def testFlexibleMatch(self):
jcl = juniper.Juniper(policy.ParsePolicy(
GOOD_HEADER + GOOD_FLEX_MATCH_TERM, self.naming), EXP_INFO)
output = str(jcl)
flexible_match_expected = [
'flexible-match-range {',
'bit-length 8;',
'range 0x08;',
'match-start payload;',
'byte-offset 16;',
'bit-offset 7;'
]
self.assertEquals(all([x in output for x in flexible_match_expected]), True)
def testNoVerboseV4(self):
addr_list = list()
for octet in range(0, 256):
net = nacaddr.IP('192.168.' + str(octet) + '.64/27')
addr_list.append(net)
self.naming.GetNetAddr.return_value = addr_list
self.naming.GetServiceByProto.return_value = ['25']
jcl = juniper.Juniper(
policy.ParsePolicy(
GOOD_NOVERBOSE_V4_HEADER + GOOD_TERM_1 + GOOD_TERM_COMMENT,
self.naming), EXP_INFO)
self.failUnless('192.168.0.64/27;' in str(jcl))
self.failUnless('COMMENT' not in str(jcl))
self.naming.GetNetAddr.assert_called_once_with('SOME_HOST')
self.naming.GetServiceByProto.assert_called_once_with('SMTP', 'tcp')
def testCommentShrinking(self):
long_comment = ' this is a very descriptive comment ' * 10
expected = (' ' * 24 +
'/* this is a very descriptive comment this is a\n' +
' ' * 24 +
'** very descriptive comment this is a very\n' +
' ' * 24 +
'** descriptive comment this is a very descript */')
self.naming.GetNetAddr('SOME_HOST').AndReturn(
[nacaddr.IPv4('10.0.0.0/8', comment=long_comment)])
self.naming.GetServiceByProto('SMTP', 'tcp').AndReturn(['25'])
self.mox.ReplayAll()
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_1, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless(expected in output, output)
def testDsmoExclude(self):
big = nacaddr.IPv4('0.0.0.0/1')
ip1 = nacaddr.IPv4('192.168.0.64/27')
ip2 = nacaddr.IPv4('192.168.1.64/27')
terms = (GOOD_TERM_18_SRC, GOOD_TERM_18_DST)
self.naming.GetNetAddr.side_effect = [[big], [ip1, ip2]] * len(terms)
mock_calls = []
for term in terms:
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_DSMO_HEADER + term, self.naming),
EXP_INFO)
self.failUnless('192.168.0.64/255.255.254.224 except;' in str(jcl))
mock_calls.append(mock.call('INTERNAL'))
mock_calls.append(mock.call('SOME_HOST'))
self.naming.GetNetAddr.assert_has_calls(mock_calls)
def testCommentShrinking(self):
long_comment = ' this is a very descriptive comment ' * 10
expected = (
' ' * 24 + '/* this is a very descriptive comment this is a\n' +
' ' * 24 + '** very descriptive comment this is a very\n' +
' ' * 24 + '** descriptive comment this is a very descript */'
)
self.naming.GetNetAddr.return_value = (
[nacaddr.IPv4('10.0.0.0/8', comment=long_comment)])
self.naming.GetServiceByProto.return_value = ['25']
jcl = juniper.Juniper(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_1,
self.naming), EXP_INFO)
output = str(jcl)
self.failUnless(expected in output, output)
self.naming.GetNetAddr.assert_called_once_with('SOME_HOST')
self.naming.GetServiceByProto.assert_called_once_with('SMTP', 'tcp')
def testAddressExclude(self):
big = nacaddr.IPv4('0.0.0.0/1')
ip1 = nacaddr.IPv4('10.0.0.0/8')
ip2 = nacaddr.IPv4('172.16.0.0/12')
terms = (GOOD_TERM_18_SRC, GOOD_TERM_18_DST)
for _ in terms:
self.naming.GetNetAddr('INTERNAL').AndReturn([big, ip1, ip2])
self.naming.GetNetAddr('SOME_HOST').AndReturn([ip1])
self.mox.ReplayAll()
for term in terms:
jcl = juniper.Juniper(policy.ParsePolicy(GOOD_HEADER + term,
self.naming), EXP_INFO)
output = str(jcl)
self.failUnless('10.0.0.0/8 except;' in output, output)
self.failIf('10.0.0.0/8;' in output, output)
self.failUnless('172.16.0.0/12;' in output, output)
self.failIf('172.16.0.0/12 except;' in output, output)
def testAddressExclude(self):
big = nacaddr.IPv4('0.0.0.0/1')
ip1 = nacaddr.IPv4('10.0.0.0/8')
ip2 = nacaddr.IPv4('172.16.0.0/12')
terms = (GOOD_TERM_18_SRC, GOOD_TERM_18_DST)
self.naming.GetNetAddr.side_effect = [[big, ip1, ip2], [ip1]
] * len(terms)
mock_calls = []
for term in terms:
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER + term, self.naming), EXP_INFO)
output = str(jcl)
self.failUnless('10.0.0.0/8 except;' in output, output)
self.failIf('10.0.0.0/8;' in output, output)
self.failUnless('172.16.0.0/12;' in output, output)
self.failIf('172.16.0.0/12 except;' in output, output)
mock_calls.append(mock.call('INTERNAL'))
mock_calls.append(mock.call('SOME_HOST'))
self.naming.GetNetAddr.assert_has_calls(mock_calls)
def testMinimizePrefixes(self):
includes = ['1.0.0.0/8', '2.0.0.0/8']
excludes = ['1.1.1.1/32', '2.0.0.0/8', '3.3.3.3/32']
expected = ['1.0.0.0/8;', '1.1.1.1/32 except;']
unexpected = ['2.0.0.0/8;', '2.0.0.0/8 except;', '3.3.3.3/32']
self.naming.GetNetAddr('INCLUDES').AndReturn(
[nacaddr.IPv4(ip) for ip in includes])
self.naming.GetNetAddr('EXCLUDES').AndReturn(
[nacaddr.IPv4(ip) for ip in excludes])
self.mox.ReplayAll()
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_19, self.naming),
EXP_INFO)
output = str(jcl)
for result in expected:
self.failUnless(result in output,
'expected "%s" in %s' % (result, output))
for result in unexpected:
self.failIf(result in output,
'unexpected "%s" in %s' % (result, output))
def testEtherType(self):
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_9, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('ether-type arp;' in output, output)
def testProtocolCase(self):
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_5, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('protocol [ icmp tcp ];' in output, output)
def testIcmpv6Except(self):
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER_V6 + GOOD_TERM_20_V6, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('next-header-except icmpv6;' in output, output)
def testProtocolExcept(self):
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER_V6 + GOOD_TERM_7, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('next-header-except tcp;' in output, output)
def testHopLimit(self):
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER_V6 + GOOD_TERM_V6_HOP_LIMIT,
self.naming), EXP_INFO)
output = str(jcl)
self.failUnless('hop-limit 25;' in output, output)
def testDefaultDeny(self):
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER + DEFAULT_TERM_1, self.naming),
EXP_INFO)
output = str(jcl)
self.failIf('from {' in output, output)
def testBuildWarningTokens(self):
jcl = juniper.Juniper(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_28,
self.naming), EXP_INFO)
st, sst = jcl._BuildTokens()
self.assertEquals(st, SUPPORTED_TOKENS)
self.assertEquals(sst, SUPPORTED_SUB_TOKENS)
def testTTL(self):
jcl = juniper.Juniper(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_21,
self.naming), EXP_INFO)
output = str(jcl)
self.assertTrue('ttl 10;' in output)
def render_filters(source_file, definitions_obj, shade_check, exp_info):
count = 0
[(eacl, aacl, bacl, jcl, acl, asa, xacl, ipt, ips, pf, spd, spk, srx, dem)
] = [(False, False, False, False, False, False, False, False, False,
False, False, False, False, False)]
pol = policy.ParsePolicy(open(source_file).read(),
definitions_obj,
shade_check=shade_check)
for header in pol.headers:
if 'arista' in header.platforms:
eacl = copy.deepcopy(pol)
if 'aruba' in header.platforms:
aacl = copy.deepcopy(pol)
if 'brocade' in header.platforms:
bacl = copy.deepcopy(pol)
if 'juniper' in header.platforms:
jcl = copy.deepcopy(pol)
if 'cisco' in header.platforms:
acl = copy.deepcopy(pol)
if 'ciscoasa' in header.platforms:
asa = copy.deepcopy(pol)
if 'ciscoxr' in header.platforms:
xacl = copy.deepcopy(pol)
if 'iptables' in header.platforms:
ipt = copy.deepcopy(pol)
if 'ipset' in header.platforms:
ips = copy.deepcopy(pol)
if 'packetfilter' in header.platforms:
pf = copy.deepcopy(pol)
if 'speedway' in header.platforms:
spd = copy.deepcopy(pol)
# SRX needs to be un-optimized for correct building of the address book
# entries.
if 'srx' in header.platforms:
unoptimized_pol = policy.ParsePolicy(open(source_file).read(),
definitions_obj,
optimize=False)
srx = copy.deepcopy(unoptimized_pol)
if 'demo' in header.platforms:
dem = copy.deepcopy(pol)
if eacl:
fw = arista.Arista(eacl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if aacl:
fw = aruba.Aruba(aacl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if bacl:
fw = brocade.Brocade(bacl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if jcl:
fw = juniper.Juniper(jcl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if acl:
fw = cisco.Cisco(acl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if asa:
fw = ciscoasa.CiscoASA(asa, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if xacl:
fw = ciscoxr.CiscoXR(xacl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if ipt:
fw = iptables.Iptables(ipt, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if ips:
fw = ipset.Ipset(ips, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if pf:
fw = packetfilter.PacketFilter(pf, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if spd:
fw = speedway.Speedway(spd, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if srx:
fw = junipersrx.JuniperSRX(srx, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if dem:
fw = demo.Demo(dem, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
return count
def testRoutingInstance(self):
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_13, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('routing-instance EXTERNAL-NAT;' in output, output)
def render_filters(source_file, definitions_obj, shade_check, exp_info):
count = 0
[(jcl, acl, asa, ipt, pf, spd, spk, srx, dem)
] = [(False, False, False, False, False, False, False, False, False)]
pol = policy.ParsePolicy(open(source_file).read(),
definitions_obj,
shade_check=shade_check)
for header in pol.headers:
if 'juniper' in header.platforms:
jcl = copy.deepcopy(pol)
if 'cisco' in header.platforms:
acl = copy.deepcopy(pol)
if 'ciscoasa' in header.platforms:
asa = copy.deepcopy(pol)
if 'iptables' in header.platforms:
ipt = copy.deepcopy(pol)
if 'packetfilter' in header.platforms:
pf = copy.deepcopy(pol)
if 'speedway' in header.platforms:
spd = copy.deepcopy(pol)
if 'silverpeak' in header.platforms:
spk = copy.deepcopy(pol)
