def compare_networks(range_to_cidrs_data): for inet in range_to_cidrs_data: if IPNetwork(inet) == IPNetwork(start) or IPNetwork( inet) == IPNetwork(end): continue elif IPNetwork(start) in IPNetwork(inet) and IPNetwork( end) in IPNetwork(inet): temp_ip_list = netaddr.cidr_exclude( IPNetwork(inet), IPNetwork(start)) if IPNetwork(end) in temp_ip_list and len( temp_ip_list) > 1: temp_ip_list.remove(IPNetwork(end)) free_space.extend(temp_ip_list) continue elif IPNetwork(start) in IPNetwork(inet): free_space.extend( netaddr.cidr_exclude(IPNetwork(inet), IPNetwork( start))) continue elif IPNetwork(end) in IPNetwork(inet): free_space.extend( netaddr.cidr_exclude(IPNetwork(inet), IPNetwork(end))) continue else: free_space.append(IPNetwork(inet)) return free_space
def __init__(self, vpc_cidr, used_subnets=[]): self.availible_subnets = set((IPNetwork(vpc_cidr), )) self.used_subnets = cidr_merge(used_subnets) # Return is a list: [IPNetwork('192.168.0.0/30'), IPNetwork('192.168.0.16/28')] if len(self.used_subnets) != 0: for ip_network in self.availible_subnets: self.availible_subnets = list( cidr_exclude(ip_network, self.used_subnets[0])) for used in self.used_subnets: for free in list(self.availible_subnets): if IPNetwork(used) in IPNetwork(free): self.availible_subnets.remove(free) self.availible_subnets = self.availible_subnets + \ cidr_exclude(free, used) else: self.availible_subnets = list(self.availible_subnets)
def test_cidr_exclude_v4(): assert cidr_exclude('192.0.2.1/32', '192.0.2.1/32') == [] assert cidr_exclude('192.0.2.0/31', '192.0.2.1/32') == [IPNetwork('192.0.2.0/32')] assert cidr_exclude('192.0.2.0/24', '192.0.2.128/25') == [IPNetwork('192.0.2.0/25')] assert cidr_exclude('192.0.2.0/24', '192.0.2.128/27') == [ IPNetwork('192.0.2.0/25'), IPNetwork('192.0.2.160/27'), IPNetwork('192.0.2.192/26'), ] assert cidr_exclude('192.0.2.1/32', '192.0.2.0/24') == [] assert cidr_exclude('192.0.2.0/28', '192.0.2.16/32') == [IPNetwork('192.0.2.0/28')] assert cidr_exclude('192.0.1.255/32', '192.0.2.0/28') == [IPNetwork('192.0.1.255/32')]
def GetSubnet(self, prefix): # Return all prefix of free subnet: [30, 29, 28] free_subnets_prefix = [_.prefixlen for _ in self.availible_subnets] # Return max prefix of suit subnets: 28 max_suit_prefix = closest(free_subnets_prefix, prefix) # Return suit free subnet: 192.168.0.16/28 cidr = self.availible_subnets[free_subnets_prefix.index( max_suit_prefix)] # Remove suit free cidr self.availible_subnets.remove(cidr) # Getting suit subnets subnet = list(cidr.subnet(prefix, count=1)) # Exlude subnet, and add free subnets to list "self.availible_subnets" self.availible_subnets = self.availible_subnets + \ cidr_exclude(cidr, subnet[0]) return str(subnet[0])
def split(subnet, prefix, count=None): subnet_split = {IPNetwork(subnet)} for ip_subnet in sorted(subnet_split, key=lambda x: x.prefixlen, reverse=True): subnets = list( ip_subnet.subnet(int(prefix), count=int(count) if count is not None else count)) if not subnets: continue subnet_split.remove(ip_subnet) subnet_split = subnet_split.union( set(cidr_exclude(ip_subnet, cidr_merge(subnets)[0]))) return subnets
