def test_alias_from_hosts(self): # Straight from hosts.ini self.assertItemsEqual(self.ctxt.get_alias('rfc1918'), [ipaddr.IPv4Network("10.0.0.0/8"), ipaddr.IPv4Network("172.16.0.0/12"), ipaddr.IPv4Network("192.168.0.0/16")]) # From imported file: self.assertItemsEqual(self.ctxt.get_alias('testing'), [ipaddr.IPv4Network("1.2.3.4/32"), ipaddr.IPv6Network("::23/128")])
def test_multiple_ip_addresses(self): # IPv4 ips = m.string_to_ips("127.0.0.1;127.0.0.2;192.168.0.23") self.assertItemsEqual(ips, [ipaddr.IPv4Network("127.0.0.1/32"), ipaddr.IPv4Network("127.0.0.2/32"), ipaddr.IPv4Network("192.168.0.23/32")]) # IPv6 ips = m.string_to_ips("fe80:2342:abcd:ff12:1016:8f7f:fe80:c9a;248f::1234;::dead:beef") self.assertItemsEqual(ips, [ipaddr.IPv6Network("fe80:2342:abcd:ff12:1016:8f7f:fe80:c9a/128"), ipaddr.IPv6Network("248f::1234/128"), ipaddr.IPv6Network("::dead:beef/128")])
def test_comma_notation(self): # IPv4 ips = m.string_to_ips("172.17.0.1,5,8") self.assertItemsEqual(ips, [ipaddr.IPv4Network("172.17.0.1/32"), ipaddr.IPv4Network("172.17.0.5/32"), ipaddr.IPv4Network("172.17.0.8/32")]) # IPv6 ips = m.string_to_ips("fe80::23,42,1") self.assertItemsEqual(ips, [ipaddr.IPv6Network("fe80::23/128"), ipaddr.IPv6Network("fe80::42/128"), ipaddr.IPv6Network("fe80::1/128")])
def test_multiple_ip_networks(self): # IPv4 ips = m.string_to_ips("127.0.0.0/8;192.168.0.0/24;169.168.0.0/16") self.assertItemsEqual(ips, [ipaddr.IPv4Network("127.0.0.1/8"), ipaddr.IPv4Network("192.168.0.0/24"), ipaddr.IPv4Network("169.168.0.0/16")]) # IPv6 ips = m.string_to_ips("fe80::/64;248f::/16;2342:16::/10") self.assertItemsEqual(ips, [ipaddr.IPv6Network("fe80::/64"), ipaddr.IPv6Network("248f::/16"), ipaddr.IPv6Network("2342:16::/10")])
def test_parse(self): acl = m.ACL.from_string(dedent(''' lan() domain() broadcast() antiSpoof() update() IN: permit ip 23.0.0.0/8 0.0.0.0/0 deny ip 0.0.0.0/0 0.0.0.0/0 OUT: permit ip 0.0.0.0/0 23.0.0.0/8 deny ip 0.0.0.0/0 0.0.0.0/0 ''')) self.assertEqual( acl.get_rules('in'), [m.Rule('permit', m.Filter(['ip'], [ipaddr.IPv4Network('23.0.0.0/8')], [ipaddr.IPv4Network('0.0.0.0/0')])), m.Rule('deny', m.Filter(['ip'], [ipaddr.IPv4Network('0.0.0.0/0')], [ipaddr.IPv4Network('0.0.0.0/0')]))]) self.assertEqual( acl.get_rules('out'), [m.Rule('permit', m.Filter(['ip'], [ipaddr.IPv4Network('0.0.0.0/0')], [ipaddr.IPv4Network('23.0.0.0/8')])), m.Rule('deny', m.Filter(['ip'], [ipaddr.IPv4Network('0.0.0.0/0')], [ipaddr.IPv4Network('0.0.0.0/0')]))]) self.assertEqual(acl.macros, [m.MacroCall('lan'), m.MacroCall('domain'), m.MacroCall('broadcast'), m.MacroCall('antiSpoof'), m.MacroCall('update')])
