root / flowspec / models.py @ 8914c9d9
History | View | Annotate | Download (14.4 kB)
1 | 9f54980a | Leonidas Poulopoulos | #
|
---|---|---|---|
2 | 9f54980a | Leonidas Poulopoulos | # -*- coding: utf-8 -*- vim:fileencoding=utf-8:
|
3 | 8914c9d9 | Leonidas Poulopoulos | # vim: tabstop=4:shiftwidth=4:softtabstop=4:expandtab
|
4 | 9f54980a | Leonidas Poulopoulos | #Copyright © 2011-2013 Greek Research and Technology Network (GRNET S.A.)
|
5 | 9f54980a | Leonidas Poulopoulos | |
6 | 9f54980a | Leonidas Poulopoulos | #Developed by Leonidas Poulopoulos (leopoul-at-noc-dot-grnet-dot-gr),
|
7 | 9f54980a | Leonidas Poulopoulos | #GRNET NOC
|
8 | 9f54980a | Leonidas Poulopoulos | #
|
9 | 9f54980a | Leonidas Poulopoulos | #Permission to use, copy, modify, and/or distribute this software for any
|
10 | 9f54980a | Leonidas Poulopoulos | #purpose with or without fee is hereby granted, provided that the above
|
11 | 9f54980a | Leonidas Poulopoulos | #copyright notice and this permission notice appear in all copies.
|
12 | 9f54980a | Leonidas Poulopoulos | #
|
13 | 9f54980a | Leonidas Poulopoulos | #THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD
|
14 | 9f54980a | Leonidas Poulopoulos | #TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
|
15 | 9f54980a | Leonidas Poulopoulos | #FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
|
16 | 9f54980a | Leonidas Poulopoulos | #CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
|
17 | 9f54980a | Leonidas Poulopoulos | #DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
|
18 | 9f54980a | Leonidas Poulopoulos | #ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
|
19 | 9f54980a | Leonidas Poulopoulos | #SOFTWARE.
|
20 | 9f54980a | Leonidas Poulopoulos | #
|
21 | 8914c9d9 | Leonidas Poulopoulos | |
22 | 8914c9d9 | Leonidas Poulopoulos | |
23 | 478173ac | Leonidas Poulopoulos | |
24 | a3af8464 | Leonidas Poulopoulos | from django.db import models |
25 | b10e01d6 | Leonidas Poulopoulos | from django.conf import settings |
26 | a3af8464 | Leonidas Poulopoulos | from django.contrib.auth.models import User |
27 | c2f4725d | Leonidas Poulopoulos | from django.utils.translation import ugettext_lazy as _ |
28 | 357d48dc | Leonidas Poulopoulos | from utils import proxy as PR |
29 | 478173ac | Leonidas Poulopoulos | from ipaddr import * |
30 | c1509909 | Leonidas Poulopoulos | import datetime |
31 | 357d48dc | Leonidas Poulopoulos | import logging |
32 | 9cad4715 | Leonidas Poulopoulos | from time import sleep |
33 | 357d48dc | Leonidas Poulopoulos | |
34 | f57f6e68 | Leonidas Poulopoulos | import beanstalkc |
35 | 97e42c7d | Leonidas Poulopoulos | from flowspy.utils.randomizer import id_generator as id_gen |
36 | 3e99e2d1 | Leonidas Poulopoulos | |
37 | 7fac6521 | Leonidas Poulopoulos | from flowspec.tasks import * |
38 | 3e99e2d1 | Leonidas Poulopoulos | |
39 | 357d48dc | Leonidas Poulopoulos | FORMAT = '%(asctime)s %(levelname)s: %(message)s'
|
40 | 357d48dc | Leonidas Poulopoulos | logging.basicConfig(format=FORMAT) |
41 | 357d48dc | Leonidas Poulopoulos | logger = logging.getLogger(__name__) |
42 | 357d48dc | Leonidas Poulopoulos | logger.setLevel(logging.DEBUG) |
43 | 357d48dc | Leonidas Poulopoulos | |
44 | a24fbf37 | Leonidas Poulopoulos | |
45 | a3af8464 | Leonidas Poulopoulos | FRAGMENT_CODES = ( |
46 | a3af8464 | Leonidas Poulopoulos | ("dont-fragment", "Don't fragment"), |
