def zorp(): try: s = MasterSession() s.setService(Service("s1", None)) NATPolicy( 'test', GeneralNAT([ (InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')), (InetDomain('11.0.0.0/8'), InetDomain('192.168.0.0/24')), ])) nat = getNATPolicy('test') testcase(nat, s, (None, SockAddrInet('10.0.0.1', 8888)), NAT_DNAT, SockAddrInet('20.0.0.1', 8888)) testcase(nat, s, (None, SockAddrInet('11.0.0.0', 8888)), NAT_DNAT, SockAddrInet('192.168.0.0', 8888)) testcase(nat, s, (None, SockAddrInet('11.0.1.1', 8888)), NAT_DNAT, SockAddrInet('192.168.0.1', 8888)) testcase(nat, s, (None, SockAddrInet('11.255.255.255', 8888)), NAT_DNAT, SockAddrInet('192.168.0.255', 8888)) except Exception, e: print_exc() quit(1) return 1
class TestLimitTargetZones(unittest.TestCase): def setUp(self): Zone('internet', ('0.0.0.0/0', '0::0/0')) Zone('intranet', ('10.0.0.0/8', ), admin_parent='internet') Zone('office1', ('10.1.0.0/16', '10.5.0.0/16'), admin_parent='intranet') Zone('disconnected', ('192.168.0.0/16', )) self.session = MasterSession() def tearDown(self): del self.session import Zorp.Globals Zorp.Globals.services.clear() def checkZone(self, zone_name, expected): self.session.server_zone = Zone.lookup_by_name(zone_name) self.assertEqual(expected, self.session.isServerPermitted()) def test_default(self): """Check that the default is no restrictions.""" s = Service('empty', PlugProxy) self.session.setService(s) self.checkZone('internet', ZV_ACCEPT) self.checkZone('office1', ZV_ACCEPT) def test_none(self): """Check that None means no restrictions""" s = Service('none', PlugProxy, limit_target_zones_to=None) self.session.setService(s) self.checkZone('internet', ZV_ACCEPT) self.checkZone('office1', ZV_ACCEPT) def test_none(self): """Check that an empty list means no restrictions""" s = Service('none', PlugProxy, limit_target_zones_to=()) self.session.setService(s) self.checkZone('internet', ZV_ACCEPT) self.checkZone('office1', ZV_ACCEPT) def test_match(self): """Check for matches recursively""" s = Service('match', PlugProxy, limit_target_zones_to=('internet',)) self.session.setService(s) self.checkZone('internet', ZV_ACCEPT) self.checkZone('intranet', ZV_ACCEPT) self.checkZone('office1', ZV_ACCEPT) self.checkZone('disconnected', ZV_REJECT)
def setUp(self): """Construct a fake session object.""" self.session = MasterSession(Service("service1", PlugProxy), None, None, DBSockAddr( SockAddrInet('127.0.0.1', 1234), ZD_PROTO_TCP), None, instance_id=1)
def zorp(): try: s = MasterSession() s.setService(Service("s1", None)) NATPolicy('test', GeneralNAT( [(InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')), (InetDomain('11.0.0.0/8'), InetDomain('192.168.0.0/24')), ])) nat = getNATPolicy('test') testcase(nat, s, (None, SockAddrInet('10.0.0.1', 8888)), NAT_DNAT, SockAddrInet('20.0.0.1', 8888)) testcase(nat, s, (None, SockAddrInet('11.0.0.0', 8888)), NAT_DNAT, SockAddrInet('192.168.0.0', 8888)) testcase(nat, s, (None, SockAddrInet('11.0.1.1', 8888)), NAT_DNAT, SockAddrInet('192.168.0.1', 8888)) testcase(nat, s, (None, SockAddrInet('11.255.255.255', 8888)), NAT_DNAT, SockAddrInet('192.168.0.255', 8888)) except Exception, e: print_exc() quit(1) return 1
def test_construction_initializes_protocol(self): master = MasterSession(self.service, None, None, DBSockAddr(SockAddrInet('127.0.0.1', 1234), ZD_PROTO_TCP), None, instance_id=1) self.assertEqual(master.protocol, ZD_PROTO_TCP) self.assertEqual(master.protocol_name, "TCP")
def zorp(): try: s = MasterSession() s.setService(Service("s1", None)) nat = NATPolicy('test', GeneralNAT( [(InetSubnet('0.0.0.0/32'), InetSubnet('10.0.0.0/8'), InetSubnet('20.0.0.0/8')), (InetSubnet('0.0.0.0/32'), InetSubnet('11.0.0.0/8'), InetSubnet('192.168.0.0/24')), (Inet6Subnet('::/128'), Inet6Subnet('1200::/8'), Inet6Subnet('2300::/8')), ])) testcase(nat, s, (None, SockAddrInet('10.0.0.1', 8888)), NAT_DNAT, SockAddrInet('20.0.0.1', 8888)) testcase(nat, s, (None, SockAddrInet('11.0.0.0', 8888)), NAT_DNAT, SockAddrInet('192.168.0.0', 8888)) testcase(nat, s, (None, SockAddrInet('11.0.1.1', 8888)), NAT_DNAT, SockAddrInet('192.168.0.1', 8888)) testcase(nat, s, (None, SockAddrInet('11.255.255.255', 8888)), NAT_DNAT, SockAddrInet('192.168.0.255', 8888)) testcase(nat, s, (None, SockAddrInet6('1234::', 8888)), NAT_DNAT, SockAddrInet6('2334::', 8888)) except Exception, e: print_exc() quit(1) return 1
def setUp(self): self.service = Service("testservice", HttpProxy, resolver_policy="test_resolver") self.address = SockAddrInet("127.0.0.1", 80) self.mastersession = MasterSession(self.service, client_stream=None, client_local=None, client_listen=DBSockAddr( self.address, ZD_PROTO_TCP), client_address=self.address, instance_id=1) self.session = StackedSession(self.mastersession)
def setUp(self): Zone('internet', ('0.0.0.0/0', '0::0/0')) Zone('intranet', ('10.0.0.0/8', ), admin_parent='internet') Zone('office1', ('10.1.0.0/16', '10.5.0.0/16'), admin_parent='intranet') Zone('disconnected', ('192.168.0.0/16', )) self.session = MasterSession()
def init(name): try: t1 = InetZone("test1", "192.168.0.0/24", inbound_services=["s1"], outbound_services=["s2"]) t2 = InetZone("test2", "192.168.0.32/27") t3 = InetZone("test3", "192.168.0.0/26") t4 = InetZone("test4", "192.168.0.64/27") t5 = InetZone("test5", "192.168.0.96/27") t6 = InetZone("test6", "192.168.0.0/25") t7 = InetZone("test7", "192.168.0.0/16") t8 = InetZone("test8", "192.168.1.1/32", admin_parent="test1") t9 = InetZone("test9", "192.168.1.2/32", admin_parent="test8") t10 = InetZone("test10", "192.168.1.3/32", admin_parent="test9", umbrella=1) t11 = InetZone("test11", "192.168.1.4/32", admin_parent="test9") t12 = InetZone("test12", "192.168.1.5/32", inbound_services=['*']) t13 = InetZone("test13", "192.168.1.6/32", outbound_services=['*']) t14 = InetZone("test14", "192.168.0.184", outbound_services=['*']) test('192.168.0.1', root_zone.findZone(SockAddrInet('192.168.0.1', 10)), t3) test('192.168.0.33', root_zone.findZone(SockAddrInet('192.168.0.33', 10)), t2) test('192.168.0.65', root_zone.findZone(SockAddrInet('192.168.0.65', 10)), t4) test('192.168.0.97', root_zone.findZone(SockAddrInet('192.168.0.97', 10)), t5) test('192.168.0.129', root_zone.findZone(SockAddrInet('192.168.0.129', 10)), t1) test('192.168.1.129', root_zone.findZone(SockAddrInet('192.168.1.129', 10)), t7) test('192.168.0.184', root_zone.findZone(SockAddrInet('192.168.0.184', 10)), t14) inet = InetZone("internet", "0.0.0.0/0", inbound_services=["s2"], outbound_services=["s1"]) test('1.1.1.1', root_zone.findZone(SockAddrInet('1.1.1.1', 10)), inet) #for i in range(1,100): # test('masstest1', root_zone.findZone(SockAddrInet(inet_ntoa(htonl(i)), 10)), inet) #for i in range(1,100): # test('masstest2', root_zone.findZone(SockAddrInet('192.168.1.129', 10)), t7) s = MasterSession() s.setService(Service("s1", None)) s.setServer(SockAddrInet('192.168.1.2', 9999)) #print time() #for i in range(1, 100000): # if s.isServerPermitted() != Z_ACCEPT: # raise 'problema' #print time() test('service s1#1', t1.isInboundServicePermitted(s), Z_ACCEPT) test('service s1#2', t1.isOutboundServicePermitted(s), Z_REJECT) test('service s1#3', inet.isInboundServicePermitted(s), Z_REJECT) test('service s1#4', inet.isOutboundServicePermitted(s), Z_ACCEPT) ### test('service s1#5', t10.isOutboundServicePermitted(s), Z_REJECT) test('service s1#6', t10.isInboundServicePermitted(s), Z_REJECT) test('service s1#7', t11.isOutboundServicePermitted(s), Z_REJECT) test('service s1#8', t11.isInboundServicePermitted(s), Z_ACCEPT) test('service s1#9', t12.isInboundServicePermitted(s), Z_ACCEPT) test('service s1#10', t12.isOutboundServicePermitted(s), Z_REJECT) test('service s1#11', t13.isOutboundServicePermitted(s), Z_ACCEPT) test('service s1#12', t13.isInboundServicePermitted(s), Z_REJECT) s.service = Service("s2", None) test('service s2#1', t1.isInboundServicePermitted(s), Z_REJECT) test('service s2#2', t1.isOutboundServicePermitted(s), Z_ACCEPT) test('service s2#3', inet.isInboundServicePermitted(s), Z_ACCEPT) test('service s2#4', inet.isOutboundServicePermitted(s), Z_REJECT) ### test('service s2#5', t10.isInboundServicePermitted(s), Z_REJECT) test('service s2#6', t10.isOutboundServicePermitted(s), Z_REJECT) test('service s2#7', t11.isOutboundServicePermitted(s), Z_ACCEPT) test('service s2#8', t11.isInboundServicePermitted(s), Z_REJECT) test('service s2#9', t12.isInboundServicePermitted(s), Z_ACCEPT) test('service s2#10', t12.isOutboundServicePermitted(s), Z_REJECT) test('service s2#11', t13.isOutboundServicePermitted(s), Z_ACCEPT) test('service s2#12', t13.isInboundServicePermitted(s), Z_REJECT) except Exception, e: print_exc() quit(1) return 1
def setUp(self): """Construct a fake session object.""" self.session = MasterSession() self.session.setService(Service("service1", PlugProxy))
class TestGeneralNAT(unittest.TestCase): def tearDown(self): """Clean up global state.""" del self.session import Zorp.Globals Zorp.Globals.services.clear() Zorp.Globals.nat_policies.clear() def setUp(self): """Construct a fake session object.""" self.session = MasterSession() self.session.setService(Service("service1", PlugProxy)) def performTranslation(self, nat_policy_name, addresses, nat_type): nat = getNATPolicy(nat_policy_name) return nat.performTranslation(self.session, addresses, nat_type) def checkDNAT(self, nat_policy_name, addresses, expected_result): return self.assertEqual( str(self.performTranslation(nat_policy_name, addresses, NAT_DNAT)), str(expected_result)) def test_simple_dnat(self): """Test if DNAT works at all.""" NATPolicy( 'test', GeneralNAT([ (InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')), ])) self.checkDNAT("test", (None, SockAddrInet('9.255.255.255', 8888)), None) self.checkDNAT("test", (None, SockAddrInet('10.0.0.0', 8888)), SockAddrInet('20.0.0.0', 8888)) self.checkDNAT("test", (None, SockAddrInet('10.0.0.1', 8888)), SockAddrInet('20.0.0.1', 8888)) self.checkDNAT("test", (None, SockAddrInet('10.255.255.255', 8888)), SockAddrInet('20.255.255.255', 8888)) self.checkDNAT("test", (None, SockAddrInet('11.0.0.0', 8888)), None) def test_ipv6_dnat(self): """Test if DNAT works for IPv6 addresses""" NATPolicy( 'test', GeneralNAT([(Inet6Subnet('::/128'), Inet6Subnet('1200::/8'), Inet6Subnet('2300::/8'))])) self.checkDNAT("test", (None, SockAddrInet6('1234::', 8888)), SockAddrInet6('2334::', 8888)) self.checkDNAT("test", (None, SockAddrInet6('1300::', 8888)), None) def test_multiple_ranges_dnat(self): """Test if DNAT works with multiple ranges.""" NATPolicy( 'test', GeneralNAT([ (InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')), (InetDomain('0.0.0.0/32'), InetDomain('11.0.0.0/8'), InetDomain('192.168.0.0/24')), ])) self.checkDNAT("test", (None, SockAddrInet('10.0.0.1', 8888)), SockAddrInet('20.0.0.1', 8888)) self.checkDNAT("test", (None, SockAddrInet('11.0.0.1', 8888)), SockAddrInet('192.168.0.1', 8888)) def test_overlapping_ranges_ordering(self): """Test what happens if there were overlapping ranges specified.""" NATPolicy( 'large_first', GeneralNAT([ (InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')), (InetDomain('0.0.0.0/32'), InetDomain('10.128.0.0/9'), InetDomain('21.0.0.0/9')), ])) self.checkDNAT("large_first", (None, SockAddrInet('10.127.255.255', 8888)), SockAddrInet('20.127.255.255', 8888)) self.checkDNAT("large_first", (None, SockAddrInet('10.128.0.0', 8888)), SockAddrInet('20.128.0.0', 8888)) NATPolicy( 'small_first', GeneralNAT([ (InetDomain('0.0.0.0/32'), InetDomain('10.128.0.0/9'), InetDomain('21.0.0.0/9')), (InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')), ])) self.checkDNAT("small_first", (None, SockAddrInet('10.127.255.255', 8888)), SockAddrInet('20.127.255.255', 8888)) self.checkDNAT("small_first", (None, SockAddrInet('10.128.0.0', 8888)), SockAddrInet('21.0.0.0', 8888)) def test_destination_out_of_range(self): """Test if the result is properly capped.""" NATPolicy( 'test', GeneralNAT([ (InetDomain('0.0.0.0/32'), InetDomain('11.0.0.0/8'), InetDomain('192.168.0.0/24')), ])) self.checkDNAT("test", (None, SockAddrInet('11.255.255.255', 8888)), SockAddrInet('192.168.0.255', 8888))
class TestGeneralNAT(unittest.TestCase): def tearDown(self): """Clean up global state.""" del self.session import Zorp.Globals Zorp.Globals.services.clear() Zorp.Globals.nat_policies.clear() def setUp(self): """Construct a fake session object.""" self.session = MasterSession() self.session.setService(Service("service1", PlugProxy)) def performTranslation(self, nat_policy_name, addresses, nat_type): nat = getNATPolicy(nat_policy_name) return nat.performTranslation(self.session, addresses, nat_type) def checkDNAT(self, nat_policy_name, addresses, expected_result): return self.assertEqual(str(self.performTranslation(nat_policy_name, addresses, NAT_DNAT)), str(expected_result)) def test_simple_dnat(self): """Test if DNAT works at all.""" NATPolicy('test', GeneralNAT( [(InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')), ])) self.checkDNAT("test", (None, SockAddrInet('9.255.255.255', 8888)), None) self.checkDNAT("test", (None, SockAddrInet('10.0.0.0', 8888)), SockAddrInet('20.0.0.0', 8888)) self.checkDNAT("test", (None, SockAddrInet('10.0.0.1', 8888)), SockAddrInet('20.0.0.1', 8888)) self.checkDNAT("test", (None, SockAddrInet('10.255.255.255', 8888)), SockAddrInet('20.255.255.255', 8888)) self.checkDNAT("test", (None, SockAddrInet('11.0.0.0', 8888)), None) def test_ipv6_dnat(self): """Test if DNAT works for IPv6 addresses""" NATPolicy('test', GeneralNAT( [(Inet6Subnet('::/128'), Inet6Subnet('1200::/8'), Inet6Subnet('2300::/8')) ])) self.checkDNAT("test", (None, SockAddrInet6('1234::', 8888)), SockAddrInet6('2334::', 8888)) self.checkDNAT("test", (None, SockAddrInet6('1300::', 8888)), None) def test_multiple_ranges_dnat(self): """Test if DNAT works with multiple ranges.""" NATPolicy('test', GeneralNAT( [(InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')), (InetDomain('0.0.0.0/32'), InetDomain('11.0.0.0/8'), InetDomain('192.168.0.0/24')), ])) self.checkDNAT("test", (None, SockAddrInet('10.0.0.1', 8888)), SockAddrInet('20.0.0.1', 8888)) self.checkDNAT("test", (None, SockAddrInet('11.0.0.1', 8888)), SockAddrInet('192.168.0.1', 8888)) def test_overlapping_ranges_ordering(self): """Test what happens if there were overlapping ranges specified.""" NATPolicy('large_first', GeneralNAT( [(InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')), (InetDomain('0.0.0.0/32'), InetDomain('10.128.0.0/9'), InetDomain('21.0.0.0/9')), ])) self.checkDNAT("large_first", (None, SockAddrInet('10.127.255.255', 8888)), SockAddrInet('20.127.255.255', 8888)) self.checkDNAT("large_first", (None, SockAddrInet('10.128.0.0', 8888)), SockAddrInet('20.128.0.0', 8888)) NATPolicy('small_first', GeneralNAT( [(InetDomain('0.0.0.0/32'), InetDomain('10.128.0.0/9'), InetDomain('21.0.0.0/9')), (InetDomain('0.0.0.0/32'), InetDomain('10.0.0.0/8'), InetDomain('20.0.0.0/8')), ])) self.checkDNAT("small_first", (None, SockAddrInet('10.127.255.255', 8888)), SockAddrInet('20.127.255.255', 8888)) self.checkDNAT("small_first", (None, SockAddrInet('10.128.0.0', 8888)), SockAddrInet('21.0.0.0', 8888)) def test_destination_out_of_range(self): """Test if the result is properly capped.""" NATPolicy('test', GeneralNAT( [(InetDomain('0.0.0.0/32'), InetDomain('11.0.0.0/8'), InetDomain('192.168.0.0/24')), ])) self.checkDNAT("test", (None, SockAddrInet('11.255.255.255', 8888)), SockAddrInet('192.168.0.255', 8888))
def init(names, virtual_name, is_master): try: t1 = Zone("test1", "192.168.0.0/24", inbound_services=["s1"], outbound_services=["s2"]) t2 = Zone("test2", "192.168.0.32/27") t3 = Zone("test3", "192.168.0.0/26") t4 = Zone("test4", "192.168.0.64/27") t5 = Zone("test5", "192.168.0.96/27") t6 = Zone("test6", "192.168.0.0/25") t7 = Zone("test7", "192.168.0.0/16") t8 = Zone("test8", "192.168.1.1/32", admin_parent="test1") t9 = Zone("test9", "192.168.1.2/32", admin_parent="test8") t10 = Zone("test10", "192.168.1.3/32", admin_parent="test9", umbrella=1) t11 = Zone("test11", "192.168.1.4/32", admin_parent="test9") t12 = Zone("test12", "192.168.1.5/32", inbound_services=['*']) t13 = Zone("test13", "192.168.1.6/32", outbound_services=['*']) t14 = Zone("test14", "192.168.0.184", outbound_services=['*']) t15 = Zone("test15", "dead:beef:baad:c0ff:ee00:1122:3344:5566/127", outbound_services=['*']) test('192.168.0.1', Zone.lookup(SockAddrInet('192.168.0.1', 10)), t3) test('192.168.0.33', Zone.lookup(SockAddrInet('192.168.0.33', 10)), t2) test('192.168.0.65', Zone.lookup(SockAddrInet('192.168.0.65', 10)), t4) test('192.168.0.97', Zone.lookup(SockAddrInet('192.168.0.97', 10)), t5) test('192.168.0.129', Zone.lookup(SockAddrInet('192.168.0.129', 10)), t1) test('192.168.1.129', Zone.lookup(SockAddrInet('192.168.1.129', 10)), t7) test('192.168.0.184', Zone.lookup(SockAddrInet('192.168.0.184', 10)), t14) test('dead:beef:baad:c0ff:ee00:1122:3344:5566', Zone.lookup(SockAddrInet6('dead:beef:baad:c0ff:ee00:1122:3344:5566', 10)), t15) test('dead:beef:baad:c0ff:ee00:1122:3344:5566', Zone.lookup(SockAddrInet6('dead:beef:baad:c0ff:ee00:1122:3344:5567', 10)), t15) inet = Zone("internet", "0.0.0.0/0", inbound_services=["s2"], outbound_services=["s1"]) test('1.1.1.1', Zone.lookup(SockAddrInet('1.1.1.1', 10)), inet) s = MasterSession() s.setService(Service("s1", None)) s.setServer(SockAddrInet('192.168.1.2', 9999)) test('service s1#1', t1.isInboundServicePermitted(s.service), ZV_ACCEPT) test('service s1#2', t1.isOutboundServicePermitted(s.service), ZV_REJECT) test('service s1#3', inet.isInboundServicePermitted(s.service), ZV_REJECT) test('service s1#4', inet.isOutboundServicePermitted(s.service), ZV_ACCEPT) ### test('service s1#5', t10.isOutboundServicePermitted(s.service), ZV_REJECT) test('service s1#6', t10.isInboundServicePermitted(s.service), ZV_REJECT) test('service s1#7', t11.isOutboundServicePermitted(s.service), ZV_REJECT) test('service s1#8', t11.isInboundServicePermitted(s.service), ZV_ACCEPT) test('service s1#9', t12.isInboundServicePermitted(s.service), ZV_ACCEPT) test('service s1#10', t12.isOutboundServicePermitted(s.service), ZV_REJECT) test('service s1#11', t13.isOutboundServicePermitted(s.service), ZV_ACCEPT) test('service s1#12', t13.isInboundServicePermitted(s.service), ZV_REJECT) s.service = Service("s2", None) test('service s2#1', t1.isInboundServicePermitted(s.service), ZV_REJECT) test('service s2#2', t1.isOutboundServicePermitted(s.service), ZV_ACCEPT) test('service s2#3', inet.isInboundServicePermitted(s.service), ZV_ACCEPT) test('service s2#4', inet.isOutboundServicePermitted(s.service), ZV_REJECT) ### test('service s2#5', t10.isInboundServicePermitted(s.service), ZV_REJECT) test('service s2#6', t10.isOutboundServicePermitted(s.service), ZV_REJECT) test('service s2#7', t11.isOutboundServicePermitted(s.service), ZV_ACCEPT) test('service s2#8', t11.isInboundServicePermitted(s.service), ZV_REJECT) test('service s2#9', t12.isInboundServicePermitted(s.service), ZV_ACCEPT) test('service s2#10', t12.isOutboundServicePermitted(s.service), ZV_REJECT) test('service s2#11', t13.isOutboundServicePermitted(s.service), ZV_ACCEPT) test('service s2#12', t13.isInboundServicePermitted(s.service), ZV_REJECT) except Exception, e: print_exc() quit(1) return 1