def cisco(self, src_add, dst_add, service, action):
'''思科ASA策略生成管理函数
'''
builder = CiscoBuilder(src_add, dst_add, service, action)
res = 'cisco ASA command'.center(50, '=') + '\n'
#address group commands
src_groups = set(
[i['group'] for i in builder.src_add if i['group'] != 'None'])
dst_groups = set(
[i['group'] for i in builder.dst_add if i['group'] != 'None'])
for i in list(src_groups) + list(dst_groups):
if i != 'any':
res += builder.make_address(i)
res += '\n'
#service group commands
ser_groups = set(
[i['group'] for i in builder.service if i['group'] != 'None'])
for i in ser_groups:
if i != 'any':
res += builder.make_service(i)
res += '\n'
#判断是否需要定义源地址组
if len(src_groups) == 0:
src = builder.src_add[0]
src = IP(src['add'] + src['mask'])
src.NoPrefixForSingleIp = None
src = src.strNormal(2).replace('/', ' ')
else:
src = src_groups.pop()
if src != 'any': src = 'object-group ' + src
#判断是否需要定义目标地址组
if len(dst_groups) == 0:
dst = builder.dst_add[0]
dst = IP(dst['add'] + dst['mask'])
dst.NoPrefixForSingleIp = None
dst = dst.strNormal(2).replace('/', ' ')
else:
dst = dst_groups.pop()
if dst != 'any': dst = 'object-group ' + dst
#判断是否需要定义服务组
if len(ser_groups) == 0:
service = builder.service[0]
if service['range']:
ser = 'range ' + service['port']
else:
ser = 'eq ' + service['port']
else:
ser = ser_groups.pop()
if ser == 'any':
ser = ''
else:
ser = 'object-group ' + ser
#policy command
res += builder.make_policy(builder.src_add[0]['zone'], action, src,
dst, builder.service[0]['proto'], ser)
self.write_output(res)
def make_address(self, addr):
'''
编写地址
形参:addr 为self.src_add或self.dst_add的元素
返回一条地址编写配置
'''
#range模式编写
if addr['mask'] == 'range':
res = ''
[range_start, range_end] = addr['add'].split(' ')
range_start = range_start.split('.')
range_end = range_end.split('.')
for host in range(int(range_start[3]), int(range_end[3]) + 1):
res += 'set address ' + addr['zone'] + ' ' + '.'.join(
range_start[0:3]) + '.' + str(host) + '/32 '
res += '.'.join(
range_start[0:3]) + '.' + str(host) + ' 255.255.255.255\n'
#孤立地址编写
else:
res = ['set address', addr['zone'], addr['add'] + addr['mask']]
ip_mask = IP(addr['add'] + addr['mask'])
ip_mask.NoPrefixForSingleIp = None
ip_mask = ip_mask.strNormal(2).replace('/', ' ')
res.append(ip_mask)
res = ' '.join(res) + '\n'
return res
def doc(iprange: str, min_prefixlen6: int=0, min_prefixlen4: int=0) -> dict:
"""Convert a human-readable string like '1.2.3.4/24' to a Mongo document.
This converts the address to IPv6 and computes the start/end addresses
of the range. The address, its prefix size, and start and end address,
are returned as a dict.
Addresses are stored as big-endian binary data because MongoDB doesn't
support 128 bits integers.
:param iprange: the IP address and mask size, can be IPv6 or IPv4.
:param min_prefixlen6: if given, causes a ValuError when the mask size
is too low. Note that the mask size is always
evaluated only for IPv6 addresses.
:param min_prefixlen4: if given, causes a ValuError when the mask size
is too low. Note that the mask size is always
evaluated only for IPv4 addresses.
:returns: a dict like: {
'start': b'xxxxx' with the lowest IP address in the range.
'end': b'yyyyy' with the highest IP address in the range.
'human': 'aaaa:bbbb::cc00/120' with the human-readable representation.
'prefix': 120, the prefix length of the netmask in bits.
}
"""
ip = IP(iprange, make_net=True)
prefixlen = ip.prefixlen()
if ip.version() == 4:
if prefixlen < min_prefixlen4:
raise ValueError(f'Prefix length {prefixlen} smaller than allowed {min_prefixlen4}')
ip = ip.v46map()
else:
if prefixlen < min_prefixlen6:
raise ValueError(f'Prefix length {prefixlen} smaller than allowed {min_prefixlen6}')
addr = ip.int()
# Set all address bits to 1 where the mask is 0 to obtain the largest address.
end = addr | (ONES_128 % ip.netmask().int())
# This ensures that even a single host is represented as /128 in the human-readable form.
ip.NoPrefixForSingleIp = False
return {
'start': addr.to_bytes(16, 'big'),
'end': end.to_bytes(16, 'big'),
'human': ip.strCompressed(),
'prefix': ip.prefixlen(),
}
print IP('127.0.0.1').make_net('255.0.0.0')
print '============================================='
print u'IP地址转字符串的几种方式:'
ip5 = IP('10.0.0.0/32')
ip6 = IP('10.0.0.0/24')
ip7 = IP('10.0.0.0')
print ip5.strNormal()
print ip6.strNormal()
print ip6.strNormal(0)
print ip6.strNormal(1)
print ip6.strNormal(2)
print ip6.strNormal(3)
print ip7
ip7.NoPrefixForSingleIp = None
print(ip7)
ip7.WantPrefixLen = 3
print ip7
print '============================================='
print IP('10.0.0.0/22') - IP('10.0.2.0/24')
print IPSet([IP('10.0.0.0/23'), IP('10.0.3.0/24'), IP('10.0.2.0/24')])
s = IPSet([IP('10.0.0.0/22')])
s.add(IP('192.168.1.2'))
print s
s.discard(IP('192.168.1.2'))
print s
def makeprefix(ip):
net = IP(ip, make_net=True)
net.NoPrefixForSingleIp = None
return net
def makeprefix(ip): net = IP(ip, make_net=True) net.NoPrefixForSingleIp = None return net
def makeprefix(ip):
net = IP(ip, make_net=True)
net.NoPrefixForSingleIp = None
#print str(net)
return net
>>> IP('10.0.0.0/32').strNormal()
'10.0.0.0'
>>> IP('10.0.0.0/24').strNormal()
'10.0.0.0/24'
>>> IP('10.0.0.0/24').strNormal(0)
'10.0.0.0'
>>> IP('10.0.0.0/24').strNormal(1)
'10.0.0.0/24'
>>> IP('10.0.0.0/24').strNormal(2)
'10.0.0.0/255.255.255.0'
>>> IP('10.0.0.0/24').strNormal(3)
'10.0.0.0-10.0.0.255'
>>> ip = IP('10.0.0.0')
>>> print(ip)
10.0.0.0
>>> ip.NoPrefixForSingleIp = None
>>> print(ip)
10.0.0.0/32
>>> ip.WantPrefixLen = 3
>>> print(ip)
10.0.0.0-10.0.0.0
Work with multiple networks
Simple addition of neighboring netblocks that can be aggregated will yield a parent network of both, but more complex range mapping and aggregation requires is available with the IPSet class which will hold any number of unique address ranges and will aggregate overlapping ranges.
>>> from IPy import IP, IPSet
>>> IP('10.0.0.0/22') - IP('10.0.2.0/24')
IPSet([IP('10.0.0.0/23'), IP('10.0.3.0/24')])
>>> IPSet([IP('10.0.0.0/23'), IP('10.0.3.0/24'), IP('10.0.2.0/24')])
IPSet([IP('10.0.0.0/22')])
print(err)
print "exiting..."
sys.exit(1)
# process -c option
if args.cidr:
if ip in IP('0.0.0.0/1') and ( ip.int() & 0x00ffffff == 0x00000000 ) and ip.prefixlen() == 32:
ip=ip.make_net(8)
if ip in IP('128.0.0.0/2') and ( ip.int() & 0x0000ffff == 0x00000000 ) and ip.prefixlen() == 32:
ip=ip.make_net(16)
if ip in IP('192.0.0.0/3') and ( ip.int() & 0x000000ff == 0x00000000 ) and ip.prefixlen() == 32:
ip=ip.make_net(24)
# process -h option
if args.host:
ip.NoPrefixForSingleIp = None
s.add(ip) # add the IP into the set, automatically aggregating as necessary
except KeyboardInterrupt: # show usage if user exits w/ CTRL-C
print
parser.print_help()
sys.exit(1)
# send the results to STDOUT
for prefix in s:
if args.ipv4 & (prefix.version() == 4):
print (prefix)
if args.ipv6 & (prefix.version() == 6):
print (prefix)