def _ipsVaryIteration(self, ruleSet, sIPvarying):
"""If sIP=True, the checks are made assuming sIP ist the varying part
else, the check are made assuming dIP is the varying part.
The checks work like this:
1. The key for a rule are the ports.
2. If the key (ports) is not in sortingDict, the rule is added to
sortingDict and to tablesDict.
3. If the key (ports) is already added, it is checked if the new rule
is belonging to the rule already added.
Belonging to is defined as that:
3.1 If, by putting the rule together, they would have the same IP
on both sides (source/destination) they don't belong together.
3.2 If the IPs don't belong into the same size slashSize networks,
the rules don't belong together.
4. If the rule can be put together by making the existing IPs into
size slashsize networks, the IPs are made into networks.
5. If a rule has its key already in the dict, but can not be matched
to the existing rule, it is put into the restSet.
sPorts/dPorts exist in key and value, because they could be the same ("any")
as the one already in the hashmap and still contain different elements.
To provide a correct elements list they needs to be extended.
"""
self.sortingDict.clear()
self.tablesDict.clear()
newR = RuleSet()
restSet = RuleSet()
for r in ruleSet:
if sIPvarying:
value = [r.sIPs, r.dIPs, r.sPorts, r.dPorts, r.timeStamp, r.flag]
else:
value = [r.dIPs, r.sIPs, r.sPorts, r.dPorts, r.timeStamp, r.flag]
key1 = copy.deepcopy(r.dPorts)
key2 = copy.deepcopy(r.sPorts)
keys = (r.direction, key1, r.interface, r.action, key2)
if keys not in self.sortingDict:
self.sortingDict[keys] = value
self.tablesDict[keys] = value
else:
tmpIPs1 = IPsMap()
tmpIPs1.extend(value[0])
tmpIPs1.extend(self.tablesDict[keys][0])
tmpIPs2 = IPsMap()
tmpIPs2.extend(value[1])
tmpIPs2.extend(self.tablesDict[keys][1])
sPortsRandom = value[2].isRandomized and\
self.tablesDict[keys][2].isRandomized \
or not value[2].isRandomized and not \
self.tablesDict[keys][2].isRandomized
if not tmpIPs1.ipInBoth(tmpIPs2) and sPortsRandom \
and self.tablesDict[keys][1].checkForJoinedNetwork(value[1], self.SLASH_SIZE):
self.tablesDict[keys][0].extend(value[0])
self.tablesDict[keys][2].extend(value[2])
self.tablesDict[keys][3].extend(value[3])
if self.proto == "tcp":
self.tablesDict[keys][5].extend(value[5])
else:
if sIPvarying:
restSet.insert(Rule(keys[0], value[0], value[2], \
value[1], value[3], self.proto, keys[2], keys[3], self.style, value[4], value[5]))
else:
restSet.insert(Rule(keys[0], value[1], value[2], \
value[0], value[3], self.proto, keys[2], keys[3], self.style, value[4], value[5]))
for key, value in self.tablesDict.iteritems():
if sIPvarying:
newR.insert(Rule(key[0], value[0], value[2], value[1], \
value[3], self.proto, key[2], key[3], self.style, value[4], value[5]))
else:
newR.insert(Rule(key[0], value[1], value[2], value[0], \
value[3], self.proto, key[2], key[3], self.style, value[4], value[5]))
return newR, restSet
