def testSafeCollapsing(self):
test_data = [([nacaddr.IPv4('10.0.0.0/8'),
nacaddr.IPv4('10.0.0.0/10')],
[nacaddr.IPv4('10.0.0.0/9')],
[nacaddr.IPv4('10.0.0.0/8'),
nacaddr.IPv4('10.0.0.0/10')]),
([nacaddr.IPv4('192.168.0.0/27'),
nacaddr.IPv4('192.168.0.0/24')],
[nacaddr.IPv4('192.168.1.0/24')],
[nacaddr.IPv4('192.168.0.0/24')]),
([nacaddr.IPv6('10::/56'),
nacaddr.IPv6('10::/128')],
[nacaddr.IPv6('10::/64')],
[nacaddr.IPv6('10::/56'),
nacaddr.IPv6('10::/128')]),
([nacaddr.IPv6('10::/128'),
nacaddr.IPv6('10::/56')],
[nacaddr.IPv6('8::/64')],
[nacaddr.IPv6('10::/56')])
]
for addresses, complement_addresses, result in test_data:
self.assertEqual(nacaddr.CollapseAddrList(addresses,
complement_addresses), result)
def testAddressCleanupCorrect(self):
unoptimized_addr = [nacaddr.IPv4('10.16.128.6/32', token='FOO'),
nacaddr.IPv4('10.16.128.7/32', token='BAR')]
self.naming.GetNetAddr.return_value = unoptimized_addr
pol = policy.ParsePolicy(HEADER + GOOD_TERM_2, self.naming)
term = pol.filters[0][1][0]
self.assertEqual(nacaddr.CollapseAddrList(unoptimized_addr),
term.source_address)
pol = policy.ParsePolicy(HEADER_SRX + GOOD_TERM_2, self.naming)
term = pol.filters[0][1][0]
self.assertEqual(nacaddr.CollapseAddrListPreserveTokens(unoptimized_addr),
term.source_address)
def testCollapsing(self):
ip1 = nacaddr.IPv4('1.1.0.0/24', 'foo')
ip2 = nacaddr.IPv4('1.1.1.0/24', 'foo')
ip3 = nacaddr.IPv4('1.1.2.0/24', 'baz')
ip4 = nacaddr.IPv4('1.1.3.0/24')
ip5 = nacaddr.IPv4('1.1.4.0/24')
# stored in no particular order b/c we want CollapseAddr to call [].sort
# and we want that sort to call nacaddr.IP.__cmp__() on our array members
ip6 = nacaddr.IPv4('1.1.0.0/22')
# check that addreses are subsumed properlly.
collapsed = nacaddr.CollapseAddrList([ip1, ip2, ip3, ip4, ip5, ip6])
self.assertEqual(len(collapsed), 2)
# test that the comments are collapsed properlly, and that comments aren't
# added to addresses that have no comments.
self.assertListEqual([collapsed[0].text, collapsed[1].text],
['foo, baz', ''])
self.assertListEqual(
collapsed,
[nacaddr.IPv4('1.1.0.0/22'),
nacaddr.IPv4('1.1.4.0/24')])
# test that two addresses are supernet'ed properlly
collapsed = nacaddr.CollapseAddrList([ip1, ip2])
self.assertEqual(len(collapsed), 1)
self.assertEqual(collapsed[0].text, 'foo')
self.assertListEqual(collapsed, [nacaddr.IPv4('1.1.0.0/23')])
ip_same1 = ip_same2 = nacaddr.IPv4('1.1.1.1/32')
self.assertListEqual(nacaddr.CollapseAddrList([ip_same1, ip_same2]),
[ip_same1])
ip1 = nacaddr.IPv6('::2001:1/100')
ip2 = nacaddr.IPv6('::2002:1/120')
ip3 = nacaddr.IPv6('::2001:1/96')
# test that ipv6 addresses are subsumed properlly.
collapsed = nacaddr.CollapseAddrList([ip1, ip2, ip3])
self.assertListEqual(collapsed, [ip3])
def testOptimizedConsistency(self):
pol = HEADER + GOOD_TERM_2 + GOOD_TERM_3
unoptimized_addr = [nacaddr.IPv4('10.16.128.6/32'),
nacaddr.IPv4('10.16.128.7/32')]
optimized_addr = nacaddr.CollapseAddrList(unoptimized_addr)
self.naming.GetNetAddr.return_value = unoptimized_addr
self.naming.GetServiceByProto.return_value = ['25']
ret_unoptimized = policy.ParsePolicy(pol, self.naming, optimize=False)
self.assertFalse(policy._OPTIMIZE)
ret_optimized = policy.ParsePolicy(pol, self.naming)
self.assertTrue(policy._OPTIMIZE)
for _, terms in ret_unoptimized.filters:
for term in terms:
self.assertEqual(unoptimized_addr, term.source_address)
for _, terms in ret_optimized.filters:
for term in terms:
self.assertEqual(optimized_addr, term.source_address)
def Summarize(nets):
"""Summarizes networks while allowing for discontinuous subnet mask.
Args:
nets: list of nacaddr.IPv4 or nacaddr.IPv6 objects.
Address family can be mixed, however there is no support for rendering
anything other than IPv4.
Returns:
sorted list of DSMIPNet objects.
"""
result = []
optimized_nets = nacaddr.CollapseAddrList(nets)
nets_by_netmask = collections.defaultdict(list)
# group nets by subnet mask
for net in optimized_nets:
nets_by_netmask[net.prefixlen].append(_NacaddrNetToDSMNet(net))
for nets in nets_by_netmask.values():
result.extend(_SummarizeSameMask(nets))
return sorted(result)
def _GenerateAddressBook(self):
"""Creates address book."""
target = IndentList(self.INDENT)
# create address books if address-book-type set to global
if self._GLOBAL_ADDR_BOOK in self.addr_book_type:
global_address_book = collections.defaultdict(list)
target.IndentAppend(1, 'replace: address-book {')
target.IndentAppend(2, 'global {')
for zone in self.addressbook:
for group in self.addressbook[zone]:
for address in self.addressbook[zone][group]:
global_address_book[group].append(address)
names = sorted(global_address_book.keys())
for name in names:
counter = 0
ips = nacaddr.SortAddrList(global_address_book[name])
ips = nacaddr.CollapseAddrList(ips)
global_address_book[name] = ips
for ip in ips:
target.IndentAppend(
4, 'address ' + name + '_' + str(counter) + ' ' +
str(ip) + ';')
counter += 1
for group in sorted(global_address_book.keys()):
target.IndentAppend(4, 'address-set ' + group + ' {')
counter = 0
for unused_addr in global_address_book[group]:
target.IndentAppend(
5, 'address ' + group + '_' + str(counter) + ';')
counter += 1
target.IndentAppend(4, '}')
target.IndentAppend(2, '}')
target.IndentAppend(1, '}')
else:
target.IndentAppend(1, 'zones {')
for zone in self.addressbook:
target.IndentAppend(2, 'security-zone ' + zone + ' {')
target.IndentAppend(3, 'replace: address-book {')
# building individual addresses
groups = sorted(self.addressbook[zone])
for group in groups:
ips = nacaddr.SortAddrList(self.addressbook[zone][group])
ips = nacaddr.CollapseAddrList(ips)
self.addressbook[zone][group] = ips
count = 0
for address in self.addressbook[zone][group]:
target.IndentAppend(
4, 'address ' + group + '_' + str(count) + ' ' +
str(address) + ';')
count += 1
# building address-sets
for group in groups:
target.IndentAppend(4, 'address-set ' + group + ' {')
count = 0
for address in self.addressbook[zone][group]:
target.IndentAppend(
5, 'address ' + group + '_' + str(count) + ';')
count += 1
target.IndentAppend(4, '}')
target.IndentAppend(3, '}')
target.IndentAppend(2, '}')
target.IndentAppend(1, '}')
return target
