Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > dca483b59ba61f3fa092de932ddd570e > files > 793

nuface-2.0.14-2mdv2009.1.i586.rpm

#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""
Copyright(C) 2007 INL
Written by Damien Boucard <damien.boucard AT inl.fr>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, version 3 of the License.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, see <http://www.gnu.org/licenses/>.

---
l7models.py contains all data structure to manage layer7 filtering contents.
"""

class L7RuleList(list):
    """
    Represents <l7rules mask="0x007f0000">
    """

    def __init__(self, mask=None, **useless):
        """
        @keyword mask: (mandatory) It represents 32-bit mask for connmark range.
        """
        self.mask = int(mask, 16)

    def recompute_connmarks(self):
        """
        Affect an incremental connmark to each l7rules, according to the
        bitmask.
        """
        last_mark = self.mask
        if self.mask == 0:
            raise IndexError("Connmark bitmask cannot be null.")
        byte = self.mask
        shifts = 0
        while (byte & 1 == 0):
            shifts = shifts + 1
            byte = byte >> 1
        next = 1
        self.sort(lambda r1, r2: cmp(r1.ID, r2.ID))
        for l7rule in self:
            new_mark = next << shifts
            if new_mark >= last_mark:
                # Exclude 'last_mark' value because it is reserved for
                # auto-dropping.
                raise IndexError("Connmark bitmask is too small !")
            l7rule.connmark = new_mark
            next = next + 1


class L7Rule(list):
    """
    Represents <l7rule ID="4" connmark="0x10000" action="ACCEPT" name="Web"
                                            comment="Web protocols expected.">
    """
    action_set = ("accept", "logaccept", "logdrop", "ulogaccept", "ulogdrop")
    dft_action_default = "drop"
    dft_action_set = action_set + (dft_action_default,)

    def __init__(self, connmark=None, name=None, action=None, defaultaction=None, prefix=None, defaultprefix=None, comment=None, ID=None, **useless):
        """
        @keyword name: (mandatory) It is just a human readable label for the L7Rule.
        @keyword connmark: (optional) It represents the connection mark used in netfilter.
        @keyword action: (optional) It represents the netfilter action to perform.
        @keyword defaultaction: (optional) It represents the action to perform for unknown protocols.
        @keyword prefix: (optional) Prefix logged for LOGACCEPT and LOGDROP actions.
        @keyword defaultprefix: (optional) Prefix logged for LOGACCEPT and LOGDROP default actions.
        @keyword comment: (optional) It is just a human readable description for the L7Rule.
        @keyword ID: (optional) It represents the unique identifier for the L7Rule.
        """
        self.name = name
        connmark = None
        if connmark is not None:
            self.connmark = int(connmark, 16)
        self.comment = comment
        self.defaultaction = self.dft_action_default
        self.defaultprefix = None
        if defaultaction:
            assert(defaultaction in self.dft_action_set)
            self.defaultaction = defaultaction
            if defaultprefix is not None and defaultaction.find("log") != -1:
                self.defaultprefix = defaultprefix
        self.action = None
        self.prefix = None
        if action:
            assert(action in self.action_set)
            self.action = action
            if prefix is not None and action.find("log") != -1:
                self.prefix = prefix
        self.ID = None
        if ID is not None:
            self.ID = int(ID)


class L7RuleElt:
    """
    Represents <elt ID="236" l7proto="ftp" action="LOG" prefix="FTP packet"/>
    """

    def __init__(self, l7proto=None, action=None, prefix=None, name=None, type=None, ID=None, **useless):
        """
        @keyword l7proto: (mandatory) It represents a layer7 protocol to filter to.
        @keyword action: (optional) It represents the netfilter action to perform.
        @keyword prefix: (optional) Prefix logged for LOG and LOGDROP actions.
        @keyword ID: (optional) It represents the unique identifier for the L7Rule.
        """
        self.l7proto = l7proto
        self.name = name
        self.type = type
        self.action = None
        self.prefix = None
        if action != None:
            assert(action in L7Rule.action_set)
            self.action = action
            if prefix is not None and action.find("log") != -1:
                self.prefix = prefix
        self.ID = None
        if ID is not None:
            self.ID = int(ID)

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional