Commit 00957db3 authored by Leonidas Poulopoulos's avatar Leonidas Poulopoulos
Browse files

Merge branch 'dev/add_protocol' into dev/master_merge_protocol

parents f874b20f 94fa54a3
......@@ -74,6 +74,7 @@ class UserProfileAdmin(UserAdmin):
admin.site.unregister(User)
admin.site.register(MatchPort)
admin.site.register(MatchProtocol)
admin.site.register(MatchDscp)
admin.site.register(ThenAction)
admin.site.register(Route, RouteAdmin)
......
......@@ -30,5 +30,27 @@
"action": "rate-limit",
"action_value": "100k"
}
},
{
"pk": 1,
"model": "flowspec.matchprotocol",
"fields": {
"protocol": "icmp"
}
},
{
"pk": 2,
"model": "flowspec.matchprotocol",
"fields": {
"protocol": "tcp"
}
},
{
"pk": 3,
"model": "flowspec.matchprotocol",
"fields": {
"protocol": "udp"
}
}
]
\ No newline at end of file
......@@ -8,12 +8,12 @@ from utils import proxy as PR
from ipaddr import *
import datetime
import logging
from flowspec.tasks import *
from time import sleep
import beanstalkc
from flowspy.utils.randomizer import id_generator as id_gen
from flowspec.tasks import *
FORMAT = '%(asctime)s %(levelname)s: %(message)s'
logging.basicConfig(format=FORMAT)
......@@ -39,6 +39,23 @@ THEN_CHOICES = (
("sample", "Sample")
)
MATCH_PROTOCOL = (
("ah", "ah"),
("egp", "egp"),
("esp", "esp"),
("gre", "gre"),
("icmp", "icmp"),
("icmp6", "icmp6"),
("igmp", "igmp"),
("ipip", "ipip"),
("ospf", "ospf"),
("pim", "pim"),
("rsvp", "rsvp"),
("sctp", "sctp"),
("tcp", "tcp"),
("udp", "udp"),
)
ROUTE_STATES = (
("ACTIVE", "ACTIVE"),
("ERROR", "ERROR"),
......@@ -66,6 +83,13 @@ class MatchDscp(models.Model):
class Meta:
db_table = u'match_dscp'
class MatchProtocol(models.Model):
protocol = models.CharField(max_length=24, unique=True)
def __unicode__(self):
return self.protocol
class Meta:
db_table = u'match_protocol'
class ThenAction(models.Model):
action = models.CharField(max_length=60, choices=THEN_CHOICES, verbose_name="Action")
......@@ -91,7 +115,7 @@ class Route(models.Model):
icmpcode = models.CharField(max_length=32, blank=True, null=True, verbose_name="ICMP Code")
icmptype = models.CharField(max_length=32, blank=True, null=True, verbose_name="ICMP Type")
packetlength = models.IntegerField(blank=True, null=True, verbose_name="Packet Length")
protocol = models.CharField(max_length=32, blank=True, null=True, verbose_name="Protocol")
protocol = models.ManyToManyField(MatchProtocol, blank=True, null=True, verbose_name="Protocol")
tcpflag = models.CharField(max_length=128, blank=True, null=True, verbose_name="TCP flag")
then = models.ManyToManyField(ThenAction, verbose_name="Then")
filed = models.DateTimeField(auto_now_add=True)
......@@ -284,8 +308,6 @@ class Route(models.Model):
ret = "%s ICMP Type:<strong>%s</strong><br/>" %(ret, self.icmptype)
if self.packetlength:
ret = "%s Packet Length:<strong>%s</strong><br/>" %(ret, self.packetlength)
if self.protocol:
ret = "%s Protocol:<strong>%s</strong><br/>" %(ret, self.protocol)
if self.source:
ret = "%s Src Addr:<strong>%s</strong> <br/>" %(ret, self.source)
if self.tcpflag:
......@@ -293,6 +315,9 @@ class Route(models.Model):
if self.port:
for port in self.port.all():
ret = ret + "Port:<strong>%s</strong> <br/>" %(port)
if self.protocol:
for protocol in self.protocol.all():
ret = ret + "Protocol:<strong>%s</strong> <br/>" %(protocol)
if self.destinationport:
for port in self.destinationport.all():
ret = ret + "Dst Port:<strong>%s</strong> <br/>" %(port)
......
......@@ -85,6 +85,7 @@ def add_route(request):
form = RouteForm()
if not request.user.is_superuser:
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
return render_to_response('apply.html', {'form': form, 'applier': applier},
context_instance=RequestContext(request))
......@@ -170,6 +171,7 @@ def edit_route(request, route_slug):
form = RouteForm(dictionary)
if not request.user.is_superuser:
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
context_instance=RequestContext(request))
......
