dn42/registry
1
0
Fork 0
mirror of https://git.dn42.dev/dn42/registry.git synced 2025-10-31 03:30:49 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

update check-my-stuff to use policy

Browse source
This commit is contained in:
xuu 2017-11-06 14:26:18 -07:00
parent fd3e48b375
commit d16196cf2e
No known key found for this signature in database
GPG key ID: 8B3B0604F164E04F
2 changed files with 174 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

10
check-my-stuff
View file

@ -10,5 +10,13 @@ BASE="$(realpath "$0")"
BASE="$(dirname "$BASE")" BASE="$(dirname "$BASE")"
cd "$BASE" || exit 1 cd "$BASE" || exit 1
utils/schema-check/dn42-schema.py -v scan data/ -m "$1" || ( echo "Schema validation failed, please check above!" ; exit 1 ) # utils/schema-check/dn42-schema.py -v scan data/ -m "$1" || ( echo "Schema validation failed, please check above!" ; exit 1 )
git diff --cached --name-only | while IFS='/' read -ra LINE; do
if [[ "${LINE[0]}" = "data" ]]; then
echo ${LINE[1]} ${LINE[2]}
utils/schema-check/dn42-schema.py -v policy ${LINE[1]} ${LINE[2]} $1
fi
done

175
utils/schema-check/dn42-schema.py
View file

@ -381,6 +381,53 @@ def find(fields=None, filter=None):
query = {"fields": ",".join(fields), "filter": ",".join([k + "=" + v for k, v in filter.items()])} query = {"fields": ",".join(fields), "filter": ",".join([k + "=" + v for k, v in filter.items()])}
return http_get(server, url, query) return http_get(server, url, query)
def to_num(ip):
ip = [int(i) for i in ip.split('.')]
return ip[3] + ip[2] * 256 + ip[1] * 256 ** 2 + ip[0] * 256 ** 3
def to_ip(num):
return '.'.join([str(i) for i in [num >> 24, (num >> 16) & 0xFF, (num >> 8) & 0xFF, num & 0xFF]])
def expand_ipv6(addr):
addr = addr.lower()
if "::" in addr:
if addr.count('::') > 1:
return False
addr = addr.replace('::', ':' * (9 - addr.count(':')))
if addr.count(':') != 7:
return False
return ''.join((i.zfill(4) for i in addr.split(":")))
def ip4to6(ip):
return "::ffff:%04x:%04x" % (ip >> 16, ip & 0xffff)
def inetrange(inet):
ip, mask = inet.split('/')
mask = int(mask)
ip = to_num(ip) & (0xFFFFFFFF << 32 - mask)
ip6 = ip4to6(ip)
return inet6range("%s/%d" % (ip6, mask + 96))
def inet6range(inet):
ip, mask = inet.split('/')
mask = int(mask)
ip = expand_ipv6(ip)
if mask == 128:
return ip, ip, mask
offset = int(ip[mask // 4], 16)
return "%s%x%s" % (
ip[:mask // 4],
offset & (0xf0 >> mask % 4),
"0" * (31 - mask // 4)
), "%s%x%s" % (
ip[:mask // 4],
offset | (0xf >> mask % 4),
"f" * (31 - mask // 4)
), mask
def test_policy(obj_type, name, mntner): def test_policy(obj_type, name, mntner):
log.debug([obj_type, name, mntner]) log.debug([obj_type, name, mntner])
@ -418,15 +465,121 @@ def test_policy(obj_type, name, mntner):
return status return status
elif args["type"] in ["inetnum","inet6num"]: elif args["type"] in ["inetnum","inet6num"]:
lis = find(["mnt-by"], {"@type": "aut-num", "@name": name}) log.info("Checking inetnum type")
lis = find(["mnt-by"], {"@type": "net", "cidr": name})
log.info(lis) log.info(lis)
pass if len(lis) > 0:
status = 'FAIL'
for o in lis:
for n in o:
if n[0] == "mnt-by" and n[1] == mntner:
status = 'PASS'
log.notice("%s has mnt for current object" %(mntner))
return status
log.error("%s does not have mnt for current object" %(mntner))
return status
if args["type"] == "inetnum":
Lnet, Hnet, mask = inetrange(name)
else:
Lnet, Hnet, mask = inet6range(name)
mask = "%03d" %(mask)
log.info([Lnet, Hnet, mask])
lis = find(["inetnum","inet6num","policy","@netlevel","mnt-by","mnt-lower"],
{"@type": "net", "@netmin": "le=" + Lnet, "@netmax": "ge=" + Hnet, "@netmask": "lt=" + mask})
log.info(lis)
policy = {}
select = None
mntners = []
for n in lis:
obj = {}
for o in n:
obj[o[0]] = o[1]
if o[0].startswith("mnt-"):
mntners.append(o[1])
