Beispiel #1
0
	def testGetPid(self):
		"Test that we can get the conninfo for a particular PID and that it looks correct."
		conntrack._clearmaps()
		conntrack.up(1, "127.0.0.3", ("abc", "def", "GLOBAL"))
		conntrack.up(2, "127.0.0.4", ("test",))
		self.assertEqual(str(conntrack.getpid(1)), "<CI: PID 1, IP 127.0.0.3, classes: abc def GLOBAL>")
		self.assertEqual(str(conntrack.getpid(2)), "<CI: PID 2, IP 127.0.0.4, classes: test>")
Beispiel #2
0
	def testIpCount(self):
		"""The list of active IPs should be maintained correctly."""
		self._start(1)
		self.assertEqual(conntrack.activeips(), ['127.0.0.1',])
		conntrack.up(2, '127.0.0.3', ('ALL',))
		self.assertEqual(self._getips(), ['127.0.0.1', '127.0.0.3'])
		self._up(3)
		self.assertEqual(self._getips(), ['127.0.0.1', '127.0.0.3'])
Beispiel #3
0
	def testClassCount(self):
		"""The active class list should be maintained correctly."""
		self._start(1)
		self.assertEqual(conntrack.activeclasses(), ['ALL',])
		conntrack.up(2, '127.0.0.1', ('ALL', 'foo'))
		self.assertEqual(self._getclasses(), ['ALL', 'foo'])
		self._up(3)
		self.assertEqual(self._getclasses(), ['ALL', 'foo'])
Beispiel #4
0
	def testDiffClassSameIp(self):
		"""For multiple connections from the same IP address with different classes, we should count correctly."""
		self._start(1)
		conntrack.up(2, '127.0.0.1', ('ALL', 'foo'))
		self.assertEqual(conntrack.classcount('ALL'), 2)
		self.assertEqual(conntrack.classcount('foo'), 1)
		conntrack.down(1)
		self.assertEqual(conntrack.classcount('ALL'), 1)
		self.assertEqual(conntrack.classcount('foo'), 1)
Beispiel #5
0
	def testManyClasses(self):
		"""We should correctly add to each class for multi-class connections."""
		conntrack._clearmaps()
		conntrack.up(1, '127.0.0.1', ('foo', 'bar'))
		self.assertEqual(conntrack.classcount('foo'), 1)
		self.assertEqual(conntrack.classcount('bar'), 1)
		conntrack.down(1)
		self.assertEqual(conntrack.classcount('foo'), 0)
		self.assertEqual(conntrack.classcount('bar'), 0)
		self.assertEqual(len(conntrack.activeclasses()), 0)
Beispiel #6
0
	def testMultiClassConnects(self):
		"""We should correctly count how many times a given class is active, even with differnet IPs."""
		self._start(1)
		conntrack.up(2, '127.0.0.2', ('ALL',))
		self.assertEqual(conntrack.classcount('ALL'), 2)
		conntrack.up(3, '127.0.0.3', ('ALL',))
		self.assertEqual(conntrack.classcount('ALL'), 3)
		conntrack.down(1)
		self.assertEqual(conntrack.classcount('ALL'), 2)
		conntrack.down(3)
		self.assertEqual(conntrack.classcount('ALL'), 1)
Beispiel #7
0
	def testMultiIPConnects(self):
		"""We should correctly count how many times the same IP is connected, even with different classes."""
		self._start(1)
		conntrack.up(2, '127.0.0.1', ('foo',))
		self.assertEqual(conntrack.ipcount('127.0.0.1'), 2)
		conntrack.up(3, '127.0.0.1', ('bar',))
		self.assertEqual(conntrack.ipcount('127.0.0.1'), 3)
		conntrack.down(1)
		self.assertEqual(conntrack.ipcount('127.0.0.1'), 2)
		conntrack.down(3)
		self.assertEqual(conntrack.ipcount('127.0.0.1'), 1)
Beispiel #8
0
 def testMaxLims(self):
     "Test that connmax and ipmax are correctly handled in see situations."
     rip = "0.0.0.1"
     hi = makehi(rip=rip)
     aroot = actions.fromfile(StringIO(testSeeF), "<t>")
     clsl = genrules(("class50",))
     for ipl, connl, lmsg in self.knownLimVals:
         conntrack._clearmaps()
         for i in range(0, ipl):
             conntrack.up(i, rip, [])
         for i in range(0, connl):
             conntrack.up(i + 100, "NOIP", ["class50"])
         r = aroot.genaction(hi, clsl)
         self.assertEqual(r.logmsgs, lmsg)
         # insure that this stays true if we up class51 too.
         conntrack.up(1000, "NOIP", ["class51"])
         conntrack.up(1001, "NOIP", ["class51"])
         conntrack.up(1002, "NOIP", ["class51"])
         r = aroot.genaction(hi, clsl)
         self.assertEqual(r.logmsgs, lmsg)
Beispiel #9
0
	def _up(self, pid):
		conntrack.up(pid, '127.0.0.1', ('ALL',))
Beispiel #10
0
	# processes, since they are expected to die fast and we can do
	# without the churning of data structures in the parent.
	if action.what:
		func = whatToFunc[action.what]
		try:
			pid = proc.forkaction(newsock, func, action)
		except proc.Kaboom, e:
			log.error("Cannot start action for %s: %s" %\
				  (conninfo(hi, rmnames), str(e)))
			proc.closesock(newsock)
			return
		log.debug(2, "started PID %d for %s: %s %s" %\
			  (pid, conninfo(hi, rmnames),
			   action.what, action.argstring))
		if action.what.endswith("run"):
			conntrack.up(pid, hi.getip(), rmnames)
	else:
		log.debug(2, "dropping %s" % (conninfo(hi, rmnames),))
	# In all cases, our side of the socket is now dead and we close
	# it. (The child may still have a live connection.)
	proc.closesock(newsock)

# Finish up a completed rule processing by dispatching to actions.
# This always happens in the main thread, which is why this whole
# mess is so complicated (and irritating).
def dispatchaction(aroot):
	# Because we are the only place where stuff comes off this list,
	# we can do this unlocked, because we can never think there is
	# stuff on the list when there isn't (the only fatal case).
	if not rulesres:
		return