......@@ -132,7 +132,7 @@ INSTALLED_APPS = (
'django.contrib.flatpages',
'flowspec',
'poller',
# 'south',
'south',
# Uncomment the next line to enable the admin:
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
......@@ -190,6 +190,7 @@ SHIB_LOGOUT_URL = 'https://example.com/Shibboleth.sso/Logout'
NOTIFY_ADMIN_MAILS = ["admin@admin.com"]
UI_USER_THEN_ACTIONS = ['discard', 'rate-limit']
UI_USER_PROTOCOLS = ['icmp', 'tcp', 'udp']
PROTECTED_SUBNETS = ['10.10.0.0/16']
......
......@@ -284,6 +284,14 @@ div.roundbox, #portsacc, #id_comments{
<p style="clear:both;">
{{ form.destination.help_text }}
</p>
</div>
<div class="roundbox">
{{ form.protocol.label_tag }}{{ form.protocol }}{% if form.protocol.errors %}
<br>
<p class="error" style="clear:both;">
{{ form.protocol.errors|join:", " }}
</p>
{% endif %}
</div>
<div id='portsacc'>
<h3 style="padding: 0.5em 0.5em 0.5em 0.7em;">Advanced Settings (Ports)</h3>
......
......@@ -7,6 +7,9 @@ User {{route.applier.username}} requested the application of the following rule
Match
* Dst Addr:{{route.destination}}
* Src Addr: {{route.source}}
* Protocol:{% for protocol in route.protocol.all %}
{{ protocol }}{% if not forloop.last %}, {% endif %}
{% endfor %}
* Ports:{% for port in route.ports.all %}
{{ port }}{% if not forloop.last %}, {% endif %}
{% endfor %}
......
......@@ -7,9 +7,8 @@ User {{route.applier.username}} requested the removal of the following rule from
Match
* Dst Addr:{{route.destination}}
* Src Addr: {{route.source}}
* Ports:{% for port in route.ports.all %}
{{ port }}{% if not forloop.last %}, {% endif %}
{% endfor %}
* Protocol:{% for protocol in route.protocol.all %}{{ protocol }}{% if not forloop.last %}, {% endif %}{% endfor %}
* Ports:{% for port in route.ports.all %}{{ port }}{% if not forloop.last %}, {% endif %}{% endfor %}
* Source Ports:{% for port in route.sourceport.all %}{{ port }}{% if not forloop.last %}, {% endif %}{% endfor %}
* Destination Ports:{% for port in route.destinationport.all %}{{ port }}{% if not forloop.last %}, {% endif %}{% endfor %}
......
......@@ -7,9 +7,8 @@ User {{route.applier.username}} requested the application of the following rule
Match
* Dst Addr:{{route.destination}}
* Src Addr: {{route.source}}
* Ports:{% for port in route.ports.all %}
{{ port }}{% if not forloop.last %}, {% endif %}
{% endfor %}
* Protocol:{% for protocol in route.protocol.all %}{{ protocol }}{% if not forloop.last %}, {% endif %}{% endfor %}
* Ports:{% for port in route.ports.all %}{{ port }}{% if not forloop.last %}, {% endif %}{% endfor %}
* Source Ports:{% for port in route.sourceport.all %}{{ port }}{% if not forloop.last %}, {% endif %}{% endfor %}
* Destination Ports:{% for port in route.destinationport.all %}{{ port }}{% if not forloop.last %}, {% endif %}{% endfor %}
......
......@@ -3,9 +3,8 @@ Rule {{route.name}} expires {% ifequal expiration_days 0 %}today{% else%}in {{ex
Match
* Dst Addr:{{route.destination}}
* Src Addr: {{route.source}}
* Ports:{% for port in route.ports.all %}
{{ port }}{% if not forloop.last %}, {% endif %}
{% endfor %}
* Protocol:{% for protocol in route.protocol.all %}{{ protocol }}{% if not forloop.last %}, {% endif %}{% endfor %}
* Ports:{% for port in route.ports.all %}{{ port }}{% if not forloop.last %}, {% endif %}{% endfor %}
* Source Ports:{% for port in route.sourceport.all %}{{ port }}{% if not forloop.last %}, {% endif %}{% endfor %}
* Destination Ports:{% for port in route.destinationport.all %}{{ port }}{% if not forloop.last %}, {% endif %}{% endfor %}
......
......@@ -92,8 +92,12 @@ class Applier(object):
route.match['source'].append(route_obj.source)
if route_obj.destination:
route.match['destination'].append(route_obj.destination)
if route_obj.protocol:
route.match['protocol'].append(route_obj.protocol)
try:
if route_obj.protocol:
for protocol in route_obj.protocol.all():
route.match['protocol'].append(protocol.protocol)
except:
pass
try:
if route_obj.port:
for port in route_obj.port.all():
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment