root / flowspec / models.py @ f1bd3b97
History | View | Annotate | Download (14.1 kB)
1 | 478173ac | Leonidas Poulopoulos | # -*- coding: utf-8 -*- vim:encoding=utf-8:
|
---|---|---|---|
2 | 478173ac | Leonidas Poulopoulos | # vim: tabstop=4:shiftwidth=4:softtabstop=4:expandtab
|
3 | 478173ac | Leonidas Poulopoulos | |
4 | a3af8464 | Leonidas Poulopoulos | from django.db import models |
5 | b10e01d6 | Leonidas Poulopoulos | from django.conf import settings |
6 | a3af8464 | Leonidas Poulopoulos | from django.contrib.auth.models import User |
7 | b500da65 | Leonidas Poulopoulos | from django.db.models.query import QuerySet |
8 | 357d48dc | Leonidas Poulopoulos | from utils import proxy as PR |
9 | 478173ac | Leonidas Poulopoulos | from ipaddr import * |
10 | c1509909 | Leonidas Poulopoulos | import datetime |
11 | 357d48dc | Leonidas Poulopoulos | import logging |
12 | 9cad4715 | Leonidas Poulopoulos | from time import sleep |
13 | 357d48dc | Leonidas Poulopoulos | |
14 | f57f6e68 | Leonidas Poulopoulos | import beanstalkc |
15 | 97e42c7d | Leonidas Poulopoulos | from flowspy.utils.randomizer import id_generator as id_gen |
16 | 3e99e2d1 | Leonidas Poulopoulos | |
17 | 7fac6521 | Leonidas Poulopoulos | from flowspec.tasks import * |
18 | 3e99e2d1 | Leonidas Poulopoulos | |
19 | 357d48dc | Leonidas Poulopoulos | FORMAT = '%(asctime)s %(levelname)s: %(message)s'
|
20 | 357d48dc | Leonidas Poulopoulos | logging.basicConfig(format=FORMAT) |
21 | 357d48dc | Leonidas Poulopoulos | logger = logging.getLogger(__name__) |
22 | 357d48dc | Leonidas Poulopoulos | logger.setLevel(logging.DEBUG) |
23 | 357d48dc | Leonidas Poulopoulos | |
24 | a24fbf37 | Leonidas Poulopoulos | |
25 | a3af8464 | Leonidas Poulopoulos | FRAGMENT_CODES = ( |
26 | a3af8464 | Leonidas Poulopoulos | ("dont-fragment", "Don't fragment"), |
27 | a3af8464 | Leonidas Poulopoulos | ("first-fragment", "First fragment"), |
28 | a3af8464 | Leonidas Poulopoulos | ("is-fragment", "Is fragment"), |
29 | a3af8464 | Leonidas Poulopoulos | ("last-fragment", "Last fragment"), |
30 | a3af8464 | Leonidas Poulopoulos | ("not-a-fragment", "Not a fragment") |
31 | a3af8464 | Leonidas Poulopoulos | ) |
32 | a3af8464 | Leonidas Poulopoulos | |
33 | a3af8464 | Leonidas Poulopoulos | THEN_CHOICES = ( |
34 | a3af8464 | Leonidas Poulopoulos | ("accept", "Accept"), |
35 | a3af8464 | Leonidas Poulopoulos | ("discard", "Discard"), |
36 | a3af8464 | Leonidas Poulopoulos | ("community", "Community"), |
37 | a3af8464 | Leonidas Poulopoulos | ("next-term", "Next term"), |
38 | a3af8464 | Leonidas Poulopoulos | ("routing-instance", "Routing Instance"), |
39 | a3af8464 | Leonidas Poulopoulos | ("rate-limit", "Rate limit"), |
40 | a3af8464 | Leonidas Poulopoulos | ("sample", "Sample") |
41 | a3af8464 | Leonidas Poulopoulos | ) |
42 | a3af8464 | Leonidas Poulopoulos | |
43 | 7fac6521 | Leonidas Poulopoulos | MATCH_PROTOCOL = ( |
44 | 7fac6521 | Leonidas Poulopoulos | ("ah", "ah"), |
45 | 7fac6521 | Leonidas Poulopoulos | ("egp", "egp"), |
46 | 7fac6521 | Leonidas Poulopoulos | ("esp", "esp"), |
47 | 7fac6521 | Leonidas Poulopoulos | ("gre", "gre"), |
48 | 7fac6521 | Leonidas Poulopoulos | ("icmp", "icmp"), |
49 | 7fac6521 | Leonidas Poulopoulos | ("icmp6", "icmp6"), |
50 | 7fac6521 | Leonidas Poulopoulos | ("igmp", "igmp"), |
51 | 7fac6521 | Leonidas Poulopoulos | ("ipip", "ipip"), |
52 | 7fac6521 | Leonidas Poulopoulos | ("ospf", "ospf"), |
53 | 7fac6521 | Leonidas Poulopoulos | ("pim", "pim"), |
54 | 7fac6521 | Leonidas Poulopoulos | ("rsvp", "rsvp"), |
55 | 7fac6521 | Leonidas Poulopoulos | ("sctp", "sctp"), |
56 | 7fac6521 | Leonidas Poulopoulos | ("tcp", "tcp"), |
57 | 7fac6521 | Leonidas Poulopoulos | ("udp", "udp"), |
58 | 7fac6521 | Leonidas Poulopoulos | ) |
59 | 7fac6521 | Leonidas Poulopoulos | |
60 | 97e42c7d | Leonidas Poulopoulos | ROUTE_STATES = ( |
61 | 97e42c7d | Leonidas Poulopoulos | ("ACTIVE", "ACTIVE"), |
62 | 97e42c7d | Leonidas Poulopoulos | ("ERROR", "ERROR"), |
63 | 97e42c7d | Leonidas Poulopoulos | ("EXPIRED", "EXPIRED"), |
64 | 97e42c7d | Leonidas Poulopoulos | ("PENDING", "PENDING"), |
65 | 97e42c7d | Leonidas Poulopoulos | ("OUTOFSYNC", "OUTOFSYNC"), |
66 | d50fd7b6 | Leonidas Poulopoulos | ("INACTIVE", "INACTIVE"), |
67 | d50fd7b6 | Leonidas Poulopoulos | ("ADMININACTIVE", "ADMININACTIVE"), |
68 | 97e42c7d | Leonidas Poulopoulos | ) |
69 | 97e42c7d | Leonidas Poulopoulos | |
70 | a3af8464 | Leonidas Poulopoulos | |
71 | c1509909 | Leonidas Poulopoulos | def days_offset(): return datetime.date.today() + datetime.timedelta(days = settings.EXPIRATION_DAYS_OFFSET) |
72 | a3af8464 | Leonidas Poulopoulos | |
73 | a3af8464 | Leonidas Poulopoulos | class MatchPort(models.Model): |
74 | 97e42c7d | Leonidas Poulopoulos | port = models.CharField(max_length=24, unique=True) |
75 | a24fbf37 | Leonidas Poulopoulos | def __unicode__(self): |
76 | a24fbf37 | Leonidas Poulopoulos | return self.port |
77 | a3af8464 | Leonidas Poulopoulos | class Meta: |
78 | a3af8464 | Leonidas Poulopoulos | db_table = u'match_port'
|
79 | a3af8464 | Leonidas Poulopoulos | |
80 | a3af8464 | Leonidas Poulopoulos | class MatchDscp(models.Model): |
81 | a3af8464 | Leonidas Poulopoulos | dscp = models.CharField(max_length=24)
|
82 | a24fbf37 | Leonidas Poulopoulos | def __unicode__(self): |
83 | a24fbf37 | Leonidas Poulopoulos | return self.dscp |
84 | a3af8464 | Leonidas Poulopoulos | class Meta: |
85 | a3af8464 | Leonidas Poulopoulos | db_table = u'match_dscp'
|
86 | a3af8464 | Leonidas Poulopoulos | |
87 | 7fac6521 | Leonidas Poulopoulos | class MatchProtocol(models.Model): |
88 | 7fac6521 | Leonidas Poulopoulos | protocol = models.CharField(max_length=24, unique=True) |
89 | 7fac6521 | Leonidas Poulopoulos | def __unicode__(self): |
90 | 7fac6521 | Leonidas Poulopoulos | return self.protocol |
91 | 7fac6521 | Leonidas Poulopoulos | class Meta: |
92 | 7fac6521 | Leonidas Poulopoulos | db_table = u'match_protocol'
|
93 | 7fac6521 | Leonidas Poulopoulos | |
94 | 7a8a4da4 | Leonidas Poulopoulos | |
95 | a3af8464 | Leonidas Poulopoulos | class ThenAction(models.Model): |
96 | b10e01d6 | Leonidas Poulopoulos | action = models.CharField(max_length=60, choices=THEN_CHOICES, verbose_name="Action") |
97 | b10e01d6 | Leonidas Poulopoulos | action_value = models.CharField(max_length=255, blank=True, null=True, verbose_name="Action Value") |
98 | a24fbf37 | Leonidas Poulopoulos | def __unicode__(self): |
99 | 97e42c7d | Leonidas Poulopoulos | ret = "%s:%s" %(self.action, self.action_value) |
100 | 97e42c7d | Leonidas Poulopoulos | return ret.rstrip(":") |
101 | a3af8464 | Leonidas Poulopoulos | class Meta: |
102 | a3af8464 | Leonidas Poulopoulos | db_table = u'then_action'
|
103 | fdc3d663 | Leonidas Poulopoulos | ordering = ['action', 'action_value'] |
104 | f12b3d54 | Leonidas Poulopoulos | unique_together = ("action", "action_value") |
105 | a3af8464 | Leonidas Poulopoulos | |
106 | b500da65 | Leonidas Poulopoulos | class QuerySetManager(models.Manager): |
107 | b500da65 | Leonidas Poulopoulos | def get_query_set(self): |
108 | b500da65 | Leonidas Poulopoulos | return self.model.QuerySet(self.model) |
109 | b500da65 | Leonidas Poulopoulos | |
110 | a3af8464 | Leonidas Poulopoulos | class Route(models.Model): |
111 | 971645d6 | Leonidas Poulopoulos | name = models.SlugField(max_length=128)
|
112 | 9cad4715 | Leonidas Poulopoulos | applier = models.ForeignKey(User, blank=True, null=True) |
113 | abad126d | Leonidas Poulopoulos | source = models.CharField(max_length=32, help_text=u"Network address. Use address/CIDR notation", verbose_name="Source Address") |
114 | b10e01d6 | Leonidas Poulopoulos | sourceport = models.ManyToManyField(MatchPort, blank=True, null=True, related_name="matchSourcePort", verbose_name="Source Port") |
115 | 971645d6 | Leonidas Poulopoulos | destination = models.CharField(max_length=32, help_text=u"Network address. Use address/CIDR notation", verbose_name="Destination Address") |
116 | b10e01d6 | Leonidas Poulopoulos | destinationport = models.ManyToManyField(MatchPort, blank=True, null=True, related_name="matchDestinationPort", verbose_name="Destination Port") |
117 | b10e01d6 | Leonidas Poulopoulos | port = models.ManyToManyField(MatchPort, blank=True, null=True, related_name="matchPort", verbose_name="Port" ) |
118 | b10e01d6 | Leonidas Poulopoulos | dscp = models.ManyToManyField(MatchDscp, blank=True, null=True, verbose_name="DSCP") |
119 | b10e01d6 | Leonidas Poulopoulos | fragmenttype = models.CharField(max_length=20, choices=FRAGMENT_CODES, blank=True, null=True, verbose_name="Fragment Type") |
120 | b10e01d6 | Leonidas Poulopoulos | icmpcode = models.CharField(max_length=32, blank=True, null=True, verbose_name="ICMP Code") |
121 | b10e01d6 | Leonidas Poulopoulos | icmptype = models.CharField(max_length=32, blank=True, null=True, verbose_name="ICMP Type") |
122 | b10e01d6 | Leonidas Poulopoulos | packetlength = models.IntegerField(blank=True, null=True, verbose_name="Packet Length") |
123 | 7fac6521 | Leonidas Poulopoulos | protocol = models.ManyToManyField(MatchProtocol, blank=True, null=True, verbose_name="Protocol") |
124 | b10e01d6 | Leonidas Poulopoulos | tcpflag = models.CharField(max_length=128, blank=True, null=True, verbose_name="TCP flag") |
125 | b10e01d6 | Leonidas Poulopoulos | then = models.ManyToManyField(ThenAction, verbose_name="Then")
|
126 | a3af8464 | Leonidas Poulopoulos | filed = models.DateTimeField(auto_now_add=True)
|
127 | a3af8464 | Leonidas Poulopoulos | last_updated = models.DateTimeField(auto_now=True)
|
128 | 97e42c7d | Leonidas Poulopoulos | status = models.CharField(max_length=20, choices=ROUTE_STATES, blank=True, null=True, verbose_name="Status", default="PENDING") |
129 | 97e42c7d | Leonidas Poulopoulos | # is_online = models.BooleanField(default=False)
|
130 | 97e42c7d | Leonidas Poulopoulos | # is_active = models.BooleanField(default=False)
|
131 | 052c14aa | Leonidas Poulopoulos | expires = models.DateField(default=days_offset) |
132 | 357d48dc | Leonidas Poulopoulos | response = models.CharField(max_length=512, blank=True, null=True) |
133 | b10e01d6 | Leonidas Poulopoulos | comments = models.TextField(null=True, blank=True, verbose_name="Comments") |
134 | 357d48dc | Leonidas Poulopoulos | |
135 | b500da65 | Leonidas Poulopoulos | objects = QuerySetManager() |
136 | 357d48dc | Leonidas Poulopoulos | |
137 | b500da65 | Leonidas Poulopoulos | class QuerySet(QuerySet): |
138 | b500da65 | Leonidas Poulopoulos | def add_route_set(self): |
139 | b500da65 | Leonidas Poulopoulos | route_list = [] |
140 | b500da65 | Leonidas Poulopoulos | route_names = ''
|
141 | b500da65 | Leonidas Poulopoulos | for route in self: |
142 | b500da65 | Leonidas Poulopoulos | peer = route.applier.get_profile().peer.domain_name |
143 | b500da65 | Leonidas Poulopoulos | route_list.append(route) |
144 | b500da65 | Leonidas Poulopoulos | route_names = "%s, %s" %(route.name, route_names)
|
145 | b500da65 | Leonidas Poulopoulos | send_message("[%s] Adding rules: %s. Please wait..." %(route.applier.username, route_names.rstrip(',')), peer) |
146 | b500da65 | Leonidas Poulopoulos | response = add_set.delay(route_list) |
147 | b500da65 | Leonidas Poulopoulos | logger.info("Got add job id: %s" %response)
|
148 | b500da65 | Leonidas Poulopoulos | |
149 | a24fbf37 | Leonidas Poulopoulos | def __unicode__(self): |
150 | a24fbf37 | Leonidas Poulopoulos | return self.name |
151 | a24fbf37 | Leonidas Poulopoulos | |
152 | a3af8464 | Leonidas Poulopoulos | class Meta: |
153 | a24fbf37 | Leonidas Poulopoulos | db_table = u'route'
|
154 | 7d408f6f | Leonidas Poulopoulos | verbose_name = "Rule"
|
155 | 7d408f6f | Leonidas Poulopoulos | verbose_name_plural = "Rules"
|
156 | 7a8a4da4 | Leonidas Poulopoulos | |
157 | 97e42c7d | Leonidas Poulopoulos | def save(self, *args, **kwargs): |
158 | 97e42c7d | Leonidas Poulopoulos | if not self.pk: |
159 | 97e42c7d | Leonidas Poulopoulos | hash = id_gen() |
160 | 97e42c7d | Leonidas Poulopoulos | self.name = "%s_%s" %(self.name, hash) |
161 | 97e42c7d | Leonidas Poulopoulos | super(Route, self).save(*args, **kwargs) # Call the "real" save() method. |
162 | 97e42c7d | Leonidas Poulopoulos | |
163 | 97e42c7d | Leonidas Poulopoulos | |
164 | 7a8a4da4 | Leonidas Poulopoulos | def clean(self, *args, **kwargs): |
165 | 7a8a4da4 | Leonidas Poulopoulos | from django.core.exceptions import ValidationError |
166 | 7a8a4da4 | Leonidas Poulopoulos | if self.destination: |
167 | 7a8a4da4 | Leonidas Poulopoulos | try:
|
168 | b10e01d6 | Leonidas Poulopoulos | address = IPNetwork(self.destination)
|
169 | b10e01d6 | Leonidas Poulopoulos | self.destination = address.exploded
|
170 | 7a8a4da4 | Leonidas Poulopoulos | except Exception: |
171 | b10e01d6 | Leonidas Poulopoulos | raise ValidationError('Invalid network address format at Destination Field') |
172 | 7a8a4da4 | Leonidas Poulopoulos | if self.source: |
173 | 7a8a4da4 | Leonidas Poulopoulos | try:
|
174 | b10e01d6 | Leonidas Poulopoulos | address = IPNetwork(self.source)
|
175 | b10e01d6 | Leonidas Poulopoulos | self.source = address.exploded
|
176 | 7a8a4da4 | Leonidas Poulopoulos | except Exception: |
177 | b10e01d6 | Leonidas Poulopoulos | raise ValidationError('Invalid network address format at Source Field') |
178 | 6a946adf | Leonidas Poulopoulos | |
