ -23,6 +24,9 @@ DHCP_SNOOPING = "DHCP Snooping"
 # Support du DHCPv6 Snooping
 DHCPv6_SNOOPING = "DHCPv6 Snooping"
 
+#Support ARP protect
+ARP_PROTECT = "Arp Protect"
+
 # Support de RA Guard
 RA_GUARD = "RA Guard"
 
@@ -90,7 +94,7 @@ HP_PROCURVE_MAP = {
         'features' : [
             IPv6_MGMT, IGMP_SNOOPING, DHCP_SNOOPING, RA_GUARD,
             MLD_SNOOPING, GIGABIT, SNTP_NEW_SYNTAX, RADIUS_DAE,
-            FILTER_MDNS,
+            FILTER_MDNS, ARP_PROTECT,
         ],
         'modules' : ["J9145A"],
         'sfp' : range(21, 25),
@@ -101,7 +105,7 @@ HP_PROCURVE_MAP = {
         'features' : [
             IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
             MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RADIUS_DAE,
-            FILTER_MDNS,
+            FILTER_MDNS, ARP_PROTECT,
         ],
     },
     "J9624" : {
@@ -110,7 +114,7 @@ HP_PROCURVE_MAP = {
         'features' : [
             IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
             RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
-            RADIUS_DAE, FILTER_MDNS,
+            RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
         ],
         'sfp' : range(27, 29),
         'poe' : range(1, 13),
@@ -121,7 +125,7 @@ HP_PROCURVE_MAP = {
         'features' : [
             IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
             MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RADIUS_DAE,
-            FILTER_MDNS,
+            FILTER_MDNS, ARP_PROTECT,
         ],
     },
     "J9727" : {
@@ -130,7 +134,7 @@ HP_PROCURVE_MAP = {
         'features' : [
             IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
             RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
-            GIGABIT, OOBM, RADIUS_DAE, FILTER_MDNS,
+            GIGABIT, OOBM, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
         ],
         'modules' : ["J9727A"],
         'sfp' : range(21, 25),
@@ -142,7 +146,7 @@ HP_PROCURVE_MAP = {
         'features' : [
             IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
             RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
-            GIGABIT, RADIUS_DAE, FILTER_MDNS,
+            GIGABIT, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
         ],
         'sfp' : range(49, 53),
         'poe' : range(1, 53),
@@ -153,7 +157,7 @@ HP_PROCURVE_MAP = {
         'features' : [
             IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
             RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
-            GIGABIT, RADIUS_DAE, FILTER_MDNS,
+            GIGABIT, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
         ],
         'sfp' : range(25, 29),
         'poe' : range(1, 25),
@@ -164,7 +168,7 @@ HP_PROCURVE_MAP = {
         'features' : [
             IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
             MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT,
-            RADIUS_DAE, FILTER_MDNS,
+            RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
         ],
         'sfp' : range(49, 53),
     },
@@ -174,7 +178,7 @@ HP_PROCURVE_MAP = {
         'features' : [
             IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
             MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT,
-            RADIUS_DAE, FILTER_MDNS,
+            RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
         ],
         'sfp' : range(25, 29),
     },
@@ -184,7 +188,7 @@ HP_PROCURVE_MAP = {
         'features' : [
             IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
             MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT,
-            RADIUS_DAE, FILTER_MDNS,
+            RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
         ],
         'sfp' : range(9, 11),
     },
diff --git a/gestion/gen_confs/switch_conf.tpl b/gestion/gen_confs/switch_conf.tpl
index 4b588bfe..d47b1aa8 100644
--- a/gestion/gen_confs/switch_conf.tpl
+++ b/gestion/gen_confs/switch_conf.tpl
@@ -122,6 +122,11 @@ dhcp-snooping authorized-server {{ vconfig['network']['IPv4'].ip + rid }}
 {%- endfor %}
 dhcp-snooping
 {%- endif %}
+{%- if ARP_PROTECT in features %}
+;--- ARP Protect ---
+arp-protect vlan {{ vlans.values()|selectattr("dhcp_snooping")|join(" ", attribute="id") }}
+arp-protect
+{%- endif %}
 {%- if DHCPv6_SNOOPING in features %}
 ;--- DHCPv6 Snooping ---
 dhcpv6-snooping vlan {{ vlans.values()|selectattr("dhcp_snooping")|join(" ", attribute="id") }}
@@ -154,9 +159,14 @@ interface {{ port.num }}
    enable
    name "{{ port }}"
    {{ port.flowcontrol }}
-   {%- if port.trusted and DHCP_SNOOPING in features %}
+   {%- if port.trusted %}
+   {%- if DHCP_SNOOPING in features %}
    dhcp-snooping trust
    {%- endif %}
+   {%- if ARP_PROTECT in features %}
+   arp-protect trust
+   {%- endif %}
+   {%- endif %}
    {%- if port.trusted and DHCPv6_SNOOPING in features %}
    dhcpv6-snooping trust
    {%- endif %}
-- 
GitLab