HEX

File: //proc/self/root/lib/python3/dist-packages/firewall/core/io/__pycache__/ipset.cpython-310.pyc
o

bhAb"P�@s�dZgd�ZddlmZddlZddlZddlZddlmZddl	m
Z
mZmZm
Z
mZmZmZmZddlmZmZmZddlmZmZddlmZmZmZmZdd	lmZdd
lm Z ddl!m"Z"Gdd
�d
e�Z#Gdd�de�Z$dd�Z%ddd�Z&dS)z$ipset io XML handler, reader, writer)�IPSet�ipset_reader�ipset_writer�N)�config)�checkIP�checkIP6�checkIPnMask�
checkIP6nMask�	check_mac�
check_port�checkInterface�
checkProtocol)�	IO_Object�IO_Object_ContentHandler�IO_Object_XMLGenerator)�IPSET_TYPES�IPSET_CREATE_OPTIONS)�check_icmp_name�check_icmp_type�check_icmpv6_name�check_icmpv6_type)�log)�errors)�
FirewallErrorcs�eZdZdddddddifddgffZdZgd	�Zd
d
dgdgd
d
�Zdgdgd�Z�fdd�Zdd�Z	e
dd��Zdd�Z�fdd�Z
�ZS)r)�version�)�shortr)�descriptionr)�typer�optionsr�entriesz
(ssssa{ss}as))�_�-�:�.Nr�name)rr�ipset�option�entryr�value)r&r'cs<tt|���d|_d|_d|_d|_g|_i|_d|_	dS�NrF)
�superr�__init__rrrrr r�applied��self��	__class__��8/usr/lib/python3/dist-packages/firewall/core/io/ipset.pyr,Cs
zIPSet.__init__cCs8d|_d|_d|_d|_|jdd�=|j��d|_dSr*)rrrrr r�clearr-r.r2r2r3�cleanupMs

z
IPSet.cleanupc
	Cs�d}d|vr|ddkrd}|�d�sttjd|��|dd��d�}|�d�}t|�t|�ks7t|�d	krAttjd
||f��tt|��D�]�}||}||}|dkr�d|vr�|dkr�|d	krmttjd
|||f��|�d�}	t|	�dkr�ttjd||||f��|	D]}
|dkr�t|
�r�|dkr�t	|
�s�ttjd|
|||f��q�qG|dkr�|dkr�ttjd||||f��|dkr�t
}nt}nt	}||�s�ttjd||||f��qG|dk�r�d|v�rE|�d�}	t|	�dkr�ttjd||||f��|dk�rt|	d��r|dk�rt	|	d��sttjd|	d|||f��|dk�r*t
|	d	��r6|dk�rDt|	d	��sDttjd|	d	|||f��qG|�d��rf|dk�rZ|dk�rZ|dk�sfttjd||||f��|dk�rpt
|��rz|dk�r�t|��s�ttjd||||f��qG|dk�r�t
|��r�|dk�r�ttjd||f��qG|dk�r_d|v�rO|�d�}	t|	�dk�r�ttjd|��|	ddk�r�|dk�r�ttjd||f��t|	d	��s�t|	d	��s�ttjd|	d	|f��qG|	ddv�r!|dk�rttjd||f��t|	d	��s t|	d	��s ttjd |	d	|f��qG|	dd!v�r;t|	d��s;ttjd"|	d|f��t|	d	��sNttjd#|	d	|f��qGt|��s^ttjd$||f��qG|d%k�r�|�d&��r�zt|d'�}Wn+t�y�ttjd(||f��wzt|�}Wnt�y�ttjd(||f��w|dk�s�|d)k�r�ttjd(||f��qG|d*k�r�t|��r�t|�d+k�r�ttjd,||f��qGttjd|��dS)-N�ipv4�family�inet6�ipv6zhash:zipset type '%s' not usable��,�z)entry '%s' does not match ipset type '%s'�ipr"z invalid address '%s' in '%s'[%d]�z.invalid address range '%s' in '%s' for %s (%s)z(invalid address '%s' in '%s' for %s (%s)z0.0.0.0r�netz/0zhash:net,iface�macz00:00:00:00:00:00z invalid mac address '%s' in '%s'�portr#zinvalid port '%s'�icmpz(invalid protocol for family '%s' in '%s'zinvalid icmp type '%s' in '%s')�icmpv6z	ipv6-icmpz invalid icmpv6 type '%s' in '%s')�tcp�sctp�udp�udplitezinvalid protocol '%s' in '%s'zinvalid port '%s'in '%s'zinvalid port '%s' in '%s'�mark�0x�zinvalid mark '%s' in '%s'l���iface�zinvalid interface '%s' in '%s')�
startswithrr�
INVALID_IPSET�split�len�
INVALID_ENTRY�rangerrrr	�endswithr
rrrrr
r�int�
ValueErrorr)
r(r�
ipset_typer7�flags�items�i�flag�item�splits�_split�ip_check�int_valr2r2r3�check_entryVs�
�
����

��
����

��
���



�������

��
���

��


�
��
�
���
��
�
���
�����

��

��
��
��

�����zIPSet.check_entryc
Cs�|dkr|tvrttjd|��|dkrj|��D]S}|tvr&ttjd|��|dvrWzt||�}WntyEttj	d|||f��w|dkrVttj	d|||f��q|d	kri||d
vrittj
||��qdSdS)Nrz'%s' is not valid ipset typerzipset invalid option '%s'��timeout�hashsize�maxelem�)Option '%s': Value '%s' is not an integerr�#Option '%s': Value '%s' is negativer7��inetr8)rrr�INVALID_TYPE�keysrrNrTrU�
INVALID_VALUE�INVALID_FAMILY)r/rr[�
all_config�all_io_objects�key�	int_valuer2r2r3�
_check_configsH��
���
�����zIPSet._check_configcspd|dvr|dddkrt|d�dkrttj��|dD]
}t�||d|d�qtt|��||�dS)Nrb��0r:r�)rPrr�IPSET_WITH_TIMEOUTrr`r+�
import_config)r/rrnr(r0r2r3rv's
zIPSet.import_config)�__name__�
__module__�__qualname__�IMPORT_EXPORT_STRUCTURE�DBUS_SIGNATURE�ADDITIONAL_ALNUM_CHARS�PARSER_REQUIRED_ELEMENT_ATTRS�PARSER_OPTIONAL_ELEMENT_ATTRSr,r5�staticmethodr`rqrv�
__classcell__r2r2r0r3r,s4
���
	
6rc@seZdZdd�Zdd�ZdS)�ipset_ContentHandlercCs�t�|||�|j�||�|dkr:d|vr,|dtvr&ttjd|d��|d|j_d|vr8|d|j_	dSdS|dkr@dS|dkrFdS|dkr�d}d	|vrT|d	}|d
dvrdttj
d|d
��|jjd
kr~|d
dvr~ttj
d|d
|jjf��|d
dvr�|s�ttj
d|d
��|d
dvr�zt|�}Wnty�ttj
d|d
|f��w|dkr�ttj
d|d
|f��|d
dkr�|dvr�ttj|��|d
|jjvr�||jj|d
<dSt�d|d
�dSdS)Nr&rz%srrrr'rr)r%)r7rbrcrdzUnknown option '%s'zhash:mac)r7z%Unsupported option '%s' for type '%s'z&Missing mandatory value of option '%s'rarerrfr7rgz Option %s already set, ignoring.)r�startElementr[�parser_check_element_attrsrrrrirr�INVALID_OPTIONrTrUrkrlrr�warning)r/r%�attrsr)rpr2r2r3r�2s~��
����
�
���
���z!ipset_ContentHandler.startElementcCs,t�||�|dkr|jj�|j�dSdS)Nr()r�
endElementr[r �append�_element)r/r%r2r2r3r�is�zipset_ContentHandler.endElementN)rwrxryr�r�r2r2r2r3r�1s7r�cCst�}|�d�sttjd|��|dd�|_|�|j�||_||_|�	t
j�r+dnd|_|j|_
t|�}t��}|�|�d||f}t|d��1}t�d�}|�|�z|�|�Wntjys}z
ttjd|����d}~wwWd�n1s~wY~~d	|jvr�|jd	d
kr�t|j�dkr�t�d|j�|jdd�=d}	t�}
|	t|j�k�r	|j|	|
vr�t�d
|j|	�|j�|	�n9z|� |j|	|j|j!�Wnty�}zt�d|�|j�|	�WYd}~nd}~ww|
�"|j|	�|	d7}	|	t|j�ks�~
|S)Nz.xmlz'%s' is missing .xml suffix���FT�%s/%s�rbznot a valid ipset file: %srbrsrz6ipset '%s': timeout option is set, entries are ignoredzEntry %s already set, ignoring.z
%s, ignoring.r<)#rrSrr�INVALID_NAMEr%�
check_name�filename�pathrMr�
ETC_FIREWALLD�builtin�defaultr��sax�make_parser�setContentHandler�open�InputSource�
setByteStream�parse�SAXParseExceptionrN�getExceptionrrPr rr��set�popr`r�add)r�r�r&�handler�parserr%�f�source�msgrY�entries_set�er2r2r3rnsp
�


������	����
rc
Csx|r|n|j}|jrd||jf}nd||jf}tj�|�rCz
t�|d|�WntyB}z
t�	d||�WYd}~nd}~wwtj�
|�}|�tj
�ritj�|�sitj�tj
�sct�tj
d�t�|d�tj|ddd�}t|�}|��d	|ji}|jr�|jd
kr�|j|d<|�d|�|�d
�|jr�|jd
kr�|�d�|�di�|�|j�|�d�|�d
�|jr�|jd
kr�|�d�|�di�|�|j�|�d�|�d
�|j��D]$\}	}
|�d�|
d
kr�|�d|	|
d��n|�dd|	i�|�d
�q�|jD]}|�d�|�di�|�|�|�d�|�d
��q	|�d�|�d
�|��|� �~dS)Nr�z	%s/%s.xmlz%s.oldzBackup of file '%s' failed: %si��wtzUTF-8)�mode�encodingrrrr&�
z  rrr')r%r)r%r()!r�r�r%�os�exists�shutil�copy2�	Exceptionr�error�dirnamerMrr��mkdir�ior�r�
startDocumentrrr��ignorableWhitespacer�
charactersr�rrrX�
simpleElementr �endDocument�close)r&r��_pathr%r��dirpathr�r�r�ror)r(r2r2r3r�sj��















r)N)'�__doc__�__all__�xml.saxr�r�r�r��firewallr�firewall.functionsrrrr	r
rrr
�firewall.core.io.io_objectrrr�firewall.core.ipsetrr�firewall.core.icmprrrr�firewall.core.loggerrr�firewall.errorsrrr�rrr2r2r2r3�<module>s((=3