def __init__(self, name, router=None, snat_policy=None, dnat_policy=None):
"""
<method maturity="stable">
<summary>
Constructor to initialize a PFService instance.
</summary>
<description>
<para>
This constructor defines a packetfilter-service with the specified parameters.
</para>
</description>
</method>
"""
super(PFService, self).__init__(name)
self.router = router or default_router or TransparentRouter()
self.snat_policy = getNATPolicy(snat_policy)
self.dnat_policy = getNATPolicy(dnat_policy)
def __init__(self, name, router=None, snat_policy=None, dnat_policy=None):
"""
<method maturity="stable">
<summary>
Constructor to initialize a PFService instance.
</summary>
<description>
<para>
This constructor defines a packetfilter-service with the specified parameters.
</para>
</description>
</method>
"""
AbstractService.__init__(self, name)
self.router = router or default_router or TransparentRouter()
self.snat_policy = getNATPolicy(snat_policy)
self.dnat_policy = getNATPolicy(dnat_policy)
def __init__(
self,
name,
proxy_class,
router=None,
chainer=None,
snat_policy=None,
snat=None,
dnat_policy=None,
dnat=None,
authentication_policy=None,
authorization_policy=None,
max_instances=0,
max_sessions=0,
auth_name=None,
resolver_policy=None,
auth=None,
auth_policy=None,
keepalive=None,
encryption_policy=None,
limit_target_zones_to=None,
detector_config=None,
detector_default_service_name=None,
):
"""
<method maturity="stable">
<summary>
Constructor to initialize a Service instance.
</summary>
<description>
<para>
This contructor defines a Service with the specified parameters.
</para>
</description>
<metainfo>
<arguments>
<argument maturity="stable">
<name>name</name>
<type>
<string/>
</type>
<description>The name identifying the service.</description>
</argument>
<argument maturity="stable">
<name>router</name>
<type>
<class filter="router" instance="yes"/>
</type>
<default>None</default>
<description>Name of the router instance used to determine
the destination address of the server.
Defaults to <link linkend="python.Router.TransparentRouter">TransparentRouter</link>
if no other router is specified.
</description>
</argument>
<argument maturity="stable">
<name>chainer</name>
<type>
<class filter="chainer" instance="yes"/>
</type>
<default>None</default>
<description>Name of the chainer instance used to connect to
the destination server.
Defaults to <link linkend="python.Chainer.ConnectChainer">ConnectChainer</link>
if no other chainer is specified.</description>
</argument>
<argument>
<name>snat_policy</name>
<type>
<class filter="natpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Name of the NAT policy instance used to
translate the source addresses of
the sessions. See <xref linkend="python.NAT"/> for details.</description>
</argument>
<argument maturity="obsolete">
<name>snat</name>
<type>
<class filter="nat"/>
</type>
<default>None</default>
<description>Obsolete parameter, use <parameter>snat_policy</parameter> instead.
</description>
</argument>
<argument>
<name>dnat_policy</name>
<type>
<class filter="natpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Name of the NAT policy instance used to
translate the destination addresses of
the sessions. See <xref linkend="python.NAT"/> for details.</description>
</argument>
<argument maturity="obsolete">
<name>dnat</name>
<type>
<class filter="nat"/>
</type>
<default>None</default>
<description>Obsolete parameter,
use <parameter>dnat_policy</parameter> instead.</description>
</argument>
<argument maturity="stable">
<name>proxy_class</name>
<type>
<class filter="proxy"/>
</type>
<description>Name of the proxy class instance used to analyze the traffic transferred in
the session. See <xref linkend="python.Proxy"/> for details.</description>
</argument>
<argument>
<name>authentication_policy</name>
<type>
<class filter="authpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Name of the AuthenticationPolicy instance used to authenticate the clients.
See <xref linkend="python.Auth"/> for details.</description>
</argument>
<argument>
<name>authorization_policy</name>
<type>
<class filter="authorizationpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Name of the AuthorizationPolicy instance used to authorize the clients.
