a i7S@sdZgdZddlmZddlZddlZddlZddlmZddl m Z m Z m Z m Z mZmZmZmZddlmZmZmZddlmZmZddlmZmZmZmZdd lmZdd lm Z dd l!m"Z"Gd d d eZ#GdddeZ$ddZ%dddZ&dS)z$ipset io XML handler, reader, writer)IPSet ipset_reader ipset_writerN)config)checkIPcheckIP6 checkIPnMask checkIP6nMask check_mac check_portcheckInterface checkProtocol) IO_ObjectIO_Object_ContentHandlerIO_Object_XMLGenerator) IPSET_TYPESIPSET_CREATE_OPTIONS)check_icmp_namecheck_icmp_type_codecheck_icmpv6_namecheck_icmpv6_type_code)log)errors) FirewallErrorcseZdZdddddddifddgffZdZgd Zd d d gd gd d ZdgdgdZfddZddZ e ddZ ddZ fddZ ZS)r)version)shortr) descriptionr)typeroptionsrentriesz (ssssa{ss}as))_-:.Nrname)rripsetoptionentryrvalue)r&r'cs<tt|d|_d|_d|_d|_g|_i|_d|_ dSNrF) superr__init__rrrrr rappliedself __class__:/usr/lib/python3.9/site-packages/firewall/core/io/ipset.pyr,CszIPSet.__init__cCs8d|_d|_d|_d|_|jdd=|jd|_dSr*)rrrrr rclearr-r.r2r2r3cleanupMs  z IPSet.cleanupc CsBd}d|vr|ddkrd}|ds6ttjd||ddd}|d}t|t|ksnt|d krttjd ||ft|D]\}}||}|d krd |vrV|dkrV|d krttjd |||f|d } t| dkrttjd||||f| D]F} |dkr$t| r8|dkr t | s ttjd| |||fq nh|dkr|dkrttjd||||f|dkrt } nt} nt } | |stt|||dS)NrS0r8r)rFrrZIPSET_WITH_TIMEOUTrrQr+ import_config)r/rr]r(r0r2r3rd4s   zIPSet.import_config)__name__ __module__ __qualname__ZIMPORT_EXPORT_STRUCTUREZDBUS_SIGNATUREZADDITIONAL_ALNUM_CHARSZPARSER_REQUIRED_ELEMENT_ATTRSZPARSER_OPTIONAL_ELEMENT_ATTRSr,r5 staticmethodrQr`rd __classcell__r2r2r0r3r,s2    Crc@seZdZddZddZdS)ipset_ContentHandlercCst||||j|||dkrpd|vrX|dtvrLttjd|d|d|j_d|vrl|d|j_ nt|dkr|nh|dkrn\|dkrd}d |vr|d }|d d vrttj d |d |jjd kr|d dvrttj d|d |jjf|d d vr"|s"ttj d|d |d dvrz t |}Wn,t yhttj d|d |fYn0|dkrttj d|d |f|d dkr|dvrttj||d |jjvr||jj|d <ntd|d dS)Nr&rz%srrrr'rr)r%)r6rSrTrUzUnknown option '%s'zhash:mac)r6z%Unsupported option '%s' for type '%s'z&Missing mandatory value of option '%s'rRrVrrWr6rXz Option %s already set, ignoring.)r startElementrOZparser_check_element_attrsrrrrYrrZINVALID_OPTIONrIrJr[r\rrwarning)r/r%attrsr)r_r2r2r3rk?sx           z!ipset_ContentHandler.startElementcCs(t|||dkr$|jj|jdS)Nr()r endElementrOr appendZ_element)r/r%r2r2r3rnvs zipset_ContentHandler.endElementN)rerfrgrkrnr2r2r2r3rj>s7rjc Cs&t}|ds ttjd||dd|_||j||_||_| t j rVdnd|_ |j |_ t|}t}||d||f}t|dn}td}||z||Wn:tjy}z ttjd|WYd}~n d}~00Wdn1s 0Y~~d |jvr^|jd d kr^t|jd kr^td |j|jdd=d } t} | t|jkr |j| | vrtd |j| |j| ntz| |j| |j|j!Wn>ty} z$td| |j| WYd} ~ n"d} ~ 00| "|j| | d7} qh~ |S)Nz.xmlz'%s' is missing .xml suffixFT%s/%srbznot a valid ipset file: %srSrbrz6ipset '%s': timeout option is set, entries are ignoredzEntry %s already set, ignoring.z %s, ignoring.r:)#rrHrrZ INVALID_NAMEr%Z check_namefilenamepathrCr ETC_FIREWALLDZbuiltindefaultrjsaxZ make_parserZsetContentHandleropenZ InputSourceZ setByteStreamparseZSAXParseExceptionrDZ getExceptionrrFr rrlsetpoprQradd) rsrtr&handlerparserr%fsourcemsgrMZ entries_seter2r2r3r{sd       :   " rc Cs|r|n|j}|jr$d||jf}nd||jf}tj|rzt|d|Wn2ty}zt d||WYd}~n d}~00tj |}| t j rtj|stjt j stt j dt|dtj|ddd}t|}|d |ji}|jr|jd kr|j|d <|d ||d |jrz|jd krz|d|di||j|d|d |jr|jd kr|d|di||j|d|d |jD]L\} } |d| d kr|d| | dn|dd| i|d q|jD]:} |d|di|| |d|d q"|d |d || ~dS)Nrqz %s/%s.xmlz%s.oldzBackup of file '%s' failed: %siZwtzUTF-8)modeencodingrrrr& z rrr')r%r)r%r()!rtrsr%osexistsshutilcopy2 ExceptionrerrordirnamerCrrumkdiriorxrZ startDocumentrrrkZignorableWhitespacerZ charactersrnrrrLZ simpleElementr Z endDocumentclose) r&rt_pathr%rdirpathrr}rmr^r)r(r2r2r3rsf $                         r)N)'__doc____all__Zxml.saxrwrrrZfirewallrZfirewall.functionsrrrr r r r r Zfirewall.core.io.io_objectrrrZfirewall.core.ipsetrrZfirewall.core.icmprrrrZfirewall.core.loggerrrZfirewall.errorsrrrjrrr2r2r2r3s&  (   =3