def testSafeCollapsing(self): test_data = [([nacaddr.IPv4('10.0.0.0/8'), nacaddr.IPv4('10.0.0.0/10')], [nacaddr.IPv4('10.0.0.0/9')], [nacaddr.IPv4('10.0.0.0/8'), nacaddr.IPv4('10.0.0.0/10')]), ([nacaddr.IPv4('192.168.0.0/27'), nacaddr.IPv4('192.168.0.0/24')], [nacaddr.IPv4('192.168.1.0/24')], [nacaddr.IPv4('192.168.0.0/24')]), ([nacaddr.IPv6('10::/56'), nacaddr.IPv6('10::/128')], [nacaddr.IPv6('10::/64')], [nacaddr.IPv6('10::/56'), nacaddr.IPv6('10::/128')]), ([nacaddr.IPv6('10::/128'), nacaddr.IPv6('10::/56')], [nacaddr.IPv6('8::/64')], [nacaddr.IPv6('10::/56')]) ] for addresses, complement_addresses, result in test_data: self.assertEqual(nacaddr.CollapseAddrList(addresses, complement_addresses), result)
def testAddressCleanupCorrect(self): unoptimized_addr = [nacaddr.IPv4('10.16.128.6/32', token='FOO'), nacaddr.IPv4('10.16.128.7/32', token='BAR')] self.naming.GetNetAddr.return_value = unoptimized_addr pol = policy.ParsePolicy(HEADER + GOOD_TERM_2, self.naming) term = pol.filters[0][1][0] self.assertEqual(nacaddr.CollapseAddrList(unoptimized_addr), term.source_address) pol = policy.ParsePolicy(HEADER_SRX + GOOD_TERM_2, self.naming) term = pol.filters[0][1][0] self.assertEqual(nacaddr.CollapseAddrListPreserveTokens(unoptimized_addr), term.source_address)
def testCollapsing(self): ip1 = nacaddr.IPv4('1.1.0.0/24', 'foo') ip2 = nacaddr.IPv4('1.1.1.0/24', 'foo') ip3 = nacaddr.IPv4('1.1.2.0/24', 'baz') ip4 = nacaddr.IPv4('1.1.3.0/24') ip5 = nacaddr.IPv4('1.1.4.0/24') # stored in no particular order b/c we want CollapseAddr to call [].sort # and we want that sort to call nacaddr.IP.__cmp__() on our array members ip6 = nacaddr.IPv4('1.1.0.0/22') # check that addreses are subsumed properlly. collapsed = nacaddr.CollapseAddrList([ip1, ip2, ip3, ip4, ip5, ip6]) self.assertEqual(len(collapsed), 2) # test that the comments are collapsed properlly, and that comments aren't # added to addresses that have no comments. self.assertListEqual([collapsed[0].text, collapsed[1].text], ['foo, baz', '']) self.assertListEqual( collapsed, [nacaddr.IPv4('1.1.0.0/22'), nacaddr.IPv4('1.1.4.0/24')]) # test that two addresses are supernet'ed properlly collapsed = nacaddr.CollapseAddrList([ip1, ip2]) self.assertEqual(len(collapsed), 1) self.assertEqual(collapsed[0].text, 'foo') self.assertListEqual(collapsed, [nacaddr.IPv4('1.1.0.0/23')]) ip_same1 = ip_same2 = nacaddr.IPv4('1.1.1.1/32') self.assertListEqual(nacaddr.CollapseAddrList([ip_same1, ip_same2]), [ip_same1]) ip1 = nacaddr.IPv6('::2001:1/100') ip2 = nacaddr.IPv6('::2002:1/120') ip3 = nacaddr.IPv6('::2001:1/96') # test that ipv6 addresses are subsumed properlly. collapsed = nacaddr.CollapseAddrList([ip1, ip2, ip3]) self.assertListEqual(collapsed, [ip3])
def testOptimizedConsistency(self): pol = HEADER + GOOD_TERM_2 + GOOD_TERM_3 unoptimized_addr = [nacaddr.IPv4('10.16.128.6/32'), nacaddr.IPv4('10.16.128.7/32')] optimized_addr = nacaddr.CollapseAddrList(unoptimized_addr) self.naming.GetNetAddr.return_value = unoptimized_addr self.naming.GetServiceByProto.return_value = ['25'] ret_unoptimized = policy.ParsePolicy(pol, self.naming, optimize=False) self.assertFalse(policy._OPTIMIZE) ret_optimized = policy.ParsePolicy(pol, self.naming) self.assertTrue(policy._OPTIMIZE) for _, terms in ret_unoptimized.filters: for term in terms: self.assertEqual(unoptimized_addr, term.source_address) for _, terms in ret_optimized.filters: for term in terms: self.assertEqual(optimized_addr, term.source_address)
def Summarize(nets): """Summarizes networks while allowing for discontinuous subnet mask. Args: nets: list of nacaddr.IPv4 or nacaddr.IPv6 objects. Address family can be mixed, however there is no support for rendering anything other than IPv4. Returns: sorted list of DSMIPNet objects. """ result = [] optimized_nets = nacaddr.CollapseAddrList(nets) nets_by_netmask = collections.defaultdict(list) # group nets by subnet mask for net in optimized_nets: nets_by_netmask[net.prefixlen].append(_NacaddrNetToDSMNet(net)) for nets in nets_by_netmask.values(): result.extend(_SummarizeSameMask(nets)) return sorted(result)
def _GenerateAddressBook(self): """Creates address book.""" target = IndentList(self.INDENT) # create address books if address-book-type set to global if self._GLOBAL_ADDR_BOOK in self.addr_book_type: global_address_book = collections.defaultdict(list) target.IndentAppend(1, 'replace: address-book {') target.IndentAppend(2, 'global {') for zone in self.addressbook: for group in self.addressbook[zone]: for address in self.addressbook[zone][group]: global_address_book[group].append(address) names = sorted(global_address_book.keys()) for name in names: counter = 0 ips = nacaddr.SortAddrList(global_address_book[name]) ips = nacaddr.CollapseAddrList(ips) global_address_book[name] = ips for ip in ips: target.IndentAppend( 4, 'address ' + name + '_' + str(counter) + ' ' + str(ip) + ';') counter += 1 for group in sorted(global_address_book.keys()): target.IndentAppend(4, 'address-set ' + group + ' {') counter = 0 for unused_addr in global_address_book[group]: target.IndentAppend( 5, 'address ' + group + '_' + str(counter) + ';') counter += 1 target.IndentAppend(4, '}') target.IndentAppend(2, '}') target.IndentAppend(1, '}') else: target.IndentAppend(1, 'zones {') for zone in self.addressbook: target.IndentAppend(2, 'security-zone ' + zone + ' {') target.IndentAppend(3, 'replace: address-book {') # building individual addresses groups = sorted(self.addressbook[zone]) for group in groups: ips = nacaddr.SortAddrList(self.addressbook[zone][group]) ips = nacaddr.CollapseAddrList(ips) self.addressbook[zone][group] = ips count = 0 for address in self.addressbook[zone][group]: target.IndentAppend( 4, 'address ' + group + '_' + str(count) + ' ' + str(address) + ';') count += 1 # building address-sets for group in groups: target.IndentAppend(4, 'address-set ' + group + ' {') count = 0 for address in self.addressbook[zone][group]: target.IndentAppend( 5, 'address ' + group + '_' + str(count) + ';') count += 1 target.IndentAppend(4, '}') target.IndentAppend(3, '}') target.IndentAppend(2, '}') target.IndentAppend(1, '}') return target