def zorp():
try:
s = MasterSession()
s.setService(Service("s1", None))
NATPolicy(
'test',
GeneralNAT([
(InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')),
(InetDomain('11.0.0.0/8'), InetDomain('192.168.0.0/24')),
]))
nat = getNATPolicy('test')
testcase(nat, s, (None, SockAddrInet('10.0.0.1', 8888)), NAT_DNAT,
SockAddrInet('20.0.0.1', 8888))
testcase(nat, s, (None, SockAddrInet('11.0.0.0', 8888)), NAT_DNAT,
SockAddrInet('192.168.0.0', 8888))
testcase(nat, s, (None, SockAddrInet('11.0.1.1', 8888)), NAT_DNAT,
SockAddrInet('192.168.0.1', 8888))
testcase(nat, s, (None, SockAddrInet('11.255.255.255', 8888)),
NAT_DNAT, SockAddrInet('192.168.0.255', 8888))
except Exception, e:
print_exc()
quit(1)
return 1
class TestLimitTargetZones(unittest.TestCase):
def setUp(self):
Zone('internet', ('0.0.0.0/0', '0::0/0'))
Zone('intranet', ('10.0.0.0/8', ), admin_parent='internet')
Zone('office1', ('10.1.0.0/16', '10.5.0.0/16'), admin_parent='intranet')
Zone('disconnected', ('192.168.0.0/16', ))
self.session = MasterSession()
def tearDown(self):
del self.session
import Zorp.Globals
Zorp.Globals.services.clear()
def checkZone(self, zone_name, expected):
self.session.server_zone = Zone.lookup_by_name(zone_name)
self.assertEqual(expected, self.session.isServerPermitted())
def test_default(self):
"""Check that the default is no restrictions."""
s = Service('empty', PlugProxy)
self.session.setService(s)
self.checkZone('internet', ZV_ACCEPT)
self.checkZone('office1', ZV_ACCEPT)
def test_none(self):
"""Check that None means no restrictions"""
s = Service('none', PlugProxy, limit_target_zones_to=None)
self.session.setService(s)
self.checkZone('internet', ZV_ACCEPT)
self.checkZone('office1', ZV_ACCEPT)
def test_none(self):
"""Check that an empty list means no restrictions"""
s = Service('none', PlugProxy, limit_target_zones_to=())
self.session.setService(s)
self.checkZone('internet', ZV_ACCEPT)
self.checkZone('office1', ZV_ACCEPT)
def test_match(self):
"""Check for matches recursively"""
s = Service('match', PlugProxy, limit_target_zones_to=('internet',))
self.session.setService(s)
self.checkZone('internet', ZV_ACCEPT)
self.checkZone('intranet', ZV_ACCEPT)
self.checkZone('office1', ZV_ACCEPT)
self.checkZone('disconnected', ZV_REJECT)
def setUp(self):
"""Construct a fake session object."""
self.session = MasterSession(Service("service1", PlugProxy),
None,
None,
DBSockAddr(
SockAddrInet('127.0.0.1', 1234),
ZD_PROTO_TCP),
None,
instance_id=1)
def zorp():
try:
s = MasterSession()
s.setService(Service("s1", None))
NATPolicy('test', GeneralNAT(
[(InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')),
(InetDomain('11.0.0.0/8'), InetDomain('192.168.0.0/24')),
]))
nat = getNATPolicy('test')
testcase(nat, s, (None, SockAddrInet('10.0.0.1', 8888)), NAT_DNAT, SockAddrInet('20.0.0.1', 8888))
testcase(nat, s, (None, SockAddrInet('11.0.0.0', 8888)), NAT_DNAT, SockAddrInet('192.168.0.0', 8888))
testcase(nat, s, (None, SockAddrInet('11.0.1.1', 8888)), NAT_DNAT, SockAddrInet('192.168.0.1', 8888))
testcase(nat, s, (None, SockAddrInet('11.255.255.255', 8888)), NAT_DNAT, SockAddrInet('192.168.0.255', 8888))
except Exception, e:
print_exc()
quit(1)
return 1
def test_construction_initializes_protocol(self):
master = MasterSession(self.service,
None,
None,
DBSockAddr(SockAddrInet('127.0.0.1', 1234),
