Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
F
FoD
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
David Schmitz
FoD
Commits
b10e01d6
Commit
b10e01d6
authored
13 years ago
by
Leonidas Poulopoulos
Browse files
Options
Downloads
Patches
Plain Diff
Changed logic to all parts. Dev db is incorporated
parent
7a8a4da4
No related branches found
No related tags found
No related merge requests found
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
flowspec/admin.py
+22
-14
22 additions, 14 deletions
flowspec/admin.py
flowspec/models.py
+68
-82
68 additions, 82 deletions
flowspec/models.py
flowspec_dev.db
+0
-0
0 additions, 0 deletions
flowspec_dev.db
utils/proxy.py
+39
-29
39 additions, 29 deletions
utils/proxy.py
with
129 additions
and
125 deletions
flowspec/admin.py
+
22
−
14
View file @
b10e01d6
...
...
@@ -10,33 +10,41 @@ class RouteAdmin(admin.ModelAdmin):
applier
=
PR
.
Applier
(
route_objects
=
queryset
)
commit
,
response
=
applier
.
apply
(
configuration
=
applier
.
delete_routes
())
if
commit
:
rows
=
queryset
.
update
(
is_online
=
False
)
rows
=
queryset
.
update
(
is_online
=
False
,
is_active
=
False
)
queryset
.
update
(
response
=
"
Successfully removed route from network
"
)
self
.
message_user
(
request
,
"
Successfully removed %s routes from network
"
%
rows
)
else
:
self
.
message_user
(
request
,
"
Could not remove routes from network
"
)
deactivate
.
short_description
=
"
Remove selected routes from network
"
list_display
=
(
'
name
'
,
'
get_match
'
,
'
get_then
'
,
'
is_online
'
,
'
applier
'
,
'
response
'
)
fields
=
(
'
name
'
,
'
match
'
,
'
then
'
,
'
applier
'
,
'
expires
'
)
deactivate
.
short_description
=
"
Deactivate selected routes from network
"
list_display
=
(
'
name
'
,
'
is_online
'
,
'
applier
'
,
'
get_match
'
,
'
get_then
'
,
'
response
'
)
fieldsets
=
[
(
None
,
{
'
fields
'
:
[
'
name
'
,]}),
(
"
Match
"
,
{
'
fields
'
:
[
'
source
'
,
'
sourceport
'
,
'
destination
'
,
'
destinationport
'
,
'
port
'
]}),
(
'
Advanced Match Statements
'
,
{
'
fields
'
:
[
'
dscp
'
,
'
fragmenttype
'
,
'
icmpcode
'
,
'
icmptype
'
,
'
packetlength
'
,
'
protocol
'
,
'
tcpflag
'
],
'
classes
'
:
[
'
collapse
'
]}),
(
"
Then
"
,
{
'
fields
'
:
[
'
then
'
]}),
(
None
,
{
'
fields
'
:
[
'
comments
'
,]}),
]
# fields = ('name', 'applier', 'expires')
#def formfield_for_dbfield(self, db_field, **kwargs):
# if db_field.name == 'password':
# kwargs['widget'] = PasswordInput
# return db_field.formfield(**kwargs)
admin
.
site
.
register
(
MatchAddress
)
#
admin.site.register(MatchAddress)
admin
.
site
.
register
(
MatchPort
)
admin
.
site
.
register
(
MatchDscp
)
admin
.
site
.
register
(
MatchFragmentType
)
admin
.
site
.
register
(
MatchIcmpCode
)
admin
.
site
.
register
(
MatchIcmpType
)
admin
.
site
.
register
(
MatchPacketLength
)
admin
.
site
.
register
(
MatchProtocol
)
admin
.
site
.
register
(
MatchTcpFlag
)
#
admin.site.register(MatchFragmentType)
#
admin.site.register(MatchIcmpCode)
#
admin.site.register(MatchIcmpType)
#
admin.site.register(MatchPacketLength)
#
admin.site.register(MatchProtocol)
#
admin.site.register(MatchTcpFlag)
admin
.
site
.
register
(
ThenAction
)
admin
.
site
.
register
(
ThenStatement
)
admin
.
site
.
register
(
MatchStatement
)
#
admin.site.register(ThenStatement)
#
admin.site.register(MatchStatement)
admin
.
site
.
register
(
Route
,
RouteAdmin
)
admin
.
site
.
disable_action
(
'
delete_selected
'
)
...
