def _ipsVaryIteration(self, ruleSet, sIPvarying): """If sIP=True, the checks are made assuming sIP ist the varying part else, the check are made assuming dIP is the varying part. The checks work like this: 1. The key for a rule are the ports. 2. If the key (ports) is not in sortingDict, the rule is added to sortingDict and to tablesDict. 3. If the key (ports) is already added, it is checked if the new rule is belonging to the rule already added. Belonging to is defined as that: 3.1 If, by putting the rule together, they would have the same IP on both sides (source/destination) they don't belong together. 3.2 If the IPs don't belong into the same size slashSize networks, the rules don't belong together. 4. If the rule can be put together by making the existing IPs into size slashsize networks, the IPs are made into networks. 5. If a rule has its key already in the dict, but can not be matched to the existing rule, it is put into the restSet. sPorts/dPorts exist in key and value, because they could be the same ("any") as the one already in the hashmap and still contain different elements. To provide a correct elements list they needs to be extended. """ self.sortingDict.clear() self.tablesDict.clear() newR = RuleSet() restSet = RuleSet() for r in ruleSet: if sIPvarying: value = [r.sIPs, r.dIPs, r.sPorts, r.dPorts, r.timeStamp, r.flag] else: value = [r.dIPs, r.sIPs, r.sPorts, r.dPorts, r.timeStamp, r.flag] key1 = copy.deepcopy(r.dPorts) key2 = copy.deepcopy(r.sPorts) keys = (r.direction, key1, r.interface, r.action, key2) if keys not in self.sortingDict: self.sortingDict[keys] = value self.tablesDict[keys] = value else: tmpIPs1 = IPsMap() tmpIPs1.extend(value[0]) tmpIPs1.extend(self.tablesDict[keys][0]) tmpIPs2 = IPsMap() tmpIPs2.extend(value[1]) tmpIPs2.extend(self.tablesDict[keys][1]) sPortsRandom = value[2].isRandomized and\ self.tablesDict[keys][2].isRandomized \ or not value[2].isRandomized and not \ self.tablesDict[keys][2].isRandomized if not tmpIPs1.ipInBoth(tmpIPs2) and sPortsRandom \ and self.tablesDict[keys][1].checkForJoinedNetwork(value[1], self.SLASH_SIZE): self.tablesDict[keys][0].extend(value[0]) self.tablesDict[keys][2].extend(value[2]) self.tablesDict[keys][3].extend(value[3]) if self.proto == "tcp": self.tablesDict[keys][5].extend(value[5]) else: if sIPvarying: restSet.insert(Rule(keys[0], value[0], value[2], \ value[1], value[3], self.proto, keys[2], keys[3], self.style, value[4], value[5])) else: restSet.insert(Rule(keys[0], value[1], value[2], \ value[0], value[3], self.proto, keys[2], keys[3], self.style, value[4], value[5])) for key, value in self.tablesDict.iteritems(): if sIPvarying: newR.insert(Rule(key[0], value[0], value[2], value[1], \ value[3], self.proto, key[2], key[3], self.style, value[4], value[5])) else: newR.insert(Rule(key[0], value[1], value[2], value[0], \ value[3], self.proto, key[2], key[3], self.style, value[4], value[5])) return newR, restSet