def handle_src_nat_ip():
global src_nat_ip
append_list = src_nat_ip
for policy in absorbdict.policy_dict:
if policy.get('src') is not None and policy.get(
'src_nat_ip') is not None:
data = str(policy['src_nat_ip'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy.get('src') is not None and policy.get(
'dip_num') is not None:
for dip_c in absorbdict.dip_dict:
if policy.get('dip_num') == dip_c['dip_num']:
data = str(dip_c['start_ip'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy.get('src') is not None:
if policy.get('dst') is not None:
handle_src_and_dst_nat(policy, append_list)
else:
for if_zone in absorbdict.if_zone_dict:
if policy['dst_zone'] == if_zone['zone_name']:
dst_if = if_zone['if_name']
handle_src_nat_ip_is_dst_fw(policy, append_list,
dst_if)
else:
handle_nat_if(policy, append_list)
if not flag:
data = str("")
multiple.handle_multiple_ip(policy, append_list, data)
def handle_implicit_any_ip(policy):
global network_address_list
dst_ip_list = []
for pre_policy in absorbdict.policy_dict:
if policy['src_zone'] == pre_policy['src_zone'] and policy[
'dst_zone'] == pre_policy['dst_zone']:
if len(absorbdict.group_address_dict) >= 2:
flag = False
for group_address_c in absorbdict.group_address_dict:
if pre_policy['dst_ip'] == group_address_c['group_name']:
flag = True
dst_ip_list += [group_address_c['address_name']]
continue
else:
if not flag:
dst_ip_list += [pre_policy['dst_ip']]
elif pre_policy['dst_ip'] == '"Any"':
continue
else:
dst_ip_list += [pre_policy['dst_ip']]
continue
elif policy['policy_id'] == pre_policy['policy_id']:
pass
else:
dst_zone = policy['dst_zone']
# dst_zoneがif_zoneで使用されていないことも想定する
# TODO:スキップしないようにする
dst_if_route_network_range(policy, dst_zone)
if dst_ip_list != []:
exclude_dst_ip_list_from_route_network(dst_ip_list, route_network)
define_scope_ip(policy, network_address_list)
else:
append_list = dst_ip
data = str("NaN")
print(
'%sから%sへのポリシーはpolicy_id = %sより前に存在しません' %
(policy['src_zone'], policy['dst_zone'], policy['policy_id']))
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
def handle_implicit_any_ip(policy):
global network_address_list
src_ip_list = []
for pre_policy in absorbdict.policy_dict:
if policy['src_zone'] == pre_policy['src_zone'] and policy[
'dst_zone'] == pre_policy['dst_zone']:
if len(absorbdict.group_address_dict) >= 2:
flag = False
for group_address_c in absorbdict.group_address_dict:
if pre_policy['src_ip'] == group_address_c['group_name']:
flag = True
src_ip_list += [group_address_c['address_name']]
continue
else:
if not flag:
src_ip_list += [pre_policy['src_ip']]
elif pre_policy['src_ip'] == '"Any"':
continue
else:
src_ip_list += [pre_policy['src_ip']]
continue
elif policy['policy_id'] == pre_policy['policy_id']:
pass
else:
src_zone = policy['src_zone']
# src_zoneがif_zoneで使用されていないこと(route_networkが返ってこないこと)も想定する
src_if_route_network_range(src_zone)
if src_ip_list != []:
exclude_network_range(src_ip_list, route_network)
define_scope_ip(policy, network_address_list)
else:
append_list = src_ip
data = str("NaN")
print(policy['src_zone'] + 'から' + policy['dst_zone'] + 'へのポリシーは' +
'policy_id =' + policy['policy_id'] + 'より前に存在しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
def handle_protocol_udp():
global protocol_udp
append_list = protocol_udp
for policy in absorbdict.policy_dict:
if policy['protocol'] == '"ANY"':
data = str("udp")
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"PING"' or policy['protocol'] == '"ICMP-ANY"':