47 | a3af8464 | Leonidas Poulopoulos | ("first-fragment", "First fragment"), |
48 | a3af8464 | Leonidas Poulopoulos | ("is-fragment", "Is fragment"), |
49 | a3af8464 | Leonidas Poulopoulos | ("last-fragment", "Last fragment"), |
50 | a3af8464 | Leonidas Poulopoulos | ("not-a-fragment", "Not a fragment") |
51 | a3af8464 | Leonidas Poulopoulos | ) |
52 | a3af8464 | Leonidas Poulopoulos | |
53 | a3af8464 | Leonidas Poulopoulos | THEN_CHOICES = ( |
54 | a3af8464 | Leonidas Poulopoulos | ("accept", "Accept"), |
55 | a3af8464 | Leonidas Poulopoulos | ("discard", "Discard"), |
56 | a3af8464 | Leonidas Poulopoulos | ("community", "Community"), |
57 | a3af8464 | Leonidas Poulopoulos | ("next-term", "Next term"), |
58 | a3af8464 | Leonidas Poulopoulos | ("routing-instance", "Routing Instance"), |
59 | a3af8464 | Leonidas Poulopoulos | ("rate-limit", "Rate limit"), |
60 | a3af8464 | Leonidas Poulopoulos | ("sample", "Sample") |
61 | a3af8464 | Leonidas Poulopoulos | ) |
62 | a3af8464 | Leonidas Poulopoulos | |
63 | 7fac6521 | Leonidas Poulopoulos | MATCH_PROTOCOL = ( |
64 | 7fac6521 | Leonidas Poulopoulos | ("ah", "ah"), |
65 | 7fac6521 | Leonidas Poulopoulos | ("egp", "egp"), |
66 | 7fac6521 | Leonidas Poulopoulos | ("esp", "esp"), |
67 | 7fac6521 | Leonidas Poulopoulos | ("gre", "gre"), |
68 | 7fac6521 | Leonidas Poulopoulos | ("icmp", "icmp"), |
69 | 7fac6521 | Leonidas Poulopoulos | ("icmp6", "icmp6"), |
70 | 7fac6521 | Leonidas Poulopoulos | ("igmp", "igmp"), |
71 | 7fac6521 | Leonidas Poulopoulos | ("ipip", "ipip"), |
72 | 7fac6521 | Leonidas Poulopoulos | ("ospf", "ospf"), |
73 | 7fac6521 | Leonidas Poulopoulos | ("pim", "pim"), |
74 | 7fac6521 | Leonidas Poulopoulos | ("rsvp", "rsvp"), |
75 | 7fac6521 | Leonidas Poulopoulos | ("sctp", "sctp"), |
76 | 7fac6521 | Leonidas Poulopoulos | ("tcp", "tcp"), |
77 | 7fac6521 | Leonidas Poulopoulos | ("udp", "udp"), |
78 | 7fac6521 | Leonidas Poulopoulos | ) |
79 | 7fac6521 | Leonidas Poulopoulos | |
80 | 97e42c7d | Leonidas Poulopoulos | ROUTE_STATES = ( |
81 | 97e42c7d | Leonidas Poulopoulos | ("ACTIVE", "ACTIVE"), |
82 | 97e42c7d | Leonidas Poulopoulos | ("ERROR", "ERROR"), |
83 | 97e42c7d | Leonidas Poulopoulos | ("EXPIRED", "EXPIRED"), |
84 | 97e42c7d | Leonidas Poulopoulos | ("PENDING", "PENDING"), |
85 | 97e42c7d | Leonidas Poulopoulos | ("OUTOFSYNC", "OUTOFSYNC"), |
86 | d50fd7b6 | Leonidas Poulopoulos | ("INACTIVE", "INACTIVE"), |
87 | d50fd7b6 | Leonidas Poulopoulos | ("ADMININACTIVE", "ADMININACTIVE"), |
88 | 97e42c7d | Leonidas Poulopoulos | ) |
89 | 97e42c7d | Leonidas Poulopoulos | |
90 | a3af8464 | Leonidas Poulopoulos | |
91 | c1509909 | Leonidas Poulopoulos | def days_offset(): return datetime.date.today() + datetime.timedelta(days = settings.EXPIRATION_DAYS_OFFSET) |
92 | a3af8464 | Leonidas Poulopoulos | |
93 | a3af8464 | Leonidas Poulopoulos | class MatchPort(models.Model): |
94 | 97e42c7d | Leonidas Poulopoulos | port = models.CharField(max_length=24, unique=True) |
95 | a24fbf37 | Leonidas Poulopoulos | def __unicode__(self): |
96 | a24fbf37 | Leonidas Poulopoulos | return self.port |
97 | a3af8464 | Leonidas Poulopoulos | class Meta: |
98 | a3af8464 | Leonidas Poulopoulos | db_table = u'match_port'
|
99 | a3af8464 | Leonidas Poulopoulos | |
100 | a3af8464 | Leonidas Poulopoulos | class MatchDscp(models.Model): |
101 | a3af8464 | Leonidas Poulopoulos | dscp = models.CharField(max_length=24)
|
102 | a24fbf37 | Leonidas Poulopoulos | def __unicode__(self): |
103 | a24fbf37 | Leonidas Poulopoulos | return self.dscp |
104 | a3af8464 | Leonidas Poulopoulos | class Meta: |
105 | a3af8464 | Leonidas Poulopoulos | db_table = u'match_dscp'
|
106 | a3af8464 | Leonidas Poulopoulos | |
107 | 7fac6521 | Leonidas Poulopoulos | class MatchProtocol(models.Model): |
108 | 7fac6521 | Leonidas Poulopoulos | protocol = models.CharField(max_length=24, unique=True) |
109 | 7fac6521 | Leonidas Poulopoulos | def __unicode__(self): |
110 | 7fac6521 | Leonidas Poulopoulos | return self.protocol |
111 | 7fac6521 | Leonidas Poulopoulos | class Meta: |
112 | 7fac6521 | Leonidas Poulopoulos | db_table = u'match_protocol'
|
113 | 7fac6521 | Leonidas Poulopoulos | |
114 | 7a8a4da4 | Leonidas Poulopoulos | |
115 | a3af8464 | Leonidas Poulopoulos | class ThenAction(models.Model): |
116 | b10e01d6 | Leonidas Poulopoulos | action = models.CharField(max_length=60, choices=THEN_CHOICES, verbose_name="Action") |
117 | b10e01d6 | Leonidas Poulopoulos | action_value = models.CharField(max_length=255, blank=True, null=True, verbose_name="Action Value") |
118 | a24fbf37 | Leonidas Poulopoulos | def __unicode__(self): |
119 | 97e42c7d | Leonidas Poulopoulos | ret = "%s:%s" %(self.action, self.action_value) |
120 | 97e42c7d | Leonidas Poulopoulos | return ret.rstrip(":") |
121 | a3af8464 | Leonidas Poulopoulos | class Meta: |
122 | a3af8464 | Leonidas Poulopoulos | db_table = u'then_action'
|
123 | fdc3d663 | Leonidas Poulopoulos | ordering = ['action', 'action_value'] |
124 | f12b3d54 | Leonidas Poulopoulos | unique_together = ("action", "action_value") |
125 | a3af8464 | Leonidas Poulopoulos | |
126 | a3af8464 | Leonidas Poulopoulos | class Route(models.Model): |
127 | c2f4725d | Leonidas Poulopoulos | name = models.SlugField(max_length=128, verbose_name=_("Name")) |
128 | 9cad4715 | Leonidas Poulopoulos | applier = models.ForeignKey(User, blank=True, null=True) |
129 | c2f4725d | Leonidas Poulopoulos | source = models.CharField(max_length=32, help_text=_("Network address. Use address/CIDR notation"), verbose_name=_("Source Address")) |
130 | c2f4725d | Leonidas Poulopoulos | sourceport = models.ManyToManyField(MatchPort, blank=True, null=True, related_name="matchSourcePort", verbose_name=_("Source Port")) |
131 | c2f4725d | Leonidas Poulopoulos | destination = models.CharField(max_length=32, help_text=_("Network address. Use address/CIDR notation"), verbose_name=_("Destination Address")) |
132 | c2f4725d | Leonidas Poulopoulos | destinationport = models.ManyToManyField(MatchPort, blank=True, null=True, related_name="matchDestinationPort", verbose_name=_("Destination Port")) |
133 | c2f4725d | Leonidas Poulopoulos | port = models.ManyToManyField(MatchPort, blank=True, null=True, related_name="matchPort", verbose_name=_("Port")) |
134 | b10e01d6 | Leonidas Poulopoulos | dscp = models.ManyToManyField(MatchDscp, blank=True, null=True, verbose_name="DSCP") |
135 | b10e01d6 | Leonidas Poulopoulos | fragmenttype = models.CharField(max_length=20, choices=FRAGMENT_CODES, blank=True, null=True, verbose_name="Fragment Type") |
136 | b10e01d6 | Leonidas Poulopoulos | icmpcode = models.CharField(max_length=32, blank=True, null=True, verbose_name="ICMP Code") |
137 | b10e01d6 | Leonidas Poulopoulos | icmptype = models.CharField(max_length=32, blank=True, null=True, verbose_name="ICMP Type") |
138 | b10e01d6 | Leonidas Poulopoulos | packetlength = models.IntegerField(blank=True, null=True, verbose_name="Packet Length") |
139 | c2f4725d | Leonidas Poulopoulos | protocol = models.ManyToManyField(MatchProtocol, blank=True, null=True, verbose_name=_("Protocol")) |
140 | b10e01d6 | Leonidas Poulopoulos | tcpflag = models.CharField(max_length=128, blank=True, null=True, verbose_name="TCP flag") |
141 | c2f4725d | Leonidas Poulopoulos | then = models.ManyToManyField(ThenAction, verbose_name=_("Then"))
|
142 | a3af8464 | Leonidas Poulopoulos | filed = models.DateTimeField(auto_now_add=True)
|
143 | a3af8464 | Leonidas Poulopoulos | last_updated = models.DateTimeField(auto_now=True)
|
144 | c2f4725d | Leonidas Poulopoulos | status = models.CharField(max_length=20, choices=ROUTE_STATES, blank=True, null=True, verbose_name=_("Status"), default="PENDING") |
145 | 97e42c7d | Leonidas Poulopoulos | # is_online = models.BooleanField(default=False)
|
146 | 97e42c7d | Leonidas Poulopoulos | # is_active = models.BooleanField(default=False)
|
147 | c2f4725d | Leonidas Poulopoulos | expires = models.DateField(default=days_offset, verbose_name=_("Expires"))
|
148 | c2f4725d | Leonidas Poulopoulos | response = models.CharField(max_length=512, blank=True, null=True, verbose_name=_("Response")) |
149 | c2f4725d | Leonidas Poulopoulos | comments = models.TextField(null=True, blank=True, verbose_name=_("Comments")) |
150 | 357d48dc | Leonidas Poulopoulos | |
151 | 357d48dc | Leonidas Poulopoulos | |
152 | a24fbf37 | Leonidas Poulopoulos | def __unicode__(self): |
153 | a24fbf37 | Leonidas Poulopoulos | return self.name |
154 | a24fbf37 | Leonidas Poulopoulos | |
155 | a3af8464 | Leonidas Poulopoulos | class Meta: |
156 | a24fbf37 | Leonidas Poulopoulos | db_table = u'route'
|
157 | 7d408f6f | Leonidas Poulopoulos | verbose_name = "Rule"
|
158 | 7d408f6f | Leonidas Poulopoulos | verbose_name_plural = "Rules"
|
159 | 7a8a4da4 | Leonidas Poulopoulos | |
160 | 97e42c7d | Leonidas Poulopoulos | def save(self, *args, **kwargs): |
161 | 97e42c7d | Leonidas Poulopoulos | if not self.pk: |
162 | 97e42c7d | Leonidas Poulopoulos | hash = id_gen() |
163 | 97e42c7d | Leonidas Poulopoulos | self.name = "%s_%s" %(self.name, hash) |
164 | 97e42c7d | Leonidas Poulopoulos | super(Route, self).save(*args, **kwargs) # Call the "real" save() method. |
165 | 97e42c7d | Leonidas Poulopoulos | |
166 | 97e42c7d | Leonidas Poulopoulos | |
167 | 7a8a4da4 | Leonidas Poulopoulos | def clean(self, *args, **kwargs): |
168 | 7a8a4da4 | Leonidas Poulopoulos | from django.core.exceptions import ValidationError |
169 | 7a8a4da4 | Leonidas Poulopoulos | if self.destination: |
170 | 7a8a4da4 | Leonidas Poulopoulos | try:
|
171 | b10e01d6 | Leonidas Poulopoulos | address = IPNetwork(self.destination)
|
172 | b10e01d6 | Leonidas Poulopoulos | self.destination = address.exploded
|
173 | 7a8a4da4 | Leonidas Poulopoulos | except Exception: |
174 | c2f4725d | Leonidas Poulopoulos | raise ValidationError(_('Invalid network address format at Destination Field')) |
175 | 7a8a4da4 | Leonidas Poulopoulos | if self.source: |
176 | 7a8a4da4 | Leonidas Poulopoulos | try:
|
177 | b10e01d6 | Leonidas Poulopoulos | address = IPNetwork(self.source)
|
178 | b10e01d6 | Leonidas Poulopoulos | self.source = address.exploded
|
179 | 7a8a4da4 | Leonidas Poulopoulos | except Exception: |
180 | c2f4725d | Leonidas Poulopoulos | raise ValidationError(_('Invalid network address format at Source Field')) |
181 | 6a946adf | Leonidas Poulopoulos | |
182 | 9cad4715 | Leonidas Poulopoulos | def commit_add(self, *args, **kwargs): |
183 | 97e42c7d | Leonidas Poulopoulos | peer = self.applier.get_profile().peer.domain_name
|
184 | 933c1f31 | Leonidas Poulopoulos | send_message("[%s] Adding rule %s. Please wait..." %(self.applier.username, self.name), peer) |
185 | 9cad4715 | Leonidas Poulopoulos | response = add.delay(self)
|
186 | 6a946adf | Leonidas Poulopoulos | logger.info("Got add job id: %s" %response)
|
187 | 9cad4715 | Leonidas Poulopoulos | |
188 | 3e99e2d1 | Leonidas Poulopoulos | def commit_edit(self, *args, **kwargs): |
189 | 97e42c7d | Leonidas Poulopoulos | peer = self.applier.get_profile().peer.domain_name
|
190 | 933c1f31 | Leonidas Poulopoulos | send_message("[%s] Editing rule %s. Please wait..." %(self.applier.username, self.name), peer) |
191 | 3e99e2d1 | Leonidas Poulopoulos | response = edit.delay(self)
|
192 | 3e99e2d1 | Leonidas Poulopoulos | logger.info("Got edit job id: %s" %response)
|
193 | b10e01d6 | Leonidas Poulopoulos | |
194 | 3e99e2d1 | Leonidas Poulopoulos | def commit_delete(self, *args, **kwargs): |
195 | 6a946adf | Leonidas Poulopoulos | reason_text = ''
|
196 | 049a5a10 | Leonidas Poulopoulos | reason = ''
|
197 | 6a946adf | Leonidas Poulopoulos | if "reason" in kwargs: |
198 | 6a946adf | Leonidas Poulopoulos | reason = kwargs['reason']
|
199 | 6a946adf | Leonidas Poulopoulos | reason_text = "Reason: %s. " %reason
|
200 | 97e42c7d | Leonidas Poulopoulos | peer = self.applier.get_profile().peer.domain_name
|
201 | 61e178c3 | Leonidas Poulopoulos | send_message("[%s] Suspending rule %s. %sPlease wait..." %(self.applier.username, self.name, reason_text), peer) |
202 | 6a946adf | Leonidas Poulopoulos | response = delete.delay(self, reason=reason)
|
203 | 6a946adf | Leonidas Poulopoulos | logger.info("Got delete job id: %s" %response)
|
204 | 6a946adf | Leonidas Poulopoulos | |
205 | c1509909 | Leonidas Poulopoulos | def has_expired(self): |
206 | c1509909 | Leonidas Poulopoulos | today = datetime.date.today() |
207 | c1509909 | Leonidas Poulopoulos | if today > self.expires: |
208 | c1509909 | Leonidas Poulopoulos | return True |
209 | c1509909 | Leonidas Poulopoulos | return False |
210 | 6a946adf | Leonidas Poulopoulos | |
211 | 6a946adf | Leonidas Poulopoulos | def check_sync(self): |
212 | 6a946adf | Leonidas Poulopoulos | if not self.is_synced(): |
213 | 6a946adf | Leonidas Poulopoulos | self.status = "OUTOFSYNC" |
214 | 6a946adf | Leonidas Poulopoulos | self.save()
|
215 | 6a946adf | Leonidas Poulopoulos | |
216 | 6a946adf | Leonidas Poulopoulos | def is_synced(self): |
217 | 357d48dc | Leonidas Poulopoulos | found = False
|
218 | 357d48dc | Leonidas Poulopoulos | get_device = PR.Retriever() |
219 | 357d48dc | Leonidas Poulopoulos | device = get_device.fetch_device() |
220 | 357d48dc | Leonidas Poulopoulos | try:
|
221 | 357d48dc | Leonidas Poulopoulos | routes = device.routing_options[0].routes
|
222 | 357d48dc | Leonidas Poulopoulos | except Exception as e: |
223 | 97e42c7d | Leonidas Poulopoulos | self.status = "EXPIRED" |
224 | 971645d6 | Leonidas Poulopoulos | self.save()
|
225 | 357d48dc | Leonidas Poulopoulos | logger.error("No routing options on device. Exception: %s" %e)
|
226 | 6a946adf | Leonidas Poulopoulos | return True |
227 | 357d48dc | Leonidas Poulopoulos | for route in routes: |
228 | 357d48dc | Leonidas Poulopoulos | if route.name == self.name: |
229 | 357d48dc | Leonidas Poulopoulos | found = True
|
230 | 933c1f31 | Leonidas Poulopoulos | logger.info('Found a matching rule name')
|
231 | 357d48dc | Leonidas Poulopoulos | devicematch = route.match |
232 | 357d48dc | Leonidas Poulopoulos | try:
|
233 | b10e01d6 | Leonidas Poulopoulos | assert(self.destination) |
234 | 357d48dc | Leonidas Poulopoulos | assert(devicematch['destination'][0]) |
235 | b10e01d6 | Leonidas Poulopoulos | if self.destination == devicematch['destination'][0]: |
236 | 357d48dc | Leonidas Poulopoulos | found = found and True |
237 | 357d48dc | Leonidas Poulopoulos | logger.info('Found a matching destination')
|
238 | 357d48dc | Leonidas Poulopoulos | else:
|
239 | 357d48dc | Leonidas Poulopoulos | found = False
|
240 | 357d48dc | Leonidas Poulopoulos | logger.info('Destination fields do not match')
|
241 | 357d48dc | Leonidas Poulopoulos | except:
|
242 | 357d48dc | Leonidas Poulopoulos | pass
|
243 | 357d48dc | Leonidas Poulopoulos | try:
|
244 | b10e01d6 | Leonidas Poulopoulos | assert(self.source) |
245 | 357d48dc | Leonidas Poulopoulos | assert(devicematch['source'][0]) |
246 | b10e01d6 | Leonidas Poulopoulos | if self.source == devicematch['source'][0]: |
247 | 357d48dc | Leonidas Poulopoulos | found = found and True |
248 | 357d48dc | Leonidas Poulopoulos | logger.info('Found a matching source')
|
249 | 357d48dc | Leonidas Poulopoulos | else:
|
250 | 357d48dc | Leonidas Poulopoulos | found = False
|
251 | 357d48dc | Leonidas Poulopoulos | logger.info('Source fields do not match')
|
252 | 357d48dc | Leonidas Poulopoulos | except:
|
253 | 357d48dc | Leonidas Poulopoulos | pass
|
254 | 357d48dc | Leonidas Poulopoulos | try:
|
255 | b10e01d6 | Leonidas Poulopoulos | assert(self.fragmenttype) |
256 | 357d48dc | Leonidas Poulopoulos | assert(devicematch['fragment'][0]) |
257 | b10e01d6 | Leonidas Poulopoulos | if self.fragmenttype == devicematch['fragment'][0]: |
258 | 357d48dc | Leonidas Poulopoulos | found = found and True |
259 | 357d48dc | Leonidas Poulopoulos | logger.info('Found a matching fragment type')
|
260 | 357d48dc | Leonidas Poulopoulos | else:
|
261 | 357d48dc | Leonidas Poulopoulos | found = False
|
262 | 357d48dc | Leonidas Poulopoulos | logger.info('Fragment type fields do not match')
|
263 | 357d48dc | Leonidas Poulopoulos | except:
|
264 | 357d48dc | Leonidas Poulopoulos | pass
|
265 | 357d48dc | Leonidas Poulopoulos | try:
|
266 | b10e01d6 | Leonidas Poulopoulos | assert(self.icmpcode) |
267 | 357d48dc | Leonidas Poulopoulos | assert(devicematch['icmp-code'][0]) |
268 | b10e01d6 | Leonidas Poulopoulos | if self.icmpcode == devicematch['icmp-code'][0]: |
269 | 357d48dc | Leonidas Poulopoulos | found = found and True |
270 | 357d48dc | Leonidas Poulopoulos | logger.info('Found a matching icmp code')
|
271 | 357d48dc | Leonidas Poulopoulos | else:
|
272 | 357d48dc | Leonidas Poulopoulos | found = False
|
273 | 357d48dc | Leonidas Poulopoulos | logger.info('Icmp code fields do not match')
|
274 | 357d48dc | Leonidas Poulopoulos | except:
|
275 | 357d48dc | Leonidas Poulopoulos | pass
|
276 | 357d48dc | Leonidas Poulopoulos | try:
|
277 | b10e01d6 | Leonidas Poulopoulos | assert(self.icmptype) |
