def test_is_match_port(self):
test_inputs = {
'reject *:80': {
('192.168.0.50', 80): True,
('192.168.0.50', 81): False,
('192.168.0.50', 79): False,
(None, 80): True,
('192.168.0.50', None, False): True,
('192.168.0.50', None, True): False,
},
'reject *:80-85': {
('192.168.0.50', 79): False,
('192.168.0.50', 80): True,
('192.168.0.50', 83): True,
('192.168.0.50', 85): True,
('192.168.0.50', 86): False,
(None, 83): True,
('192.168.0.50', None, False): True,
('192.168.0.50', None, True): False,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_ipv4(self):
test_inputs = {
'reject 192.168.0.50:*': {
('192.168.0.50', 80): True,
('192.168.0.51', 80): False,
('192.168.0.49', 80): False,
(None, 80, False): True,
(None, 80, True): False,
('192.168.0.50', None): True,
},
'reject 0.0.0.0/24:*': {
('0.0.0.0', 80): True,
('0.0.0.1', 80): True,
('0.0.0.255', 80): True,
('0.0.1.0', 80): False,
('0.1.0.0', 80): False,
('1.0.0.0', 80): False,
(None, 80, False): True,
(None, 80, True): False,
('0.0.0.0', None): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_ipv6(self):
test_inputs = {
'reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]:*': {
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
('fe80:0000:0000:0000:0202:b3ff:fe1e:8329', 80): True,
('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8330', 80): False,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8328', 80): False,
(None, 80, False): True,
(None, 80, True): False,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None): True,
},
'reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]/112:*': {
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:0000', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:FFFF', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1F:8329', 80): False,
('FE81:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False,
(None, 80, False): True,
(None, 80, True): False,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None, False): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None, True): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_ipv6(self):
test_inputs = {
'reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]:*': {
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
('fe80:0000:0000:0000:0202:b3ff:fe1e:8329', 80): True,
('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8330', 80): False,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8328', 80): False,
(None, 80, False): False,
(None, 80, True): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None): True,
},
'reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]/112:*': {
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:0000', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:FFFF', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1F:8329', 80): False,
('FE81:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False,
(None, 80, False): False,
(None, 80, True): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None, False): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None, True): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_port(self):
test_inputs = {
'reject *:80': {
('192.168.0.50', 80): True,
('192.168.0.50', 81): False,
('192.168.0.50', 79): False,
(None, 80): True,
('192.168.0.50', None, False): False,
('192.168.0.50', None, True): True,
},
'reject *:80-85': {
('192.168.0.50', 79): False,
('192.168.0.50', 80): True,
('192.168.0.50', 83): True,
('192.168.0.50', 85): True,
('192.168.0.50', 86): False,
(None, 83): True,
('192.168.0.50', None, False): False,
('192.168.0.50', None, True): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_ipv6(self):
test_inputs = {
"reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]:*": {
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True,
("fe80:0000:0000:0000:0202:b3ff:fe1e:8329", 80): True,
("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8330", 80): False,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8328", 80): False,
(None, 80, False): True,
(None, 80, True): False,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", None): True,
},
"reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]/112:*": {
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:0000", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:FFFF", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1F:8329", 80): False,
("FE81:0000:0000:0000:0202:B3FF:FE1E:8329", 80): False,
(None, 80, False): True,
(None, 80, True): False,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", None, False): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", None, True): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEquals(expected_result, rule.is_match(*match_args))
def test_is_match_ipv4(self):
test_inputs = {
'reject 192.168.0.50:*': {
('192.168.0.50', 80): True,
('192.168.0.51', 80): False,
('192.168.0.49', 80): False,
(None, 80, False): False,
(None, 80, True): True,
('192.168.0.50', None): True,
},
'reject 0.0.0.0/24:*': {
('0.0.0.0', 80): True,
('0.0.0.1', 80): True,
('0.0.0.255', 80): True,
('0.0.1.0', 80): False,
('0.1.0.0', 80): False,
('1.0.0.0', 80): False,
(None, 80, False): False,
(None, 80, True): True,
('0.0.0.0', None): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_wildcard(self):
test_inputs = {
"reject *:*": {
("192.168.0.1", 80): True,
("0.0.0.0", 80): True,
("255.255.255.255", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True,
("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): True,
("192.168.0.1", None): True,
(None, 80): True,
(None, None): True,
},
"reject 255.255.255.255/0:*": {
("192.168.0.1", 80): True,
("0.0.0.0", 80): True,
("255.255.255.255", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): False,
("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): False,
("192.168.0.1", None): True,
(None, 80): False,
(None, None): False,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEquals(expected_result, rule.is_match(*match_args))
# port zero is special in that exit policies can include it, but it's not
# something that we can match against
rule = ExitPolicyRule("reject *:*")
self.assertRaises(ValueError, rule.is_match, "127.0.0.1", 0)
def test_is_match_ipv4(self):
test_inputs = {
"reject 192.168.0.50:*": {
("192.168.0.50", 80): True,
("192.168.0.51", 80): False,
("192.168.0.49", 80): False,
(None, 80, False): True,
(None, 80, True): False,
("192.168.0.50", None): True,
},
"reject 0.0.0.0/24:*": {
("0.0.0.0", 80): True,
("0.0.0.1", 80): True,
("0.0.0.255", 80): True,
("0.0.1.0", 80): False,
("0.1.0.0", 80): False,
("1.0.0.0", 80): False,
(None, 80, False): True,
(None, 80, True): False,
("0.0.0.0", None): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEquals(expected_result, rule.is_match(*match_args))
def test_is_match_ipv6(self):
test_inputs = {
"reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]:*": {
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True,
("fe80:0000:0000:0000:0202:b3ff:fe1e:8329", 80): True,
("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8330", 80): False,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8328", 80): False,
(None, 80): False,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", None): True,
},
"reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]/112:*": {
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:0000", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:FFFF", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1F:8329", 80): False,
("FE81:0000:0000:0000:0202:B3FF:FE1E:8329", 80): False,
(None, 80): False,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", None): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEquals(expected_result, rule.is_match(*match_args))
def test_is_match_ipv4(self):
test_inputs = {
"reject 192.168.0.50:*": {
("192.168.0.50", 80): True,
("192.168.0.51", 80): False,
("192.168.0.49", 80): False,
(None, 80): False,
("192.168.0.50", None): True,
},
"reject 0.0.0.0/24:*": {
("0.0.0.0", 80): True,
("0.0.0.1", 80): True,
("0.0.0.255", 80): True,
("0.0.1.0", 80): False,
("0.1.0.0", 80): False,
("1.0.0.0", 80): False,
(None, 80): False,
("0.0.0.0", None): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEquals(expected_result, rule.is_match(*match_args))
def test_is_match_wildcard(self):
test_inputs = {
"reject *:*": {
("192.168.0.1", 80): True,
("0.0.0.0", 80): True,
("255.255.255.255", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True,
("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): True,
("192.168.0.1", None): True,
(None, 80): True,
(None, None): True,
},
"reject 255.255.255.255/0:*": {
("192.168.0.1", 80): True,
("0.0.0.0", 80): True,
("255.255.255.255", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): False,
("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): False,
("192.168.0.1", None): True,
(None, 80): False,
(None, None): False,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
for match_args, expected_result in matches.items():
self.assertEquals(expected_result, rule.is_match(*match_args))
# port zero is special in that exit policies can include it, but it's not
# something that we can match against
rule = ExitPolicyRule("reject *:*")
self.assertRaises(ValueError, rule.is_match, "127.0.0.1", 0)
def test_ipv6_only_entries(self):
# accept6/reject6 shouldn't match anything when given an ipv4 addresses
rule = ExitPolicyRule('accept6 192.168.0.1/0:*')
self.assertTrue(rule._skip_rule)
self.assertFalse(rule.is_match('192.168.0.1'))
self.assertFalse(rule.is_match('FE80:0000:0000:0000:0202:B3FF:FE1E:8329'))
self.assertFalse(rule.is_match())
rule = ExitPolicyRule('accept6 *4:*')
self.assertTrue(rule._skip_rule)
# wildcards match all ipv6 but *not* ipv4
rule = ExitPolicyRule('accept6 *:*')
self.assertTrue(rule.is_match('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 443))
self.assertFalse(rule.is_match('192.168.0.1', 443))
def test_ipv6_only_entries(self):
# accept6/reject6 shouldn't match anything when given an ipv4 addresses
rule = ExitPolicyRule('accept6 192.168.0.1/0:*')
self.assertTrue(rule._skip_rule)
self.assertFalse(rule.is_match('192.168.0.1'))
self.assertFalse(
rule.is_match('FE80:0000:0000:0000:0202:B3FF:FE1E:8329'))
self.assertFalse(rule.is_match())
rule = ExitPolicyRule('accept6 *4:*')
self.assertTrue(rule._skip_rule)
# wildcards match all ipv6 but *not* ipv4
rule = ExitPolicyRule('accept6 *:*')
self.assertTrue(
rule.is_match('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 443))
self.assertFalse(rule.is_match('192.168.0.1', 443))
def test_is_match_wildcard(self):
test_inputs = {
'reject *:*': {
('192.168.0.1', 80): True,
('0.0.0.0', 80): True,
('255.255.255.255', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): True,
('192.168.0.1', None): True,
(None, 80, False): True,
(None, 80, True): True,
(None, None, False): True,
(None, None, True): True,
},
'reject 255.255.255.255/0:*': {
('192.168.0.1', 80): True,
('0.0.0.0', 80): True,
('255.255.255.255', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False,
('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): False,
('192.168.0.1', None): True,
(None, 80, False): False,
(None, 80, True): True,
(None, None, False): False,
(None, None, True): True,
},
'reject *4:*': {
('192.168.0.1', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False,
},
'reject *6:*': {
('192.168.0.1', 80): False,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
rule._submask_wildcard = False
for match_args, expected_result in matches.items():
self.assertEqual(expected_result, rule.is_match(*match_args))
# port zero is special in that exit policies can include it, but it's not
# something that we can match against
rule = ExitPolicyRule('reject *:*')
self.assertRaises(ValueError, rule.is_match, '127.0.0.1', 0)
def test_is_match_wildcard(self):
test_inputs = {
'reject *:*': {
('192.168.0.1', 80): True,
('0.0.0.0', 80): True,
('255.255.255.255', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): True,
('192.168.0.1', None): True,
(None, 80, False): True,
(None, 80, True): True,
(None, None, False): True,
(None, None, True): True,
},
'reject 255.255.255.255/0:*': {
('192.168.0.1', 80): True,
('0.0.0.0', 80): True,
('255.255.255.255', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False,
('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): False,
('192.168.0.1', None): True,
(None, 80, False): False,
(None, 80, True): True,
(None, None, False): False,
(None, None, True): True,
},
'reject *4:*': {
('192.168.0.1', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False,
},
'reject *6:*': {
('192.168.0.1', 80): False,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
rule._submask_wildcard = False
for match_args, expected_result in matches.items():
self.assertEqual(expected_result, rule.is_match(*match_args))
# port zero is special in that exit policies can include it, but it's not
# something that we can match against
rule = ExitPolicyRule('reject *:*')
self.assertRaises(ValueError, rule.is_match, '127.0.0.1', 0)