...
This diff is collapsed.
Click to expand it.
flowspec/models.py
+
68
−
82
View file @
b10e01d6
...
...
@@ -2,9 +2,11 @@
# vim: tabstop=4:shiftwidth=4:softtabstop=4:expandtab
from
django.db
import
models
from
django.conf
import
settings
from
django.contrib.auth.models
import
User
from
utils
import
proxy
as
PR
from
ipaddr
import
*
from
datetime
import
*
import
logging
FORMAT
=
'
%(asctime)s %(levelname)s: %(message)s
'
...
...
@@ -32,23 +34,8 @@ THEN_CHOICES = (
)
def
days_offset
():
return
datetime
.
now
()
+
timedelta
(
days
=
settings
.
EXPIRATION_DAYS_OFFSET
)
class
MatchAddress
(
models
.
Model
):
address
=
models
.
CharField
(
max_length
=
255
,
help_text
=
u
"
Network address. Use address/CIDR notation
"
)
def
__unicode__
(
self
):
return
self
.
address
def
clean
(
self
,
*
args
,
**
kwargs
):
from
django.core.exceptions
import
ValidationError
try
:
address
=
IPNetwork
(
self
.
address
)
self
.
address
=
address
.
exploded
except
Exception
:
raise
ValidationError
(
'
Invalid network address format
'
)
class
Meta
:
db_table
=
u
'
match_address
'
class
MatchPort
(
models
.
Model
):
port
=
models
.
CharField
(
max_length
=
24
)
def
__unicode__
(
self
):
...
...
@@ -65,70 +52,72 @@ class MatchDscp(models.Model):
class
ThenAction
(
models
.
Model
):
action
=
models
.
CharField
(
max_length
=
60
,
choices
=
THEN_CHOICES
)
action_value
=
models
.
CharField
(
max_length
=
255
,
blank
=
True
,
null
=
True
)
action
=
models
.
CharField
(
max_length
=
60
,
choices
=
THEN_CHOICES
,
verbose_name
=
"
Action
"
)
action_value
=
models
.
CharField
(
max_length
=
255
,
blank
=
True
,
null
=
True
,
verbose_name
=
"
Action Value
"
)
def
__unicode__
(
self
):
return
"
%s %s
"
%
(
self
.
action
,
self
.
action_value
)
return
"
%s
:
%s
"
%
(
self
.
action
,
self
.
action_value
)
class
Meta
:
db_table
=
u
'
then_action
'
class
Route
(
models
.
Model
):
name
=
models
.
CharField
(
max_length
=
128
)
applier
=
models
.
ForeignKey
(
User
)
destination
=
models
.
CharField
(
max_length
=
32
,
blank
=
True
,
null
=
True
,
help_text
=
u
"
Network address. Use address/CIDR notation
"
)
destination
port
=
models
.
ManyToManyField
(
MatchPort
,
blank
=
True
,
null
=
True
,
related_name
=
"
match
Destination
Port
"
)
d
scp
=
models
.
ManyToManyField
(
MatchDscp
,
blank
=
True
,
null
=
True
)
fragmenttype
=
models
.
CharField
(
max_length
=
20
,
choices
=
FRAGMENT_CODES
,
blank
=
True
,
null
=
True
)
icmpcode
=
models
.
CharField
(
max_length
=
32
,
blank
=
True
,
null
=
True
)
icmptype
=
models
.
CharField
(
max_length
=
32
,
blank
=
True
,
null
=
True
)
packetlength
=
models
.
Intege
rField
(
blank
=
True
,
null
=
True
)
port
=
models
.
ManyToManyField
(
MatchPort
,
blank
=
True
,
null
=
True
,
related_name
=
"
matchPort
"
)
protocol
=
models
.
CharField
(
max_length
=
32
,
blank
=
True
,
null
=
True
)
source
=
models
.
Cha
rField
(
max_length
=
32
,
blank
=
True
,
null
=
True
,
help_text
=
u
"
Network address. Use address/CIDR notation
"
)
sourceport
=
models
.
ManyToManyField
(
MatchPort
,
blank
=
True
,
null
=
True
,
related_name
=
"
matchSourcePort
"
)
tcpflag
=
models
.
CharField
(
max_length
=
128
,
blank
=
True
,
null
=
True
)
then
=
models
.
ManyToManyField
(
ThenAction
)
source
=
models
.
CharField
(
max_length
=
32
,
blank
=
True
,
null
=
True
,
help_text
=
u
"
Network address. Use address/CIDR notation
"
,
verbose_name
=
"
Source Address
"
)
source
port
=
models
.
ManyToManyField
(
MatchPort
,
blank
=
True
,
null
=
True
,
related_name
=
"
match
SourcePort
"
,
verbose_name
=
"
Source
Port
"
)
d
estination
=
models
.
CharField
(
max_length
=
32
,
blank
=
True
,
null
=
True
,
help_text
=
u
"
Network address. Use address/CIDR notation
"
,
verbose_name
=
"
Destination Address
"
)
destinationport
=
models
.
ManyToManyField
(
MatchPort
,
blank
=
True
,
null
=
True
,
related_name
=
"
matchDestinationPort
"
,
verbose_name
=
"
Destination Port
"
)
port
=
models
.
ManyToManyField
(
MatchPort
,
blank
=
True
,
null
=
True
,
related_name
=
"
matchPort
"
,
verbose_name
=
"
Port
"
)
dscp
=
models
.
ManyToManyField
(
MatchDscp
,
blank
=
True
,
null
=
True
,
verbose_name
=
"
DSCP
"
)
fragmenttype
=
models
.
Cha
rField
(
max_length
=
20
,
choices
=
FRAGMENT_CODES
,
blank
=
True
,
null
=
True
,
verbose_name
=
"
Fragment Type
"
)
icmpcode
=
models
.
CharField
(
max_length
=
32
,
blank
=
True
,
null
=
True
,
verbose_name
=
"
ICMP Code
"
)
icmptype
=
models
.
CharField
(
max_length
=
32
,
blank
=
True
,
null
=
True
,
verbose_name
=
"
ICMP Type
"
)
packetlength
=
models
.
Intege
rField
(
blank
=
True
,
null
=
True
,
verbose_name
=
"
Packet Length
"
)
protocol
=
models
.
CharField
(
max_length
=
32
,
blank
=
True
,
null
=
True
,
verbose_name
=
"
Protocol
"
)
tcpflag
=
models
.
CharField
(
max_length
=
128
,
blank
=
True
,
null
=
True
,
verbose_name
=
"
TCP flag
"
)
then
=
models
.
ManyToManyField
(
ThenAction
,
verbose_name
=
"
Then
"
)
filed
=
models
.
DateTimeField
(
auto_now_add
=
True
)
last_updated
=
models
.
DateTimeField
(
auto_now
=
True
)
is_online
=
models
.
BooleanField
(
default
=
False
)
is_active
=
models
.
BooleanField
(
default
=
False
)
expires
=
models
.
Date
Time
Field
()
expires
=
models
.
DateField
(
default
=
days_offset
)
response
=
models
.
CharField
(
max_length
=
512
,
blank
=
True
,
null
=
True
)
comments
=
models
.
TextField
(
null
=
True
,
blank
=
True
)
comments
=
models
.
TextField
(
null
=
True
,
blank
=
True
,
verbose_name
=
"
Comments
"
)
def
__unicode__
(
self
):
return
self
.
name
class
Meta
:
unique_together
=
((
"
name
"
,
"
is_active
"
),)
db_table
=
u
'
route
'
def
clean
(
self
,
*
args
,
**
kwargs
):
from
django.core.exceptions
import
ValidationError
if
self
.
destination
:
try
:
address
=
IPNetwork
(
self
.
address
)
self
.
address
=
address
.
exploded
address
=
IPNetwork
(
self
.
destination
)
self
.
destination
=
address
.
exploded
except
Exception
:
raise
ValidationError
(
'
Invalid network address format
'
)
raise
ValidationError
(
'
Invalid network address format
at Destination Field
'
)
if
self
.
source
:
try
:
address
=
IPNetwork
(
self
.
address
)
self
.
address
=
address
.
exploded
address
=
IPNetwork
(
self
.
source
)
self
.
source
=
address
.
exploded
except
Exception
:
raise
ValidationError
(
'
Invalid network address format
'
)
raise
ValidationError
(
'
Invalid network address format
at Source Field
'
)
def
save
(
self
,
*
args
,
**
kwargs
):
applier
=
PR
.
Applier
(
route_object
=
self
)
commit
,
response
=
applier
.
apply
()
if
commit
:
self
.
is_online
=
True
self
.
is_active
=
True
self
.
response
=
response
else
:
self
.
is_online
=
False
self
.
response
=
response
super
(
Route
,
self
).
save
(
*
args
,
**
kwargs
)
def
is_synced
(
self
):
found
=
False
...
...
@@ -144,11 +133,10 @@ class Route(models.Model):
found
=
True
logger
.
info
(
'
Found a matching route name
'
)
devicematch
=
route
.
match
routematch
=
self
.
match
try
:
assert
(
routematch
.
matchD
estination
.
address
)
assert
(
self
.
d
estination
)
assert
(
devicematch
[
'
destination
'
][
0
])
if
routematch
.
matchD
estination
.
address
==
devicematch
[
'
destination
'
][
0
]:
if
self
.
d
estination
==
devicematch
[
'
destination
'
][
0
]:
found
=
found
and
True
logger
.
info
(
'
Found a matching destination
'
)
else
:
...
...
@@ -157,9 +145,9 @@ class Route(models.Model):
except
:
pass
try
:
assert
(
routematch
.
matchSource
.
address
)
assert
(
self
.
source
)
assert
(
devicematch
[
'
source
'
][
0
])
if
routematch
.
matchSource
.
address
==
devicematch
[
'
source
'
][
0
]:
if
self
.
source
==
devicematch
[
'
source
'
][
0
]:
found
=
found
and
True
logger
.
info
(
'
Found a matching source
'
)
else
:
...
...
@@ -168,9 +156,9 @@ class Route(models.Model):
except
:
pass
try
:
assert
(
routematch
.
matchfragmenttype
.
fragmenttype
)
assert
(
self
.
fragmenttype
)
assert
(
devicematch
[
'
fragment
'
][
0
])
if
routematch
.
matchfragmenttype
.
fragmenttype
==
devicematch
[
'
fragment
'
][
0
]:
if
self
.
fragmenttype
==
devicematch
[
'
fragment
'
][
0
]:
found
=
found
and
True
logger
.
info
(
'
Found a matching fragment type
'
)
else
:
...
...
@@ -179,9 +167,9 @@ class Route(models.Model):
except
:
pass
try
:
assert
(
routematch
.
matchicmpcode
.
icmp_
code
)
assert
(
self
.
icmp
code
)
assert
(
devicematch
[
'
icmp-code
'
][
0
])
if
routematch
.
matchicmpcode
.
icmp_
code
==
devicematch
[
'
icmp-code
'
][
0
]:
if
self
.
icmp
code
==
devicematch
[
'
icmp-code
'
][
0
]:
found
=
found
and
True
logger
.
info
(
'
Found a matching icmp code
'
)
else
:
...
...
@@ -190,9 +178,9 @@ class Route(models.Model):
except
:
pass
try
:
assert
(
routematch
.
matchicmptype
.
icmp_
type
)
assert
(
self
.
icmp
type
)
assert
(
devicematch
[
'
icmp-type
'
][
0
])
if
routematch
.
matchicmpcode
.
icmp_
type
==
devicematch
[
'
icmp-type
'
][
0
]:
if
self
.
icmp
type
==
devicematch
[
'
icmp-type
'
][
0
]:
found
=
found
and
True
logger
.
info
(
'
Found a matching icmp type
'
)
else
:
...
...
@@ -201,9 +189,9 @@ class Route(models.Model):
except
:
pass
try
:
assert
(
routematch
.
matchprotocol
.
protocol
)
assert
(
self
.
protocol
)
assert
(
devicematch
[
'
protocol
'
][
0
])
if
routematch
.
matchprotocol
.
protocol
==
devicematch
[
'
protocol
'
][
0
]:
if
self
.
protocol
==
devicematch
[
'
protocol
'
][
0
]:
found
=
found
and
True
logger
.
info
(
'
Found a matching protocol
'
)
else
:
...
...
@@ -217,10 +205,9 @@ class Route(models.Model):
return
found
def
get_then
(
self
):
ret
=
''
then_statements
=
self
.
then
.
thenaction
.
all
()
then_statements
=
self
.
then
.
all
()
for
statement
in
then_statements
:
if
statement
.
action_value
:
ret
=
"
%s %s:<strong>%s</strong><br/>
"
%
(
ret
,
statement
.
action
,
statement
.
action_value
)
...
...
@@ -230,37 +217,36 @@ class Route(models.Model):
get_then
.
short_description
=
'
Then statement
'
get_then
.
allow_tags
=
True
#
def
get_match
(
self
):
ret
=
''
match
=
self
.
match
if
match
.
matchDestination
:
ret
=
ret
=
'
%s Destination Address:<strong>%s</strong><br/>
'
%
(
ret
,
match
.
matchDestination
)
if
match
.
matchfragmenttype
:
ret
=
ret
=
"
%s Fragment Type:<strong>%s</strong><br/>
"
%
(
ret
,
match
.
matchfragmenttype
)
if
match
.
matchicmpcode
:
ret
=
ret
=
"
%s ICMP code:<strong>%s</strong><br/>
"
%
(
ret
,
match
.
matchicmpcode
)
if
match
.
matchicmptype
:
ret
=
ret
=
"
%s ICMP Type:<strong>%s</strong><br/>
"
%
(
ret
,
match
.
matchicmptype
)
if
match
.
matchpacketlength
:
ret
=
ret
=
"
%s Packet Length:<strong>%s</strong><br/>
"
%
(
ret
,
match
.
matchpacketlength
)
if
match
.
matchprotocol
:
ret
=
ret
=
"
%s Protocol:<strong>%s</strong><br/>
"
%
(
ret
,
match
.
matchprotocol
)
if
match
.
matchSource
:
ret
=
ret
=
"
%s Source Address:<strong>%s</strong><br/>
"
%
(
ret
,
match
.
matchSource
)
if
match
.
matchTcpFlag
:
ret
=
ret
=
"
%s TCP flag:<strong>%s</strong><br/>
"
%
(
ret
,
match
.
matchTcpFlag
)
if
match
.
matchport
:
for
port
in
match
.
matchport
.
all
():
if
self
.
destination
:
ret
=
ret
=
'
%s Destination Address:<strong>%s</strong><br/>
'
%
(
ret
,
self
.
destination
)
if
self
.
fragmenttype
:
ret
=
ret
=
"
%s Fragment Type:<strong>%s</strong><br/>
"
%
(
ret
,
self
.
fragmenttype
)
if
self
.
icmpcode
:
ret
=
ret
=
"
%s ICMP code:<strong>%s</strong><br/>
"
%
(
ret
,
self
.
icmpcode
)
if
self
.
icmptype
:
ret
=
ret
=
"
%s ICMP Type:<strong>%s</strong><br/>
"
%
(
ret
,
self
.
icmptype
)
if
self
.
packetlength
:
ret
=
ret
=
"
%s Packet Length:<strong>%s</strong><br/>
"
%
(
ret
,
self
.
packetlength
)
if
self
.
protocol
:
ret
=
ret
=
"
%s Protocol:<strong>%s</strong><br/>
"
%
(
ret
,
self
.
protocol
)
if
self
.
source
:
ret
=
ret
=
"
%s Source Address:<strong>%s</strong><br/>
"
%
(
ret
,
self
.
source
)
if
self
.
tcpflag
:
ret
=
ret
=
"
%s TCP flag:<strong>%s</strong><br/>
"
%
(
ret
,
self
.
tcpflag
)
if
self
.
port
:
for
port
in
self
.
port
.
all
():
ret
=
"
%s Port:<strong>%s</strong><br/>
"
%
(
ret
,
port
)
if
match
.
matchD
estination
P
ort
:
for
port
in
match
.
matchD
estination
P
ort
.
all
():
if
self
.
d
estination
p
ort
:
for
port
in
self
.
d
estination
p
ort
.
all
():
ret
=
"
%s Port:<strong>%s</strong><br/>
"
%
(
ret
,
port
)
if
match
.
matchS
ource
P
ort
:
for
port
in
match
.
matchS
ource
P
ort
.
all
():
if
self
.
s
ource
p
ort
:
for
port
in
self
.
s
ource
p
ort
.
all
():
ret
=
"
%s Port:<strong>%s</strong><br/>
"
%
(
ret
,
port
)
if
match
.
match
dscp
:
for
dscp
in
match
.
match
dscp
.
all
():
if
self
.
dscp
:
for
dscp
in
self
.
dscp
.
all
():
ret
=
"
%s Port:<strong>%s</strong><br/>
"
%
(
ret
,
dscp
)
return
ret
.
rstrip
(
'
<br/>
'
)
...
