From 7fac65212e0ba61e13387864a062a5fcec45f83d Mon Sep 17 00:00:00 2001
From: Leonidas Poulopoulos <leopoul@noc.grnet.gr>
Date: Tue, 14 Feb 2012 18:58:24 +0200
Subject: [PATCH] Added protocol to match conditions
---
flowspec/admin.py | 1 +
flowspec/fixtures/initial_data.json | 22 +++++++++++++++++++
flowspec/models.py | 33 +++++++++++++++++++++++++----
templates/apply.html | 8 +++++++
utils/proxy.py | 8 +++++--
5 files changed, 66 insertions(+), 6 deletions(-)
diff --git a/flowspec/admin.py b/flowspec/admin.py
index f89064c0..e0f12ade 100644
--- a/flowspec/admin.py
+++ b/flowspec/admin.py
@@ -74,6 +74,7 @@ class UserProfileAdmin(UserAdmin):
admin.site.unregister(User)
admin.site.register(MatchPort)
+admin.site.register(MatchProtocol)
admin.site.register(MatchDscp)
admin.site.register(ThenAction)
admin.site.register(Route, RouteAdmin)
diff --git a/flowspec/fixtures/initial_data.json b/flowspec/fixtures/initial_data.json
index 48957821..ac009edf 100644
--- a/flowspec/fixtures/initial_data.json
+++ b/flowspec/fixtures/initial_data.json
@@ -30,5 +30,27 @@
"action": "rate-limit",
"action_value": "100k"
}
+ },
+ {
+ "pk": 1,
+ "model": "flowspec.matchprotocol",
+ "fields": {
+ "protocol": "icmp"
+ }
+ },
+ {
+ "pk": 2,
+ "model": "flowspec.matchprotocol",
+ "fields": {
+ "protocol": "tcp"
+ }
+ },
+ {
+ "pk": 3,
+ "model": "flowspec.matchprotocol",
+ "fields": {
+ "protocol": "udp"
+ }
}
+
]
\ No newline at end of file
diff --git a/flowspec/models.py b/flowspec/models.py
index 90b8e323..f6090b86 100644
--- a/flowspec/models.py
+++ b/flowspec/models.py
@@ -8,12 +8,12 @@ from utils import proxy as PR
from ipaddr import *
import datetime
import logging
-from flowspec.tasks import *
from time import sleep
import beanstalkc
from flowspy.utils.randomizer import id_generator as id_gen
+from flowspec.tasks import *
FORMAT = '%(asctime)s %(levelname)s: %(message)s'
logging.basicConfig(format=FORMAT)
@@ -39,6 +39,23 @@ THEN_CHOICES = (
("sample", "Sample")
)
+MATCH_PROTOCOL = (
+ ("ah", "ah"),
+ ("egp", "egp"),
+ ("esp", "esp"),
+ ("gre", "gre"),
+ ("icmp", "icmp"),
+ ("icmp6", "icmp6"),
+ ("igmp", "igmp"),
+ ("ipip", "ipip"),
+ ("ospf", "ospf"),
+ ("pim", "pim"),
+ ("rsvp", "rsvp"),
+ ("sctp", "sctp"),
+ ("tcp", "tcp"),
+ ("udp", "udp"),
+)
+
ROUTE_STATES = (
("ACTIVE", "ACTIVE"),
("ERROR", "ERROR"),
@@ -66,6 +83,13 @@ class MatchDscp(models.Model):
class Meta:
db_table = u'match_dscp'
+class MatchProtocol(models.Model):
+ protocol = models.CharField(max_length=24, unique=True)
+ def __unicode__(self):
+ return self.protocol
+ class Meta:
+ db_table = u'match_protocol'
+
class ThenAction(models.Model):
action = models.CharField(max_length=60, choices=THEN_CHOICES, verbose_name="Action")
@@ -91,7 +115,7 @@ class Route(models.Model):
icmpcode = models.CharField(max_length=32, blank=True, null=True, verbose_name="ICMP Code")
icmptype = models.CharField(max_length=32, blank=True, null=True, verbose_name="ICMP Type")
packetlength = models.IntegerField(blank=True, null=True, verbose_name="Packet Length")
- protocol = models.CharField(max_length=32, blank=True, null=True, verbose_name="Protocol")
+ protocol = models.ManyToManyField(MatchProtocol, blank=True, null=True, verbose_name="Protocol")
tcpflag = models.CharField(max_length=128, blank=True, null=True, verbose_name="TCP flag")
then = models.ManyToManyField(ThenAction, verbose_name="Then")
filed = models.DateTimeField(auto_now_add=True)
@@ -284,8 +308,6 @@ class Route(models.Model):
ret = "%s ICMP Type:<strong>%s</strong><br/>" %(ret, self.icmptype)
if self.packetlength:
ret = "%s Packet Length:<strong>%s</strong><br/>" %(ret, self.packetlength)
- if self.protocol:
- ret = "%s Protocol:<strong>%s</strong><br/>" %(ret, self.protocol)
if self.source:
ret = "%s Src Addr:<strong>%s</strong> <br/>" %(ret, self.source)
if self.tcpflag:
@@ -293,6 +315,9 @@ class Route(models.Model):
if self.port:
for port in self.port.all():
ret = ret + "Port:<strong>%s</strong> <br/>" %(port)
+ if self.protocol:
+ for protocol in self.protocol.all():
+ ret = ret + "Protocol:<strong>%s</strong> <br/>" %(protocol)
if self.destinationport:
for port in self.destinationport.all():
ret = ret + "Dst Port:<strong>%s</strong> <br/>" %(port)
diff --git a/templates/apply.html b/templates/apply.html
index 2638a596..7eb94fd2 100644
--- a/templates/apply.html
+++ b/templates/apply.html
@@ -284,6 +284,14 @@ div.roundbox, #portsacc, #id_comments{
<p style="clear:both;">
{{ form.destination.help_text }}
</p>
+ </div>
+ <div class="roundbox">
+ {{ form.protocol.label_tag }}{{ form.protocol }}{% if form.protocol.errors %}
+ <br>
+ <p class="error" style="clear:both;">
+ {{ form.protocol.errors|join:", " }}
+ </p>
+ {% endif %}
</div>
<div id='portsacc'>
<h3 style="padding: 0.5em 0.5em 0.5em 0.7em;">Advanced Settings (Ports)</h3>
diff --git a/utils/proxy.py b/utils/proxy.py
index 488bf981..47d0a4cb 100644
--- a/utils/proxy.py
+++ b/utils/proxy.py
@@ -92,8 +92,12 @@ class Applier(object):
route.match['source'].append(route_obj.source)
if route_obj.destination:
route.match['destination'].append(route_obj.destination)
- if route_obj.protocol:
- route.match['protocol'].append(route_obj.protocol)
+ try:
+ if route_obj.protocol:
+ for protocol in route_obj.protocol.all():
+ route.match['protocol'].append(protocol.protocol)
+ except:
+ pass
try:
if route_obj.port:
for port in route_obj.port.all():
--
GitLab