Skip to content

CIRCLE / cloud

Go to a project

A prog2-höz tartozó friss repo anyagok itt elérhetőek: https://git.iit.bme.hu/

Commit c2e1edf1 by Bach Dániel
Options

firewall: add IPNetworkField

parent 5c30cc6f
Showing with 137 additions and 43 deletions
circle/dashboard/urls.py
...@@ -5,5 +5,4 @@ from .views import IndexView, VmDetailView ...@@ -5,5 +5,4 @@ from .views import IndexView, VmDetailView
urlpatterns = patterns('', urlpatterns = patterns('',
url(r'^$', IndexView.as_view()), url(r'^$', IndexView.as_view()),
url(r'^vm/(?P<id>\d+)/$', VmDetailView.as_view(), url(r'^vm/(?P<id>\d+)/$', VmDetailView.as_view(),
name='dashboard.views.detail'), name='dashboard.views.detail'),)
)
circle/firewall/admin.py
...@@ -38,8 +38,9 @@ class HostInline(contrib.admin.TabularInline): ...@@ -38,8 +38,9 @@ class HostInline(contrib.admin.TabularInline):
class VlanAdmin(admin.ModelAdmin): class VlanAdmin(admin.ModelAdmin):
list_display = ('vid', 'name', 'ipv4', 'net_ipv4', 'ipv6', 'net_ipv6', list_display = ('vid', 'name', 'network4', 'network6',
'description', 'domain', 'snat_ip', ) 'description', 'domain', 'snat_ip', )
search_fields = ('vid', 'name', 'network4', )
ordering = ('vid', ) ordering = ('vid', )
inlines = (RuleInline, ) inlines = (RuleInline, )
......
circle/firewall/fields.py
...@@ -4,6 +4,8 @@ from django.db import models ...@@ -4,6 +4,8 @@ from django.db import models
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from django.utils.ipv6 import is_valid_ipv6_address from django.utils.ipv6 import is_valid_ipv6_address
from south.modelsinspector import add_introspection_rules from south.modelsinspector import add_introspection_rules
from django import forms
from netaddr import IPNetwork, AddrFormatError
import re import re
...@@ -40,6 +42,77 @@ class MACAddressField(models.Field): ...@@ -40,6 +42,77 @@ class MACAddressField(models.Field):
add_introspection_rules([], ["firewall\.fields\.MACAddressField"]) add_introspection_rules([], ["firewall\.fields\.MACAddressField"])
class IPNetworkFormField(forms.Field):
default_error_messages = {
'invalid': _(u'Enter a valid IP network. %s'),
}
def validate(self, value):
try:
return IPNetworkField.from_str(value, version=self.version)
except (AddrFormatError, TypeError), e:
raise ValidationError(self.default_error_messages['invalid']
% unicode(e))
def __init__(self, *args, **kwargs):
self.version = kwargs['version']
del kwargs['version']
super(IPNetworkFormField, self).__init__(*args, **kwargs)
class IPNetworkField(models.Field):
description = _('IP Network object')
__metaclass__ = models.SubfieldBase
def __init__(self, version=4, *args, **kwargs):
kwargs['max_length'] = 100
self.version = version
super(IPNetworkField, self).__init__(*args, **kwargs)
@staticmethod
def from_str(value, version):
if not value or value == "":
return None
if isinstance(value, IPNetwork):
return value
return IPNetwork(value, version=version)
def get_internal_type(self):
return "CharField"
def to_python(self, value):
return IPNetworkField.from_str(value, self.version)
def get_db_prep_value(self, value, connection, prepared=False):
if not value or value == "":
return None
if isinstance(value, IPNetwork):
if self.version == 4:
return '.'.join(map(lambda x: "%03d" % x, value.ip.words))
else:
return ':'.join(map(lambda x: "%04X" % x, value.ip.words))
return value
def value_to_string(self, obj):
value = self._get_val_from_obj(obj)
return self.get_prep_value(value)
def clean(self, value, model_instance):
value = super(IPNetworkField, self).clean(value, model_instance)
return self.get_prep_value(value)
def formfield(self, **kwargs):
defaults = {'form_class': IPNetworkFormField}
defaults['version'] = self.version
defaults.update(kwargs)
return super(IPNetworkField, self).formfield(**defaults)
add_introspection_rules([], ["^firewall\.fields\.IPNetworkField"])
def val_alfanum(value): def val_alfanum(value):
"""Validate whether the parameter is a valid alphanumeric value.""" """Validate whether the parameter is a valid alphanumeric value."""
if not alfanum_re.match(value): if not alfanum_re.match(value):
......
circle/firewall/fw.py
...@@ -203,7 +203,7 @@ class Firewall: ...@@ -203,7 +203,7 @@ class Firewall:
for d_vlan in s_vlan.snat_to.all(): for d_vlan in s_vlan.snat_to.all():
self.iptablesnat('-A POSTROUTING -s %s -o %s -j SNAT ' self.iptablesnat('-A POSTROUTING -s %s -o %s -j SNAT '
'--to-source %s' % '--to-source %s' %
(s_vlan.net_ipv4(), d_vlan.interface, (str(s_vlan.network4), d_vlan.interface,
s_vlan.snat_ip)) s_vlan.snat_ip))
# hard-wired rules # hard-wired rules
......
circle/firewall/models.py
...@@ -6,7 +6,7 @@ from django.forms import ValidationError ...@@ -6,7 +6,7 @@ from django.forms import ValidationError
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from firewall.fields import (MACAddressField, val_alfanum, val_reverse_domain, from firewall.fields import (MACAddressField, val_alfanum, val_reverse_domain,
val_domain, val_ipv4, val_ipv6, val_mx, val_domain, val_ipv4, val_ipv6, val_mx,
ipv4_2_ipv6) ipv4_2_ipv6, IPNetworkField)