k = obj["@netlevel"]
policy[k] = obj
if select is None:
select = k
elif select<=k:
select = k
if select == None:
pass
elif policy[select]["policy"] == "open":
log.notice("Policy is open for parent object")
return "PASS"
# 3. Check if mntner or mnt-lower for any as-block in the tree.
elif mntner in mntners:
log.notice("%s has mnt in parent object" %(mntner))
return "PASS"
elif args["type"] in ["route","route6"]: elif args["type"] in ["route","route6"]:
lis = find(["mnt-by"], {"@type": "aut-num", "@name": name}) log.info("Checking route type")
lis = find(["mnt-by"], {"@type": "route", args["type"]: name})
log.info(lis) log.info(lis)
pass if len(lis) > 0:
status = 'FAIL'
for o in lis:
for n in o:
if n[0] == "mnt-by" and n[1] == mntner:
status = 'PASS'
log.notice("%s has mnt for current object" %(mntner))
return status
log.error("%s does not have mnt for current object" %(mntner))
return status
if args["type"] == "inetnum":
Lnet, Hnet, mask = inetrange(name)
else:
Lnet, Hnet, mask = inet6range(name)
mask = "%03d" %(mask)
log.info([Lnet, Hnet, mask])
lis = find(["inetnum","inet6num","policy","@netlevel","mnt-by","mnt-lower"],
{"@type": "net", "@netmin": "le=" + Lnet, "@netmax": "ge=" + Hnet, "@netmask": "le=" + mask})
log.info(lis)
policy = {}
select = None
mntners = []
for n in lis:
obj = {}
for o in n:
obj[o[0]] = o[1]
if o[0].startswith("mnt-"):
mntners.append(o[1])
k = obj["@netlevel"]
policy[k] = obj
if select is None:
select = k
elif select<=k:
select = k
if select == None:
pass
elif policy[select]["policy"] == "open":
log.notice("Policy is open for parent object")
return "PASS"
# 3. Check if mntner or mnt-lower for any as-block in the tree.
elif mntner in mntners:
log.notice("%s has mnt in parent object" %(mntner))
return "PASS"
elif args["type"] == "aut-num": elif args["type"] == "aut-num":
if not name.startswith("AS"): if not name.startswith("AS"):
log.error("%s does not start with AS" %(name)) log.error("%s does not start with AS" %(name))
@ -449,7 +602,8 @@ def test_policy(obj_type, name, mntner):
# 2. Check if the as-block has an open policy # 2. Check if the as-block has an open policy
asn = "AS{:0>9}".format(name[2:]) asn = "AS{:0>9}".format(name[2:])
lis = find(["as-block","policy","@as-min","@as-max","mnt-by","mnt-lower"], {"@type": "as-block","@as-min":"le=" + asn,"@as-max": "ge=" + asn}) lis = find(["as-block","policy","@as-min","@as-max","mnt-by","mnt-lower"],
{"@type": "as-block","@as-min":"le=" + asn,"@as-max": "ge=" + asn})
log.info(lis) log.info(lis)
policy = {} policy = {}
@ -510,7 +664,6 @@ def test_policy(obj_type, name, mntner):
if Lasn > Hasn: if Lasn > Hasn:
log.error("%s should come before %s" %(Lname, Hname)) log.error("%s should come before %s" %(Lname, Hname))
lis = find(["as-block","policy","@as-min","@as-max","mnt-by","mnt-lower"], {"@type": "as-block","@as-min":"le=" + Lasn,"@as-max": "ge=" + Hasn}) lis = find(["as-block","policy","@as-min","@as-max","mnt-by","mnt-lower"], {"@type": "as-block","@as-min":"le=" + Lasn,"@as-max": "ge=" + Hasn})
log.info(lis) log.info(lis)
@ -533,11 +686,11 @@ def test_policy(obj_type, name, mntner):
elif select[0]<=k[0] or select[1]>=k[1]: elif select[0]<=k[0] or select[1]>=k[1]:
select = k select = k
# Policy Open only applies to aut-nums. as-blocks must be defined by parent mntners only. # Policy Open only applies to aut-nums. as-blocks must be defined by parent mntners only.
# #
# if policy[select]["policy"] == "open": # if policy[select]["policy"] == "open":
# log.notice("Policy is open for parent object") # log.notice("Policy is open for parent object")
# return "PASS" # return "PASS"
# 3. Check if mntner or mnt-lower for any as-block in the tree. # 3. Check if mntner or mnt-lower for any as-block in the tree.
if mntner in mntners: if mntner in mntners: