#!bin/python
#coding=utf-8
"""
Create by he
"""
import sys
import re
import string
import operator
from analysisFile import *
from result import *
ruleId = 0
objectGroupNameDic = {}
def handle():
global ruleId
for policy in policyList:
ruleId = 0
policyHandle(policy)
def policyHandle(policy):
global ruleId
for key,value in policy.canMerge.items():
condition = key.split('^')[-1]
if condition == Conditions.ONE:
result = handleCondOne(value)
policy.results.append(result)
if condition == Conditions.TWO:
result = handleCondTwo(value)
policy.results.append(result)
if condition == Conditions.FOUR:
result = handleCondFour(value)
policy.results.append(result)
if condition == Conditions.FIVE:
result = handleCondFive(value)
policy.results.append(result)
if condition == Conditions.SEVEN:
resultList = handleCondSeven(value)
policy.results.extend(resultList)
return
ruleId +=1
def handleCondSeven(rules):
print '==================handleCondSeven=========================='
for rule in rules:
getNewDipAddObjGroup(rule)
print 'hahahahahahahahahahahahahah'
for obj in rule.newDesIpObjGroup.addressObjects:
print obj.ip+" "+obj.mask
#print rule.newDesIpObjGroup.addressObjects
print 'hahahahahahahahahahahahahah'
#newDipGroups.append[group]
canMergeList = []
for i in range(0,len(rules)):
if rules[i].compared:
continue
mergeRuleLists = [rules[i]]
rules[i].compared = True
for j in (i+1,len(rules)):
if j == len(rules):
break
if rules[j].compared:
continue
if isSameGroup(rules[i],rules[j]):
mergeRuleLists.append(rules[j])
rules[j].compared = True
continue
canMergeList.append(mergeRuleLists)
print 'ffffffffffffffffffffffffffffffffff'
print canMergeList
print 'ffffffffffffffffffffffffffffffffff'
#canMerge and canMergeList are both list type
resultList = []
for canMerge in canMergeList:
if len(canMerge) == 1:
#remove canMerge[0] to canNotMerge
continue
result = Result()# Class :result
result.mergedRules.extend(canMerge)
sIpAddObjGroups = []
for rule in canMerge:
sIpAddObj = rule.getSipAddObjGroup(addObjGroupList)
sIpAddObjGroups.append(sIpAddObj)
#Merge s-ip
newSipAddGroup = mergeAddObjGroups(sIpAddObjGroups,canMerge[0])
newDipAddGroup = canMerge[0].newDesIpObjGroup
result.addObjMergeDic[newSipAddGroup] = sIpAddObjGroups
result.newRule = mergeRules(canMerge[0],dIp = newDipAddGroup,sIp = newSipAddGroup)
resultList.append(result)
return resultList
def isSameGroup(rule1,rule2):
print 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
print rule1
print rule2
print 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'
addObjs1 = rule1.newDesIpObjGroup.addressObjects
addObjs2 = rule2.newDesIpObjGroup.addressObjects
# bug-- if contains relationship
for addObj1 in addObjs1:
flag = False
for addObj2 in addObjs2:
if addObj1.ip+" "+addObj1.mask == addObj2.ip+" "+addObj2.mask:
flag = True
break
else:
print 'wowowowowowowowowowowowowowowowowowo'
print addObj1.ip+" "+addObj1.mask
print addObj2.ip+" "+addObj2.mask
print 'wowowowowowowowowowowowowowowowowowo'
if not flag:
print 'kkkkkkkkkkkkkkkkkkkkkkkkkjjjjjjjjjjjjjjjjjjjj'
return False
print 'jjjjjjjjjjjjjjjjjjjjjjjjjjjkkkkkkkkkkkkkkkkkkk'
return True
def getNewDipAddObjGroup(rule):
global userInput
dIpGroup = rule.getDipAddObjGroup(addObjGroupList)
print 'lllllllllllllllllllllll'
print dIpGroup
print 'lllllllllllllllllllllll'
addObjs = getAllAddObj(dIpGroup)
newAddObjs = []
for addObj in addObjs:
#If AddressObject is type of RANGE,how to do?
newMask = ipAnd(userInput,addObj.mask)
newIp = ipAnd(newMask,addObj.ip)
#content need change
newAddObj = AddressObject(addObj.addressId,addObj.content,addObj.Type,ip=newIp,mask=newMask,ipStart=addObj.ipStart,ipEnd=addObj.ipEnd)
#The newAddObj repeated need to remove
newAddObjs.append(newAddObj)
newAddObjGroup = AddressObjectGroup(dIpGroup.name,dIpGroup.content,newAddObjs)
rule.newDesIpObjGroup = newAddObjGroup
def ipAnd(ip1,ip2):
dotSplitList1 = ip1.split('.')
dotSplitList2 = ip2.split('.')
resIP = ""
for i in range(0,4):
resIP += str(int(dotSplitList1[i]) & int(dotSplitList2[i]))+"."
return resIP[0:-1]
def getAllAddObj(addObjGroup):
addObjs = []
for addObj in addObjGroup.addressObjects:
if addObj.Type == AddressTypes.GROUP:
#AddresObject convert to AddressObjectGroup
addObjs.extend(getAllAddObj(addObj))
addObjs.append(addObj)
return addObjs
def handleCondFive(rules):
print '==================handleCondFive=========================='
result = Result()# Class :result
result.mergedRules.extend(rules)
dIpAddObjGroups = []
for rule in rules:
#合并前的每一个地址对象组
dIpAddObj = rule.getDipAddObjGroup(addObjGroupList)
dIpAddObjGroups.append(dIpAddObj)
newAddGroup = mergeAddObjGroups(dIpAddObjGroups,rules[0],False)
result.addObjMergeDic[newAddGroup] = dIpAddObjGroups
result.newRule = mergeRules(rules[0],dIp = newAddGroup)
return result
def handleCondFour(rules):
print '==================handleCondFour=========================='
result = Result()# Class :result
result.mergedRules.extend(rules)
sIpAddObjGroups = []
for rule in rules:
#合并前的每一个地址对象组
sIpAddObj = rule.getSipAddObjGroup(addObjGroupList)
sIpAddObjGroups.append(sIpAddObj)
newAddGroup = mergeAddObjGroups(sIpAddObjGroups,rules[0])
result.addObjMergeDic[newAddGroup] = sIpAddObjGroups
result.newRule = mergeRules(rules[0],sIp = newAddGroup)
return result
def handleCondTwo(rules):
print '==================handleCondTwo=========================='
result = Result()# Class :result
result.mergedRules.extend(rules)
dIpAddObjGroups = []
for rule in rules:
#合并前的每一个地址对象组
dIpAddObj = rule.getDipAddObjGroup(addObjGroupList)
dIpAddObjGroups.append(dIpAddObj)
newAddGroup = mergeAddObjGroups(dIpAddObjGroups,rules[0],False)
result.addObjMergeDic[newAddGroup] = dIpAddObjGroups
result.newRule = mergeRules(rules[0],dIp = newAddGroup)
return result
def handleCondOne(rules):
print '==================handleCondOne=========================='
result = Result()# Class :result
result.mergedRules.extend(rules)
sIpAddObjGroups = []
for rule in rules:
#合并前的每一个地址对象组
sIpAddObj = rule.getSipAddObjGroup(addObjGroupList)
sIpAddObjGroups.append(sIpAddObj)
newAddGroup = mergeAddObjGroups(sIpAddObjGroups,rules[0])
result.addObjMergeDic[newAddGroup] = sIpAddObjGroups
result.newRule = mergeRules(rules[0],sIp = newAddGroup)
return result
#return a new AddressObjectGroup
def mergeAddObjGroups(addObjGroups,rule,isSourceMerge = True):
addressObjects = []
for addObjGroup in addObjGroups:
addressObjects.extend(addObjGroup.addressObjects)
objName = createAddObjGroupName(rule,isSourceMerge)
content = "object-group ip address " + objName
newAddGroup = AddressObjectGroup(objName,content,addressObjects)
return newAddGroup
def createAddObjGroupName(rule,isSourceMerge):
global objectGroupNameDic
name = ""
ser = rule.service
if ser == "":
ser = "any"
mode = "source"
if not isSourceMerge:
mode = "destination"
join = ser + "_" + mode + "_"
if objectGroupNameDic.has_key(join):
objectGroupNameDic[join] = objectGroupNameDic[join] + 1
name = join + str(objectGroupNameDic[join])
return name
objectGroupNameDic[join] = 1
name = join +str(1)
return name
#return a new rule
def mergeRules(ruleObj,sIp=None,dIp=None):
#replace ruleId
rule = re.sub(r"rule \d+ ","rule "+str(ruleId) + " ",ruleObj.content)
#replace source-ip
if sIp != None:
rule = re.sub(r"source-ip \S+","source-ip " + sIp.name,rule)
else:
sIp = ruleObj.sourceIpObjGroup
#replace destination-ip
if dIp != None:
rule = re.sub(r"destination-ip \S+","destination-ip " + dIp.name,rule)
else:
dIp = ruleObj.desIpObjGroup
#replace service
#if ser != "":
#rule = re.sub(r"service \S+","service " + ser,rule)
#remove logging
if "logging" in rule:
rule = re.sub(r"logging\s?" , "",rule)
#remove counting
if "counting" in rule:
rule = re.sub(r"counting\s?" , "",rule)
newRule = Rule(ruleId,ruleObj.action,ruleObj.vrf,ruleObj.timeRange,sIp,dIp,ruleObj.service,rule)
return newRule
handle()
print '==================Common=========================='
for p in policyList:
print '--------------policy-----------------'
for r in p.results:
print '-----------rule-----------'
print r.mergedRules
print r.newRule
print r.addObjMergeDic
#print r.addObjMergeDic.values()[0][0].addressObjects[0].addressId
