openc2lib.profiles.slpf

StateLess Packet Filter profile

This module collects all public definition that are exported as part of the SLPF profile. All naming follows as much as possible the terminology in the SLPF Specification, by also applying generic openc2lib conventions.

This definition also registers all extensions defined in the SLPF profile (Args, Target, Profile, Results).

The SLPF profile extends the language specification with the following elements:

 1""" StateLess Packet Filter profile
 2
 3	This module collects all public definition that are exported as part of the SLPF profile.
 4	All naming follows as much as possible the terminology in the SLPF Specification, by
 5	also applying generic openc2lib conventions.
 6
 7	This definition also registers all extensions defined in the SLPF profile (`Args`, `Target`, `Profile`, `Results`).
 8
 9	The SLPF profile extends the language specification with the following elements:
10	- `openc2lib.core.profile.Profile`:
11		- `openc2lib.profiles.slpf.profile.slpf` profile is defined for all Actuators that will implement it;
12		- `openc2lib.profiles.slpf.nsid.nsid` is defined as Namespace identifier for the SLPF profile;
13	- `openc2lib.types.datatypes`:
14		- `openc2lib.profiles.slpf.datatypes.Direction` is used to specify the rule applies to incoming, outgoing, or both kinds of packets;
15	- `openc2lib.types.targettypes`:
16		- `openc2lib.profiles.slpf.targettypes.RuleID` identifies a rule identifier to distinguish firewalling rules;
17	- `openc2lib.core.target.Targets`:
18		- `openc2lib.profiles.slpf.targettypes.RuleID` is the identifier of an SLPF rule;
19	- `openc2lib.core.args.Args`:
20		- `openc2lib.profiles.slpf.args.Args` is extended with `drop_process`, `persistent`, `direction`, and `insert_rule` arguments;
21	- `openc2lib.core.response.Results`:
22		- `openc2lib.profiles.slpf.response.Results` is extended with the `rule_id` field;
23	- validation:
24		- `openc2lib.profiles.slpf.validation.AllowedCommandTarget` contains all valid `openc2lib.core.target.Target` for each `openc2lib.core.actions.Actions`;
25		- `openc2lib.profiles.slpf.validation.AllowedCommandArguments` contains all valid `openc2lib.core.args.Args` for each `openc2lib.core.actions.Actions`/`openc2lib.core.target.Target` pair;
26	- helper functions:
27		- `openc2lib.profiles.slpf.validation.validate_command` checks a `openc2lib.core.target.Target`-openc2lib.core.actions.Actions` pair in a `openc2lib.core.message.Command` is present in `openc2lib.profiles.slpf.validation.AllowedCommandTarget`;
28	   - `openc2lib.profiles.slpf.validation.validate_args` checks a `openc2lib.core.args.Args`-`openc2lib.core.actions.Actions`-`openc2lib.core.target.Target` triple in a `openc2lib.core.message.Command` is present in `openc2lib.profiles.slpf.validation.AllowedCommandArguments`.	
29"""
30
31
32from openc2lib import Profile, Profiles
33
34from openc2lib.profiles.slpf.nsid import nsid
35from openc2lib.profiles.slpf.profile import *
36
37Profiles.add(nsid, slpf, 1024)
38
39from openc2lib import Targets
40from openc2lib import TargetEnum
41from openc2lib.profiles.slpf.datatypes import Direction
42from openc2lib.profiles.slpf.targettypes import RuleID
43
44Targets.add('rule_number', RuleID, 1024, nsid)
45
46# According to the standard, extended targets must be prefixed with the nsid
47from openc2lib import ExtendedArguments
48from openc2lib.profiles.slpf.args import Args
49
50ExtendedArguments.add(nsid, Args)
51
52from openc2lib import ExtendedResults
53from openc2lib.profiles.slpf.response import Results
54
55ExtendedResults.add(nsid, Results)
56
57from openc2lib.profiles.slpf.validation import AllowedCommandTarget, AllowedCommandArguments, validate_command, validate_args