Current File : //lib/python3.9/site-packages/firewall/core/__pycache__/ipset.cpython-39.pyc
a

���gq2�@s�dZgd�ZddlZddlZddlmZddlmZddl	m
Z
ddlmZddl
mZmZdd	lmZd
Zgd�Zdd
d
dd�Zdddd�ZGdd�de�Zdd�Zdd�Zdd�Zdd�Zdd�ZdS) zThe ipset command wrapper)�ipset�check_ipset_name�remove_default_create_options�N)�errors)�
FirewallError)�runProg)�log)�tempFile�readfile)�COMMANDS� )zhash:ipzhash:ip,portzhash:ip,port,ipzhash:ip,port,netzhash:ip,markzhash:netzhash:net,netz
hash:net,portzhash:net,port,netzhash:net,ifacezhash:macz
inet|inet6�valuez
value in secs)�family�hashsize�maxelem�timeoutZinetZ1024Z65536)rrrc@s�eZdZdZdd�Zdd�Zdd�Zdd	�Zd
d�Zd'd
d�Z	dd�Z
dd�Zdd�Zd(dd�Z
d)dd�Zdd�Zd*dd�Zd+dd�Zdd �Zd!d"�Zd#d$�Zd%d&�ZdS),rzipset command wrapper classcCstd|_d|_dS)Nr)r�_command�name��self�r�7/usr/lib/python3.9/site-packages/firewall/core/ipset.py�__init__Ks
zipset.__init__cCs^dd�|D�}t�d|j|jd�|��t|j|�\}}|dkrZtd|jd�|�|f��|S)zCall ipset with argscSsg|]}d|�qS)�%sr)�.0�itemrrr�
<listcomp>R�zipset.__run.<locals>.<listcomp>z	%s: %s %s� r�'%s %s' failed: %s)r�debug2�	__class__r�joinr�
ValueError)r�args�_args�status�retrrrZ__runOs
�zipset.__runcCs t|�tkrttjd|��dS)zCheck ipset namezipset name '%s' is not validN)�len�IPSET_MAXNAMELENrrZINVALID_NAME)rrrrr�
check_nameZs�zipset.check_namec
Cs�g}d}z|�dg�}Wn2tyJ}zt�d|�WYd}~n
d}~00|��}d}|D]L}|r�|���dd�}|d|vr�|dtvr�|�|d�|�	d�r\d	}q\|S)
z?Return types that are supported by the ipset command and kernel�z--helpzipset error: %sNF�rzSupported set types:T)
�_ipset__runr#rZdebug1�
splitlines�strip�split�IPSET_TYPES�append�
startswith)rr'�output�ex�linesZin_types�line�splitsrrr�set_supported_types`s $
zipset.set_supported_typescCs(t|�tks|tvr$ttjd|��dS)zCheck ipset typez!ipset type name '%s' is not validN)r(r)r1rrZINVALID_TYPE)r�	type_namerrr�
check_typeus�zipset.check_typeNcCs`|�|�|�|�d||g}t|t�rV|��D]$\}}|�|�|dkr0|�|�q0|�|�S)z+Create an ipset with name, type and options�creater+)r*r;�
isinstance�dict�itemsr2r-)r�set_namer:�optionsr$�key�valrrr�
set_create{s




zipset.set_createcCs|�|�|�d|g�S)NZdestroy)r*r-)rr@rrr�set_destroy�s
zipset.set_destroycCsd||g}|�|�S)N�add�r-�rr@�entryr$rrr�set_add�s
z
ipset.set_addcCsd||g}|�|�S)N�delrGrHrrr�
set_delete�s
zipset.set_deletecCs,d||g}|r"|�dd�|��|�|�S)N�testrr)r2r"r-)rr@rIrAr$rrrrM�s
z
ipset.testcCs2dg}|r|�|�|r"|�|�|�|��d�S)N�list�
)r2�extendr-r0)rr@rAr$rrr�set_list�s

zipset.set_listcCs4|jdgd�}i}d}}i}|D�]
}t|�dkr6q"dd�|�dd�D�}t|�dkr\q"q"|d	d
krr|d}q"|d	dkr�|d}q"|d	dkr"|d��}d	}	|	t|�k�r||	}
|
d
vr�t|�|	kr�|	d7}	||	||
<nt�d|�iS|	d7}	q�|�r|�r|t|�f||<d}}|��q"|S)z" Get active ipsets (only headers) z-terse)rAN�cSsg|]}|���qSr)r/�r�xrrrr�rz.ipset.set_get_active_terse.<locals>.<listcomp>�:r,r�Name�TypeZHeader)rrrr�netmaskz&Malformed ipset list -terse output: %s)rQr(r0r�errorr�clear)rr6r'�_nameZ_type�_optionsr7Zpairr8�i�optrrr�set_get_active_terse�sF


�
�
zipset.set_get_active_tersecCsdg}|r|�|�|�|�S)N�save�r2r-�rr@r$rrrr`�s
z
ipset.savec	Cs�|�|�|�|�t�}d|vr*d|}d||dg}|rh|��D]$\}}	|�|�|	dkrB|�|	�qB|�dd�|��|�d|�|D]F}
d|
vr�d|
}
|r�|�d||
d�|�f�q�|�d	||
f�q�|��t�	|j
�}t�d
|j
|jd|j
|jf�dg}t|j||j
d
�\}}
t��dk�r�zt|j
�Wnt�yVYnR0d}t|j
�D]@}tjd||fddd�|�d��s�tjddd�|d7}�qft�|j
�|dk�r�td|jd�|�|
f��|
S)Nrz'%s'r<z-existr+z%s
z	flush %s
z
add %s %s %s
z
add %s %s
z%s: %s restore %sz%s: %dZrestore)�stdinr,rRz%8d: %sr)�nofmt�nlrO)rdr)r*r;r	r?r2�writer"�close�os�statrrr r!r�st_sizerZgetDebugLogLevelr
�	ExceptionZdebug3�endswith�unlinkr#)rr@r:�entriesZcreate_optionsZ
entry_optionsZ	temp_filer$rBrCrIrir&r'r]r7rrr�set_restore�s^


���


�zipset.set_restorecCsdg}|r|�|�|�|�S)N�flushrarbrrr�	set_flushs
zipset.set_flushcCs|�d||g�S)N�renamerG)rZold_set_nameZnew_set_namerrrrr
szipset.renamecCs|�d||g�S)N�swaprG)rZ
set_name_1Z
set_name_2rrrrssz
ipset.swapcCs|�dg�S)N�versionrGrrrrrtsz
ipset.version)N)N)NN)N)NN)�__name__�
__module__�__qualname__�__doc__rr-r*r9r;rDrErJrLrMrQr_r`rorqrrrsrtrrrrrHs(



'
�
8rcCst|�tkrdSdS)z"Return true if ipset name is validFT)r(r))rrrrrsrcCs4|��}tD]"}||vrt|||kr||=q|S)z( Return only non default create options )�copy�IPSET_DEFAULT_CREATE_OPTIONS)rAr\r^rrrrs�rc	Csbg}|�d�D]H}z&|�d�|�ttj|dd���WqtyT|�|�Yq0qd�|�S)z! Normalize IP addresses in entry �,�/F��strict)r0�indexr2�str�	ipaddress�
ip_networkr#r")rIZ_entryZ_partrrr�normalize_ipset_entry&s
r�cCstt|�d��dkrdSztj|dd�}Wnty<YdS0|D],}|�tj|dd��rBttjd�	||���qBdS)z: Check if entry overlaps any entry in the list of entries r{rRNFr}z,Entry '{}' overlaps with existing entry '{}')
r(r0r�r�r#�overlapsrr�
INVALID_ENTRY�format)rIrnZ
entry_network�itrrrr�check_entry_overlaps_existing2sr�cCszzdd�|D�}Wnty&YdS0t|�dkr8dS|��|�d�}|D]&}|�|�rpttjd�||���|}qNdS)z> Check if any entry overlaps any entry in the list of entries cSsg|]}tj|dd��qS)Fr})r�r�rSrrrrErz1check_for_overlapping_entries.<locals>.<listcomp>NrzEntry '{}' overlaps entry '{}')	r#r(�sort�popr�rrr�r�)rnZprev_networkZcurrent_networkrrr�check_for_overlapping_entriesBs2

r�)rx�__all__Zos.pathrhr�ZfirewallrZfirewall.errorsrZfirewall.core.progrZfirewall.core.loggerrZfirewall.functionsr	r
Zfirewall.configrr)r1ZIPSET_CREATE_OPTIONSrz�objectrrrr�r�r�rrrr�<module>s6�	�P