ó  c‰`c@sgdZdddgZddljZddlZddlZddlZddlmZddl m Z m Z m Z m Z mZmZmZmZmZddlmZmZmZmZdd lmZmZdd lmZmZmZmZdd l m!Z!dd lm"Z"dd l#m$Z$defd„ƒYZ%defd„ƒYZ&d„Z'e(d„Z)dS(s$ipset io XML handler, reader, writertIPSett ipset_readert ipset_writeriÿÿÿÿN(tconfig( tcheckIPtcheckIP6t checkIPnMaskt checkIP6nMaskt u2b_if_py2t check_mact check_porttcheckInterfacet checkProtocol(tPY2t IO_ObjecttIO_Object_ContentHandlertIO_Object_XMLGenerator(t IPSET_TYPEStIPSET_CREATE_OPTIONS(tcheck_icmp_nametcheck_icmp_typetcheck_icmpv6_nametcheck_icmpv6_type(tlog(terrors(t FirewallErrorcBsÓeZdddddidd6fddgffZdZdd d d gZidd6dd6dgd 6d gd6dd6Zidgd 6dgd6Zd„Zd„Z d„Z e d„ƒZ d„Z d„ZRS(tversionttshortt descriptionttypetoptionstentriess (ssssa{ss}as)t_t-t:t.tipsettnametoptiontentrytvaluecCsVtt|ƒjƒd|_d|_d|_d|_g|_i|_t |_ dS(NR( tsuperRt__init__RRRRR RtFalsetapplied(tself((s:/usr/lib/python2.7/site-packages/firewall/core/io/ipset.pyR+Cs      cCsEd|_d|_d|_d|_|j2|jjƒt|_dS(NR( RRRRR RtclearR,R-(R.((s:/usr/lib/python2.7/site-packages/firewall/core/io/ipset.pytcleanupMs     cCst|jƒ|_t|jƒ|_t|jƒ|_t|jƒ|_d„|jjƒDƒ|_g|jD]}t|ƒ^qn|_dS(s» HACK. I haven't been able to make sax parser return strings encoded (because of python 2) instead of in unicode. Get rid of it once we throw out python 2 support.cSs+i|]!\}}t|ƒt|ƒ“qS((R(t.0tktv((s:/usr/lib/python2.7/site-packages/firewall/core/io/ipset.pys ^s N(RRRRRRtitemsR (R.te((s:/usr/lib/python2.7/site-packages/firewall/core/io/ipset.pytencode_stringsVsc Csïd}d|kr.|ddkr.d}q.n|jdƒsVttjd|ƒ‚n|djdƒ}|jdƒ}t|ƒt|ƒks¢t|ƒd krÁttjd ||fƒ‚nx'tt|ƒƒD]}||}||}|d kr†d |krñ|dkrñ|d kr@ttjd |||fƒ‚n|jd ƒ} t| ƒdkr†ttjd||||fƒ‚nxú| D]]} |dkr¬t| ƒ sÅ|dkrt | ƒ rttjd| |||fƒ‚qqWqç|dkrL|dkr.ttjd||||fƒ‚n|dkrCt } qRt} nt } | |ƒsçttjd||||fƒ‚qçqÔ|dkrbd |kr­|jd ƒ} t| ƒdkrättjd||||fƒ‚n|dkrt| dƒ s|dkrGt | dƒ rGttjd| d|||fƒ‚n|dkrdt | d ƒ s|dkr_t | d ƒ r_ttjd| d |||fƒ‚q_qç|j dƒr|dkoÝ|dkoÝ|dksttjd||||fƒ‚qn|dkr!t |ƒ s:|dkrçt |ƒ rçttjd||||fƒ‚qçqÔ|dkr©t |ƒ s‡|dkrçttjd||fƒ‚qçqÔ|dkr©d|kr{|jdƒ} t| ƒdkrûttjd|ƒ‚n| ddkr~|dkr6ttjd||fƒ‚nt| d ƒ rxt| d ƒ rxttjd| d |fƒ‚qxq¦| dd1kr|dkr¹ttjd||fƒ‚nt| d ƒ rxt| d ƒ rxttjd!| d |fƒ‚qxq¦| dd2krEt| dƒ rEttjd&| d|fƒ‚q¦t| d ƒs¦ttjd'| d |fƒ‚q¦qçt|ƒsçttjd(||fƒ‚qçqÔ|d)kr„|jd*ƒr yt|d+ƒ} WqJtk rttjd,||fƒ‚qJXn@yt|ƒ} Wn-tk rIttjd,||fƒ‚nX| dksb| d-krçttjd,||fƒ‚qçqÔ|d.krÑt|ƒ s¯t|ƒd/krçttjd0||fƒ‚qçqÔttjd|ƒ‚qÔWdS(3Ntipv4tfamilytinet6tipv6shash:sipset type '%s' not usableit,is)entry '%s' does not match ipset type '%s'tipR"s invalid address '%s' in '%s'[%d]is.invalid address range '%s' in '%s' for %s (%s)s(invalid address '%s' in '%s' for %s (%s)s0.0.0.0itnets/0shash:net,ifacetmacs00:00:00:00:00:00s invalid mac address '%s' in '%s'tportR#sinvalid port '%s'ticmps(invalid protocol for family '%s' in '%s'sinvalid icmp type '%s' in '%s'ticmpv6s ipv6-icmps invalid icmpv6 type '%s' in '%s'ttcptsctptudptudplitesinvalid protocol '%s' in '%s'sinvalid port '%s'in '%s'sinvalid port '%s' in '%s'tmarkt0xisinvalid mark '%s' in '%s'Iÿÿÿÿtifaceisinvalid interface '%s' in '%s'(RAs ipv6-icmp(RBRCRDRE(t startswithRRt INVALID_IPSETtsplittlent INVALID_ENTRYtrangeRRRRtendswithR RRRRR R tintt ValueErrorR ( R(Rt ipset_typeR8tflagsR4titflagtitemtsplitst_splittip_checktint_val((s:/usr/lib/python2.7/site-packages/firewall/core/io/ipset.pyt check_entrybs@   *                            cCs>|dkr4|tkr4ttjd|ƒ‚q4n|dkr:x÷|jƒD]æ}|tkrxttjd|ƒ‚n|dkrþyt||ƒ}Wn1tk rËttj d|||fƒ‚nX|d kr3ttj d |||fƒ‚q3qM|d krM||dkrMttj ||ƒ‚qMqMWndS(NRs'%s' is not valid ipset typeRsipset invalid option '%s'ttimeoutthashsizetmaxelems)Option '%s': Value '%s' is not an integeris#Option '%s': Value '%s' is negativeR8tinetR9(R\R]R^(R_sinet6( RRRt INVALID_TYPEtkeysRRJRPRQt INVALID_VALUEtINVALID_FAMILY(R.RRVtkeyt int_value((s:/usr/lib/python2.7/site-packages/firewall/core/io/ipset.pyt _check_configs2          cCs™d|dkrO|dddkrOt|dƒdkrOttjƒ‚qOnx-|dD]!}tj||d|dƒqZWtt|ƒj|ƒdS(NR\it0iii(RLRRtIPSET_WITH_TIMEOUTRR[R*t import_config(R.RR(((s:/usr/lib/python2.7/site-packages/firewall/core/io/ipset.pyRi3s $(sversionR(sshortR(s descriptionR(stypeRN(t__name__t __module__tIMPORT_EXPORT_STRUCTUREtDBUS_SIGNATUREtADDITIONAL_ALNUM_CHARStNonetPARSER_REQUIRED_ELEMENT_ATTRStPARSER_OPTIONAL_ELEMENT_ATTRSR+R0R6t staticmethodR[RfRi(((s:/usr/lib/python2.7/site-packages/firewall/core/io/ipset.pyR,s.      ¶ tipset_ContentHandlercBseZd„Zd„ZRS(cCs”tj|||ƒ|jj||ƒ|dkr d|kr~|dtkrkttjd|dƒ‚n|d|j_nd|kr|d|j_ qnð|dkr¯ná|dkr¾nÒ|dkrd}d |kré|d }n|d dkrttj d|d ƒ‚n|jjdkra|d dkrattj d|d |jjfƒ‚n|d dkr•| r•ttj d|d ƒ‚n|d dkryt |ƒ}Wn1t k rèttj d|d |fƒ‚nX|dkrttj d|d |fƒ‚qn|d d krL|dkrLttj|ƒ‚n|d |jjkry||jj|d sd         "  cCs9tj||ƒ|dkr5|jjj|jƒndS(NR((Rt endElementRVR tappendt_element(R.R&((s:/usr/lib/python2.7/site-packages/firewall/core/io/ipset.pyRyus (RjRkRtRy(((s:/usr/lib/python2.7/site-packages/firewall/core/io/ipset.pyRs=s 7c Cstƒ}|jdƒs1ttjd|ƒ‚n|d |_|j|jƒ||_||_|j t j ƒrxt nt |_|j|_t|ƒ}tjƒ}|j|ƒd||f}t|dƒi}tjdƒ}|j|ƒy|j|ƒWn2tjk r5}ttjd|jƒƒ‚nXWdQX~~d|jkr–|jddkr–t|jƒd kr–tj d |jƒ|j2nd } t!ƒ} xÎ| t|jƒkru|j| | krútj d |j| ƒ|jj"| ƒq¨y$|j#|j| |j|j$ƒWn3tk rS} tj d | ƒ|jj"| ƒq¨X| j%|j| ƒ| d 7} q¨W~ t&rŒ|j'ƒn|S(Ns.xmls'%s' is missing .xml suffixiüÿÿÿs%s/%strbsnot a valid ipset file: %sR\Rgis6ipset '%s': timeout option is set, entries are ignoredsEntry %s already set, ignoring.s %s, ignoring.i((RRORRt INVALID_NAMER&t check_nametfilenametpathRIRt ETC_FIREWALLDR,tTruetbuiltintdefaultRstsaxt make_parsertsetContentHandlertopent InputSourceRot setByteStreamtparsetSAXParseExceptionRJt getExceptionRRLR RRwtsettpopR[RtaddR R6( RR€R%thandlertparserR&tftsourcetmsgRTt entries_setR5((s:/usr/lib/python2.7/site-packages/firewall/core/io/ipset.pyRzs^     !      "    $ c Csg|r |n|j}|jr4d||jf}nd||jf}tjj|ƒrytj|d|ƒWqtk r™}tj d||ƒqXntjj |ƒ}|j t j ƒrtjj|ƒ rtjjt j ƒsÿtjt j dƒntj|dƒntj|dddd ƒ}t|ƒ}|jƒi|jd 6}|jr{|jd kr{|j|d s$   @""ÿ= 5