# SRX needs to be un-optimized for correct building of the address book
# entries.
if 'srx' in header.platforms:
unoptimized_pol = policy.ParsePolicy(open(source_file).read(),
definitions_obj,
optimize=False)
srx = copy.deepcopy(unoptimized_pol)
if 'demo' in header.platforms:
dem = copy.deepcopy(pol)
mar = margrave.Margrave(copy.deepcopy(pol), exp_info, source_file)
do_output_filter(str(mar), filter_name(source_file, mar._SUFFIX))
do_output_filter(mar.vocabStr(), filter_name(source_file, '.v'))
if jcl:
fw = juniper.Juniper(jcl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if acl:
fw = cisco.Cisco(acl, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if asa:
fw = ciscoasa.CiscoASA(asa, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if ipt:
fw = iptables.Iptables(ipt, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if pf:
fw = packetfilter.PacketFilter(pf, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if spd:
fw = speedway.Speedway(spd, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if srx:
fw = junipersrx.JuniperSRX(srx, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if dem:
fw = demo.Demo(dem, exp_info)
do_output_filter(str(fw), filter_name(source_file, fw._SUFFIX))
count += 1
if spk:
spk_obj = silverpeak.Silverpeak(spk, exp_info, '')
do_output_filter(spk_obj.GenerateACLString(),
filter_name(source_file, spk_obj._SUFFIX))
do_output_filter(spk_obj.GenerateConfString(),
filter_name(source_file, spk_obj._CONF_SUFFIX))
count += 1
return count
def testTrafficClassCount(self):
policy_text = GOOD_HEADER + GOOD_TERM_34
jcl = juniper.Juniper(policy.ParsePolicy(policy_text, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('traffic-class-count floop;' in output, output)
def testTrafficType(self):
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_10, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('traffic-type unknown-unicast;' in output, output)
def testHopOptProtocol(self):
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER + HOPOPT_TERM, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('protocol hop-by-hop;' in output, output)
def testFailNextIpNetworkIP(self):
self.naming.GetNetAddr('TEST_NEXT').AndReturn([nacaddr.IP('10.1.1.1/26')])
self.mox.ReplayAll()
jcl = juniper.Juniper(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_28,
self.naming), EXP_INFO)
self.assertRaises(juniper.JuniperNextIpError, str, jcl)
def testIcmpCode(self):
jcl = juniper.Juniper(policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_35,
self.naming), EXP_INFO)
output = str(jcl)
self.failUnless('icmp-code [ 3 4 ];' in output, output)
def testLossPriority(self):
jcl = juniper.Juniper(
policy.ParsePolicy(GOOD_HEADER + GOOD_TERM_14, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('loss-priority low;' in output, output)
def testForwardingClass(self):
policy_text = GOOD_HEADER + GOOD_TERM_27
jcl = juniper.Juniper(policy.ParsePolicy(policy_text, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('forwarding-class floop;' in output, output)
def RenderFile(input_file, output_directory, definitions, exp_info,
write_files):
"""Render a single file.
Args:
input_file: the name of the input policy file.
output_directory: the directory in which we place the rendered file.
definitions: the definitions from naming.Naming().
exp_info: print a info message when a term is set to expire
in that many weeks.
write_files: a list of file tuples, (output_file, acl_text), to write
"""
logging.debug('rendering file: %s into %s', input_file, output_directory)
pol = None
jcl = False
acl = False
asacl = False
aacl = False
bacl = False
eacl = False
gcefw = False
ips = False
ipt = False
spd = False
nsx = False
pcap_accept = False
pcap_deny = False
pf = False
srx = False
jsl = False
nft = False
win_afw = False
xacl = False
paloalto = False
try:
conf = open(input_file).read()
logging.debug('opened and read %s', input_file)
except IOError as e:
logging.warn('bad file: \n%s', e)
raise
try:
pol = policy.ParsePolicy(conf,
definitions,
optimize=FLAGS.optimize,
base_dir=FLAGS.base_directory,
