#!bin/python #coding=utf-8 """ Create by he """ import sys import re import string import operator from analysisFile import * from result import * ruleId = 0 objectGroupNameDic = {} def handle(): global ruleId for policy in policyList: ruleId = 0 policyHandle(policy) def policyHandle(policy): global ruleId for key,value in policy.canMerge.items(): condition = key.split('^')[-1] if condition == Conditions.ONE: result = handleCondOne(value) policy.results.append(result) if condition == Conditions.TWO: result = handleCondTwo(value) policy.results.append(result) if condition == Conditions.FOUR: result = handleCondFour(value) policy.results.append(result) if condition == Conditions.FIVE: result = handleCondFive(value) policy.results.append(result) if condition == Conditions.SEVEN: resultList = handleCondSeven(value) policy.results.extend(resultList) return ruleId +=1 def handleCondSeven(rules): print '==================handleCondSeven==========================' for rule in rules: getNewDipAddObjGroup(rule) print 'hahahahahahahahahahahahahah' for obj in rule.newDesIpObjGroup.addressObjects: print obj.ip+" "+obj.mask #print rule.newDesIpObjGroup.addressObjects print 'hahahahahahahahahahahahahah' #newDipGroups.append[group] canMergeList = [] for i in range(0,len(rules)): if rules[i].compared: continue mergeRuleLists = [rules[i]] rules[i].compared = True for j in (i+1,len(rules)): if j == len(rules): break if rules[j].compared: continue if isSameGroup(rules[i],rules[j]): mergeRuleLists.append(rules[j]) rules[j].compared = True continue canMergeList.append(mergeRuleLists) print 'ffffffffffffffffffffffffffffffffff' print canMergeList print 'ffffffffffffffffffffffffffffffffff' #canMerge and canMergeList are both list type resultList = [] for canMerge in canMergeList: if len(canMerge) == 1: #remove canMerge[0] to canNotMerge continue result = Result()# Class :result result.mergedRules.extend(canMerge) sIpAddObjGroups = [] for rule in canMerge: sIpAddObj = rule.getSipAddObjGroup(addObjGroupList) sIpAddObjGroups.append(sIpAddObj) #Merge s-ip newSipAddGroup = mergeAddObjGroups(sIpAddObjGroups,canMerge[0]) newDipAddGroup = canMerge[0].newDesIpObjGroup result.addObjMergeDic[newSipAddGroup] = sIpAddObjGroups result.newRule = mergeRules(canMerge[0],dIp = newDipAddGroup,sIp = newSipAddGroup) resultList.append(result) return resultList def isSameGroup(rule1,rule2): print 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm' print rule1 print rule2 print 'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm' addObjs1 = rule1.newDesIpObjGroup.addressObjects addObjs2 = rule2.newDesIpObjGroup.addressObjects # bug-- if contains relationship for addObj1 in addObjs1: flag = False for addObj2 in addObjs2: if addObj1.ip+" "+addObj1.mask == addObj2.ip+" "+addObj2.mask: flag = True break else: print 'wowowowowowowowowowowowowowowowowowo' print addObj1.ip+" "+addObj1.mask print addObj2.ip+" "+addObj2.mask print 'wowowowowowowowowowowowowowowowowowo' if not flag: print 'kkkkkkkkkkkkkkkkkkkkkkkkkjjjjjjjjjjjjjjjjjjjj' return False print 'jjjjjjjjjjjjjjjjjjjjjjjjjjjkkkkkkkkkkkkkkkkkkk' return True def getNewDipAddObjGroup(rule): global userInput dIpGroup = rule.getDipAddObjGroup(addObjGroupList) print 'lllllllllllllllllllllll' print dIpGroup print 'lllllllllllllllllllllll' addObjs = getAllAddObj(dIpGroup) newAddObjs = [] for addObj in addObjs: #If AddressObject is type of RANGE,how to do? newMask = ipAnd(userInput,addObj.mask) newIp = ipAnd(newMask,addObj.ip) #content need change newAddObj = AddressObject(addObj.addressId,addObj.content,addObj.Type,ip=newIp,mask=newMask,ipStart=addObj.ipStart,ipEnd=addObj.ipEnd) #The newAddObj repeated need to remove newAddObjs.append(newAddObj) newAddObjGroup = AddressObjectGroup(dIpGroup.name,dIpGroup.content,newAddObjs) rule.newDesIpObjGroup = newAddObjGroup def ipAnd(ip1,ip2): dotSplitList1 = ip1.split('.') dotSplitList2 = ip2.split('.') resIP = "" for i in range(0,4): resIP += str(int(dotSplitList1[i]) & int(dotSplitList2[i]))+"." return resIP[0:-1] def getAllAddObj(addObjGroup): addObjs = [] for addObj in addObjGroup.addressObjects: if addObj.Type == AddressTypes.GROUP: #AddresObject convert to AddressObjectGroup addObjs.extend(getAllAddObj(addObj)) addObjs.append(addObj) return addObjs def handleCondFive(rules): print '==================handleCondFive==========================' result = Result()# Class :result result.mergedRules.extend(rules) dIpAddObjGroups = [] for rule in rules: #合并前的每一个地址对象组 dIpAddObj = rule.getDipAddObjGroup(addObjGroupList) dIpAddObjGroups.append(dIpAddObj) newAddGroup = mergeAddObjGroups(dIpAddObjGroups,rules[0],False) result.addObjMergeDic[newAddGroup] = dIpAddObjGroups result.newRule = mergeRules(rules[0],dIp = newAddGroup) return result def handleCondFour(rules): print '==================handleCondFour==========================' result = Result()# Class :result result.mergedRules.extend(rules) sIpAddObjGroups = [] for rule in rules: #合并前的每一个地址对象组 sIpAddObj = rule.getSipAddObjGroup(addObjGroupList) sIpAddObjGroups.append(sIpAddObj) newAddGroup = mergeAddObjGroups(sIpAddObjGroups,rules[0]) result.addObjMergeDic[newAddGroup] = sIpAddObjGroups result.newRule = mergeRules(rules[0],sIp = newAddGroup) return result def handleCondTwo(rules): print '==================handleCondTwo==========================' result = Result()# Class :result result.mergedRules.extend(rules) dIpAddObjGroups = [] for rule in rules: #合并前的每一个地址对象组 dIpAddObj = rule.getDipAddObjGroup(addObjGroupList) dIpAddObjGroups.append(dIpAddObj) newAddGroup = mergeAddObjGroups(dIpAddObjGroups,rules[0],False) result.addObjMergeDic[newAddGroup] = dIpAddObjGroups result.newRule = mergeRules(rules[0],dIp = newAddGroup) return result def handleCondOne(rules): print '==================handleCondOne==========================' result = Result()# Class :result result.mergedRules.extend(rules) sIpAddObjGroups = [] for rule in rules: #合并前的每一个地址对象组 sIpAddObj = rule.getSipAddObjGroup(addObjGroupList) sIpAddObjGroups.append(sIpAddObj) newAddGroup = mergeAddObjGroups(sIpAddObjGroups,rules[0]) result.addObjMergeDic[newAddGroup] = sIpAddObjGroups result.newRule = mergeRules(rules[0],sIp = newAddGroup) return result #return a new AddressObjectGroup def mergeAddObjGroups(addObjGroups,rule,isSourceMerge = True): addressObjects = [] for addObjGroup in addObjGroups: addressObjects.extend(addObjGroup.addressObjects) objName = createAddObjGroupName(rule,isSourceMerge) content = "object-group ip address " + objName newAddGroup = AddressObjectGroup(objName,content,addressObjects) return newAddGroup def createAddObjGroupName(rule,isSourceMerge): global objectGroupNameDic name = "" ser = rule.service if ser == "": ser = "any" mode = "source" if not isSourceMerge: mode = "destination" join = ser + "_" + mode + "_" if objectGroupNameDic.has_key(join): objectGroupNameDic[join] = objectGroupNameDic[join] + 1 name = join + str(objectGroupNameDic[join]) return name objectGroupNameDic[join] = 1 name = join +str(1) return name #return a new rule def mergeRules(ruleObj,sIp=None,dIp=None): #replace ruleId rule = re.sub(r"rule \d+ ","rule "+str(ruleId) + " ",ruleObj.content) #replace source-ip if sIp != None: rule = re.sub(r"source-ip \S+","source-ip " + sIp.name,rule) else: sIp = ruleObj.sourceIpObjGroup #replace destination-ip if dIp != None: rule = re.sub(r"destination-ip \S+","destination-ip " + dIp.name,rule) else: dIp = ruleObj.desIpObjGroup #replace service #if ser != "": #rule = re.sub(r"service \S+","service " + ser,rule) #remove logging if "logging" in rule: rule = re.sub(r"logging\s?" , "",rule) #remove counting if "counting" in rule: rule = re.sub(r"counting\s?" , "",rule) newRule = Rule(ruleId,ruleObj.action,ruleObj.vrf,ruleObj.timeRange,sIp,dIp,ruleObj.service,rule) return newRule handle() print '==================Common==========================' for p in policyList: print '--------------policy-----------------' for r in p.results: print '-----------rule-----------' print r.mergedRules print r.newRule print r.addObjMergeDic #print r.addObjMergeDic.values()[0][0].addressObjects[0].addressId