Пример #1
0
def main():
    # TODO(robankeny): Lets move this to gflags
    usage = 'usage: %prog [options] arg'
    _parser = OptionParser(usage)
    _parser.add_option('--definitions-directory',
                       dest='definitions',
                       help='definitions directory',
                       default='./def')
    _parser.add_option('-p',
                       '--policy-file',
                       dest='pol',
                       help='policy file',
                       default='./policies/sample.pol')
    _parser.add_option('-d',
                       '--destination',
                       dest='dst',
                       help='destination IP',
                       default='200.1.1.1')
    _parser.add_option('-s',
                       '--source',
                       dest='src',
                       help='source IP',
                       default='any')
    _parser.add_option('--proto',
                       '--protocol',
                       dest='proto',
                       help='Protocol (tcp, udp, icmp, etc.)',
                       default='tcp')
    _parser.add_option('--dport',
                       '--destination-port',
                       dest='dport',
                       help='destination port',
                       default='80')
    _parser.add_option('--sport',
                       '--source-port',
                       dest='sport',
                       help='source port',
                       default='1025')
    (FLAGS, unused_args) = _parser.parse_args()

    defs = naming.Naming(FLAGS.definitions)
    policy_obj = policy.ParsePolicy(open(FLAGS.pol).read(), defs)
    check = aclcheck.AclCheck(policy_obj,
                              src=FLAGS.src,
                              dst=FLAGS.dst,
                              sport=FLAGS.sport,
                              dport=FLAGS.dport,
                              proto=FLAGS.proto)
    print(str(check))
Пример #2
0
    def testAclCheck(self):
        srcip = '172.16.1.1'
        dstip = '10.2.2.10'
        sport = '10000'
        dport = '22'
        proto = 'tcp'
        check = aclcheck.AclCheck(self.pol,
                                  src=srcip,
                                  dst=dstip,
                                  sport=sport,
                                  dport=dport,
                                  proto=proto)
        matches = check.Matches()
        # Check correct number of matches
        self.assertEqual(len(matches), 3)

        # Check correct actions
        self.assertEqual(matches[0].action, 'next')  # term-1
        self.assertEqual(matches[1].action, 'accept')  # term-2
        self.assertEqual(matches[2].action, 'accept')  # term-3

        # Check for correct 'possibles'
        self.assertEqual(matches[0].possibles, [])  # term-1
        self.assertEqual(
            matches[1].possibles,
            ['first-frag', 'frag-offset', 'packet-length', 'tcp-est'
             ])  # term-2
        self.assertEqual(matches[2].possibles, [])  # term-3

        # Check which term names match
        self.assertEqual(matches[0].term, 'term-1')
        self.assertEqual(matches[1].term, 'term-2')
        self.assertEqual(matches[2].term, 'term-3')
        # term-4 should never match
        self.failIf('term-4' in str(matches))
        self.failIf('term-5' in str(matches))
Пример #3
0
 def testExactMatches(self):
     check = aclcheck.AclCheck(self.pol, '172.16.1.1', '10.1.1.1', '1025',
                               '22', 'tcp')
     matches = check.ExactMatches()
     self.assertEqual(len(matches), 1)