diff --git a/flowspec/forms.py b/flowspec/forms.py index 7f43f9f41f71e81fae1b448ff63dd10da33ffa89..064ebecfbc2baa7e6b5512f7a1f364438fa9c809 100644 --- a/flowspec/forms.py +++ b/flowspec/forms.py @@ -173,6 +173,12 @@ class RouteForm(forms.ModelForm): # return res return destination + def fmt_ip_addres_list(self, ip_addr_list_str): + list1 = ip_addr_list_str.split() + list2_ip = [IPNetwork(source).compressed for source in list1] + list2 = [str(IPNetwork(source).compressed) for source in list1] + return " ".join(list2), list2_ip + def clean(self): if self.errors: raise forms.ValidationError(_('Errors in form. Please review and fix them: %s' % ", ".join(self.errors))) @@ -201,8 +207,15 @@ class RouteForm(forms.ModelForm): user = self.cleaned_data.get('applier', None) if source: - source = IPNetwork(source).compressed + #source = IPNetwork(source).compressed + source, source_list = self.fmt_ip_addres_list(source) existing_routes = existing_routes.filter(source=source) + #existing_routes_old = existing_routes + #existing_routes = [] + #for source_ip in source_list: + # existing_routes2 = existing_routes_old.filter(source=source_ip) + # for existing_route in existing_routes2: + # existing_routes.append(existing_routes) else: existing_routes = existing_routes.filter(source=None) if protocols: diff --git a/flowspec/validators.py b/flowspec/validators.py index 1fee33f1b33b04dbaa835a5282173aafb774677b..45198065de42bbbdb0b84d956c47a08e03906b4e 100644 --- a/flowspec/validators.py +++ b/flowspec/validators.py @@ -16,6 +16,14 @@ def get_network(ip): else: return (True, address) +def get_network_list(ip_list): + try: + list1 = ip_list.split() + address_list = [IPNetwork(ip) for ip in list1] + except Exception: + return (False, _('Invalid network address list format')) + else: + return (True, address_list) def clean_ip(address): if not hasattr(settings, "PERMIT_PRIVATE_IP_TARGETS"): @@ -53,23 +61,24 @@ def clean_status(status): def clean_source(user, source): - success, address = get_network(source) + #success, address = get_network(source) + success, address_list = get_network_list(source) if not success: - return address - for net in settings.PROTECTED_SUBNETS: - if address in IPNetwork(net): - mail_body = "User %s %s attempted to set %s as the source address in a firewall rule" % (user.username, user.email, source) - send_mail( - settings.EMAIL_SUBJECT_PREFIX + "Caught an attempt to set a protected IP/network as a source address", - mail_body, - settings.SERVER_EMAIL, - settings.NOTIFY_ADMIN_MAILS, - fail_silently=True - ) - return _('You have no authority on this subnet') + return " ".join([str(ip) for ip in address_list]) + for address in address_list: + for net in settings.PROTECTED_SUBNETS: + if address in IPNetwork(net): + mail_body = "User %s %s attempted to set %s as the source address in a firewall rule" % (user.username, user.email, source) + send_mail( + settings.EMAIL_SUBJECT_PREFIX + "Caught an attempt to set a protected IP/network as a source address", + mail_body, + settings.SERVER_EMAIL, + settings.NOTIFY_ADMIN_MAILS, + fail_silently=True + ) + return _('You have no authority on this subnet') return source - def clean_destination(user, destination): success, address = get_network(destination) if not success: diff --git a/flowspec/views.py b/flowspec/views.py index c8dbb8e32fe9c291250d2294d1c49854a6c18326..34cb1ddf097c7f35fccac614fe7b2e8903a14468 100644 --- a/flowspec/views.py +++ b/flowspec/views.py @@ -54,10 +54,11 @@ import os from flowspec.snmpstats import load_history, get_last_msrm_delay_time -LOG_FILENAME = os.path.join(settings.LOG_FILE_LOCATION, 'celery_jobs.log') +LOG_FILENAME = os.path.join(settings.LOG_FILE_LOCATION, 'gunicorn_views.log') # FORMAT = '%(asctime)s %(levelname)s: %(message)s' # logging.basicConfig(format=FORMAT) -formatter = logging.Formatter('%(asctime)s %(levelname)s %(clientip)s %(user)s: %(message)s') +#formatter = logging.Formatter('%(asctime)s %(levelname)s %(clientip)s %(user)s: %(message)s') # leads to strange errors on test-lab +formatter = logging.Formatter('%(asctime)s %(levelname)s: %(message)s') logger = logging.getLogger(__name__) logger.setLevel(logging.DEBUG) @@ -65,7 +66,6 @@ handler = logging.FileHandler(LOG_FILENAME) handler.setFormatter(formatter) logger.addHandler(handler) - @login_required def user_routes(request): user_routes = Route.objects.filter(applier=request.user) @@ -161,6 +161,7 @@ def group_routes(request): @login_required @never_cache def group_routes_ajax(request): + #logger.info("views::group_routes_ajax(): called") all_group_rules = [] try: peers = request.user.get_profile().peers.prefetch_related('networks') @@ -181,6 +182,7 @@ def group_routes_ajax(request): jresp = {} rules = build_routes_json(all_group_rules) jresp['aaData'] = rules + #logger.info("views::group_routes_ajax(): before return HttpResponse") return HttpResponse(json.dumps(jresp), mimetype='application/json') @@ -270,7 +272,8 @@ def helper_calc_applier_peer_networks(request): @login_required @never_cache def add_route(request): - logger.info("views::add_route(): request="+str(request)) + #logger.info("views::add_route(): request="+str(request)) + logger.info("views::add_route(): called") applier = request.user.pk #applier_peer_networks = [] #if request.user.is_superuser: @@ -392,7 +395,8 @@ def add_route(request): @login_required @never_cache def edit_route(request, rule_slug): - logger.info("views::edit_route(): rule_slug="+str(rule_slug)+" request="+str(request)) + #logger.info("views::edit_route(): rule_slug="+str(rule_slug)+" request="+str(request)) + logger.info("views::edit_route(): rule_slug="+str(rule_slug)) applier = request.user.pk rule_edit = get_object_or_404(Rule, name=rule_slug) @@ -480,7 +484,6 @@ def edit_route(request, rule_slug): route_reused = None logger.info("views::edit_route(): source_prefix_list loop: source="+str(source)+" => route_reused="+str(route_reused)) - form = RouteForm( request_data, #instance=rule_edit.routes.get() @@ -585,6 +588,11 @@ def edit_route(request, rule_slug): dictionary = model_to_dict(route_edit, fields=[], exclude=[]) dictionary.update(model_to_dict(rule_edit, fields=[], exclude=[])) + + all_sources_str = " ".join([route.source for route in route_edit_all]) + logger.info("views::edit_route(): all_sources_str="+str(all_sources_str)) + dictionary['source'] = all_sources_str + if request.user.is_superuser: dictionary['issuperuser'] = request.user.username else: @@ -593,9 +601,7 @@ def edit_route(request, rule_slug): except: pass form = RouteForm(dictionary) - - #form.fields['source'] = " ".join([route.source for route in route_edit_all]) - #logger.info("views::edit_route(): form="+str(form)) + logger.info("views::edit_route(): form="+str(form)) form.fields['expires'] = forms.DateField() form.fields['applier'] = forms.ModelChoiceField(queryset=User.objects.filter(pk=request.user.pk), required=True, empty_label=None) @@ -646,7 +652,8 @@ def calculate_route_reuse(rule_edit, source_prefix_list): @login_required @never_cache def delete_rule(request, rule_slug): - logger.info("views::delete_route(): rule_slug="+str(rule_slug)+ " request="+str(request)) + logger.info("views::delete_route(): rule_slug="+str(rule_slug)) + #logger.info("views::delete_route(): rule_slug="+str(rule_slug)+ " request="+str(request)) #logger.info("views::delete_route(): rule_slug="+str(rule_slug)+ " request.dir="+str(dir(request))) #logger.info("views::delete_route(): rule_slug="+str(rule_slug)+ " request.REQUEST="+str(dir(request.REQUEST))) #logger.info("views::delete_route(): rule_slug="+str(rule_slug)+ " request.REQUEST.keys="+str(dir(request.REQUEST.keys)))