179 | 9cad4715 | Leonidas Poulopoulos | def commit_add(self, *args, **kwargs): |
180 | 97e42c7d | Leonidas Poulopoulos | peer = self.applier.get_profile().peer.domain_name
|
181 | 933c1f31 | Leonidas Poulopoulos | send_message("[%s] Adding rule %s. Please wait..." %(self.applier.username, self.name), peer) |
182 | 9cad4715 | Leonidas Poulopoulos | response = add.delay(self)
|
183 | 6a946adf | Leonidas Poulopoulos | logger.info("Got add job id: %s" %response)
|
184 | 9cad4715 | Leonidas Poulopoulos | |
185 | 3e99e2d1 | Leonidas Poulopoulos | def commit_edit(self, *args, **kwargs): |
186 | 97e42c7d | Leonidas Poulopoulos | peer = self.applier.get_profile().peer.domain_name
|
187 | 933c1f31 | Leonidas Poulopoulos | send_message("[%s] Editing rule %s. Please wait..." %(self.applier.username, self.name), peer) |
188 | 3e99e2d1 | Leonidas Poulopoulos | response = edit.delay(self)
|
189 | 3e99e2d1 | Leonidas Poulopoulos | logger.info("Got edit job id: %s" %response)
|
190 | b10e01d6 | Leonidas Poulopoulos | |
191 | 3e99e2d1 | Leonidas Poulopoulos | def commit_delete(self, *args, **kwargs): |
192 | 6a946adf | Leonidas Poulopoulos | reason_text = ''
|
193 | 049a5a10 | Leonidas Poulopoulos | reason = ''
|
194 | 6a946adf | Leonidas Poulopoulos | if "reason" in kwargs: |
195 | 6a946adf | Leonidas Poulopoulos | reason = kwargs['reason']
|
196 | 6a946adf | Leonidas Poulopoulos | reason_text = "Reason: %s. " %reason
|
197 | 97e42c7d | Leonidas Poulopoulos | peer = self.applier.get_profile().peer.domain_name
|
198 | 61e178c3 | Leonidas Poulopoulos | send_message("[%s] Suspending rule %s. %sPlease wait..." %(self.applier.username, self.name, reason_text), peer) |
199 | 6a946adf | Leonidas Poulopoulos | response = delete.delay(self, reason=reason)
|
200 | 6a946adf | Leonidas Poulopoulos | logger.info("Got delete job id: %s" %response)
|
201 | 6a946adf | Leonidas Poulopoulos | |
202 | c1509909 | Leonidas Poulopoulos | def has_expired(self): |
203 | c1509909 | Leonidas Poulopoulos | today = datetime.date.today() |
204 | c1509909 | Leonidas Poulopoulos | if today > self.expires: |
205 | c1509909 | Leonidas Poulopoulos | return True |
206 | c1509909 | Leonidas Poulopoulos | return False |
207 | 6a946adf | Leonidas Poulopoulos | |
208 | 6a946adf | Leonidas Poulopoulos | def check_sync(self): |
209 | 6a946adf | Leonidas Poulopoulos | if not self.is_synced(): |
210 | 6a946adf | Leonidas Poulopoulos | self.status = "OUTOFSYNC" |
211 | 6a946adf | Leonidas Poulopoulos | self.save()
|
212 | 6a946adf | Leonidas Poulopoulos | |
213 | 6a946adf | Leonidas Poulopoulos | def is_synced(self): |
214 | 357d48dc | Leonidas Poulopoulos | found = False
|
215 | 357d48dc | Leonidas Poulopoulos | get_device = PR.Retriever() |
216 | 357d48dc | Leonidas Poulopoulos | device = get_device.fetch_device() |
217 | 357d48dc | Leonidas Poulopoulos | try:
|
218 | 357d48dc | Leonidas Poulopoulos | routes = device.routing_options[0].routes
|
219 | 357d48dc | Leonidas Poulopoulos | except Exception as e: |
220 | 97e42c7d | Leonidas Poulopoulos | self.status = "EXPIRED" |
221 | 971645d6 | Leonidas Poulopoulos | self.save()
|
222 | 357d48dc | Leonidas Poulopoulos | logger.error("No routing options on device. Exception: %s" %e)
|
223 | 6a946adf | Leonidas Poulopoulos | return True |
224 | 357d48dc | Leonidas Poulopoulos | for route in routes: |
225 | 357d48dc | Leonidas Poulopoulos | if route.name == self.name: |
226 | 357d48dc | Leonidas Poulopoulos | found = True
|
227 | 933c1f31 | Leonidas Poulopoulos | logger.info('Found a matching rule name')
|
228 | 357d48dc | Leonidas Poulopoulos | devicematch = route.match |
229 | 357d48dc | Leonidas Poulopoulos | try:
|
230 | b10e01d6 | Leonidas Poulopoulos | assert(self.destination) |
231 | 357d48dc | Leonidas Poulopoulos | assert(devicematch['destination'][0]) |
232 | b10e01d6 | Leonidas Poulopoulos | if self.destination == devicematch['destination'][0]: |
233 | 357d48dc | Leonidas Poulopoulos | found = found and True |
234 | 357d48dc | Leonidas Poulopoulos | logger.info('Found a matching destination')
|
235 | 357d48dc | Leonidas Poulopoulos | else:
|
236 | 357d48dc | Leonidas Poulopoulos | found = False
|
237 | 357d48dc | Leonidas Poulopoulos | logger.info('Destination fields do not match')
|
238 | 357d48dc | Leonidas Poulopoulos | except:
|
239 | 357d48dc | Leonidas Poulopoulos | pass
|
240 | 357d48dc | Leonidas Poulopoulos | try:
|
241 | b10e01d6 | Leonidas Poulopoulos | assert(self.source) |
242 | 357d48dc | Leonidas Poulopoulos | assert(devicematch['source'][0]) |
243 | b10e01d6 | Leonidas Poulopoulos | if self.source == devicematch['source'][0]: |
244 | 357d48dc | Leonidas Poulopoulos | found = found and True |
245 | 357d48dc | Leonidas Poulopoulos | logger.info('Found a matching source')
|
246 | 357d48dc | Leonidas Poulopoulos | else:
|
247 | 357d48dc | Leonidas Poulopoulos | found = False
|
248 | 357d48dc | Leonidas Poulopoulos | logger.info('Source fields do not match')
|
249 | 357d48dc | Leonidas Poulopoulos | except:
|
250 | 357d48dc | Leonidas Poulopoulos | pass
|
251 | 357d48dc | Leonidas Poulopoulos | try:
|
252 | b10e01d6 | Leonidas Poulopoulos | assert(self.fragmenttype) |
253 | 357d48dc | Leonidas Poulopoulos | assert(devicematch['fragment'][0]) |
254 | b10e01d6 | Leonidas Poulopoulos | if self.fragmenttype == devicematch['fragment'][0]: |
255 | 357d48dc | Leonidas Poulopoulos | found = found and True |
256 | 357d48dc | Leonidas Poulopoulos | logger.info('Found a matching fragment type')
|
257 | 357d48dc | Leonidas Poulopoulos | else:
|
258 | 357d48dc | Leonidas Poulopoulos | found = False
|
259 | 357d48dc | Leonidas Poulopoulos | logger.info('Fragment type fields do not match')
|
260 | 357d48dc | Leonidas Poulopoulos | except:
|
261 | 357d48dc | Leonidas Poulopoulos | pass
|
262 | 357d48dc | Leonidas Poulopoulos | try:
|
263 | b10e01d6 | Leonidas Poulopoulos | assert(self.icmpcode) |
264 | 357d48dc | Leonidas Poulopoulos | assert(devicematch['icmp-code'][0]) |
265 | b10e01d6 | Leonidas Poulopoulos | if self.icmpcode == devicematch['icmp-code'][0]: |
266 | 357d48dc | Leonidas Poulopoulos | found = found and True |
267 | 357d48dc | Leonidas Poulopoulos | logger.info('Found a matching icmp code')
|
268 | 357d48dc | Leonidas Poulopoulos | else:
|
269 | 357d48dc | Leonidas Poulopoulos | found = False
|
270 | 357d48dc | Leonidas Poulopoulos | logger.info('Icmp code fields do not match')
|
271 | 357d48dc | Leonidas Poulopoulos | except:
|
272 | 357d48dc | Leonidas Poulopoulos | pass
|
273 | 357d48dc | Leonidas Poulopoulos | try:
|
274 | b10e01d6 | Leonidas Poulopoulos | assert(self.icmptype) |
275 | 357d48dc | Leonidas Poulopoulos | assert(devicematch['icmp-type'][0]) |