data = str("")
multiple.handle_multiple_ip(policy, append_list, data)
else:
flag = False
for service_c in absorbdict.service_dict:
if policy['protocol'] == service_c['service_name'] and service_c['protocol_name'] == "udp":
flag = True
data = str("udp")
multiple.handle_multiple_ip(policy, append_list, data)
else:
if not flag:
data = str("udp")
multiple.handle_multiple_ip(policy, append_list, data)
def handle_protocol_udp():
global protocol_udp
append_list = protocol_udp
for policy in absorbdict.policy_dict:
if policy['protocol'] == '"ANY"':
data = str("udp")
multiple.handle_multiple_ip(policy, append_list, data) #715
elif policy['protocol'] == '"PING"' or policy[
'protocol'] == '"ICMP-ANY"':
data = str("")
multiple.handle_multiple_ip(policy, append_list, data) #6
else:
data = str("udp")
multiple.handle_multiple_ip(policy, append_list, data) #2627
def handle_dst_nat_ip():
global dst_nat_ip
append_list = dst_nat_ip
for policy in absorbdict.policy_dict:
if policy.get('dst_nat_ip') is not None:
for address_c in absorbdict.address_dict:
if policy['dst_ip'] == address_c['address_name']:
data = str(address_c['ip_address'])
multiple.handle_multiple_ip(policy, append_list, data)
break
elif 'MIP' in policy['dst_ip']:
for mip_c in absorbdict.mip_dict:
if policy['dst_ip'].strip(')"').split(
'(')[1] == mip_c['private_ip']:
data = str(mip_c['private_ip'])
multiple.handle_multiple_ip(policy, append_list, data)
break
else:
data = str("")
multiple.handle_multiple_ip(policy, append_list, data)
def handle_src_fw():
global src_fw
append_list = src_fw
for policy in absorbdict.policy_dict:
for if_zone in absorbdict.if_zone_dict:
if "VIP" in policy['src_ip']:
for vip_c in absorbdict.vip_dict:
if policy['src_ip'].strip(')"').split(
'(')[1] == vip_c['global_ip']:
longest_match = {}
for if_ip_c in absorbdict.route_dict:
if ipaddress.ip_address(
vip_c['private_ip']
) in ipaddress.ip_network(
if_ip_c['network_address'], strict=False):
a = {
if_ip_c['if_name']:
if_ip_c['network_address'].split('/')[1]
}
longest_match.update(a)
else:
continue
max_keys = max(longest_match, key=longest_match.get)
src_if = []
src_if += [max_keys]
for src_if_c in src_if:
for if_ip_c in absorbdict.if_ip_dict:
if src_if_c.replace(
'"', '') == if_ip_c['if_name'].replace(
'"', ''):
data = str(
if_ip_c['ip_address'].split('/')[0])
multiple.handle_multiple_ip(
policy, append_list, data)
break
elif policy['src_ip'].strip(')"').split(
'(')[1] == vip_c['if_name'] and vip_c[
'global_ip'] == "interface-ip":
src_if = []
src_if += [policy['src_ip'].strip(')"').split('(')[1]]
for src_if_c in src_if:
for if_ip_c in absorbdict.if_ip_dict:
if src_if_c.replace(
'"', '') == if_ip_c['if_name'].replace(
'"', ''):
data = str(
if_ip_c['ip_address'].split('/')[0])
multiple.handle_multiple_ip(
policy, append_list, data)
break
break
break
elif policy['src_zone'] == if_zone['zone_name']:
src_if = []
src_if += [if_zone['if_name']]
for src_if_c in src_if:
for if_ip_c in absorbdict.if_ip_dict:
if src_if_c.replace('"',
'') == if_ip_c['if_name'].replace(
'"', ''):
data = str(if_ip_c['ip_address'].split('/')[0])
multiple.handle_multiple_ip(
policy, append_list, data)
break
else:
flag = False
for if_zone in absorbdict.if_zone_dict:
if policy['src_zone'] == if_zone['zone_name']:
flag = True
break
else:
continue
else:
flag = False
for if_zone in absorbdict.if_zone_dict:
if policy['src_zone'] == if_zone['zone_name']:
flag = True
break
else:
continue
else:
if not flag:
data = str("NaN")
print('送信元ゾーンの' + policy['dst_zone'] +
'が割り当てられたIF,またはそのIFにIPがありません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
def decide_src_fw(policy, append_list, src_if):
for i in absorbdict.ifinfo:
if src_if in i['IF_Name']:
data = str(i['IP'].split('/')[0])
if data != 'None':
multiple.handle_multiple_ip(policy, append_list, data)
def handle_src_nat_ip():
global src_nat_ip
append_list = src_nat_ip
for policy in absorbdict.policy_dict:
if policy.get('src') is not None and policy.get(
'src_nat_ip') is not None:
data = str(policy['src_nat_ip'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy.get('src') is not None and policy.get(
'dip_num') is not None:
for dip_c in absorbdict.dip_dict:
if policy.get('dip_num') == dip_c['dip_num']:
data = str(dip_c['start_ip'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy.get('src') is not None:
if policy.get('dst') is not None:
address = str(policy['dst_nat_ip'])
ip_network = ipaddress.ip_network(
ipaddress.ip_address(address), strict=False)
for route_c in absorbdict.route_dict:
routing_network = ipaddress.ip_network(
route_c['network_address'])
if ip_network.subnet_of(routing_network) is True:
after_dst_if = route_c['if_name']
for if_ip_c in absorbdict.if_ip_dict:
if after_dst_if.replace(
'"', '') == if_ip_c['if_name'].replace(
'"', '') and if_ip_c.get(
'ip_address') is not None:
dst_fw = if_ip_c['ip_address'].split('/')[0]
data = str(dst_fw)
multiple.handle_multiple_ip(
policy, append_list, data)
else:
flag = False
for if_zone in absorbdict.if_zone_dict:
if policy['dst_zone'] == if_zone['zone_name']:
dst_if = if_zone['if_name']
for if_ip_c in absorbdict.if_ip_dict:
if dst_if.replace(
'"', '') == if_ip_c['if_name'].replace(
'"', '') and if_ip_c.get(
'ip_address') is not None:
flag = True
dst_fw = if_ip_c['ip_address'].split('/')[0]
data = str(dst_fw)
multiple.handle_multiple_ip(
policy, append_list, data)
else:
flag = False
for if_zone in absorbdict.if_zone_dict:
if policy['src_zone'] == if_zone['zone_name']:
src_if = if_zone['if_name']
for if_nat_c in absorbdict.if_nat_dict:
if src_if.replace('"',
'') == if_nat_c['if_name'].replace(
'"', ''):
flag = True
for if_zone in absorbdict.if_zone_dict:
if policy['dst_zone'] == if_zone['zone_name']:
dst_if = if_zone['if_name']
for if_ip_c in absorbdict.if_ip_dict:
if dst_if.replace(
'"', ''
) == if_ip_c['if_name'].replace(
'"', ''):
dst_fw = if_ip_c[
'ip_address'].split('/')[0]
data = str(dst_fw)
multiple.handle_multiple_ip(
policy, append_list, data)
else:
# TODO:要修正
if policy['protocol'] == '"NTP"' or policy[
'protocol'] == '"HTTP"':
for address_c in absorbdict.address_dict:
if policy['src_ip'].replace(
'"', ''
) == address_c['address_name'].replace(
'"', ''):
ip_address = address_c['ip_address']
for mip_c in absorbdict.mip_dict:
if ip_address == mip_c['global_ip']:
flag = True
data = str(mip_c['private_ip'])
multiple.handle_multiple_ip(
policy, append_list, data)
else:
if not flag:
data = str("")
multiple.handle_multiple_ip(policy, append_list, data)
def handle_dst_fw():
global dst_fw
append_list = dst_fw
for policy in absorbdict.policy_dict:
flag = False
for i in absorbdict.ifinfo:
if policy.get('dst_nat_ip') is not None:
flag = True
longest_match = {}
for if_ip_c in absorbdict.route_dict:
if ipaddress.ip_address(
policy['dst_nat_ip']) in ipaddress.ip_network(
if_ip_c['network_address'], strict=False):
a = {
if_ip_c['if_name']:
if_ip_c['network_address'].split('/')[1]
}
longest_match.update(a)
max_keys = max(longest_match, key=longest_match.get)
else:
continue
dst_if = max_keys.replace('"', '')
decide_dst_fw(policy, append_list, dst_if)
break
elif "VIP(" in policy['dst_ip']:
flag = True
for vip_c in absorbdict.vip_dict:
if policy['dst_ip'].strip(')"').split(
'(')[1] == vip_c['global_ip']:
longest_match = {}
for if_ip_c in absorbdict.route_dict:
if ipaddress.ip_address(
vip_c['private_ip']
) in ipaddress.ip_network(
if_ip_c['network_address'], strict=False):
a = {
if_ip_c['if_name']:
if_ip_c['network_address'].split('/')[1]
}
longest_match.update(a)
else:
continue
max_keys = max(longest_match, key=longest_match.get)
dst_if = max_keys.replace('"', '')
decide_dst_fw(policy, append_list, dst_if)
break
elif policy['dst_ip'].strip(')"').split(
'(')[1] == vip_c['if_name'] and vip_c[
'global_ip'] == "interface-ip":
dst_if = policy['dst_ip'].strip(')"').split(
'(')[1].replace('"', '')
decide_dst_fw(policy, append_list, dst_if)
break
break
elif policy['dst_zone'] == i['Zone'] and i['IP'] != 'None':
flag = True
dst_if = i['IF_Name']
decide_dst_fw(policy, append_list, dst_if)
else:
if not flag:
#zoneにIPアドレスが設定されていない場合、テストシナリオのdst-fwにzone名を記載する
data = str(policy['dst_zone'])
multiple.handle_multiple_ip(policy, append_list, data)
def handle_description():
global description
append_list = description
for policy in absorbdict.policy_dict:
data = str('policy id =%s' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
def handle_dst_nat_port():
global dst_nat_port
append_list = dst_nat_port
for policy in absorbdict.policy_dict:
if policy.get('dst_nat_port') is not None:
for service_c in absorbdict.service_dict:
if policy['protocol'] == '"FTP"':
data = str("21")
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"HTTP"':
data = str("80")
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"NTP"':
data = str("123")
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"DNS"':
data = str("53")
multiple.handle_multiple_ip(policy, append_list, data)
elif service_c['service_name'] == policy['protocol']:
data = str(service_c['dst_port_num'].split('-')[0])
multiple.handle_multiple_ip(policy, append_list, data)
else:
data = str("")
multiple.handle_multiple_ip(policy, append_list, data)
break
else:
data = str("")
multiple.handle_multiple_ip(policy, append_list, data)
def handle_dst_fw():
global dst_fw
append_list = dst_fw
for policy in absorbdict.policy_dict:
for if_zone_c in absorbdict.if_zone_dict:
if policy.get('dst_nat_ip') is not None:
longest_match = {}
for if_ip_c in absorbdict.route_dict:
if ipaddress.ip_address(
policy['dst_nat_ip']) in ipaddress.ip_network(
if_ip_c['network_address'], strict=False):
a = {
if_ip_c['if_name']:
if_ip_c['network_address'].split('/')[1]
}
longest_match.update(a)
max_keys = max(longest_match, key=longest_match.get)
else:
continue
dst_if = max_keys
for if_ip_c in absorbdict.if_ip_dict:
if dst_if.replace('"', '') == if_ip_c['if_name'].replace(
'"', ''):
data = str(if_ip_c['ip_address'].split('/')[0])
multiple.handle_multiple_ip(policy, append_list, data)
else:
flag = False
for if_zone_c in absorbdict.if_zone_dict:
if policy['dst_zone'] == if_zone_c['zone_name']:
flag = True
else:
continue
break
elif "VIP" in policy['dst_ip']:
for vip_c in absorbdict.vip_dict:
if policy['dst_ip'].strip(')"').split(
'(')[1] == vip_c['global_ip']:
longest_match = {}
for if_ip_c in absorbdict.route_dict:
if ipaddress.ip_address(
vip_c['private_ip']
) in ipaddress.ip_network(
if_ip_c['network_address'], strict=False):
a = {
if_ip_c['if_name']:
if_ip_c['network_address'].split('/')[1]
}
longest_match.update(a)
else:
continue
max_keys = max(longest_match, key=longest_match.get)
dst_if = max_keys
for if_ip_c in absorbdict.if_ip_dict:
if dst_if.replace(
'"',
'') == if_ip_c['if_name'].replace('"', ''):
data = str(if_ip_c['ip_address'].split('/')[0])
multiple.handle_multiple_ip(
policy, append_list, data)
break
elif policy['dst_ip'].strip(')"').split(
'(')[1] == vip_c['if_name'] and vip_c[
'global_ip'] == "interface-ip":
dst_if = policy['dst_ip'].strip(')"').split('(')[1]
for if_ip_c in absorbdict.if_ip_dict:
if dst_if.replace(
'"',
'') == if_ip_c['if_name'].replace('"', ''):
data = str(if_ip_c['ip_address'].split('/')[0])
multiple.handle_multiple_ip(
policy, append_list, data)
break
break
elif policy['dst_zone'] == if_zone_c['zone_name']:
dst_if = if_zone_c['if_name']
for if_ip_c in absorbdict.if_ip_dict:
if dst_if.replace('"', '') == if_ip_c['if_name'].replace(
'"', ''):
data = str(if_ip_c['ip_address'].split('/')[0])
multiple.handle_multiple_ip(policy, append_list, data)
else:
flag = False
for if_zone_c in absorbdict.if_zone_dict:
if policy['dst_zone'] == if_zone_c['zone_name']:
flag = True
else:
flag = False
for if_zone_c in absorbdict.if_zone_dict:
if policy['dst_zone'] == if_zone_c['zone_name']:
flag = True
break
else:
continue
else:
if not flag:
data = str("NaN")
print('宛先ゾーンの%sが割り当てられたIF,またはそのIFにIPがありません' %
policy['dst_zone'])
print('policy_id =%sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
def handle_dst_port_udp():
global dst_port_udp
append_list = dst_port_udp
for policy in absorbdict.policy_dict:
if policy.get('dst_nat_port') is not None:
data = str(policy['dst_nat_port'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"SMTP"':
data = str("NaN")
print('"SMTP"はudpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"SNMP"':
data = str("161") # 162
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"NBDS"':
data = str("138")
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"FTP"':
data = str("21")
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"HTTP"':
data = str("NaN")
print('"HTTP"はudpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"HTTPS"':
data = str("NaN")
print('"HTTPS"はudpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"NTP"':
data = str("123")
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"SYSLOG"':
data = str("514")
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"DNS"':
data = str("53")
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"MAIL"':
data = str("NaN")
print('"MAIL"はudpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"PING"':
data = str("NaN")
print('"PING"はudpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"ANY"':
if policy['src_ip'] == '"Any"' and policy['dst_ip'] == '"Any"':
# TODO:Any Any ANYの時の処理を変更する
data = str("65535")
multiple.handle_multiple_ip(policy, append_list, data)
else:
data = str("53")
multiple.handle_multiple_ip(policy, append_list, data)
else:
for service_c in absorbdict.service_dict:
if service_c['service_name'] == policy[
'protocol'] and service_c['protocol_name'] == "udp":
data = str(service_c['dst_port_num'].split('-')[1])
multiple.handle_multiple_ip(policy, append_list, data)
break
else:
continue
else:
if len(absorbdict.group_service_dict) >= 2:
for group_service_c in absorbdict.group_service_dict:
if group_service_c['group_service_name'] == policy[
'protocol']:
service_name = group_service_c['service_name']
for service_c in absorbdict.service_dict:
if service_c[
'service_name'] == service_name and service_c[
'protocol_name'] == "udp":
data = str(service_c['dst_port_num'].split(
'-')[1])
multiple.handle_multiple_ip(
policy, append_list, data)
break
else:
continue
else:
# TODO:最初のservice_nameにUDPが使用されていなければデフォが入ってしまい次以降でデフォが使用されていると異なる挙動となる
data = str("53")
multiple.handle_multiple_ip(
policy, append_list, data)
break
else:
data = str("NaN")
print('service_nameでudpが使用されていないため出力しませんでした')
print('policy_id = %sの出力をスキップしました' %
policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
else:
data = str("NaN")
print('service_nameでudpが使用されていないため出力しませんでした')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
def handle_dst_port_icmp():
global dst_port_icmp
append_list = dst_port_icmp
for policy in absorbdict.policy_dict:
if policy.get('dst_nat_port') is not None:
data = str(policy['dst_nat_port'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"PING"':
data = str("")
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"SMTP"':
data = str("NaN")
print('"SMTP"はicmpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"SNMP"':
data = str("NaN")
print('"SNMP"はicmpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"NBDS"':
data = str("NaN")
print('"NBDS"はicmpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"FTP"':
data = str("NaN")
print('"FTP"はicmpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"HTTP"':
data = str("NaN")
print('"HTTP"はicmpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"HTTPS"':
data = str("NaN")
print('"HTTPS"はicmpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"NTP"':
data = str("NaN")
print('"NTP"はicmpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"SYSLOG"':
data = str("NaN")
print('"SYSLOG"はicmpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"DNS"':
data = str("NaN")
print('"DNS"はicmpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"MAIL"':
data = str("NaN")
print('"MAIL"はicmpを使用しません')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
elif policy['protocol'] == '"ANY"':
# icmpはdstportが存在しない
data = str("")
multiple.handle_multiple_ip(policy, append_list, data)
else:
for service_c in absorbdict.service_dict:
if service_c['service_name'] == policy[
'protocol'] and service_c['protocol_name'] == "icmp":
data = str(service_c['dst_port_num'].split('-')[1])
multiple.handle_multiple_ip(policy, append_list, data)
break
else:
continue
else:
if len(absorbdict.group_service_dict) >= 2:
service_name = []
for group_service_c in absorbdict.group_service_dict:
if group_service_c['group_service_name'] == policy[
'protocol']:
service_name += group_service_c['service_name']
for service_c in absorbdict.service_dict:
if service_c[
'service_name'] == service_name and service_c[
'protocol_name'] == "icmp":
data = str(service_c['dst_port_num'].split(
'-')[1])
multiple.handle_multiple_ip(
policy, append_list, data)
break
else:
# TODO:最初のservice_nameにICMPが使用されていなければデフォが入ってしまい次以降でデフォが使用されていると異なる挙動となる
data = str("")
multiple.handle_multiple_ip(
policy, append_list, data)
break
else:
data = str("NaN")
print('service_nameでicmpが使用されていないため出力しませんでした')
print('policy_id = %sの出力をスキップしました' %
policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
else:
data = str("NaN")
print('service_nameでicmpが使用されていないため出力しませんでした')
print('policy_id = %sの出力をスキップしました' % policy['policy_id'])
multiple.handle_multiple_ip(policy, append_list, data)