ZD_PROTO_TCP),
None,
instance_id=1)
self.assertEqual(master.protocol, ZD_PROTO_TCP)
self.assertEqual(master.protocol_name, "TCP")
def zorp():
try:
s = MasterSession()
s.setService(Service("s1", None))
nat = NATPolicy('test', GeneralNAT(
[(InetSubnet('0.0.0.0/32'), InetSubnet('10.0.0.0/8'), InetSubnet('20.0.0.0/8')),
(InetSubnet('0.0.0.0/32'), InetSubnet('11.0.0.0/8'), InetSubnet('192.168.0.0/24')),
(Inet6Subnet('::/128'), Inet6Subnet('1200::/8'), Inet6Subnet('2300::/8')),
]))
testcase(nat, s, (None, SockAddrInet('10.0.0.1', 8888)), NAT_DNAT, SockAddrInet('20.0.0.1', 8888))
testcase(nat, s, (None, SockAddrInet('11.0.0.0', 8888)), NAT_DNAT, SockAddrInet('192.168.0.0', 8888))
testcase(nat, s, (None, SockAddrInet('11.0.1.1', 8888)), NAT_DNAT, SockAddrInet('192.168.0.1', 8888))
testcase(nat, s, (None, SockAddrInet('11.255.255.255', 8888)), NAT_DNAT, SockAddrInet('192.168.0.255', 8888))
testcase(nat, s, (None, SockAddrInet6('1234::', 8888)), NAT_DNAT, SockAddrInet6('2334::', 8888))
except Exception, e:
print_exc()
quit(1)
return 1
def setUp(self):
self.service = Service("testservice",
HttpProxy,
resolver_policy="test_resolver")
self.address = SockAddrInet("127.0.0.1", 80)
self.mastersession = MasterSession(self.service,
client_stream=None,
client_local=None,
client_listen=DBSockAddr(
self.address, ZD_PROTO_TCP),
client_address=self.address,
instance_id=1)
self.session = StackedSession(self.mastersession)
def setUp(self):
Zone('internet', ('0.0.0.0/0', '0::0/0'))
Zone('intranet', ('10.0.0.0/8', ), admin_parent='internet')
Zone('office1', ('10.1.0.0/16', '10.5.0.0/16'), admin_parent='intranet')
Zone('disconnected', ('192.168.0.0/16', ))
self.session = MasterSession()
def init(name):
try:
t1 = InetZone("test1", "192.168.0.0/24", inbound_services=["s1"], outbound_services=["s2"])
t2 = InetZone("test2", "192.168.0.32/27")
t3 = InetZone("test3", "192.168.0.0/26")
t4 = InetZone("test4", "192.168.0.64/27")
t5 = InetZone("test5", "192.168.0.96/27")
t6 = InetZone("test6", "192.168.0.0/25")
t7 = InetZone("test7", "192.168.0.0/16")
t8 = InetZone("test8", "192.168.1.1/32", admin_parent="test1")
t9 = InetZone("test9", "192.168.1.2/32", admin_parent="test8")
t10 = InetZone("test10", "192.168.1.3/32", admin_parent="test9", umbrella=1)
t11 = InetZone("test11", "192.168.1.4/32", admin_parent="test9")
t12 = InetZone("test12", "192.168.1.5/32", inbound_services=['*'])
t13 = InetZone("test13", "192.168.1.6/32", outbound_services=['*'])
t14 = InetZone("test14", "192.168.0.184", outbound_services=['*'])
test('192.168.0.1', root_zone.findZone(SockAddrInet('192.168.0.1', 10)), t3)
test('192.168.0.33', root_zone.findZone(SockAddrInet('192.168.0.33', 10)), t2)
test('192.168.0.65', root_zone.findZone(SockAddrInet('192.168.0.65', 10)), t4)
test('192.168.0.97', root_zone.findZone(SockAddrInet('192.168.0.97', 10)), t5)
test('192.168.0.129', root_zone.findZone(SockAddrInet('192.168.0.129', 10)), t1)
test('192.168.1.129', root_zone.findZone(SockAddrInet('192.168.1.129', 10)), t7)
test('192.168.0.184', root_zone.findZone(SockAddrInet('192.168.0.184', 10)), t14)
inet = InetZone("internet", "0.0.0.0/0", inbound_services=["s2"], outbound_services=["s1"])
test('1.1.1.1', root_zone.findZone(SockAddrInet('1.1.1.1', 10)), inet)
#for i in range(1,100):
# test('masstest1', root_zone.findZone(SockAddrInet(inet_ntoa(htonl(i)), 10)), inet)
#for i in range(1,100):
# test('masstest2', root_zone.findZone(SockAddrInet('192.168.1.129', 10)), t7)
s = MasterSession()
s.setService(Service("s1", None))
s.setServer(SockAddrInet('192.168.1.2', 9999))
#print time()
#for i in range(1, 100000):
# if s.isServerPermitted() != Z_ACCEPT:
# raise 'problema'
#print time()
test('service s1#1', t1.isInboundServicePermitted(s), Z_ACCEPT)
test('service s1#2', t1.isOutboundServicePermitted(s), Z_REJECT)
test('service s1#3', inet.isInboundServicePermitted(s), Z_REJECT)
test('service s1#4', inet.isOutboundServicePermitted(s), Z_ACCEPT)
###
test('service s1#5', t10.isOutboundServicePermitted(s), Z_REJECT)
test('service s1#6', t10.isInboundServicePermitted(s), Z_REJECT)
test('service s1#7', t11.isOutboundServicePermitted(s), Z_REJECT)
test('service s1#8', t11.isInboundServicePermitted(s), Z_ACCEPT)
test('service s1#9', t12.isInboundServicePermitted(s), Z_ACCEPT)
test('service s1#10', t12.isOutboundServicePermitted(s), Z_REJECT)
test('service s1#11', t13.isOutboundServicePermitted(s), Z_ACCEPT)
test('service s1#12', t13.isInboundServicePermitted(s), Z_REJECT)
s.service = Service("s2", None)
test('service s2#1', t1.isInboundServicePermitted(s), Z_REJECT)
test('service s2#2', t1.isOutboundServicePermitted(s), Z_ACCEPT)
test('service s2#3', inet.isInboundServicePermitted(s), Z_ACCEPT)
test('service s2#4', inet.isOutboundServicePermitted(s), Z_REJECT)
###
test('service s2#5', t10.isInboundServicePermitted(s), Z_REJECT)
test('service s2#6', t10.isOutboundServicePermitted(s), Z_REJECT)
test('service s2#7', t11.isOutboundServicePermitted(s), Z_ACCEPT)
test('service s2#8', t11.isInboundServicePermitted(s), Z_REJECT)
test('service s2#9', t12.isInboundServicePermitted(s), Z_ACCEPT)
test('service s2#10', t12.isOutboundServicePermitted(s), Z_REJECT)
test('service s2#11', t13.isOutboundServicePermitted(s), Z_ACCEPT)
test('service s2#12', t13.isInboundServicePermitted(s), Z_REJECT)
except Exception, e:
print_exc()
quit(1)
return 1
def init(name):
try:
t1 = InetZone("test1",
"192.168.0.0/24",
inbound_services=["s1"],
outbound_services=["s2"])
t2 = InetZone("test2", "192.168.0.32/27")
t3 = InetZone("test3", "192.168.0.0/26")
t4 = InetZone("test4", "192.168.0.64/27")
t5 = InetZone("test5", "192.168.0.96/27")
t6 = InetZone("test6", "192.168.0.0/25")
t7 = InetZone("test7", "192.168.0.0/16")
t8 = InetZone("test8", "192.168.1.1/32", admin_parent="test1")
t9 = InetZone("test9", "192.168.1.2/32", admin_parent="test8")
t10 = InetZone("test10",
"192.168.1.3/32",
admin_parent="test9",
umbrella=1)
t11 = InetZone("test11", "192.168.1.4/32", admin_parent="test9")
t12 = InetZone("test12", "192.168.1.5/32", inbound_services=['*'])
t13 = InetZone("test13", "192.168.1.6/32", outbound_services=['*'])
t14 = InetZone("test14", "192.168.0.184", outbound_services=['*'])
test('192.168.0.1', root_zone.findZone(SockAddrInet('192.168.0.1',
10)), t3)
test('192.168.0.33',
root_zone.findZone(SockAddrInet('192.168.0.33', 10)), t2)
test('192.168.0.65',
root_zone.findZone(SockAddrInet('192.168.0.65', 10)), t4)
test('192.168.0.97',
root_zone.findZone(SockAddrInet('192.168.0.97', 10)), t5)
test('192.168.0.129',
root_zone.findZone(SockAddrInet('192.168.0.129', 10)), t1)
test('192.168.1.129',
root_zone.findZone(SockAddrInet('192.168.1.129', 10)), t7)
test('192.168.0.184',
root_zone.findZone(SockAddrInet('192.168.0.184', 10)), t14)
inet = InetZone("internet",
"0.0.0.0/0",
inbound_services=["s2"],
outbound_services=["s1"])
test('1.1.1.1', root_zone.findZone(SockAddrInet('1.1.1.1', 10)), inet)
#for i in range(1,100):
# test('masstest1', root_zone.findZone(SockAddrInet(inet_ntoa(htonl(i)), 10)), inet)
#for i in range(1,100):
# test('masstest2', root_zone.findZone(SockAddrInet('192.168.1.129', 10)), t7)
s = MasterSession()
s.setService(Service("s1", None))
s.setServer(SockAddrInet('192.168.1.2', 9999))
#print time()
#for i in range(1, 100000):
# if s.isServerPermitted() != Z_ACCEPT:
# raise 'problema'
#print time()
test('service s1#1', t1.isInboundServicePermitted(s), Z_ACCEPT)
test('service s1#2', t1.isOutboundServicePermitted(s), Z_REJECT)
test('service s1#3', inet.isInboundServicePermitted(s), Z_REJECT)
test('service s1#4', inet.isOutboundServicePermitted(s), Z_ACCEPT)
###
test('service s1#5', t10.isOutboundServicePermitted(s), Z_REJECT)
test('service s1#6', t10.isInboundServicePermitted(s), Z_REJECT)
test('service s1#7', t11.isOutboundServicePermitted(s), Z_REJECT)
test('service s1#8', t11.isInboundServicePermitted(s), Z_ACCEPT)
test('service s1#9', t12.isInboundServicePermitted(s), Z_ACCEPT)
test('service s1#10', t12.isOutboundServicePermitted(s), Z_REJECT)
test('service s1#11', t13.isOutboundServicePermitted(s), Z_ACCEPT)
test('service s1#12', t13.isInboundServicePermitted(s), Z_REJECT)
s.service = Service("s2", None)
test('service s2#1', t1.isInboundServicePermitted(s), Z_REJECT)
test('service s2#2', t1.isOutboundServicePermitted(s), Z_ACCEPT)
test('service s2#3', inet.isInboundServicePermitted(s), Z_ACCEPT)
test('service s2#4', inet.isOutboundServicePermitted(s), Z_REJECT)
###
test('service s2#5', t10.isInboundServicePermitted(s), Z_REJECT)
test('service s2#6', t10.isOutboundServicePermitted(s), Z_REJECT)
test('service s2#7', t11.isOutboundServicePermitted(s), Z_ACCEPT)
test('service s2#8', t11.isInboundServicePermitted(s), Z_REJECT)
test('service s2#9', t12.isInboundServicePermitted(s), Z_ACCEPT)
test('service s2#10', t12.isOutboundServicePermitted(s), Z_REJECT)
test('service s2#11', t13.isOutboundServicePermitted(s), Z_ACCEPT)
test('service s2#12', t13.isInboundServicePermitted(s), Z_REJECT)
except Exception, e:
print_exc()
quit(1)
return 1
def setUp(self):
"""Construct a fake session object."""
self.session = MasterSession()
self.session.setService(Service("service1", PlugProxy))
class TestGeneralNAT(unittest.TestCase):
def tearDown(self):
"""Clean up global state."""
del self.session
import Zorp.Globals
Zorp.Globals.services.clear()
Zorp.Globals.nat_policies.clear()
def setUp(self):
"""Construct a fake session object."""
self.session = MasterSession()
self.session.setService(Service("service1", PlugProxy))
def performTranslation(self, nat_policy_name, addresses, nat_type):
nat = getNATPolicy(nat_policy_name)
return nat.performTranslation(self.session, addresses, nat_type)
def checkDNAT(self, nat_policy_name, addresses, expected_result):
return self.assertEqual(
str(self.performTranslation(nat_policy_name, addresses, NAT_DNAT)),
str(expected_result))
def test_simple_dnat(self):
"""Test if DNAT works at all."""
NATPolicy(
'test',
GeneralNAT([
(InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'),
InetDomain('20.0.0.0/8')),
]))
self.checkDNAT("test", (None, SockAddrInet('9.255.255.255', 8888)),
None)
self.checkDNAT("test", (None, SockAddrInet('10.0.0.0', 8888)),
SockAddrInet('20.0.0.0', 8888))
self.checkDNAT("test", (None, SockAddrInet('10.0.0.1', 8888)),
SockAddrInet('20.0.0.1', 8888))
self.checkDNAT("test", (None, SockAddrInet('10.255.255.255', 8888)),
SockAddrInet('20.255.255.255', 8888))
self.checkDNAT("test", (None, SockAddrInet('11.0.0.0', 8888)), None)
def test_ipv6_dnat(self):
"""Test if DNAT works for IPv6 addresses"""
NATPolicy(
'test',
GeneralNAT([(Inet6Subnet('::/128'), Inet6Subnet('1200::/8'),
Inet6Subnet('2300::/8'))]))
self.checkDNAT("test", (None, SockAddrInet6('1234::', 8888)),
SockAddrInet6('2334::', 8888))
self.checkDNAT("test", (None, SockAddrInet6('1300::', 8888)), None)
def test_multiple_ranges_dnat(self):
"""Test if DNAT works with multiple ranges."""
NATPolicy(
'test',
GeneralNAT([
(InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'),
InetDomain('20.0.0.0/8')),
(InetDomain('0.0.0.0/32'), InetDomain('11.0.0.0/8'),
InetDomain('192.168.0.0/24')),
]))
self.checkDNAT("test", (None, SockAddrInet('10.0.0.1', 8888)),
SockAddrInet('20.0.0.1', 8888))
self.checkDNAT("test", (None, SockAddrInet('11.0.0.1', 8888)),
SockAddrInet('192.168.0.1', 8888))
def test_overlapping_ranges_ordering(self):
"""Test what happens if there were overlapping ranges specified."""
NATPolicy(
'large_first',
GeneralNAT([
(InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'),
InetDomain('20.0.0.0/8')),
(InetDomain('0.0.0.0/32'), InetDomain('10.128.0.0/9'),
InetDomain('21.0.0.0/9')),
]))
self.checkDNAT("large_first",
(None, SockAddrInet('10.127.255.255', 8888)),
SockAddrInet('20.127.255.255', 8888))
self.checkDNAT("large_first", (None, SockAddrInet('10.128.0.0', 8888)),
SockAddrInet('20.128.0.0', 8888))
NATPolicy(
'small_first',
GeneralNAT([
(InetDomain('0.0.0.0/32'), InetDomain('10.128.0.0/9'),
InetDomain('21.0.0.0/9')),
(InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'),
InetDomain('20.0.0.0/8')),
]))
self.checkDNAT("small_first",
(None, SockAddrInet('10.127.255.255', 8888)),
SockAddrInet('20.127.255.255', 8888))
self.checkDNAT("small_first", (None, SockAddrInet('10.128.0.0', 8888)),
SockAddrInet('21.0.0.0', 8888))
def test_destination_out_of_range(self):
"""Test if the result is properly capped."""
NATPolicy(
'test',
GeneralNAT([
(InetDomain('0.0.0.0/32'), InetDomain('11.0.0.0/8'),
InetDomain('192.168.0.0/24')),
]))
self.checkDNAT("test", (None, SockAddrInet('11.255.255.255', 8888)),
SockAddrInet('192.168.0.255', 8888))
def setUp(self):
"""Construct a fake session object."""
self.session = MasterSession()
self.session.setService(Service("service1", PlugProxy))
class TestGeneralNAT(unittest.TestCase):
def tearDown(self):
"""Clean up global state."""
del self.session
import Zorp.Globals
Zorp.Globals.services.clear()
Zorp.Globals.nat_policies.clear()
def setUp(self):
"""Construct a fake session object."""
self.session = MasterSession()
self.session.setService(Service("service1", PlugProxy))
def performTranslation(self, nat_policy_name, addresses, nat_type):
nat = getNATPolicy(nat_policy_name)
return nat.performTranslation(self.session, addresses, nat_type)
def checkDNAT(self, nat_policy_name, addresses, expected_result):
return self.assertEqual(str(self.performTranslation(nat_policy_name, addresses, NAT_DNAT)), str(expected_result))
def test_simple_dnat(self):
"""Test if DNAT works at all."""
NATPolicy('test', GeneralNAT(
[(InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')),
]))
self.checkDNAT("test", (None, SockAddrInet('9.255.255.255', 8888)), None)
self.checkDNAT("test", (None, SockAddrInet('10.0.0.0', 8888)), SockAddrInet('20.0.0.0', 8888))
self.checkDNAT("test", (None, SockAddrInet('10.0.0.1', 8888)), SockAddrInet('20.0.0.1', 8888))
self.checkDNAT("test", (None, SockAddrInet('10.255.255.255', 8888)), SockAddrInet('20.255.255.255', 8888))
self.checkDNAT("test", (None, SockAddrInet('11.0.0.0', 8888)), None)
def test_ipv6_dnat(self):
"""Test if DNAT works for IPv6 addresses"""
NATPolicy('test', GeneralNAT(
[(Inet6Subnet('::/128'), Inet6Subnet('1200::/8'), Inet6Subnet('2300::/8'))
]))
self.checkDNAT("test", (None, SockAddrInet6('1234::', 8888)), SockAddrInet6('2334::', 8888))
self.checkDNAT("test", (None, SockAddrInet6('1300::', 8888)), None)
def test_multiple_ranges_dnat(self):
"""Test if DNAT works with multiple ranges."""
NATPolicy('test', GeneralNAT(
[(InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')),
(InetDomain('0.0.0.0/32'), InetDomain('11.0.0.0/8'), InetDomain('192.168.0.0/24')),
]))
self.checkDNAT("test", (None, SockAddrInet('10.0.0.1', 8888)), SockAddrInet('20.0.0.1', 8888))
self.checkDNAT("test", (None, SockAddrInet('11.0.0.1', 8888)), SockAddrInet('192.168.0.1', 8888))
def test_overlapping_ranges_ordering(self):
"""Test what happens if there were overlapping ranges specified."""
NATPolicy('large_first', GeneralNAT(
[(InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')),
(InetDomain('0.0.0.0/32'), InetDomain('10.128.0.0/9'), InetDomain('21.0.0.0/9')),
]))
self.checkDNAT("large_first", (None, SockAddrInet('10.127.255.255', 8888)), SockAddrInet('20.127.255.255', 8888))
self.checkDNAT("large_first", (None, SockAddrInet('10.128.0.0', 8888)), SockAddrInet('20.128.0.0', 8888))
NATPolicy('small_first', GeneralNAT(
[(InetDomain('0.0.0.0/32'), InetDomain('10.128.0.0/9'), InetDomain('21.0.0.0/9')),
(InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')),
]))
self.checkDNAT("small_first", (None, SockAddrInet('10.127.255.255', 8888)), SockAddrInet('20.127.255.255', 8888))
self.checkDNAT("small_first", (None, SockAddrInet('10.128.0.0', 8888)), SockAddrInet('21.0.0.0', 8888))
def test_destination_out_of_range(self):
"""Test if the result is properly capped."""
NATPolicy('test', GeneralNAT(
[(InetDomain('0.0.0.0/32'), InetDomain('11.0.0.0/8'), InetDomain('192.168.0.0/24')),
]))
self.checkDNAT("test", (None, SockAddrInet('11.255.255.255', 8888)), SockAddrInet('192.168.0.255', 8888))
def init(names, virtual_name, is_master):
try:
t1 = Zone("test1", "192.168.0.0/24", inbound_services=["s1"], outbound_services=["s2"])
t2 = Zone("test2", "192.168.0.32/27")
t3 = Zone("test3", "192.168.0.0/26")
t4 = Zone("test4", "192.168.0.64/27")
t5 = Zone("test5", "192.168.0.96/27")
t6 = Zone("test6", "192.168.0.0/25")
t7 = Zone("test7", "192.168.0.0/16")
t8 = Zone("test8", "192.168.1.1/32", admin_parent="test1")
t9 = Zone("test9", "192.168.1.2/32", admin_parent="test8")
t10 = Zone("test10", "192.168.1.3/32", admin_parent="test9", umbrella=1)
t11 = Zone("test11", "192.168.1.4/32", admin_parent="test9")
t12 = Zone("test12", "192.168.1.5/32", inbound_services=['*'])
t13 = Zone("test13", "192.168.1.6/32", outbound_services=['*'])
t14 = Zone("test14", "192.168.0.184", outbound_services=['*'])
t15 = Zone("test15", "dead:beef:baad:c0ff:ee00:1122:3344:5566/127", outbound_services=['*'])
test('192.168.0.1', Zone.lookup(SockAddrInet('192.168.0.1', 10)), t3)
test('192.168.0.33', Zone.lookup(SockAddrInet('192.168.0.33', 10)), t2)
test('192.168.0.65', Zone.lookup(SockAddrInet('192.168.0.65', 10)), t4)
test('192.168.0.97', Zone.lookup(SockAddrInet('192.168.0.97', 10)), t5)
test('192.168.0.129', Zone.lookup(SockAddrInet('192.168.0.129', 10)), t1)
test('192.168.1.129', Zone.lookup(SockAddrInet('192.168.1.129', 10)), t7)
test('192.168.0.184', Zone.lookup(SockAddrInet('192.168.0.184', 10)), t14)
test('dead:beef:baad:c0ff:ee00:1122:3344:5566', Zone.lookup(SockAddrInet6('dead:beef:baad:c0ff:ee00:1122:3344:5566', 10)), t15)
test('dead:beef:baad:c0ff:ee00:1122:3344:5566', Zone.lookup(SockAddrInet6('dead:beef:baad:c0ff:ee00:1122:3344:5567', 10)), t15)
inet = Zone("internet", "0.0.0.0/0", inbound_services=["s2"], outbound_services=["s1"])
test('1.1.1.1', Zone.lookup(SockAddrInet('1.1.1.1', 10)), inet)
s = MasterSession()
s.setService(Service("s1", None))
s.setServer(SockAddrInet('192.168.1.2', 9999))
test('service s1#1', t1.isInboundServicePermitted(s.service), ZV_ACCEPT)
test('service s1#2', t1.isOutboundServicePermitted(s.service), ZV_REJECT)
test('service s1#3', inet.isInboundServicePermitted(s.service), ZV_REJECT)
test('service s1#4', inet.isOutboundServicePermitted(s.service), ZV_ACCEPT)
###
test('service s1#5', t10.isOutboundServicePermitted(s.service), ZV_REJECT)
test('service s1#6', t10.isInboundServicePermitted(s.service), ZV_REJECT)
test('service s1#7', t11.isOutboundServicePermitted(s.service), ZV_REJECT)
test('service s1#8', t11.isInboundServicePermitted(s.service), ZV_ACCEPT)
test('service s1#9', t12.isInboundServicePermitted(s.service), ZV_ACCEPT)
test('service s1#10', t12.isOutboundServicePermitted(s.service), ZV_REJECT)
test('service s1#11', t13.isOutboundServicePermitted(s.service), ZV_ACCEPT)
test('service s1#12', t13.isInboundServicePermitted(s.service), ZV_REJECT)
s.service = Service("s2", None)
test('service s2#1', t1.isInboundServicePermitted(s.service), ZV_REJECT)
test('service s2#2', t1.isOutboundServicePermitted(s.service), ZV_ACCEPT)
test('service s2#3', inet.isInboundServicePermitted(s.service), ZV_ACCEPT)
test('service s2#4', inet.isOutboundServicePermitted(s.service), ZV_REJECT)
###
test('service s2#5', t10.isInboundServicePermitted(s.service), ZV_REJECT)
test('service s2#6', t10.isOutboundServicePermitted(s.service), ZV_REJECT)
test('service s2#7', t11.isOutboundServicePermitted(s.service), ZV_ACCEPT)
test('service s2#8', t11.isInboundServicePermitted(s.service), ZV_REJECT)
test('service s2#9', t12.isInboundServicePermitted(s.service), ZV_ACCEPT)
test('service s2#10', t12.isOutboundServicePermitted(s.service), ZV_REJECT)
test('service s2#11', t13.isOutboundServicePermitted(s.service), ZV_ACCEPT)
test('service s2#12', t13.isInboundServicePermitted(s.service), ZV_REJECT)
except Exception, e:
print_exc()
quit(1)
return 1