def route_exclusion(myroutes, remove_routes): """ This script shrinks route sizes. Checks each route in A and B's piece of it. Note that this is vastly different from route_subtraction """ # This is a little twisty to read. When you exclude a subnet # B from a larger subnet A, you end up with a list of smaller # subnets. That means, if you have multiple B's, you need # to progressively keep the list A updated, so that each B is # removed from the ever-longer list of smaller A's. # This is probably overkill, since we only really do one extract # of B, but, just in case. if not isinstance(myroutes, list): myroutes = [myroutes] if not isinstance(remove_routes, list): remove_routes = [remove_routes] for remove_route in remove_routes: newroutelist = [] for myroute in myroutes: newroutelist = (newroutelist + cidr_exclude(myroute, remove_route)) myroutes = newroutelist return sorted(list(set(myroutes)))
def _parse_sg_rules(self, sg_rule_body_list, direction, policy): """Parse policy into security group rules. This method inspects the policy object and create the equivalent security group rules associating them to the referenced sg_id. It returns the rules by adding them to the sg_rule_body_list list, for the stated direction. It accounts for special cases, such as: - PolicyTypes stating only Egress: ensuring ingress is not restricted - PolicyTypes not including Egress: ensuring egress is not restricted - {} ingress/egress rules: applying default open for all """ rule_list = policy['spec'].get(direction) if not rule_list: policy_types = policy['spec'].get('policyTypes') if direction == 'ingress': if len(policy_types) == 1 and policy_types[0] == 'Egress': # NOTE(ltomasbo): add default rule to enable all ingress # traffic as NP policy is not affecting ingress LOG.debug('Applying default all open for ingress for ' 'policy %s', policy['metadata']['selfLink']) self._create_default_sg_rule(direction, sg_rule_body_list) elif direction == 'egress': if policy_types and 'Egress' not in policy_types: # NOTE(ltomasbo): add default rule to enable all egress # traffic as NP policy is not affecting egress LOG.debug('Applying default all open for egress for ' 'policy %s', policy['metadata']['selfLink']) self._create_default_sg_rule(direction, sg_rule_body_list) else: LOG.warning('Not supported policyType at network policy %s', policy['metadata']['selfLink']) return policy_namespace = policy['metadata']['namespace'] pod_selector = policy['spec'].get('podSelector') rule_direction = 'from' if direction == 'egress': rule_direction = 'to' if rule_list[0] == {}: LOG.debug('Applying default all open policy from %s', policy['metadata']['selfLink']) for ethertype in (constants.IPv4, constants.IPv6): rule = driver_utils.create_security_group_rule_body( direction, ethertype=ethertype) sg_rule_body_list.append(rule) for rule_block in rule_list: LOG.debug('Parsing %(dir)s Rule %(rule)s', {'dir': direction, 'rule': rule_block}) allow_all, selectors, allowed_resources = self._parse_selectors( rule_block, rule_direction, policy_namespace) ipblock_list = [] if rule_direction in rule_block: ipblock_list = [ipblock.get('ipBlock') for ipblock in rule_block[rule_direction] if 'ipBlock' in ipblock] for ipblock in ipblock_list: if ipblock.get('except'): for cidr_except in ipblock.get('except'): cidr_list = netaddr.cidr_exclude( ipblock.get('cidr'), cidr_except) cidr_list = [{'cidr': str(cidr)} for cidr in cidr_list] allowed_resources.extend(cidr_list) else: allowed_resources.append(ipblock) if 'ports' in rule_block: for port in rule_block['ports']: if allowed_resources or allow_all or selectors: if type(port.get('port')) is not int: self._create_sg_rule_body_on_text_port( direction, port, allowed_resources, sg_rule_body_list, pod_selector, policy_namespace) else: self._create_sg_rule_on_number_port( allowed_resources, direction, port, sg_rule_body_list, policy_namespace) if allow_all: self._create_all_pods_sg_rules( port, direction, sg_rule_body_list, pod_selector, policy_namespace) else: self._create_all_pods_sg_rules( port, direction, sg_rule_body_list, pod_selector, policy_namespace) elif allowed_resources or allow_all or selectors: for resource in allowed_resources: cidr, namespace = self._get_resource_details(resource) # NOTE(maysams): Skipping resource that do not have # an IP assigned. The security group rule creation # will be triggered again after the resource is running. if not cidr: continue rule = driver_utils.create_security_group_rule_body( direction, port_range_min=1, port_range_max=65535, cidr=cidr, namespace=namespace) sg_rule_body_list.append(rule) if direction == 'egress': self._create_svc_egress_sg_rule( policy_namespace, sg_rule_body_list, resource=resource) if allow_all: for ethertype in (constants.IPv4, constants.IPv6): rule = driver_utils.create_security_group_rule_body( direction, port_range_min=1, port_range_max=65535, ethertype=ethertype) sg_rule_body_list.append(rule) if direction == 'egress': self._create_svc_egress_sg_rule(policy_namespace, sg_rule_body_list) else: LOG.debug('This network policy specifies no %(direction)s ' '%(rule_direction)s and no ports: %(policy)s', {'direction': direction, 'rule_direction': rule_direction, 'policy': policy['metadata']['selfLink']})
def test_ipset_cidr_fracturing(): s1 = IPSet(['0.0.0.0/0']) s1.remove('255.255.255.255') assert s1 == IPSet([ '0.0.0.0/1', '128.0.0.0/2', '192.0.0.0/3', '224.0.0.0/4', '240.0.0.0/5', '248.0.0.0/6', '252.0.0.0/7', '254.0.0.0/8', '255.0.0.0/9', '255.128.0.0/10', '255.192.0.0/11', '255.224.0.0/12', '255.240.0.0/13', '255.248.0.0/14', '255.252.0.0/15', '255.254.0.0/16', '255.255.0.0/17', '255.255.128.0/18', '255.255.192.0/19', '255.255.224.0/20', '255.255.240.0/21', '255.255.248.0/22', '255.255.252.0/23', '255.255.254.0/24', '255.255.255.0/25', '255.255.255.128/26', '255.255.255.192/27', '255.255.255.224/28', '255.255.255.240/29', '255.255.255.248/30', '255.255.255.252/31', '255.255.255.254/32' ]) cidrs = s1.iter_cidrs() assert len(cidrs) == 32 assert list(cidrs) == [ IPNetwork('0.0.0.0/1'), IPNetwork('128.0.0.0/2'), IPNetwork('192.0.0.0/3'), IPNetwork('224.0.0.0/4'), IPNetwork('240.0.0.0/5'), IPNetwork('248.0.0.0/6'), IPNetwork('252.0.0.0/7'), IPNetwork('254.0.0.0/8'), IPNetwork('255.0.0.0/9'), IPNetwork('255.128.0.0/10'), IPNetwork('255.192.0.0/11'), IPNetwork('255.224.0.0/12'), IPNetwork('255.240.0.0/13'), IPNetwork('255.248.0.0/14'), IPNetwork('255.252.0.0/15'), IPNetwork('255.254.0.0/16'), IPNetwork('255.255.0.0/17'), IPNetwork('255.255.128.0/18'), IPNetwork('255.255.192.0/19'), IPNetwork('255.255.224.0/20'), IPNetwork('255.255.240.0/21'), IPNetwork('255.255.248.0/22'), IPNetwork('255.255.252.0/23'), IPNetwork('255.255.254.0/24'), IPNetwork('255.255.255.0/25'), IPNetwork('255.255.255.128/26'), IPNetwork('255.255.255.192/27'), IPNetwork('255.255.255.224/28'), IPNetwork('255.255.255.240/29'), IPNetwork('255.255.255.248/30'), IPNetwork('255.255.255.252/31'), IPNetwork('255.255.255.254/32') ] assert cidrs == cidr_exclude('0.0.0.0/0', '255.255.255.255') s1.remove('0.0.0.0') assert s1 == IPSet([ '0.0.0.1/32', '0.0.0.2/31', '0.0.0.4/30', '0.0.0.8/29', '0.0.0.16/28', '0.0.0.32/27', '0.0.0.64/26', '0.0.0.128/25', '0.0.1.0/24', '0.0.2.0/23', '0.0.4.0/22', '0.0.8.0/21', '0.0.16.0/20', '0.0.32.0/19', '0.0.64.0/18', '0.0.128.0/17', '0.1.0.0/16', '0.2.0.0/15', '0.4.0.0/14', '0.8.0.0/13', '0.16.0.0/12', '0.32.0.0/11', '0.64.0.0/10', '0.128.0.0/9', '1.0.0.0/8', '2.0.0.0/7', '4.0.0.0/6', '8.0.0.0/5', '16.0.0.0/4', '32.0.0.0/3', '64.0.0.0/2', '128.0.0.0/2', '192.0.0.0/3', '224.0.0.0/4', '240.0.0.0/5', '248.0.0.0/6', '252.0.0.0/7', '254.0.0.0/8', '255.0.0.0/9', '255.128.0.0/10', '255.192.0.0/11', '255.224.0.0/12', '255.240.0.0/13', '255.248.0.0/14', '255.252.0.0/15', '255.254.0.0/16', '255.255.0.0/17', '255.255.128.0/18', '255.255.192.0/19', '255.255.224.0/20', '255.255.240.0/21', '255.255.248.0/22', '255.255.252.0/23', '255.255.254.0/24', '255.255.255.0/25', '255.255.255.128/26', '255.255.255.192/27', '255.255.255.224/28', '255.255.255.240/29', '255.255.255.248/30', '255.255.255.252/31', '255.255.255.254/32', ]) assert