See <xref linkend="python.Auth"/> for details.</description>
</argument>
<argument maturity="obsolete">
<name>auth</name>
<type>
<class filter="auth" instance="yes"/>
</type>
<default>None</default>
<description>Obsolete parameter, use <parameter>authentication_policy</parameter> instead.
</description>
</argument>
<argument maturity="obsolete">
<name>auth_policy</name>
<type>
<class filter="authpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Obsolete parameter, use <parameter>authorization_policy</parameter> instead.
</description>
</argument>
<argument>
<name>auth_name</name>
<type>
<string/>
</type>
<default>None</default>
<description>
Authentication name of the service. This string informs the
users of the Zorp Authentication Agent about which
service they are authenticating for. Default value: the name of the service.
</description>
</argument>
<argument maturity="stable">
<name>max_instances</name>
<type>
<integer/>
</type>
<default>0</default>
<description>Permitted number of concurrent instances of this service. Usually each
service instance handles one connection. Default value: <parameter>0</parameter> (unlimited).
</description>
</argument>
<argument>
<name>max_sessions</name>
<type><integer/></type>
<default>0</default>
<description>
Maximum number of concurrent sessions handled by one thread.
</description>
</argument>
<argument>
<name>resolver_policy</name>
<type>
<class filter="resolverpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Name of the ResolvePolicy instance used to resolve the destination domain names.
See <xref linkend="python.Resolver"/> for details.
Default value: <parameter>DNSResolver</parameter>.
</description>
</argument>
<argument>
<name>keepalive</name>
<type><integer/></type>
<default>Z_KEEPALIVE_NONE</default>
<description>
The TCP keepalive option, one of the Z_KEEPALIVE_NONE,
Z_KEEPALIVE_CLIENT, Z_KEEPALIVE_SERVER,
Z_KEEPALIVE_BOTH values.
</description>
</argument>
<argument>
<name>limit_target_zones_to</name>
<type><list><string/></list></type>
<default>None</default>
<description>
A comma-separated list of zone names permitted as the target of the service. No restrictions
are applied if the list is empty. Use this parameter to replace the obsolete <parameter>inbound_services</parameter> parameter of the Zone class.
</description>
</argument>
<argument>
<name>encryption_policy</name>
<type>
<class filter="encryptionpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Name of the Encryption policy instance used to
encrypt the sessions and verify the certificates used.
For details, see <xref linkend="python.Encryption"/>.</description>
</argument>
</arguments>
</metainfo>
</method>
"""
super(Service, self).__init__(name)
self.proxy_class = proxy_class
self.router = router or default_router or TransparentRouter()
self.chainer = chainer or default_chainer or ConnectChainer()
if (snat or default_snat) and snat_policy:
raise ValueError, "Cannot set both snat and snat_policy"
if (dnat or default_dnat) and dnat_policy:
raise ValueError, "Cannot set both dnat and dnat_policy"
if (auth or default_auth or auth_policy) and authentication_policy:
raise ValueError, "Cannot set authentication_policy and auth or auth_policy"
if snat or default_snat:
self.snat_policy = NATPolicy('__%s-snat' % name, snat
or default_snat)
else:
self.snat_policy = getNATPolicy(snat_policy)
if dnat or default_dnat:
self.dnat_policy = NATPolicy('__%s-dnat' % name, dnat
or default_dnat)
else:
self.dnat_policy = getNATPolicy(dnat_policy)
if type(auth) == types.StringType:
auth_policy = auth
auth = None
if keepalive:
self.keepalive = keepalive
if auth_policy:
# one older auth_policy implementation (up to Zorp 3.0)
auth_policy = getAuthPolicyObsolete(auth_policy)
self.authentication_policy = auth_policy.getAuthenticationPolicy()
elif auth or default_auth:
# even older auth implementation (up to Zorp 2.1)
auth_policy = AuthPolicy(None, auth or default_auth)
self.authentication_policy = auth_policy.getAuthenticationPolicy()
else:
# current Authentication support
self.authentication_policy = getAuthenticationPolicy(
authentication_policy)
self.auth_name = auth_name or name
if resolver_policy:
self.resolver_policy = getResolverPolicy(resolver_policy)
else:
self.resolver_policy = ResolverPolicy(None, DNSResolver())
if encryption_policy:
self.encryption_policy = getEncryptionPolicy(encryption_policy)
else:
self.encryption_policy = None
self.limit_target_zones_to = limit_target_zones_to
self.detector_config = detector_config
self.detector_default_service_name = detector_default_service_name
self.max_instances = max_instances
self.max_sessions = max_sessions
self.num_instances = 0
self.proxy_group = ProxyGroup(self.max_sessions)
self.lock = thread.allocate_lock()
self.start_time = 0
def __init__(self, name, proxy_class, router=None, chainer=None, snat_policy=None, snat=None, dnat_policy=None, dnat=None, authentication_policy=None, authorization_policy=None, max_instances=0, max_sessions=0, auth_name=None, resolver_policy=None, auth=None, auth_policy=None, keepalive=None, encryption_policy=None):
"""
<method maturity="stable">
<summary>
Constructor to initialize a Service instance.
</summary>
<description>
<para>
This contructor defines a Service with the specified parameters.
</para>
</description>
<metainfo>
<arguments>
<argument maturity="stable">
<name>name</name>
<type>
<string/>
</type>
<description>The name identifying the service.</description>
</argument>
<argument maturity="stable">
<name>router</name>
<type>
<class filter="router" instance="yes"/>
</type>
<default>None</default>
<description>Name of the router instance used to determine
the destination address of the server.
Defaults to <link linkend="python.Router.TransparentRouter">TransparentRouter</link>
if no other router is specified.
</description>
</argument>
<argument maturity="stable">
<name>chainer</name>
<type>
<class filter="chainer" instance="yes"/>
</type>
<default>None</default>
<description>Name of the chainer instance used to connect to
the destination server.
Defaults to <link linkend="python.Chainer.ConnectChainer">ConnectChainer</link>
if no other chainer is specified.</description>
</argument>
<argument>
<name>snat_policy</name>
<type>
<class filter="natpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Name of the NAT policy instance used to
translate the source addresses of
the sessions. See <xref linkend="python.NAT"/> for details.</description>
</argument>
<argument maturity="obsolete">
<name>snat</name>
<type>
<class filter="nat"/>
</type>
<default>None</default>
<description>Obsolete parameter, use <parameter>snat_policy</parameter> instead.
</description>
</argument>
<argument>
<name>dnat_policy</name>
<type>
<class filter="natpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Name of the NAT policy instance used to
translate the destination addresses of
the sessions. See <xref linkend="python.NAT"/> for details.</description>
</argument>
<argument maturity="obsolete">
<name>dnat</name>
<type>
<class filter="nat"/>
</type>
<default>None</default>
<description>Obsolete parameter,
use <parameter>dnat_policy</parameter> instead.</description>
</argument>
<argument maturity="stable">
<name>proxy_class</name>
<type>
<class filter="proxy"/>
</type>
<description>Name of the proxy class instance used to analyze the traffic transferred in
the session. See <xref linkend="python.Proxy"/> for details.</description>
</argument>
<argument>
<name>authentication_policy</name>
<type>
<class filter="authpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Name of the AuthenticationPolicy instance used to authenticate the clients.
See <xref linkend="python.Auth"/> for details.</description>
</argument>
<argument>
<name>authorization_policy</name>
<type>
<class filter="authorizationpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Name of the AuthorizationPolicy instance used to authorize the clients.
See <xref linkend="python.Auth"/> for details.</description>
</argument>
<argument maturity="obsolete">
<name>auth</name>
<type>
<class filter="auth" instance="yes"/>
</type>
<default>None</default>
<description>Obsolete parameter, use <parameter>authentication_policy</parameter> instead.
</description>
</argument>
<argument maturity="obsolete">
<name>auth_policy</name>
<type>
<class filter="authpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Obsolete parameter, use <parameter>authorization_policy</parameter> instead.
</description>
</argument>
<argument>
<name>auth_name</name>
<type>
<string/>
</type>
<default>None</default>
<description>
Authentication name of the service. This string informs the
users of the Zorp Authentication Agent about which
service they are authenticating for. Default value: the name of the service.
</description>
</argument>
<argument maturity="stable">
<name>max_instances</name>
<type>
<integer/>
</type>
<default>0</default>
<description>Permitted number of concurrent instances of this service. Usually each
service instance handles one connection. Default value: <parameter>0</parameter> (unlimited).
</description>
</argument>
. <argument>
<name>max_sessions</name>
<type><integer/></type>
<description>
Maximum number of concurrent sessions handled by one thread.
</description>
</argument>
<argument>
<name>resolver_policy</name>
<type>
<class filter="resolverpolicy" existing="yes"/>
</type>
<default>None</default>
<description>Name of the ResolvePolicy instance used to resolve the destination domain names.
See <xref linkend="python.Resolver"/> for details.
Default value: <parameter>DNSResolver</parameter>.
</description>
</argument>
. <argument>
<name>keepalive</name>
<type><integer/></type>
<description>
The TCP keepalive option, one of the Z_KEEPALIVE_NONE,
Z_KEEPALIVE_CLIENT, Z_KEEPALIVE_SERVER,
Z_KEEPALIVE_BOTH values.
</description>
</argument>
</arguments>
</metainfo>
</method>
"""
super(Service, self).__init__(name)
self.proxy_class = proxy_class
self.router = router or default_router or TransparentRouter()
self.chainer = chainer or default_chainer or ConnectChainer()
if (snat or default_snat) and snat_policy:
raise ValueError, "Cannot set both snat and snat_policy"
if (dnat or default_dnat) and dnat_policy:
raise ValueError, "Cannot set both dnat and dnat_policy"
if (auth or default_auth or auth_policy) and authentication_policy:
raise ValueError, "Cannot set authentication_policy and auth or auth_policy"
if snat or default_snat:
self.snat_policy = NATPolicy('__%s-snat' % name, snat or default_snat)
else:
self.snat_policy = getNATPolicy(snat_policy)
if dnat or default_dnat:
self.dnat_policy = NATPolicy('__%s-dnat' % name, dnat or default_dnat)
else:
self.dnat_policy = getNATPolicy(dnat_policy)
if type(auth) == types.StringType:
auth_policy = auth
auth = None
if keepalive:
self.keepalive = keepalive
if auth_policy:
# one older auth_policy implementation (up to Zorp 3.0)
auth_policy = getAuthPolicyObsolete(auth_policy)
self.authentication_policy = auth_policy.getAuthenticationPolicy()
elif auth or default_auth:
# even older auth implementation (up to Zorp 2.1)
auth_policy = AuthPolicy(None, auth or default_auth)
self.authentication_policy = auth_policy.getAuthenticationPolicy()
else:
# current Authentication support
self.authentication_policy = getAuthenticationPolicy(authentication_policy)
self.auth_name = auth_name or name
if resolver_policy:
self.resolver_policy = getResolverPolicy(resolver_policy)
else:
self.resolver_policy = ResolverPolicy(None, DNSResolver())
if encryption_policy:
self.encryption_policy = getEncryptionPolicy(encryption_policy)
else:
self.encryption_policy = None
self.max_instances = max_instances
self.max_sessions = max_sessions
self.num_instances = 0
self.proxy_group = ProxyGroup(self.max_sessions)
self.lock = thread.allocate_lock()