278 | 357d48dc | Leonidas Poulopoulos | assert(devicematch['icmp-type'][0]) |
279 | b10e01d6 | Leonidas Poulopoulos | if self.icmptype == devicematch['icmp-type'][0]: |
280 | 357d48dc | Leonidas Poulopoulos | found = found and True |
281 | 357d48dc | Leonidas Poulopoulos | logger.info('Found a matching icmp type')
|
282 | 357d48dc | Leonidas Poulopoulos | else:
|
283 | 357d48dc | Leonidas Poulopoulos | found = False
|
284 | 357d48dc | Leonidas Poulopoulos | logger.info('Icmp type fields do not match')
|
285 | 357d48dc | Leonidas Poulopoulos | except:
|
286 | 357d48dc | Leonidas Poulopoulos | pass
|
287 | 97e42c7d | Leonidas Poulopoulos | if found and self.status != "ACTIVE": |
288 | e173e7c2 | Leonidas Poulopoulos | logger.error('Rule is applied on device but appears as offline')
|
289 | e173e7c2 | Leonidas Poulopoulos | self.status = "ACTIVE" |
290 | e173e7c2 | Leonidas Poulopoulos | self.save()
|
291 | e173e7c2 | Leonidas Poulopoulos | found = True
|
292 | 33281310 | Leonidas Poulopoulos | if self.status == "ADMININACTIVE" or self.status == "INACTIVE" or self.status == "EXPIRED": |
293 | e173e7c2 | Leonidas Poulopoulos | found = True
|
294 | 357d48dc | Leonidas Poulopoulos | return found
|
295 | 357d48dc | Leonidas Poulopoulos | |
296 | 357d48dc | Leonidas Poulopoulos | def get_then(self): |
297 | 357d48dc | Leonidas Poulopoulos | ret = ''
|
298 | b10e01d6 | Leonidas Poulopoulos | then_statements = self.then.all()
|
299 | 357d48dc | Leonidas Poulopoulos | for statement in then_statements: |
300 | 357d48dc | Leonidas Poulopoulos | if statement.action_value:
|
301 | 357d48dc | Leonidas Poulopoulos | ret = "%s %s:<strong>%s</strong><br/>" %(ret, statement.action, statement.action_value)
|
302 | 357d48dc | Leonidas Poulopoulos | else:
|
303 | 357d48dc | Leonidas Poulopoulos | ret = "%s %s<br>" %(ret, statement.action)
|
304 | 357d48dc | Leonidas Poulopoulos | return ret.rstrip(',') |
305 | 357d48dc | Leonidas Poulopoulos | |
306 | 357d48dc | Leonidas Poulopoulos | get_then.short_description = 'Then statement'
|
307 | 357d48dc | Leonidas Poulopoulos | get_then.allow_tags = True
|
308 | b10e01d6 | Leonidas Poulopoulos | #
|
309 | 357d48dc | Leonidas Poulopoulos | def get_match(self): |
310 | 357d48dc | Leonidas Poulopoulos | ret = ''
|
311 | b10e01d6 | Leonidas Poulopoulos | if self.destination: |
312 | f5d68f6f | Leonidas Poulopoulos | ret = '%s Dst Addr:<strong>%s</strong> <br/>' %(ret, self.destination) |
313 | b10e01d6 | Leonidas Poulopoulos | if self.fragmenttype: |
314 | 3e99e2d1 | Leonidas Poulopoulos | ret = "%s Fragment Type:<strong>%s</strong><br/>" %(ret, self.fragmenttype) |
315 | b10e01d6 | Leonidas Poulopoulos | if self.icmpcode: |
316 | 3e99e2d1 | Leonidas Poulopoulos | ret = "%s ICMP code:<strong>%s</strong><br/>" %(ret, self.icmpcode) |
317 | b10e01d6 | Leonidas Poulopoulos | if self.icmptype: |
318 | 3e99e2d1 | Leonidas Poulopoulos | ret = "%s ICMP Type:<strong>%s</strong><br/>" %(ret, self.icmptype) |
319 | b10e01d6 | Leonidas Poulopoulos | if self.packetlength: |
320 | 3e99e2d1 | Leonidas Poulopoulos | ret = "%s Packet Length:<strong>%s</strong><br/>" %(ret, self.packetlength) |
321 | b10e01d6 | Leonidas Poulopoulos | if self.source: |
322 | f5d68f6f | Leonidas Poulopoulos | ret = "%s Src Addr:<strong>%s</strong> <br/>" %(ret, self.source) |
323 | b10e01d6 | Leonidas Poulopoulos | if self.tcpflag: |
324 | 3e99e2d1 | Leonidas Poulopoulos | ret = "%s TCP flag:<strong>%s</strong><br/>" %(ret, self.tcpflag) |
325 | b10e01d6 | Leonidas Poulopoulos | if self.port: |
326 | b10e01d6 | Leonidas Poulopoulos | for port in self.port.all(): |
327 | f5d68f6f | Leonidas Poulopoulos | ret = ret + "Port:<strong>%s</strong> <br/>" %(port)
|
328 | 7fac6521 | Leonidas Poulopoulos | if self.protocol: |
329 | 7fac6521 | Leonidas Poulopoulos | for protocol in self.protocol.all(): |
330 | 7fac6521 | Leonidas Poulopoulos | ret = ret + "Protocol:<strong>%s</strong> <br/>" %(protocol)
|
331 | b10e01d6 | Leonidas Poulopoulos | if self.destinationport: |
332 | b10e01d6 | Leonidas Poulopoulos | for port in self.destinationport.all(): |
333 | f5d68f6f | Leonidas Poulopoulos | ret = ret + "Dst Port:<strong>%s</strong> <br/>" %(port)
|
334 | b10e01d6 | Leonidas Poulopoulos | if self.sourceport: |
335 | b10e01d6 | Leonidas Poulopoulos | for port in self.sourceport.all(): |
336 | f5d68f6f | Leonidas Poulopoulos | ret = ret +"Src Port:<strong>%s</strong> <br/>" %(port)
|
337 | b10e01d6 | Leonidas Poulopoulos | if self.dscp: |
338 | b10e01d6 | Leonidas Poulopoulos | for dscp in self.dscp.all(): |
339 | f5d68f6f | Leonidas Poulopoulos | ret = ret + "%s Port:<strong>%s</strong> <br/>" %(ret, dscp)
|
340 | 357d48dc | Leonidas Poulopoulos | return ret.rstrip('<br/>') |
341 | 357d48dc | Leonidas Poulopoulos | |
342 | 357d48dc | Leonidas Poulopoulos | get_match.short_description = 'Match statement'
|
343 | 357d48dc | Leonidas Poulopoulos | get_match.allow_tags = True
|
344 | d50fd7b6 | Leonidas Poulopoulos | |
345 | d50fd7b6 | Leonidas Poulopoulos | @property
|
346 | d50fd7b6 | Leonidas Poulopoulos | def applier_peer(self): |
347 | d50fd7b6 | Leonidas Poulopoulos | try:
|
348 | d50fd7b6 | Leonidas Poulopoulos | applier_peer = self.applier.get_profile().peer
|
349 | d50fd7b6 | Leonidas Poulopoulos | except:
|
350 | d50fd7b6 | Leonidas Poulopoulos | applier_peer = None
|
351 | d50fd7b6 | Leonidas Poulopoulos | return applier_peer
|
352 | fb67376a | Leonidas Poulopoulos | |
353 | fb67376a | Leonidas Poulopoulos | @property
|
354 | fb67376a | Leonidas Poulopoulos | def days_to_expire(self): |
355 | e74203ca | Leonidas Poulopoulos | if self.status not in ['EXPIRED', 'ADMININACTIVE', 'ERROR', 'INACTIVE']: |
356 | fb67376a | Leonidas Poulopoulos | expiration_days = (self.expires - datetime.date.today()).days
|
357 | fb67376a | Leonidas Poulopoulos | if expiration_days < settings.EXPIRATION_NOTIFY_DAYS:
|
358 | 7c4bc8de | Leonidas Poulopoulos | return "%s" %expiration_days |
359 | fb67376a | Leonidas Poulopoulos | else:
|
360 | fb67376a | Leonidas Poulopoulos | return False |
361 | fb67376a | Leonidas Poulopoulos | else:
|
362 | fb67376a | Leonidas Poulopoulos | return False |
363 | 357d48dc | Leonidas Poulopoulos | |
364 | 25d08a62 | Leonidas Poulopoulos | def send_message(msg, user): |
365 | 97e42c7d | Leonidas Poulopoulos | # username = user.username
|
366 | 97e42c7d | Leonidas Poulopoulos | peer = user |
367 | 3e99e2d1 | Leonidas Poulopoulos | b = beanstalkc.Connection() |
368 | 3e99e2d1 | Leonidas Poulopoulos | b.use(settings.POLLS_TUBE) |
369 | 97e42c7d | Leonidas Poulopoulos | tube_message = json.dumps({'message': str(msg), 'username':peer}) |
370 | 25d08a62 | Leonidas Poulopoulos | b.put(tube_message) |
371 | 3e99e2d1 | Leonidas Poulopoulos | b.close() |