from django.core.validators import MinValueValidator, MaxValueValidator from django.core.validators import MinValueValidator, MaxValueValidator
import django.conf import django.conf
from django.db.models.signals import post_save from django.db.models.signals import post_save
...@@ -70,8 +70,9 @@ class Rule(models.Model): ...@@ -70,8 +70,9 @@ class Rule(models.Model):
help_text=_("If network address translation " help_text=_("If network address translation "
"shoud be done.")) "shoud be done."))
nat_dport = models.IntegerField(blank=True, null=True, nat_dport = models.IntegerField(blank=True, null=True,
help_text=_( help_text=_("Rewrite destination port "
"Rewrite destination port number to."), "number to this if NAT is "
"needed."),
validators=[MinValueValidator(1), validators=[MinValueValidator(1),
MaxValueValidator(65535)]) MaxValueValidator(65535)])
created_at = models.DateTimeField( created_at = models.DateTimeField(
...@@ -169,39 +170,31 @@ class Vlan(models.Model): ...@@ -169,39 +170,31 @@ class Vlan(models.Model):
verbose_name=_('Name'), verbose_name=_('Name'),
help_text=_('The short name of the subnet.'), help_text=_('The short name of the subnet.'),
validators=[val_alfanum]) validators=[val_alfanum])
prefix4 = models.IntegerField(
default=16, verbose_name=_('IPv4 prefix length'),
help_text=_('The prefix length of the IPv4 subnet.'))
prefix6 = models.IntegerField(
default=80, verbose_name=_('IPv6 prefix length'),
help_text=_('The prefix length of the IPv6 subnet.'))
interface = models.CharField(max_length=20, unique=True, interface = models.CharField(max_length=20, unique=True,
verbose_name=_('interface'), help_text=_( verbose_name=_('interface'), help_text=_(
'The name of network interface the ' 'The name of network interface the '
'gateway should serve this network on. ' 'gateway should serve this network on. '
'For example vlan0004 or eth2.')) 'For example vlan0004 or eth2.'))
net4 = models.GenericIPAddressField(protocol='ipv4', unique=True, network4 = IPNetworkField(unique=False,
verbose_name=_('IPv4 network'), version=4,
help_text=_('The network address of ' null=True,
'the IPv4 subnet.')) blank=True,
net6 = models.GenericIPAddressField(protocol='ipv6', unique=True, verbose_name=_('IPv4 address/prefix'),
verbose_name=_('IPv6 network'), help_text=_(
help_text=_('The network address of ' 'The IPv4 address and the prefix length '
'the IPv6 subnet.')) 'of the gateway.'
ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True, 'Recommended value is the last '
verbose_name=_('IPv4 address'), 'valid address of the subnet, '
help_text=_( 'for example '
'The IPv4 address of the gateway. ' '10.4.255.254/16 for 10.4.0.0/16.'))
'Recommended value is the last ' network6 = IPNetworkField(unique=False,
'valid address of the subnet, ' version=6,
'for example ' null=True,
'10.4.255.254 for 10.4.0.0/16.')) blank=True,
ipv6 = models.GenericIPAddressField(protocol='ipv6', verbose_name=_('IPv6 address/prefix'),
unique=True, help_text=_(
verbose_name=_('IPv6 address'), 'The IPv6 address and the prefix length '
help_text=_( 'of the gateway.'))
'The IPv6 address of the '
'gateway.'))
snat_ip = models.GenericIPAddressField(protocol='ipv4', blank=True, snat_ip = models.GenericIPAddressField(protocol='ipv4', blank=True,
null=True, null=True,
verbose_name=_('NAT IP address'), verbose_name=_('NAT IP address'),
...@@ -257,18 +250,37 @@ class Vlan(models.Model): ...@@ -257,18 +250,37 @@ class Vlan(models.Model):
def __unicode__(self): def __unicode__(self):
return self.name return self.name
def net_ipv6(self):
"""String representation of selected IPv6 network."""
return self.net6 + "/" + unicode(self.prefix6)
def net_ipv4(self):
"""String representation of selected IPv4 network."""
return self.net4 + "/" + unicode(self.prefix4)
@models.permalink @models.permalink
def get_absolute_url(self): def get_absolute_url(self):
return ('network.vlan', None, {'vid': self.vid}) return ('network.vlan', None, {'vid': self.vid})
@property
def net4(self):
return self.network4.network
@property
def ipv4(self):
return self.network4.ip
@property
def prefix4(self):
return self.network4.prefixlen
@property
def net6(self):
return self.network6.network
@property
def ipv6(self):
return self.network6.ip
@property
def prefix6(self):
return self.network6.prefixlen
def __unicode__(self):
return self.name
class VlanGroup(models.Model): class VlanGroup(models.Model):
""" """
...@@ -389,6 +401,14 @@ class Host(models.Model): ...@@ -389,6 +401,14 @@ class Host(models.Model):
def __unicode__(self): def __unicode__(self):
return self.hostname return self.hostname
@property
def incoming_rules(self):
return self.rules.filter(direction='1')
@property
def outgoing_rules(self):
return self.rules.filter(direction='0')
def save(self, *args, **kwargs): def save(self, *args, **kwargs):
id = self.id id = self.id
if not self.id and self.ipv6 == "auto": if not self.id and self.ipv6 == "auto":
......
requirements/base.txt
...@@ -10,3 +10,4 @@ logutils==0.3.3 ...@@ -10,3 +10,4 @@ logutils==0.3.3
netaddr==0.7.10 netaddr==0.7.10
South==0.8.1 South==0.8.1
psycopg2==2.5.1 psycopg2==2.5.1
netaddr==0.7.10
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment