/flowspec/models.py - Annotate - Firewall on Demand - Greek Research and Technology Network's projects

root / flowspec / models.py @ 8914c9d9

History | View | Annotate | Download (14.4 kB)

1	9f54980a	Leonidas Poulopoulos	#
2	9f54980a	Leonidas Poulopoulos	# -- coding: utf-8 -- vim:fileencoding=utf-8:
3	8914c9d9	Leonidas Poulopoulos	# vim: tabstop=4:shiftwidth=4:softtabstop=4:expandtab
4	9f54980a	Leonidas Poulopoulos	#Copyright © 2011-2013 Greek Research and Technology Network (GRNET S.A.)
5	9f54980a	Leonidas Poulopoulos
6	9f54980a	Leonidas Poulopoulos	#Developed by Leonidas Poulopoulos (leopoul-at-noc-dot-grnet-dot-gr),
7	9f54980a	Leonidas Poulopoulos	#GRNET NOC
8	9f54980a	Leonidas Poulopoulos	#
9	9f54980a	Leonidas Poulopoulos	#Permission to use, copy, modify, and/or distribute this software for any
10	9f54980a	Leonidas Poulopoulos	#purpose with or without fee is hereby granted, provided that the above
11	9f54980a	Leonidas Poulopoulos	#copyright notice and this permission notice appear in all copies.
12	9f54980a	Leonidas Poulopoulos	#
13	9f54980a	Leonidas Poulopoulos	#THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD
14	9f54980a	Leonidas Poulopoulos	#TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
15	9f54980a	Leonidas Poulopoulos	#FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
16	9f54980a	Leonidas Poulopoulos	#CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
17	9f54980a	Leonidas Poulopoulos	#DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
18	9f54980a	Leonidas Poulopoulos	#ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
19	9f54980a	Leonidas Poulopoulos	#SOFTWARE.
20	9f54980a	Leonidas Poulopoulos	#
21	8914c9d9	Leonidas Poulopoulos
22	8914c9d9	Leonidas Poulopoulos
23	478173ac	Leonidas Poulopoulos
24	a3af8464	Leonidas Poulopoulos	from django.db import models
25	b10e01d6	Leonidas Poulopoulos	from django.conf import settings
26	a3af8464	Leonidas Poulopoulos	from django.contrib.auth.models import User
27	c2f4725d	Leonidas Poulopoulos	from django.utils.translation import ugettext_lazy as _
28	357d48dc	Leonidas Poulopoulos	from utils import proxy as PR
29	478173ac	Leonidas Poulopoulos	from ipaddr import *
30	c1509909	Leonidas Poulopoulos	import datetime
31	357d48dc	Leonidas Poulopoulos	import logging
32	9cad4715	Leonidas Poulopoulos	from time import sleep
33	357d48dc	Leonidas Poulopoulos
34	f57f6e68	Leonidas Poulopoulos	import beanstalkc
35	97e42c7d	Leonidas Poulopoulos	from flowspy.utils.randomizer import id_generator as id_gen
36	3e99e2d1	Leonidas Poulopoulos
37	7fac6521	Leonidas Poulopoulos	from flowspec.tasks import *
38	3e99e2d1	Leonidas Poulopoulos
39	357d48dc	Leonidas Poulopoulos	FORMAT = '%(asctime)s %(levelname)s: %(message)s'
40	357d48dc	Leonidas Poulopoulos	logging.basicConfig(format=FORMAT)
41	357d48dc	Leonidas Poulopoulos	logger = logging.getLogger(__name__)
42	357d48dc	Leonidas Poulopoulos	logger.setLevel(logging.DEBUG)
43	357d48dc	Leonidas Poulopoulos
44	a24fbf37	Leonidas Poulopoulos
45	a3af8464	Leonidas Poulopoulos	FRAGMENT_CODES = (
46	a3af8464	Leonidas Poulopoulos	("dont-fragment", "Don't fragment"),
47	a3af8464	Leonidas Poulopoulos	("first-fragment", "First fragment"),
48	a3af8464	Leonidas Poulopoulos	("is-fragment", "Is fragment"),
49	a3af8464	Leonidas Poulopoulos	("last-fragment", "Last fragment"),
50	a3af8464	Leonidas Poulopoulos	("not-a-fragment", "Not a fragment")
51	a3af8464	Leonidas Poulopoulos	)
52	a3af8464	Leonidas Poulopoulos
53	a3af8464	Leonidas Poulopoulos	THEN_CHOICES = (
54	a3af8464	Leonidas Poulopoulos	("accept", "Accept"),
55	a3af8464	Leonidas Poulopoulos	("discard", "Discard"),
56	a3af8464	Leonidas Poulopoulos	("community", "Community"),
57	a3af8464	Leonidas Poulopoulos	("next-term", "Next term"),
58	a3af8464	Leonidas Poulopoulos	("routing-instance", "Routing Instance"),
59	a3af8464	Leonidas Poulopoulos	("rate-limit", "Rate limit"),
60	a3af8464	Leonidas Poulopoulos	("sample", "Sample")
61	a3af8464	Leonidas Poulopoulos	)
62	a3af8464	Leonidas Poulopoulos
63	7fac6521	Leonidas Poulopoulos	MATCH_PROTOCOL = (
64	7fac6521	Leonidas Poulopoulos	("ah", "ah"),
65	7fac6521	Leonidas Poulopoulos	("egp", "egp"),
66	7fac6521	Leonidas Poulopoulos	("esp", "esp"),
67	7fac6521	Leonidas Poulopoulos	("gre", "gre"),
68	7fac6521	Leonidas Poulopoulos	("icmp", "icmp"),
69	7fac6521	Leonidas Poulopoulos	("icmp6", "icmp6"),
70	7fac6521	Leonidas Poulopoulos	("igmp", "igmp"),
71	7fac6521	Leonidas Poulopoulos	("ipip", "ipip"),
72	7fac6521	Leonidas Poulopoulos	("ospf", "ospf"),
73	7fac6521	Leonidas Poulopoulos	("pim", "pim"),
74	7fac6521	Leonidas Poulopoulos	("rsvp", "rsvp"),
75	7fac6521	Leonidas Poulopoulos	("sctp", "sctp"),
76	7fac6521	Leonidas Poulopoulos	("tcp", "tcp"),
77	7fac6521	Leonidas Poulopoulos	("udp", "udp"),
78	7fac6521	Leonidas Poulopoulos	)
79	7fac6521	Leonidas Poulopoulos
80	97e42c7d	Leonidas Poulopoulos	ROUTE_STATES = (
81	97e42c7d	Leonidas Poulopoulos	("ACTIVE", "ACTIVE"),
82	97e42c7d	Leonidas Poulopoulos	("ERROR", "ERROR"),
83	97e42c7d	Leonidas Poulopoulos	("EXPIRED", "EXPIRED"),
84	97e42c7d	Leonidas Poulopoulos	("PENDING", "PENDING"),
85	97e42c7d	Leonidas Poulopoulos	("OUTOFSYNC", "OUTOFSYNC"),
86	d50fd7b6	Leonidas Poulopoulos	("INACTIVE", "INACTIVE"),
87	d50fd7b6	Leonidas Poulopoulos	("ADMININACTIVE", "ADMININACTIVE"),
88	97e42c7d	Leonidas Poulopoulos	)
89	97e42c7d	Leonidas Poulopoulos
90	a3af8464	Leonidas Poulopoulos
91	c1509909	Leonidas Poulopoulos	def days_offset(): return datetime.date.today() + datetime.timedelta(days = settings.EXPIRATION_DAYS_OFFSET)
92	a3af8464	Leonidas Poulopoulos
93	a3af8464	Leonidas Poulopoulos	class MatchPort(models.Model):
94	97e42c7d	Leonidas Poulopoulos	port = models.CharField(max_length=24, unique=True)
95	a24fbf37	Leonidas Poulopoulos	def __unicode__(self):
96	a24fbf37	Leonidas Poulopoulos	return self.port
97	a3af8464	Leonidas Poulopoulos	class Meta:
98	a3af8464	Leonidas Poulopoulos	db_table = u'match_port'
99	a3af8464	Leonidas Poulopoulos
100	a3af8464	Leonidas Poulopoulos	class MatchDscp(models.Model):
101	a3af8464	Leonidas Poulopoulos	dscp = models.CharField(max_length=24)
102	a24fbf37	Leonidas Poulopoulos	def __unicode__(self):
103	a24fbf37	Leonidas Poulopoulos	return self.dscp
104	a3af8464	Leonidas Poulopoulos	class Meta:
105	a3af8464	Leonidas Poulopoulos	db_table = u'match_dscp'
106	a3af8464	Leonidas Poulopoulos
107	7fac6521	Leonidas Poulopoulos	class MatchProtocol(models.Model):
108	7fac6521	Leonidas Poulopoulos	protocol = models.CharField(max_length=24, unique=True)
109	7fac6521	Leonidas Poulopoulos	def __unicode__(self):
110	7fac6521	Leonidas Poulopoulos	return self.protocol
111	7fac6521	Leonidas Poulopoulos	class Meta:
112	7fac6521	Leonidas Poulopoulos	db_table = u'match_protocol'
113	7fac6521	Leonidas Poulopoulos
114	7a8a4da4	Leonidas Poulopoulos
115	a3af8464	Leonidas Poulopoulos	class ThenAction(models.Model):
116	b10e01d6	Leonidas Poulopoulos	action = models.CharField(max_length=60, choices=THEN_CHOICES, verbose_name="Action")
117	b10e01d6	Leonidas Poulopoulos	action_value = models.CharField(max_length=255, blank=True, null=True, verbose_name="Action Value")
118	a24fbf37	Leonidas Poulopoulos	def __unicode__(self):
119	97e42c7d	Leonidas Poulopoulos	ret = "%s:%s" %(self.action, self.action_value)
120	97e42c7d	Leonidas Poulopoulos	return ret.rstrip(":")
121	a3af8464	Leonidas Poulopoulos	class Meta:
122	a3af8464	Leonidas Poulopoulos	db_table = u'then_action'
123	fdc3d663	Leonidas Poulopoulos	ordering = ['action', 'action_value']
124	f12b3d54	Leonidas Poulopoulos	unique_together = ("action", "action_value")
125	a3af8464	Leonidas Poulopoulos
126	a3af8464	Leonidas Poulopoulos	class Route(models.Model):
127	c2f4725d	Leonidas Poulopoulos	name = models.SlugField(max_length=128, verbose_name=_("Name"))
128	9cad4715	Leonidas Poulopoulos	applier = models.ForeignKey(User, blank=True, null=True)
129	c2f4725d	Leonidas Poulopoulos	source = models.CharField(max_length=32, help_text=_("Network address. Use address/CIDR notation"), verbose_name=_("Source Address"))
130	c2f4725d	Leonidas Poulopoulos	sourceport = models.ManyToManyField(MatchPort, blank=True, null=True, related_name="matchSourcePort", verbose_name=_("Source Port"))
131	c2f4725d	Leonidas Poulopoulos	destination = models.CharField(max_length=32, help_text=_("Network address. Use address/CIDR notation"), verbose_name=_("Destination Address"))
132	c2f4725d	Leonidas Poulopoulos	destinationport = models.ManyToManyField(MatchPort, blank=True, null=True, related_name="matchDestinationPort", verbose_name=_("Destination Port"))
133	c2f4725d	Leonidas Poulopoulos	port = models.ManyToManyField(MatchPort, blank=True, null=True, related_name="matchPort", verbose_name=_("Port"))
134	b10e01d6	Leonidas Poulopoulos	dscp = models.ManyToManyField(MatchDscp, blank=True, null=True, verbose_name="DSCP")
135	b10e01d6	Leonidas Poulopoulos	fragmenttype = models.CharField(max_length=20, choices=FRAGMENT_CODES, blank=True, null=True, verbose_name="Fragment Type")
136	b10e01d6	Leonidas Poulopoulos	icmpcode = models.CharField(max_length=32, blank=True, null=True, verbose_name="ICMP Code")
137	b10e01d6	Leonidas Poulopoulos	icmptype = models.CharField(max_length=32, blank=True, null=True, verbose_name="ICMP Type")
138	b10e01d6	Leonidas Poulopoulos	packetlength = models.IntegerField(blank=True, null=True, verbose_name="Packet Length")
139	c2f4725d	Leonidas Poulopoulos	protocol = models.ManyToManyField(MatchProtocol, blank=True, null=True, verbose_name=_("Protocol"))
140	b10e01d6	Leonidas Poulopoulos	tcpflag = models.CharField(max_length=128, blank=True, null=True, verbose_name="TCP flag")
141	c2f4725d	Leonidas Poulopoulos	then = models.ManyToManyField(ThenAction, verbose_name=_("Then"))
142	a3af8464	Leonidas Poulopoulos	filed = models.DateTimeField(auto_now_add=True)
143	a3af8464	Leonidas Poulopoulos	last_updated = models.DateTimeField(auto_now=True)
144	c2f4725d	Leonidas Poulopoulos	status = models.CharField(max_length=20, choices=ROUTE_STATES, blank=True, null=True, verbose_name=_("Status"), default="PENDING")
145	97e42c7d	Leonidas Poulopoulos	# is_online = models.BooleanField(default=False)
146	97e42c7d	Leonidas Poulopoulos	# is_active = models.BooleanField(default=False)
147	c2f4725d	Leonidas Poulopoulos	expires = models.DateField(default=days_offset, verbose_name=_("Expires"))
148	c2f4725d	Leonidas Poulopoulos	response = models.CharField(max_length=512, blank=True, null=True, verbose_name=_("Response"))
149	c2f4725d	Leonidas Poulopoulos	comments = models.TextField(null=True, blank=True, verbose_name=_("Comments"))
150	357d48dc	Leonidas Poulopoulos
151	357d48dc	Leonidas Poulopoulos
152	a24fbf37	Leonidas Poulopoulos	def __unicode__(self):
153	a24fbf37	Leonidas Poulopoulos	return self.name
154	a24fbf37	Leonidas Poulopoulos
155	a3af8464	Leonidas Poulopoulos	class Meta:
156	a24fbf37	Leonidas Poulopoulos	db_table = u'route'
157	7d408f6f	Leonidas Poulopoulos	verbose_name = "Rule"
158	7d408f6f	Leonidas Poulopoulos	verbose_name_plural = "Rules"
159	7a8a4da4	Leonidas Poulopoulos
160	97e42c7d	Leonidas Poulopoulos	def save(self, args, *kwargs):
161	97e42c7d	Leonidas Poulopoulos	if not self.pk:
162	97e42c7d	Leonidas Poulopoulos	hash = id_gen()
163	97e42c7d	Leonidas Poulopoulos	self.name = "%s_%s" %(self.name, hash)
164	97e42c7d	Leonidas Poulopoulos	super(Route, self).save(args, *kwargs) # Call the "real" save() method.
165	97e42c7d	Leonidas Poulopoulos
166	97e42c7d	Leonidas Poulopoulos
167	7a8a4da4	Leonidas Poulopoulos	def clean(self, args, *kwargs):
168	7a8a4da4	Leonidas Poulopoulos	from django.core.exceptions import ValidationError
169	7a8a4da4	Leonidas Poulopoulos	if self.destination:
170	7a8a4da4	Leonidas Poulopoulos	try:
171	b10e01d6	Leonidas Poulopoulos	address = IPNetwork(self.destination)
172	b10e01d6	Leonidas Poulopoulos	self.destination = address.exploded
173	7a8a4da4	Leonidas Poulopoulos	except Exception:
174	c2f4725d	Leonidas Poulopoulos	raise ValidationError(_('Invalid network address format at Destination Field'))
175	7a8a4da4	Leonidas Poulopoulos	if self.source:
176	7a8a4da4	Leonidas Poulopoulos	try:
177	b10e01d6	Leonidas Poulopoulos	address = IPNetwork(self.source)
178	b10e01d6	Leonidas Poulopoulos	self.source = address.exploded
179	7a8a4da4	Leonidas Poulopoulos	except Exception:
180	c2f4725d	Leonidas Poulopoulos	raise ValidationError(_('Invalid network address format at Source Field'))
181	6a946adf	Leonidas Poulopoulos
182	9cad4715	Leonidas Poulopoulos	def commit_add(self, args, *kwargs):
183	97e42c7d	Leonidas Poulopoulos	peer = self.applier.get_profile().peer.domain_name
184	933c1f31	Leonidas Poulopoulos	send_message("[%s] Adding rule %s. Please wait..." %(self.applier.username, self.name), peer)
185	9cad4715	Leonidas Poulopoulos	response = add.delay(self)
186	6a946adf	Leonidas Poulopoulos	logger.info("Got add job id: %s" %response)
187	9cad4715	Leonidas Poulopoulos
188	3e99e2d1	Leonidas Poulopoulos	def commit_edit(self, args, *kwargs):
189	97e42c7d	Leonidas Poulopoulos	peer = self.applier.get_profile().peer.domain_name
190	933c1f31	Leonidas Poulopoulos	send_message("[%s] Editing rule %s. Please wait..." %(self.applier.username, self.name), peer)
191	3e99e2d1	Leonidas Poulopoulos	response = edit.delay(self)
192	3e99e2d1	Leonidas Poulopoulos	logger.info("Got edit job id: %s" %response)
193	b10e01d6	Leonidas Poulopoulos
194	3e99e2d1	Leonidas Poulopoulos	def commit_delete(self, args, *kwargs):
195	6a946adf	Leonidas Poulopoulos	reason_text = ''
196	049a5a10	Leonidas Poulopoulos	reason = ''
197	6a946adf	Leonidas Poulopoulos	if "reason" in kwargs:
198	6a946adf	Leonidas Poulopoulos	reason = kwargs['reason']
199	6a946adf	Leonidas Poulopoulos	reason_text = "Reason: %s. " %reason
200	97e42c7d	Leonidas Poulopoulos	peer = self.applier.get_profile().peer.domain_name
201	61e178c3	Leonidas Poulopoulos	send_message("[%s] Suspending rule %s. %sPlease wait..." %(self.applier.username, self.name, reason_text), peer)
202	6a946adf	Leonidas Poulopoulos	response = delete.delay(self, reason=reason)
203	6a946adf	Leonidas Poulopoulos	logger.info("Got delete job id: %s" %response)
204	6a946adf	Leonidas Poulopoulos
205	c1509909	Leonidas Poulopoulos	def has_expired(self):
206	c1509909	Leonidas Poulopoulos	today = datetime.date.today()
207	c1509909	Leonidas Poulopoulos	if today > self.expires:
208	c1509909	Leonidas Poulopoulos	return True
209	c1509909	Leonidas Poulopoulos	return False
210	6a946adf	Leonidas Poulopoulos
211	6a946adf	Leonidas Poulopoulos	def check_sync(self):
212	6a946adf	Leonidas Poulopoulos	if not self.is_synced():
213	6a946adf	Leonidas Poulopoulos	self.status = "OUTOFSYNC"
214	6a946adf	Leonidas Poulopoulos	self.save()
215	6a946adf	Leonidas Poulopoulos
216	6a946adf	Leonidas Poulopoulos	def is_synced(self):
217	357d48dc	Leonidas Poulopoulos	found = False
218	357d48dc	Leonidas Poulopoulos	get_device = PR.Retriever()
219	357d48dc	Leonidas Poulopoulos	device = get_device.fetch_device()
220	357d48dc	Leonidas Poulopoulos	try:
221	357d48dc	Leonidas Poulopoulos	routes = device.routing_options[0].routes
222	357d48dc	Leonidas Poulopoulos	except Exception as e:
223	97e42c7d	Leonidas Poulopoulos	self.status = "EXPIRED"
224	971645d6	Leonidas Poulopoulos	self.save()
225	357d48dc	Leonidas Poulopoulos	logger.error("No routing options on device. Exception: %s" %e)
226	6a946adf	Leonidas Poulopoulos	return True
227	357d48dc	Leonidas Poulopoulos	for route in routes:
228	357d48dc	Leonidas Poulopoulos	if route.name == self.name:
229	357d48dc	Leonidas Poulopoulos	found = True
230	933c1f31	Leonidas Poulopoulos	logger.info('Found a matching rule name')
231	357d48dc	Leonidas Poulopoulos	devicematch = route.match
232	357d48dc	Leonidas Poulopoulos	try:
233	b10e01d6	Leonidas Poulopoulos	assert(self.destination)
234	357d48dc	Leonidas Poulopoulos	assert(devicematch['destination'][0])
235	b10e01d6	Leonidas Poulopoulos	if self.destination == devicematch['destination'][0]:
236	357d48dc	Leonidas Poulopoulos	found = found and True
237	357d48dc	Leonidas Poulopoulos	logger.info('Found a matching destination')
238	357d48dc	Leonidas Poulopoulos	else:
239	357d48dc	Leonidas Poulopoulos	found = False
240	357d48dc	Leonidas Poulopoulos	logger.info('Destination fields do not match')
241	357d48dc	Leonidas Poulopoulos	except:
242	357d48dc	Leonidas Poulopoulos	pass
243	357d48dc	Leonidas Poulopoulos	try:
244	b10e01d6	Leonidas Poulopoulos	assert(self.source)
245	357d48dc	Leonidas Poulopoulos	assert(devicematch['source'][0])
246	b10e01d6	Leonidas Poulopoulos	if self.source == devicematch['source'][0]:
247	357d48dc	Leonidas Poulopoulos	found = found and True
248	357d48dc	Leonidas Poulopoulos	logger.info('Found a matching source')
249	357d48dc	Leonidas Poulopoulos	else:
250	357d48dc	Leonidas Poulopoulos	found = False
251	357d48dc	Leonidas Poulopoulos	logger.info('Source fields do not match')
252	357d48dc	Leonidas Poulopoulos	except:
253	357d48dc	Leonidas Poulopoulos	pass
254	357d48dc	Leonidas Poulopoulos	try:
255	b10e01d6	Leonidas Poulopoulos	assert(self.fragmenttype)
256	357d48dc	Leonidas Poulopoulos	assert(devicematch['fragment'][0])
257	b10e01d6	Leonidas Poulopoulos	if self.fragmenttype == devicematch['fragment'][0]:
258	357d48dc	Leonidas Poulopoulos	found = found and True
259	357d48dc	Leonidas Poulopoulos	logger.info('Found a matching fragment type')
260	357d48dc	Leonidas Poulopoulos	else:
261	357d48dc	Leonidas Poulopoulos	found = False
262	357d48dc	Leonidas Poulopoulos	logger.info('Fragment type fields do not match')
263	357d48dc	Leonidas Poulopoulos	except:
264	357d48dc	Leonidas Poulopoulos	pass
265	357d48dc	Leonidas Poulopoulos	try:
266	b10e01d6	Leonidas Poulopoulos	assert(self.icmpcode)
267	357d48dc	Leonidas Poulopoulos	assert(devicematch['icmp-code'][0])
268	b10e01d6	Leonidas Poulopoulos	if self.icmpcode == devicematch['icmp-code'][0]:
269	357d48dc	Leonidas Poulopoulos	found = found and True
270	357d48dc	Leonidas Poulopoulos	logger.info('Found a matching icmp code')
271	357d48dc	Leonidas Poulopoulos	else:
272	357d48dc	Leonidas Poulopoulos	found = False
273	357d48dc	Leonidas Poulopoulos	logger.info('Icmp code fields do not match')
274	357d48dc	Leonidas Poulopoulos	except:
275	357d48dc	Leonidas Poulopoulos	pass
276	357d48dc	Leonidas Poulopoulos	try:
277	b10e01d6	Leonidas Poulopoulos	assert(self.icmptype)
278	357d48dc	Leonidas Poulopoulos	assert(devicematch['icmp-type'][0])
279	b10e01d6	Leonidas Poulopoulos	if self.icmptype == devicematch['icmp-type'][0]:
280	357d48dc	Leonidas Poulopoulos	found = found and True
281	357d48dc	Leonidas Poulopoulos	logger.info('Found a matching icmp type')
282	357d48dc	Leonidas Poulopoulos	else:
283	357d48dc	Leonidas Poulopoulos	found = False
284	357d48dc	Leonidas Poulopoulos	logger.info('Icmp type fields do not match')
285	357d48dc	Leonidas Poulopoulos	except:
286	357d48dc	Leonidas Poulopoulos	pass
287	97e42c7d	Leonidas Poulopoulos	if found and self.status != "ACTIVE":
288	e173e7c2	Leonidas Poulopoulos	logger.error('Rule is applied on device but appears as offline')
289	e173e7c2	Leonidas Poulopoulos	self.status = "ACTIVE"
290	e173e7c2	Leonidas Poulopoulos	self.save()
291	e173e7c2	Leonidas Poulopoulos	found = True
292	33281310	Leonidas Poulopoulos	if self.status == "ADMININACTIVE" or self.status == "INACTIVE" or self.status == "EXPIRED":
293	e173e7c2	Leonidas Poulopoulos	found = True
294	357d48dc	Leonidas Poulopoulos	return found
295	357d48dc	Leonidas Poulopoulos
296	357d48dc	Leonidas Poulopoulos	def get_then(self):
297	357d48dc	Leonidas Poulopoulos	ret = ''
298	b10e01d6	Leonidas Poulopoulos	then_statements = self.then.all()
299	357d48dc	Leonidas Poulopoulos	for statement in then_statements:
300	357d48dc	Leonidas Poulopoulos	if statement.action_value:
301	357d48dc	Leonidas Poulopoulos	ret = "%s %s:<strong>%s</strong><br/>" %(ret, statement.action, statement.action_value)
302	357d48dc	Leonidas Poulopoulos	else:
303	357d48dc	Leonidas Poulopoulos	ret = "%s %s<br>" %(ret, statement.action)
304	357d48dc	Leonidas Poulopoulos	return ret.rstrip(',')
305	357d48dc	Leonidas Poulopoulos
306	357d48dc	Leonidas Poulopoulos	get_then.short_description = 'Then statement'
307	357d48dc	Leonidas Poulopoulos	get_then.allow_tags = True
308	b10e01d6	Leonidas Poulopoulos	#
309	357d48dc	Leonidas Poulopoulos	def get_match(self):
310	357d48dc	Leonidas Poulopoulos	ret = ''
311	b10e01d6	Leonidas Poulopoulos	if self.destination:
312	f5d68f6f	Leonidas Poulopoulos	ret = '%s Dst Addr:<strong>%s</strong> <br/>' %(ret, self.destination)
313	b10e01d6	Leonidas Poulopoulos	if self.fragmenttype:
314	3e99e2d1	Leonidas Poulopoulos	ret = "%s Fragment Type:<strong>%s</strong><br/>" %(ret, self.fragmenttype)
315	b10e01d6	Leonidas Poulopoulos	if self.icmpcode:
316	3e99e2d1	Leonidas Poulopoulos	ret = "%s ICMP code:<strong>%s</strong><br/>" %(ret, self.icmpcode)
317	b10e01d6	Leonidas Poulopoulos	if self.icmptype:
318	3e99e2d1	Leonidas Poulopoulos	ret = "%s ICMP Type:<strong>%s</strong><br/>" %(ret, self.icmptype)
319	b10e01d6	Leonidas Poulopoulos	if self.packetlength:
320	3e99e2d1	Leonidas Poulopoulos	ret = "%s Packet Length:<strong>%s</strong><br/>" %(ret, self.packetlength)
321	b10e01d6	Leonidas Poulopoulos	if self.source:
322	f5d68f6f	Leonidas Poulopoulos	ret = "%s Src Addr:<strong>%s</strong> <br/>" %(ret, self.source)
323	b10e01d6	Leonidas Poulopoulos	if self.tcpflag:
324	3e99e2d1	Leonidas Poulopoulos	ret = "%s TCP flag:<strong>%s</strong><br/>" %(ret, self.tcpflag)
325	b10e01d6	Leonidas Poulopoulos	if self.port:
326	b10e01d6	Leonidas Poulopoulos	for port in self.port.all():
327	f5d68f6f	Leonidas Poulopoulos	ret = ret + "Port:<strong>%s</strong> <br/>" %(port)
328	7fac6521	Leonidas Poulopoulos	if self.protocol:
329	7fac6521	Leonidas Poulopoulos	for protocol in self.protocol.all():
330	7fac6521	Leonidas Poulopoulos	ret = ret + "Protocol:<strong>%s</strong> <br/>" %(protocol)
331	b10e01d6	Leonidas Poulopoulos	if self.destinationport:
332	b10e01d6	Leonidas Poulopoulos	for port in self.destinationport.all():
333	f5d68f6f	Leonidas Poulopoulos	ret = ret + "Dst Port:<strong>%s</strong> <br/>" %(port)
334	b10e01d6	Leonidas Poulopoulos	if self.sourceport:
335	b10e01d6	Leonidas Poulopoulos	for port in self.sourceport.all():
336	f5d68f6f	Leonidas Poulopoulos	ret = ret +"Src Port:<strong>%s</strong> <br/>" %(port)
337	b10e01d6	Leonidas Poulopoulos	if self.dscp:
338	b10e01d6	Leonidas Poulopoulos	for dscp in self.dscp.all():
339	f5d68f6f	Leonidas Poulopoulos	ret = ret + "%s Port:<strong>%s</strong> <br/>" %(ret, dscp)
340	357d48dc	Leonidas Poulopoulos	return ret.rstrip('<br/>')
341	357d48dc	Leonidas Poulopoulos
342	357d48dc	Leonidas Poulopoulos	get_match.short_description = 'Match statement'
343	357d48dc	Leonidas Poulopoulos	get_match.allow_tags = True
344	d50fd7b6	Leonidas Poulopoulos
345	d50fd7b6	Leonidas Poulopoulos	@property
346	d50fd7b6	Leonidas Poulopoulos	def applier_peer(self):
347	d50fd7b6	Leonidas Poulopoulos	try:
348	d50fd7b6	Leonidas Poulopoulos	applier_peer = self.applier.get_profile().peer
349	d50fd7b6	Leonidas Poulopoulos	except:
350	d50fd7b6	Leonidas Poulopoulos	applier_peer = None
351	d50fd7b6	Leonidas Poulopoulos	return applier_peer
352	fb67376a	Leonidas Poulopoulos
353	fb67376a	Leonidas Poulopoulos	@property
354	fb67376a	Leonidas Poulopoulos	def days_to_expire(self):
355	e74203ca	Leonidas Poulopoulos	if self.status not in ['EXPIRED', 'ADMININACTIVE', 'ERROR', 'INACTIVE']:
356	fb67376a	Leonidas Poulopoulos	expiration_days = (self.expires - datetime.date.today()).days
357	fb67376a	Leonidas Poulopoulos	if expiration_days < settings.EXPIRATION_NOTIFY_DAYS:
358	7c4bc8de	Leonidas Poulopoulos	return "%s" %expiration_days
359	fb67376a	Leonidas Poulopoulos	else:
360	fb67376a	Leonidas Poulopoulos	return False
361	fb67376a	Leonidas Poulopoulos	else:
362	fb67376a	Leonidas Poulopoulos	return False
363	357d48dc	Leonidas Poulopoulos
364	25d08a62	Leonidas Poulopoulos	def send_message(msg, user):
365	97e42c7d	Leonidas Poulopoulos	# username = user.username
366	97e42c7d	Leonidas Poulopoulos	peer = user
367	3e99e2d1	Leonidas Poulopoulos	b = beanstalkc.Connection()
368	3e99e2d1	Leonidas Poulopoulos	b.use(settings.POLLS_TUBE)
369	97e42c7d	Leonidas Poulopoulos	tube_message = json.dumps({'message': str(msg), 'username':peer})
370	25d08a62	Leonidas Poulopoulos	b.put(tube_message)
371	3e99e2d1	Leonidas Poulopoulos	b.close()