276 | b10e01d6 | Leonidas Poulopoulos | if self.icmptype == devicematch['icmp-type'][0]: |
277 | 357d48dc | Leonidas Poulopoulos | found = found and True |
278 | 357d48dc | Leonidas Poulopoulos | logger.info('Found a matching icmp type')
|
279 | 357d48dc | Leonidas Poulopoulos | else:
|
280 | 357d48dc | Leonidas Poulopoulos | found = False
|
281 | 357d48dc | Leonidas Poulopoulos | logger.info('Icmp type fields do not match')
|
282 | 357d48dc | Leonidas Poulopoulos | except:
|
283 | 357d48dc | Leonidas Poulopoulos | pass
|
284 | 97e42c7d | Leonidas Poulopoulos | if found and self.status != "ACTIVE": |
285 | e173e7c2 | Leonidas Poulopoulos | logger.error('Rule is applied on device but appears as offline')
|
286 | e173e7c2 | Leonidas Poulopoulos | self.status = "ACTIVE" |
287 | e173e7c2 | Leonidas Poulopoulos | self.save()
|
288 | e173e7c2 | Leonidas Poulopoulos | found = True
|
289 | 33281310 | Leonidas Poulopoulos | if self.status == "ADMININACTIVE" or self.status == "INACTIVE" or self.status == "EXPIRED": |
290 | e173e7c2 | Leonidas Poulopoulos | found = True
|
291 | 357d48dc | Leonidas Poulopoulos | return found
|
292 | 357d48dc | Leonidas Poulopoulos | |
293 | 357d48dc | Leonidas Poulopoulos | def get_then(self): |
294 | 357d48dc | Leonidas Poulopoulos | ret = ''
|
295 | b10e01d6 | Leonidas Poulopoulos | then_statements = self.then.all()
|
296 | 357d48dc | Leonidas Poulopoulos | for statement in then_statements: |
297 | 357d48dc | Leonidas Poulopoulos | if statement.action_value:
|
298 | 357d48dc | Leonidas Poulopoulos | ret = "%s %s:<strong>%s</strong><br/>" %(ret, statement.action, statement.action_value)
|
299 | 357d48dc | Leonidas Poulopoulos | else:
|
300 | 357d48dc | Leonidas Poulopoulos | ret = "%s %s<br>" %(ret, statement.action)
|
301 | 357d48dc | Leonidas Poulopoulos | return ret.rstrip(',') |
302 | 357d48dc | Leonidas Poulopoulos | |
303 | 357d48dc | Leonidas Poulopoulos | get_then.short_description = 'Then statement'
|
304 | 357d48dc | Leonidas Poulopoulos | get_then.allow_tags = True
|
305 | b10e01d6 | Leonidas Poulopoulos | #
|
306 | 357d48dc | Leonidas Poulopoulos | def get_match(self): |
307 | 357d48dc | Leonidas Poulopoulos | ret = ''
|
308 | b10e01d6 | Leonidas Poulopoulos | if self.destination: |
309 | f5d68f6f | Leonidas Poulopoulos | ret = '%s Dst Addr:<strong>%s</strong> <br/>' %(ret, self.destination) |
310 | b10e01d6 | Leonidas Poulopoulos | if self.fragmenttype: |
311 | 3e99e2d1 | Leonidas Poulopoulos | ret = "%s Fragment Type:<strong>%s</strong><br/>" %(ret, self.fragmenttype) |
312 | b10e01d6 | Leonidas Poulopoulos | if self.icmpcode: |
313 | 3e99e2d1 | Leonidas Poulopoulos | ret = "%s ICMP code:<strong>%s</strong><br/>" %(ret, self.icmpcode) |
314 | b10e01d6 | Leonidas Poulopoulos | if self.icmptype: |
315 | 3e99e2d1 | Leonidas Poulopoulos | ret = "%s ICMP Type:<strong>%s</strong><br/>" %(ret, self.icmptype) |
316 | b10e01d6 | Leonidas Poulopoulos | if self.packetlength: |
317 | 3e99e2d1 | Leonidas Poulopoulos | ret = "%s Packet Length:<strong>%s</strong><br/>" %(ret, self.packetlength) |
318 | b10e01d6 | Leonidas Poulopoulos | if self.source: |
319 | f5d68f6f | Leonidas Poulopoulos | ret = "%s Src Addr:<strong>%s</strong> <br/>" %(ret, self.source) |
320 | b10e01d6 | Leonidas Poulopoulos | if self.tcpflag: |
321 | 3e99e2d1 | Leonidas Poulopoulos | ret = "%s TCP flag:<strong>%s</strong><br/>" %(ret, self.tcpflag) |
322 | b10e01d6 | Leonidas Poulopoulos | if self.port: |
323 | b10e01d6 | Leonidas Poulopoulos | for port in self.port.all(): |
324 | f5d68f6f | Leonidas Poulopoulos | ret = ret + "Port:<strong>%s</strong> <br/>" %(port)
|
325 | 7fac6521 | Leonidas Poulopoulos | if self.protocol: |
326 | 7fac6521 | Leonidas Poulopoulos | for protocol in self.protocol.all(): |
327 | 7fac6521 | Leonidas Poulopoulos | ret = ret + "Protocol:<strong>%s</strong> <br/>" %(protocol)
|
328 | b10e01d6 | Leonidas Poulopoulos | if self.destinationport: |
329 | b10e01d6 | Leonidas Poulopoulos | for port in self.destinationport.all(): |
330 | f5d68f6f | Leonidas Poulopoulos | ret = ret + "Dst Port:<strong>%s</strong> <br/>" %(port)
|
331 | b10e01d6 | Leonidas Poulopoulos | if self.sourceport: |
332 | b10e01d6 | Leonidas Poulopoulos | for port in self.sourceport.all(): |
333 | f5d68f6f | Leonidas Poulopoulos | ret = ret +"Src Port:<strong>%s</strong> <br/>" %(port)
|
334 | b10e01d6 | Leonidas Poulopoulos | if self.dscp: |
335 | b10e01d6 | Leonidas Poulopoulos | for dscp in self.dscp.all(): |
336 | f5d68f6f | Leonidas Poulopoulos | ret = ret + "%s Port:<strong>%s</strong> <br/>" %(ret, dscp)
|
337 | 357d48dc | Leonidas Poulopoulos | return ret.rstrip('<br/>') |
338 | 357d48dc | Leonidas Poulopoulos | |
339 | 357d48dc | Leonidas Poulopoulos | get_match.short_description = 'Match statement'
|
340 | 357d48dc | Leonidas Poulopoulos | get_match.allow_tags = True
|
341 | d50fd7b6 | Leonidas Poulopoulos | |
342 | d50fd7b6 | Leonidas Poulopoulos | @property
|
343 | d50fd7b6 | Leonidas Poulopoulos | def applier_peer(self): |
344 | d50fd7b6 | Leonidas Poulopoulos | try:
|
345 | d50fd7b6 | Leonidas Poulopoulos | applier_peer = self.applier.get_profile().peer
|
346 | d50fd7b6 | Leonidas Poulopoulos | except:
|
347 | d50fd7b6 | Leonidas Poulopoulos | applier_peer = None
|
348 | d50fd7b6 | Leonidas Poulopoulos | return applier_peer
|
349 | fb67376a | Leonidas Poulopoulos | |
350 | fb67376a | Leonidas Poulopoulos | @property
|
351 | fb67376a | Leonidas Poulopoulos | def days_to_expire(self): |
352 | e74203ca | Leonidas Poulopoulos | if self.status not in ['EXPIRED', 'ADMININACTIVE', 'ERROR', 'INACTIVE']: |
353 | fb67376a | Leonidas Poulopoulos | expiration_days = (self.expires - datetime.date.today()).days
|
354 | fb67376a | Leonidas Poulopoulos | if expiration_days < settings.EXPIRATION_NOTIFY_DAYS:
|
355 | 7c4bc8de | Leonidas Poulopoulos | return "%s" %expiration_days |
356 | fb67376a | Leonidas Poulopoulos | else:
|
357 | fb67376a | Leonidas Poulopoulos | return False |
358 | fb67376a | Leonidas Poulopoulos | else:
|
359 | fb67376a | Leonidas Poulopoulos | return False |
360 | 357d48dc | Leonidas Poulopoulos | |
361 | 25d08a62 | Leonidas Poulopoulos | def send_message(msg, user): |
362 | 97e42c7d | Leonidas Poulopoulos | # username = user.username
|
363 | 97e42c7d | Leonidas Poulopoulos | peer = user |
364 | 3e99e2d1 | Leonidas Poulopoulos | b = beanstalkc.Connection() |
365 | 3e99e2d1 | Leonidas Poulopoulos | b.use(settings.POLLS_TUBE) |
366 | 97e42c7d | Leonidas Poulopoulos | tube_message = json.dumps({'message': str(msg), 'username':peer}) |
367 | 25d08a62 | Leonidas Poulopoulos | b.put(tube_message) |
368 | 3e99e2d1 | Leonidas Poulopoulos | b.close() |