...
This diff is collapsed.
Click to expand it.
flowspec_dev.db
0 → 100644
+
0
−
0
View file @
b10e01d6
File added
This diff is collapsed.
Click to expand it.
utils/proxy.py
+
39
−
29
View file @
b10e01d6
...
...
@@ -66,35 +66,45 @@ class Applier(object):
flow
.
routes
.
append
(
route
)
device
.
routing_options
.
append
(
flow
)
route
.
name
=
route_obj
.
name
match
=
route_obj
.
match
if
match
.
matchSource
:
route
.
match
[
'
source
'
].
append
(
match
.
matchSource
.
address
)
if
match
.
matchDestination
:
route
.
match
[
'
destination
'
].
append
(
match
.
matchDestination
.
address
)
if
match
.
matchprotocol
:
route
.
match
[
'
protocol
'
].
append
(
match
.
matchprotocol
.
protocol
)
if
match
.
matchport
:
for
port
in
match
.
matchport
.
all
():
route
.
match
[
'
port
'
].
append
(
port
.
port
)
if
match
.
matchDestinationPort
:
for
port
in
match
.
matchDestinationPort
.
all
():
route
.
match
[
'
destination-port
'
].
append
(
port
.
port
)
if
match
.
matchSourcePort
:
for
port
in
match
.
matchSourcePort
.
all
():
route
.
match
[
'
source-port
'
].
append
(
port
.
port
)
if
match
.
matchicmpcode
:
route
.
match
[
'
icmp-code
'
].
append
(
match
.
matchicmpcode
.
icmp_code
)
if
match
.
matchicmptype
:
route
.
match
[
'
icmp-type
'
].
append
(
match
.
matchicmptype
.
icmp_type
)
if
match
.
matchTcpFlag
:
route
.
match
[
'
tcp-flags
'
].
append
(
match
.
matchTcpFlag
.
tcp_flags
)
if
match
.
matchdscp
:
for
dscp
in
match
.
matchdscp
.
all
():
route
.
match
[
'
dscp
'
].
append
(
dscp
.
dscp
)
if
match
.
matchfragmenttype
:
route
.
match
[
'
fragment
'
].
append
(
match
.
matchfragmenttype
.
fragmenttype
)
then
=
route_obj
.
then
for
thenaction
in
then
.
thenaction
.
all
():
if
route_obj
.
source
:
route
.
match
[
'
source
'
].
append
(
route_obj
.
source
)
if
route_obj
.
destination
:
route
.
match
[
'
destination
'
].
append
(
route_obj
.
destination
)
if
route_obj
.
protocol
:
route
.
match
[
'
protocol
'
].
append
(
route_obj
.
protocol
)
try
:
if
route_obj
.
port
:
for
port
in
route_obj
.
port
.
all
():
route
.
match
[
'
port
'
].
append
(
port
.
port
)
except
:
pass
try
:
if
route_obj
.
destinationport
:
for
port
in
route_obj
.
destinationport
.
all
():
route
.
match
[
'
destination-port
'
].
append
(
port
.
port
)
except
:
pass
try
:
if
route_obj
.
sourceport
:
for
port
in
route_obj
.
sourceport
.
all
():
route
.
match
[
'
source-port
'
].
append
(
port
.
port
)
except
:
pass
if
route_obj
.
icmpcode
:
route
.
match
[
'
icmp-code
'
].
append
(
route_obj
.
icmpcode
)
if
route_obj
.
icmptype
:
route
.
match
[
'
icmp-type
'
].
append
(
route_obj
.
icmptype
)
if
route_obj
.
tcpflag
:
route
.
match
[
'
tcp-flags
'
].
append
(
route_obj
.
tcpflag
)
try
:
if
route_obj
.
dscp
:
for
dscp
in
route_obj
.
dscp
.
all
():
route
.
match
[
'
dscp
'
].
append
(
dscp
.
dscp
)
except
:
pass
if
route_obj
.
fragmenttype
:
route
.
match
[
'
fragment
'
].
append
(
route_obj
.
fragmenttype
)
for
thenaction
in
route_obj
.
then
.
all
():
if
thenaction
.
action_value
:
route
.
then
[
thenaction
.
action
]
=
thenaction
.
action_value
else
:
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment