Smart Home firewall
Profile-based Smart Home firewall
|
Functions | |
int | uint16 (str value) |
Custom Argparse types #####. More... | |
bool | is_list (any value) |
Custom Jinja2 filters #####. More... | |
str | debug (any value) |
None | flatten_policies (str single_policy_name, dict single_policy, dict acc={}) |
Utility functions #####. More... | |
Tuple[Policy, bool] | parse_policy (dict policy_data, dict interaction_data, dict global_accs, int policies_count, bool is_interaction=False, LogType log_type=LogType.NONE, int log_group=100) |
Variables | |
script_name = os.path.basename(__file__) | |
script_path = Path(os.path.abspath(__file__)) | |
script_dir = script_path.parents[0] | |
string | description = "Translate a device YAML profile to the corresponding pair of NFTables firewall script and NFQueue C source code." |
MAIN #####. | |
parser = argparse.ArgumentParser(description=description) | |
type | |
str | |
help | |
uint16 | |
choices | |
default | |
NONE | |
action | |
args = parser.parse_args() | |
device_path = os.path.abspath(os.path.dirname(args.profile)) | |
loader = jinja2.FileSystemLoader(searchpath=f"{script_dir}/templates") | |
env = jinja2.Environment(loader=loader, trim_blocks=True, lstrip_blocks=True) | |
int | nfq_id_inc = 10 |
profile = yaml.load(f, IncludeLoader) | |
device = profile["device-info"] | |
nfq_id_base = args.nfq_id_base | |
dictionary | global_accs |
profile_data = profile["single-policies"][policy_name] | |
dictionary | policy_data |
dictionary | interaction_data |
is_backward = profile_data.get("bidirectional", False) | |
int | policies_count = 2 if is_backward else 1 |
policy | |
new_nfq | |
dictionary | policy_data_backward |
policy_backward | |
interaction_policy = profile["interactions"][interaction_policy_name] | |
dictionary | single_policies = {} |
bool | update_nfq_id_base = False |
timeout = profile_data["timeout"] | |
single_policy | |
dictionary | header_dict |
header = env.get_template("header.c.j2").render(header_dict) | |
dictionary | callback_dict |
callback = env.get_template("callback.c.j2").render(callback_dict) | |
dictionary | main_dict |
main = env.get_template("main.c.j2").render(main_dict) | |
dictionary | nft_dict |
dictionary | cmake_dict = {"device": device["name"]} |
Translate a device YAML profile to the corresponding pair of NFTables firewall script and NFQueue C source code.
str translator.debug | ( | any | value | ) |
Custom filter for Jinja2, to print a value. :param value: value to print :return: an empty string
None translator.flatten_policies | ( | str | single_policy_name, |
dict | single_policy, | ||
dict | acc = {} |
||
) |
Utility functions #####.
Flatten a nested single policy into a list of single policies. :param single_policy_name: Name of the single policy to be flattened :param single_policy: Single policy to be flattened :param acc: Accumulator for the flattened policies
bool translator.is_list | ( | any | value | ) |
Custom Jinja2 filters #####.
Custom filter for Jinja2, to check whether a value is a list. :param value: value to check :return: True if value is a list, False otherwise
Tuple[Policy, bool] translator.parse_policy | ( | dict | policy_data, |
dict | interaction_data, | ||
dict | global_accs, | ||
int | policies_count, | ||
bool | is_interaction = False , |
||
LogType | log_type = LogType.NONE , |
||
int | log_group = 100 |
||
) |
Parse a policy. :param policy_data: Dictionary containing all the necessary data to create a Policy object :param interaction_data: Dictionary containing the interaction data that must be updated when parsing this policy :param global_accs: Dictionary containing the global accumulators :param policies_count: Number of policies in the interaction :param is_interaction: Whether this policy is part of an interaction policy or not :param log_type: Type of packet logging to be used :param log_group: Log group ID to be used :return: the parsed policy, as a `Policy` object, and a boolean indicating whether a new NFQueue was created
int translator.uint16 | ( | str | value | ) |
Custom Argparse types #####.
Custom type for argparse, to check whether a value is an unsigned 16-bit integer, i.e. an integer between 0 and 65535. :param value: value to check :return: the value, if it is an unsigned 16-bit integer :raises argparse.ArgumentTypeError: if the value is not an unsigned 16-bit integer
dictionary translator.callback_dict |
dictionary translator.header_dict |
dictionary translator.interaction_data |
dictionary translator.main_dict |
dictionary translator.nft_dict |
dictionary translator.policy_data |