def test_alias_from_hosts(self):
# Straight from hosts.ini
self.assertItemsEqual(self.ctxt.get_alias('rfc1918'),
[ipaddr.IPv4Network("10.0.0.0/8"),
ipaddr.IPv4Network("172.16.0.0/12"),
ipaddr.IPv4Network("192.168.0.0/16")])
# From imported file:
self.assertItemsEqual(self.ctxt.get_alias('testing'),
[ipaddr.IPv4Network("1.2.3.4/32"),
ipaddr.IPv6Network("::23/128")])
def test_multiple_ip_addresses(self):
# IPv4
ips = m.string_to_ips("127.0.0.1;127.0.0.2;192.168.0.23")
self.assertItemsEqual(ips, [ipaddr.IPv4Network("127.0.0.1/32"),
ipaddr.IPv4Network("127.0.0.2/32"),
ipaddr.IPv4Network("192.168.0.23/32")])
# IPv6
ips = m.string_to_ips("fe80:2342:abcd:ff12:1016:8f7f:fe80:c9a;248f::1234;::dead:beef")
self.assertItemsEqual(ips, [ipaddr.IPv6Network("fe80:2342:abcd:ff12:1016:8f7f:fe80:c9a/128"),
ipaddr.IPv6Network("248f::1234/128"),
ipaddr.IPv6Network("::dead:beef/128")])
def test_comma_notation(self):
# IPv4
ips = m.string_to_ips("172.17.0.1,5,8")
self.assertItemsEqual(ips, [ipaddr.IPv4Network("172.17.0.1/32"),
ipaddr.IPv4Network("172.17.0.5/32"),
ipaddr.IPv4Network("172.17.0.8/32")])
# IPv6
ips = m.string_to_ips("fe80::23,42,1")
self.assertItemsEqual(ips, [ipaddr.IPv6Network("fe80::23/128"),
ipaddr.IPv6Network("fe80::42/128"),
ipaddr.IPv6Network("fe80::1/128")])
def test_multiple_ip_networks(self):
# IPv4
ips = m.string_to_ips("127.0.0.0/8;192.168.0.0/24;169.168.0.0/16")
self.assertItemsEqual(ips, [ipaddr.IPv4Network("127.0.0.1/8"),
ipaddr.IPv4Network("192.168.0.0/24"),
ipaddr.IPv4Network("169.168.0.0/16")])
# IPv6
ips = m.string_to_ips("fe80::/64;248f::/16;2342:16::/10")
self.assertItemsEqual(ips, [ipaddr.IPv6Network("fe80::/64"),
ipaddr.IPv6Network("248f::/16"),
ipaddr.IPv6Network("2342:16::/10")])
def test_parse(self):
acl = m.ACL.from_string(dedent('''
lan()
domain()
broadcast()
antiSpoof()
update()
IN:
permit ip 23.0.0.0/8 0.0.0.0/0
deny ip 0.0.0.0/0 0.0.0.0/0
OUT:
permit ip 0.0.0.0/0 23.0.0.0/8
deny ip 0.0.0.0/0 0.0.0.0/0
'''))
self.assertEqual(
acl.get_rules('in'),
[m.Rule('permit', m.Filter(['ip'], [ipaddr.IPv4Network('23.0.0.0/8')],
[ipaddr.IPv4Network('0.0.0.0/0')])),
m.Rule('deny', m.Filter(['ip'], [ipaddr.IPv4Network('0.0.0.0/0')],
[ipaddr.IPv4Network('0.0.0.0/0')]))])
self.assertEqual(
acl.get_rules('out'),
[m.Rule('permit', m.Filter(['ip'], [ipaddr.IPv4Network('0.0.0.0/0')],
[ipaddr.IPv4Network('23.0.0.0/8')])),
m.Rule('deny', m.Filter(['ip'], [ipaddr.IPv4Network('0.0.0.0/0')],
[ipaddr.IPv4Network('0.0.0.0/0')]))])
self.assertEqual(acl.macros,
[m.MacroCall('lan'), m.MacroCall('domain'), m.MacroCall('broadcast'),
m.MacroCall('antiSpoof'), m.MacroCall('update')])
def test_alias_set_and_get(self):
# IPv4
self.ctxt2.set_alias('fooo', '131.188.10.0/24')
self.ctxt2.set_alias('fooo', '131.188.11.0/24')
self.assertItemsEqual(self.ctxt2.get_alias('fooo'),
[ipaddr.IPv4Network("131.188.10.0/24"),
ipaddr.IPv4Network("131.188.11.0/24")])
# IPv6
self.ctxt2.set_alias('fooo', 'fe80::/64')
self.ctxt2.set_alias('fooo', 'fe81::1/128')
self.assertItemsEqual(self.ctxt2.get_alias('fooo', 'ipv6'),
[ipaddr.IPv6Network("fe80::/64"),
ipaddr.IPv6Network("fe81::1/128")])
def test_alias_local(self):
# Check for import from VLANs
self.assertItemsEqual(self.ctxt.get_alias('local'),
[ipaddr.IPv4Network("42.42.42.0/24"),
ipaddr.IPv6Network('2001:638:a000:42::/64')])
self.assertItemsEqual(self.ctxt.get_alias('local', 'ipv4'),
[ipaddr.IPv4Network("42.42.42.0/24")])
self.assertItemsEqual(self.ctxt.get_alias('local', 'ipv6'),
[ipaddr.IPv6Network('2001:638:a000:42::/64')])
# Also check if TNETs gets imported
self.assertItemsEqual(self.ctxt2.get_alias('local'),
[ipaddr.IPv4Network("10.0.5.0/24"),
ipaddr.IPv4Network('42.42.100.0/30')])
def test_simple_ip_network(self):
# IPv4
ips = m.string_to_ips("127.0.0.0/8")
self.assertItemsEqual(ips, [ipaddr.IPv4Network("127.0.0.0/8")])
# IPv6
ips = m.string_to_ips("fe80::/64")
self.assertItemsEqual(ips, [ipaddr.IPv6Network("fe80::/64")])
def test_simple_ip_address(self):
# IPv4
ips = m.string_to_ips("127.0.0.1")
self.assertItemsEqual(ips, [ipaddr.IPv4Network("127.0.0.1/32")])
# IPv6
ips = m.string_to_ips("fe80:2342:abcd:ff12:1016:8f7f:fe80:c9a")
self.assertItemsEqual(ips, [ipaddr.IPv6Network("fe80:2342:abcd:ff12:1016:8f7f:fe80:c9a/128")])
def test_overlapping(self):
# IPv4
ips = m.string_to_ips("0.0.0.0/0;192.168.0.0/24;169.168.0.0/16;127.0.0.1")
self.assertItemsEqual(ips, [ipaddr.IPv4Network("0.0.0.0/0")])
# IPv6
ips = m.string_to_ips("::/0;fe80::/64;248f::/16;2342:16::/10;" + \
"fe80:2342:abcd:ff12:1016:8f7f:fe80:c9a")
self.assertItemsEqual(ips, [ipaddr.IPv6Network("::/0")])
def test_parser(self):
self.assertEqual(
m.Rule('permit',
m.Filter(
['ip'],
[ipaddr.IPv4Network('127.0.0.0/8')],
[ipaddr.IPv4Network('255.255.255.255/32')])),
m.Rule.from_string('permit ip 127.0.0.0/8 255.255.255.255'))
self.assertEqual(
m.Rule('deny',
m.Filter(
['tcp'],
sources=[ipaddr.IPv4Network('127.0.0.0/8')],
destinations=[ipaddr.IPv4Network('255.255.255.255/32')],
sports=m.Ports("80"),
dports=m.Ports("23")),
extensions=['established']),
m.Rule.from_string('deny tcp 127.0.0.0/8 80 255.255.255.255 23 established'))
def test_parser(self):
self.assertEqual(
m.Filter(['tcp', 'udp'], [ipaddr.IPv4Network('127.0.0.0/8')],
[ipaddr.IPv4Network('255.255.255.255/32')],
sports=m.Ports("80"), dports=m.Ports("23")),
m.Filter.from_string('tcp,udp 127.0.0.0/8 80 255.255.255.255 23'))
def test_alias_any(self):
self.assertItemsEqual(self.ctxt.get_alias('any'),
[ipaddr.IPv4Network("0.0.0.0/0"),
ipaddr.IPv6Network('::1/0')])