def __init__(self, interface_str, config):
self._config = config
self._interface_str = interface_str
self._interfaces = set()
for interface_name in multisplit(interface_str):
self._add_interface_name(interface_name)
self._interfaces = sorted(list(self._interfaces))
def __init__(self, service_str):
if self._KNOWN_SERVICES is None:
self._KNOWN_SERVICES = self._parse_known_services()
self._service_str = service_str
self._port_maps = collections.defaultdict(PortMap)
for single_service in multisplit(service_str):
for (start_port, end_port,
proto) in self._parse_single_service(single_service):
self._port_maps[proto].add_range(start_port, end_port)
def _parse_single_service(self, single_service):
match = self._SERVICE_RANGE_RE.fullmatch(single_service)
if match is None:
raise MalformedServiceException(
"Service does not match the service regex: %s (as part of %s)"
% (single_service, self._service_str))
match = match.groupdict()
if match["name"] is not None:
# Named service
name = match["name"]
if name in self._PROTO_ALIASES:
name = self._PROTO_ALIASES[name]
if name not in self._KNOWN_SERVICES:
raise UnknownServiceException("Service %s is not known: %s" %
(name, single_service))
catalog = self._KNOWN_SERVICES[name]
specified_proto = match["proto"]
if (specified_proto == "*") or ((specified_proto is None) and
(len(catalog) == 1)):
for (proto_name, port) in catalog.items():
yield (port, port, proto_name)
elif (specified_proto is not None) and (specified_proto
in catalog):
yield (catalog[specified_proto], catalog[specified_proto],
specified_proto)
else:
raise AmbiguousServiceException(
"Service is ambiguous: %s; service catalog entrie(s): %s" %
(str(match), str(catalog)))
else:
if match["proto"] is None:
raise ProtocolOmittedException(
"When specifying an explicit service port, you need to specify the protocol(s) as well: %s"
% (single_service))
protos = multisplit(match["proto"], "+")
start_port = int(match["port"])
for proto in protos:
if match["end_port"] is None:
yield (start_port, start_port, proto)
else:
yield (start_port, int(match["end_port"]), proto)
def apply(self, rule):
if self._type == CriterionType.State:
if self._criterion["state"] == "established/related":
rule.add_fixed(("--match", "state", "--state", "ESTABLISHED,RELATED"))
else:
raise NotImplementedError(self._criterion["state"])
elif self._type == CriterionType.DNSBlock:
hostname_str = self._criterion["dns-name"]
group = rule.add_group("layer7 DNS blocking")
for hostname in multisplit(hostname_str):
labels = hostname.split(".")
dns_pkt_data = bytearray()
for label in labels:
label = label.encode("ascii")
dns_pkt_data.append(len(label))
dns_pkt_data += label
group.append(("--match", "string", "--hex-string", "|%s|" % (dns_pkt_data.hex()), "--algo", "bm", "--icase"))
else:
raise NotImplementedError(self._type)
def __init__(self, multienum_str): self._values = [ self._HANDLER_CLASS(option) for option in multisplit(multienum_str) ]
def __init__(self, text):
self._protocols = [
self._KNOWN_PROTOCOLS[protocol_str]
for protocol_str in multisplit(text)
]
self._protocols.sort()