- x=string.split(i,"/")
- self.set.append(ipaddr.network(x[0],x[1],
- ipaddr.DEMAND_NETWORK))
+ x=ipaddr.IPNetwork(i,strict=True)
+ self.set.append([x])
- return string.join(map(lambda x:'"%s/%s"'%(x.ip_str(),
- x.mask.netmask_bits_str),
- self.set.as_list_of_networks()),",")
+ return ",".join(map((lambda n: '"%s"'%n), self.set.networks()))
+class boolean:
+ "A boolean"
+ def __init__(self,w):
+ if re.match('[TtYy1]',w[1]):
+ self.b=True
+ elif re.match('[FfNn0]',w[1]):
+ self.b=False
+ else:
+ complain("invalid boolean value");
+ def __str__(self):
+ return ['False','True'][self.b]
+
'pubkey':(rsakey,"RSA public site key"),
'peer':(single_ipaddr,"Tunnel peer IP address"),
'address':(address,"External contact address and port"),
'pubkey':(rsakey,"RSA public site key"),
'peer':(single_ipaddr,"Tunnel peer IP address"),
'address':(address,"External contact address and port"),
})
require_properties={
'dh':"Diffie-Hellman group",
'contact':"Site admin contact address",
})
require_properties={
'dh':"Diffie-Hellman group",
'contact':"Site admin contact address",
'networks':"Networks claimed by the site",
'hash':"hash function",
'peer':"Gateway address of the site",
'networks':"Networks claimed by the site",
'hash':"hash function",
'peer':"Gateway address of the site",
root=level(['root','root']) # All vpns are children of this node
obstack=[root]
allow_defs=0 # Level above which new definitions are permitted
root=level(['root','root']) # All vpns are children of this node
obstack=[root]
allow_defs=0 # Level above which new definitions are permitted
"Process a configuration file line"
global allow_defs, obstack, root
"Process a configuration file line"
global allow_defs, obstack, root
keyword=w[0]
current=obstack[len(obstack)-1]
if keyword=='end-definitions':
allow_defs=sitelevel.depth
obstack=[root]
keyword=w[0]
current=obstack[len(obstack)-1]
if keyword=='end-definitions':
allow_defs=sitelevel.depth
obstack=[root]
+ return [i]
+ if keyword=='include':
+ if not allow_include:
+ complain("include not permitted here")
+ return []
+ if len(w) != 2:
+ complain("include requires one argument")
+ return []
+ newfile=os.path.join(os.path.dirname(file),w[1])
+ return pfilepath(newfile,allow_include=allow_include)
if levels.has_key(keyword):
# We may go up any number of levels, but only down by one
newdepth=levels[keyword].depth
if levels.has_key(keyword):
# We may go up any number of levels, but only down by one
newdepth=levels[keyword].depth
+def pfilepath(pathname,allow_include=False):
+ f=open(pathname)
+ outlines=pfile(pathname,f.readlines(),allow_include=allow_include)
+ f.close()
+ return outlines
+
+def pfile(name,lines,allow_include=False):
- w.write("all-sites %s;\n"%string.join(map(lambda x:"vpn/%s/all-sites"%
- x,root.children.keys()),","))
+ w.write(prefix+"all-sites %s;\n"%string.join(
+ map(lambda x:"%svpn/%s/all-sites"%(prefix,x),
+ root.children.keys()),","))
userinput=sys.stdin.readlines()
pfile("user input",userinput)
else:
userinput=sys.stdin.readlines()
pfile("user input",userinput)
else:
- # I'd like to do this:
- # n.properties["networks"].set.is_subset(new_ra)
- # but there isn't an is_subset() method
- # Instead we see if we intersect with the complement of new_ra
- rac=new_ra.complement()
- i=rac.intersection(n.properties["networks"].set)
- if not i.is_empty():
+ if not n.properties["networks"].set <= new_ra:
moan("%s %s networks out of bounds"%(n.type,n.name))
if n.properties.has_key("peer"):
if not n.properties["networks"].set.contains(
moan("%s %s networks out of bounds"%(n.type,n.name))
if n.properties.has_key("peer"):
if not n.properties["networks"].set.contains(
for i in n.children.keys():
checkconstraints(n.children[i],new_p,new_ra)
for i in n.children.keys():
checkconstraints(n.children[i],new_p,new_ra)