shade_check=FLAGS.shade_check)
except policy.ShadingError as e:
logging.warn('shading errors for %s:\n%s', input_file, e)
return
except (policy.Error, naming.Error):
raise ACLParserError(
'Error parsing policy file %s:\n%s%s' %
(input_file, sys.exc_info()[0], sys.exc_info()[1]))
platforms = set()
for header in pol.headers:
platforms.update(header.platforms)
if 'juniper' in platforms:
jcl = copy.deepcopy(pol)
if 'cisco' in platforms:
acl = copy.deepcopy(pol)
if 'ciscoasa' in platforms:
asacl = copy.deepcopy(pol)
if 'brocade' in platforms:
bacl = copy.deepcopy(pol)
if 'arista' in platforms:
eacl = copy.deepcopy(pol)
if 'aruba' in platforms:
aacl = copy.deepcopy(pol)
if 'ipset' in platforms:
ips = copy.deepcopy(pol)
if 'iptables' in platforms:
ipt = copy.deepcopy(pol)
if 'nsxv' in platforms:
nsx = copy.deepcopy(pol)
if 'packetfilter' in platforms:
pf = copy.deepcopy(pol)
if 'pcap' in platforms:
pcap_accept = copy.deepcopy(pol)
pcap_deny = copy.deepcopy(pol)
if 'speedway' in platforms:
spd = copy.deepcopy(pol)
if 'srx' in platforms:
srx = copy.deepcopy(pol)
if 'srxlo' in platforms:
jsl = copy.deepcopy(pol)
if 'windows_advfirewall' in platforms:
win_afw = copy.deepcopy(pol)
if 'ciscoxr' in platforms:
xacl = copy.deepcopy(pol)
if 'nftables' in platforms:
nft = copy.deepcopy(pol)
if 'gce' in platforms:
gcefw = copy.deepcopy(pol)
if 'paloalto' in platforms:
paloalto = copy.deepcopy(pol)
if not output_directory.endswith('/'):
output_directory += '/'
try:
if jcl:
acl_obj = juniper.Juniper(jcl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if srx:
acl_obj = junipersrx.JuniperSRX(srx, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if acl:
acl_obj = cisco.Cisco(acl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if asacl:
acl_obj = ciscoasa.CiscoASA(acl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if aacl:
acl_obj = aruba.Aruba(aacl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if bacl:
acl_obj = brocade.Brocade(bacl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if eacl:
acl_obj = arista.Arista(eacl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if ips:
acl_obj = ipset.Ipset(ips, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if ipt:
acl_obj = iptables.Iptables(ipt, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if nsx:
acl_obj = nsxv.Nsxv(nsx, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if spd:
acl_obj = speedway.Speedway(spd, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if pcap_accept:
acl_obj = pcap.PcapFilter(pcap_accept, exp_info)
RenderACL(str(acl_obj), '-accept' + acl_obj.SUFFIX,
output_directory, input_file, write_files)
if pcap_deny:
acl_obj = pcap.PcapFilter(pcap_deny, exp_info, invert=True)
RenderACL(str(acl_obj), '-deny' + acl_obj.SUFFIX, output_directory,
input_file, write_files)
if pf:
acl_obj = packetfilter.PacketFilter(pf, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if win_afw:
acl_obj = windows_advfirewall.WindowsAdvFirewall(win_afw, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if jsl:
acl_obj = srxlo.SRXlo(jsl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if xacl:
acl_obj = ciscoxr.CiscoXR(xacl, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if nft:
acl_obj = nftables.Nftables(nft, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if gcefw:
acl_obj = gce.GCE(gcefw, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
if paloalto:
acl_obj = paloaltofw.PaloAltoFW(paloalto, exp_info)
RenderACL(str(acl_obj), acl_obj.SUFFIX, output_directory,
input_file, write_files)
# TODO(robankeny) add additional errors.
except (juniper.Error, junipersrx.Error, cisco.Error, ipset.Error,
iptables.Error, speedway.Error, pcap.Error, aclgenerator.Error,
aruba.Error, nftables.Error, gce.Error):
raise ACLGeneratorError(
'Error generating target ACL for %s:\n%s%s' %
(input_file, sys.exc_info()[0], sys.exc_info()[1]))
def testFragmentOffset(self):
policy_text = GOOD_HEADER + FRAGOFFSET_TERM
jcl = juniper.Juniper(policy.ParsePolicy(policy_text, self.naming),
EXP_INFO)
output = str(jcl)
self.failUnless('fragment-offset 1-7;' in output, output)