Do not emit duplicate client/server pairs

bluecmd · bluecmd · commit a0cf3abe2d51 · 2016-06-16T12:18:10.000+02:00
diff --git a/lib/firewall.py b/lib/firewall.py
@@ -119,6 +119,9 @@ def service_flow_nodes_iter(self, access, service):
         return self.service_nodes[access].get(service, [])
 
     def client_server(self):
+        # Duplication cache. This protect us from emitting duplicates.
+        emit_register = {}
+
         # Select all servers
         for server_id, server_srv in self.node_service_iter('server'):
             logging.debug('Generating rules for server %d (%s)',
@@ -150,12 +153,16 @@ def client_server(self):
                     from_nodes.append(int(nat_host[0]))
 
                 for from_node_id in from_nodes:
-                    row = [from_node_id,
+                    row = (from_node_id,
                            to_node_id,
                            client_srv.service_id,
                            client_srv.flow_id,
                            client_srv.is_ipv4 and server_srv.is_ipv4,
-                           client_srv.is_ipv6 and server_srv.is_ipv6]
+                           client_srv.is_ipv6 and server_srv.is_ipv6)
+                    if row in emit_register:
+                        logging.debug('.... already present, skipping')
+                        continue
+                    emit_register[row] = True
                     self.c.execute(
                         'INSERT INTO firewall_rule VALUES '
                         '(NULL, ?, ?, ?, ?, ?, ?)', row)
diff --git a/tests/TestFirewall.py b/tests/TestFirewall.py
@@ -58,19 +58,19 @@ def testServerClientRuleNat(self):
         packages.build(self.packages, self.c)
         firewall.build(self.packages, self.c)
         rules = self._query('SELECT * FROM firewall_rule_ip_level')
-        self.assertEquals(len(rules), 2, "Wrong number of firewall rules")
+        self.assertEquals(len(rules), 3, "Wrong number of firewall rules")
 
-        non_nat_rule, nat_rule = self._query(
+        non_nat_rule1, nat_rule, non_nat_rule2 = self._query(
             """SELECT
                from_node_name, to_node_name, flow_name, service_dst_ports
                FROM firewall_rule_ip_level"""
         )
-        self.assertEquals(non_nat_rule[0], 'jumpgate1.event.dreamhack.se',
+        self.assertEquals(non_nat_rule1[0], 'jumpgate1.event.dreamhack.se',
             "Wrong source host")
-        self.assertEquals(non_nat_rule[1], 'ddns1.event.dreamhack.se',
+        self.assertEquals(non_nat_rule1[1], 'ddns1.event.dreamhack.se',
             "Wrong destination host")
-        self.assertEquals(non_nat_rule[2], 'event', "Wrong flow")
-        self.assertEquals(non_nat_rule[3], '2022/tcp',
+        self.assertEquals(non_nat_rule1[2], 'event', "Wrong flow")
+        self.assertEquals(non_nat_rule1[3], '2022/tcp',
             "Wrong destination port/protocol")
 
         self.assertEquals(nat_rule[0], 'nat.event.dreamhack.se',
@@ -81,6 +81,14 @@ def testServerClientRuleNat(self):
         self.assertEquals(nat_rule[3], '2022/tcp',
             "Wrong destination port/protocol")
 
+        self.assertEquals(non_nat_rule2[0], 'jumpgate2.event.dreamhack.se',
+            "Wrong source host")
+        self.assertEquals(non_nat_rule2[1], 'ddns1.event.dreamhack.se',
+            "Wrong destination host")
+        self.assertEquals(non_nat_rule2[2], 'event', "Wrong flow")
+        self.assertEquals(non_nat_rule2[3], '2022/tcp',
+            "Wrong destination port/protocol")
+
     def testPublicRule(self):
         processor.parse(self._load('data/testPublicRule.txt'), self.c)
         packages.build(self.packages, self.c)
diff --git a/tests/data/testServerClientRulesNat.txt b/tests/data/testServerClientRulesNat.txt
@@ -1,6 +1,7 @@
 TECH-SRV-7-DUMMYNET					D-FW-V		77.80.231.112/28	925	othernet
 #$ nat.event.dreamhack.se						77.80.231.119			none
 TECH-SRV-6-JUMPNET					D-FW-V		77.80.231.128/28	926	othernet;nat=77.80.231.119
-#$ jumpgate1.event.dreamhack.se						77.80.231.135			os=debian;pkg=jumpgate
+#$ jumpgate1.event.dreamhack.se						77.80.231.135			os=debian;pkg=jumpgate,-dhssh
+#$ jumpgate2.event.dreamhack.se						77.80.231.136			os=debian;pkg=jumpgate,-dhssh
 TECH-SRV-10-DDNSNET					D-FW-V		77.80.231.192/28	930	othernet;
 #$ ddns1.event.dreamhack.se						77.80.231.201			os=debian;pkg=