def test_alias_set_and_get(self): # IPv4 self.ctxt2.set_alias('fooo', '131.188.10.0/24') self.ctxt2.set_alias('fooo', '131.188.11.0/24') self.assertItemsEqual(self.ctxt2.get_alias('fooo'), [ipaddr.IPv4Network("131.188.10.0/24"), ipaddr.IPv4Network("131.188.11.0/24")]) # IPv6 self.ctxt2.set_alias('fooo', 'fe80::/64') self.ctxt2.set_alias('fooo', 'fe81::1/128') self.assertItemsEqual(self.ctxt2.get_alias('fooo', 'ipv6'), [ipaddr.IPv6Network("fe80::/64"), ipaddr.IPv6Network("fe81::1/128")])
def test_alias_local(self): # Check for import from VLANs self.assertItemsEqual(self.ctxt.get_alias('local'), [ipaddr.IPv4Network("42.42.42.0/24"), ipaddr.IPv6Network('2001:638:a000:42::/64')]) self.assertItemsEqual(self.ctxt.get_alias('local', 'ipv4'), [ipaddr.IPv4Network("42.42.42.0/24")]) self.assertItemsEqual(self.ctxt.get_alias('local', 'ipv6'), [ipaddr.IPv6Network('2001:638:a000:42::/64')]) # Also check if TNETs gets imported self.assertItemsEqual(self.ctxt2.get_alias('local'), [ipaddr.IPv4Network("10.0.5.0/24"), ipaddr.IPv4Network('42.42.100.0/30')])
def test_simple_ip_network(self): # IPv4 ips = m.string_to_ips("127.0.0.0/8") self.assertItemsEqual(ips, [ipaddr.IPv4Network("127.0.0.0/8")]) # IPv6 ips = m.string_to_ips("fe80::/64") self.assertItemsEqual(ips, [ipaddr.IPv6Network("fe80::/64")])
def test_simple_ip_address(self): # IPv4 ips = m.string_to_ips("127.0.0.1") self.assertItemsEqual(ips, [ipaddr.IPv4Network("127.0.0.1/32")]) # IPv6 ips = m.string_to_ips("fe80:2342:abcd:ff12:1016:8f7f:fe80:c9a") self.assertItemsEqual(ips, [ipaddr.IPv6Network("fe80:2342:abcd:ff12:1016:8f7f:fe80:c9a/128")])
def test_overlapping(self): # IPv4 ips = m.string_to_ips("0.0.0.0/0;192.168.0.0/24;169.168.0.0/16;127.0.0.1") self.assertItemsEqual(ips, [ipaddr.IPv4Network("0.0.0.0/0")]) # IPv6 ips = m.string_to_ips("::/0;fe80::/64;248f::/16;2342:16::/10;" + \ "fe80:2342:abcd:ff12:1016:8f7f:fe80:c9a") self.assertItemsEqual(ips, [ipaddr.IPv6Network("::/0")])
def test_parser(self): self.assertEqual( m.Rule('permit', m.Filter( ['ip'], [ipaddr.IPv4Network('127.0.0.0/8')], [ipaddr.IPv4Network('255.255.255.255/32')])), m.Rule.from_string('permit ip 127.0.0.0/8 255.255.255.255')) self.assertEqual( m.Rule('deny', m.Filter( ['tcp'], sources=[ipaddr.IPv4Network('127.0.0.0/8')], destinations=[ipaddr.IPv4Network('255.255.255.255/32')], sports=m.Ports("80"), dports=m.Ports("23")), extensions=['established']), m.Rule.from_string('deny tcp 127.0.0.0/8 80 255.255.255.255 23 established'))
def test_parser(self): self.assertEqual( m.Filter(['tcp', 'udp'], [ipaddr.IPv4Network('127.0.0.0/8')], [ipaddr.IPv4Network('255.255.255.255/32')], sports=m.Ports("80"), dports=m.Ports("23")), m.Filter.from_string('tcp,udp 127.0.0.0/8 80 255.255.255.255 23'))
def test_alias_any(self): self.assertItemsEqual(self.ctxt.get_alias('any'), [ipaddr.IPv4Network("0.0.0.0/0"), ipaddr.IPv6Network('::1/0')])