len(list(s1.iter_cidrs())) == 62 s1.add('255.255.255.255') s1.add('0.0.0.0') assert s1 == IPSet(['0.0.0.0/0'])
def test_ipset_cidr_fracturing(): s1 = IPSet(['0.0.0.0/0']) s1.remove('255.255.255.255') assert s1 == IPSet([ '0.0.0.0/1', '128.0.0.0/2', '192.0.0.0/3', '224.0.0.0/4', '240.0.0.0/5', '248.0.0.0/6', '252.0.0.0/7', '254.0.0.0/8', '255.0.0.0/9', '255.128.0.0/10', '255.192.0.0/11', '255.224.0.0/12', '255.240.0.0/13', '255.248.0.0/14', '255.252.0.0/15', '255.254.0.0/16', '255.255.0.0/17', '255.255.128.0/18', '255.255.192.0/19', '255.255.224.0/20', '255.255.240.0/21', '255.255.248.0/22', '255.255.252.0/23', '255.255.254.0/24', '255.255.255.0/25', '255.255.255.128/26', '255.255.255.192/27', '255.255.255.224/28', '255.255.255.240/29', '255.255.255.248/30', '255.255.255.252/31', '255.255.255.254/32']) cidrs = s1.iter_cidrs() assert len(cidrs) == 32 assert list(cidrs) == [ IPNetwork('0.0.0.0/1'), IPNetwork('128.0.0.0/2'), IPNetwork('192.0.0.0/3'), IPNetwork('224.0.0.0/4'), IPNetwork('240.0.0.0/5'), IPNetwork('248.0.0.0/6'), IPNetwork('252.0.0.0/7'), IPNetwork('254.0.0.0/8'), IPNetwork('255.0.0.0/9'), IPNetwork('255.128.0.0/10'), IPNetwork('255.192.0.0/11'), IPNetwork('255.224.0.0/12'), IPNetwork('255.240.0.0/13'), IPNetwork('255.248.0.0/14'), IPNetwork('255.252.0.0/15'), IPNetwork('255.254.0.0/16'), IPNetwork('255.255.0.0/17'), IPNetwork('255.255.128.0/18'), IPNetwork('255.255.192.0/19'), IPNetwork('255.255.224.0/20'), IPNetwork('255.255.240.0/21'), IPNetwork('255.255.248.0/22'), IPNetwork('255.255.252.0/23'), IPNetwork('255.255.254.0/24'), IPNetwork('255.255.255.0/25'), IPNetwork('255.255.255.128/26'), IPNetwork('255.255.255.192/27'), IPNetwork('255.255.255.224/28'), IPNetwork('255.255.255.240/29'), IPNetwork('255.255.255.248/30'), IPNetwork('255.255.255.252/31'), IPNetwork('255.255.255.254/32') ] assert cidrs == cidr_exclude('0.0.0.0/0', '255.255.255.255') s1.remove('0.0.0.0') assert s1 == IPSet([ '0.0.0.1/32', '0.0.0.2/31', '0.0.0.4/30', '0.0.0.8/29', '0.0.0.16/28', '0.0.0.32/27', '0.0.0.64/26', '0.0.0.128/25', '0.0.1.0/24', '0.0.2.0/23', '0.0.4.0/22', '0.0.8.0/21', '0.0.16.0/20', '0.0.32.0/19', '0.0.64.0/18', '0.0.128.0/17', '0.1.0.0/16', '0.2.0.0/15', '0.4.0.0/14', '0.8.0.0/13', '0.16.0.0/12', '0.32.0.0/11', '0.64.0.0/10', '0.128.0.0/9', '1.0.0.0/8', '2.0.0.0/7', '4.0.0.0/6', '8.0.0.0/5', '16.0.0.0/4', '32.0.0.0/3', '64.0.0.0/2', '128.0.0.0/2', '192.0.0.0/3', '224.0.0.0/4', '240.0.0.0/5', '248.0.0.0/6', '252.0.0.0/7', '254.0.0.0/8', '255.0.0.0/9', '255.128.0.0/10', '255.192.0.0/11', '255.224.0.0/12', '255.240.0.0/13', '255.248.0.0/14', '255.252.0.0/15', '255.254.0.0/16', '255.255.0.0/17', '255.255.128.0/18', '255.255.192.0/19', '255.255.224.0/20', '255.255.240.0/21', '255.255.248.0/22', '255.255.252.0/23', '255.255.254.0/24', '255.255.255.0/25', '255.255.255.128/26', '255.255.255.192/27', '255.255.255.224/28', '255.255.255.240/29', '255.255.255.248/30', '255.255.255.252/31', '255.255.255.254/32', ]) assert len(list(s1.iter_cidrs())) == 62 s1.add('255.255.255.255') s1.add('0.0.0.0') assert s1 == IPSet(['0.0.0.0/0'])