o ñu]‹ã@s dZddlmZddlZddlZddlZddlZddlZddl Zddl Zddl Zej   ¡r4ddlmZnddlmZejj ddd¡ZdZdd d „Zd d „Zd d„ZGdd„deƒZGdd„deƒZGdd„deƒZdd„Zdd„ZGdd„deƒZe dd„dDƒƒZ!dS)aƒ Representation of tor exit policies. These can be easily used to check if exiting to a destination is permissible or not. For instance... :: >>> from stem.exit_policy import ExitPolicy, MicroExitPolicy >>> policy = ExitPolicy('accept *:80', 'accept *:443', 'reject *:*') >>> print(policy) accept *:80, accept *:443, reject *:* >>> print(policy.summary()) accept 80, 443 >>> policy.can_exit_to('75.119.206.243', 80) True >>> policy = MicroExitPolicy('accept 80,443') >>> print(policy) accept 80,443 >>> policy.can_exit_to('75.119.206.243', 80) True :: ExitPolicy - Exit policy for a Tor relay |- MicroExitPolicy - Microdescriptor exit policy | |- can_exit_to - check if exiting to this destination is allowed or not |- is_exiting_allowed - check if any exiting is allowed |- summary - provides a short label, similar to a microdescriptor |- has_private - checks if policy has anything expanded from the 'private' keyword |- strip_private - provides a copy of the policy without 'private' entries |- has_default - checks if policy ends with the defaultly appended suffix |- strip_default - provides a copy of the policy without the default suffix |- __str__ - string representation +- __iter__ - ExitPolicyRule entries that this contains ExitPolicyRule - Single rule of an exit policy chain |- MicroExitPolicyRule - Single rule for a microdescriptor policy | |- is_address_wildcard - checks if we'll accept any address |- is_port_wildcard - checks if we'll accept any port |- get_address_type - provides the protocol our ip address belongs to |- is_match - checks if we match a given destination |- get_mask - provides the address representation of our mask |- get_masked_bits - provides the bit representation of our mask |- is_default - flag indicating if this was part of the default end of a policy |- is_private - flag indicating if this was expanded from a 'private' keyword +- __str__ - string representation for this rule get_config_policy - provides the ExitPolicy based on torrc rules .. data:: AddressType (enum) Enumerations for IP address types that can be in an exit policy. ============ =========== AddressType Description ============ =========== **WILDCARD** any address of either IPv4 or IPv6 **IPv4** IPv4 address **IPv6** IPv6 address ============ =========== é)Úabsolute_importN)Ú lru_cache)ÚWILDCARDZWildcard)ÚIPv4r)ÚIPv6r)z 0.0.0.0/8z169.254.0.0/16z 127.0.0.0/8z192.168.0.0/16z 10.0.0.0/8z 172.16.0.0/12c CsH|rtjj |¡stjjj|ddstd|ƒ‚|r3tjjj|ddr3|ddkr/|ddks3d|}tj |¡r>| d ¡}g}|D]]}| ¡}|sKqBt   d |¡sUd |}d |vr˜| d d¡d}|  dd¡d}t t ƒ}|ru| |¡nz | t t ¡¡¡WnY|D]}| td|||fƒ¡qˆqB| t|ƒ¡qBt|ŽS)aÌ Converts an ExitPolicy found in a torrc to a proper exit pattern. This accounts for... * ports being optional * the 'private' keyword .. deprecated:: 1.7.0 Tor's torrc parameters lack a formal spec, making it difficult for this method to be reliable. Callers are encouraged to move to :func:`~stem.control.Controller.get_exit_policy` instead. :param str,list rules: comma separated rules or list to be converted :param str ip_address: this relay's IP address for the 'private' policy if it's present, this defaults to the local address :returns: :class:`~stem.exit_policy.ExitPolicy` reflected by the rules :raises: **ValueError** if input isn't a valid tor exit policy T©Zallow_bracketsz%s isn't a valid IP addressrú[éÿÿÿÿú]ú[%s]ú,z :[\d\-\*]+$z%s:*Zprivateú éú:z%s %s:%s)ÚstemÚutilÚ connectionÚis_valid_ipv4_addressÚis_valid_ipv6_addressÚ ValueErrorÚ_is_strÚsplitÚstripÚreÚsearchÚrsplitÚlistÚPRIVATE_ADDRESSESÚappendÚsocketZ gethostbynameZ gethostnameÚExitPolicyRuleÚ ExitPolicy)ÚrulesZ ip_addressÚresultÚruleZ acceptanceÚportZ addressesZ private_addr©r&ú2/usr/lib/python3/dist-packages/stem/exit_policy.pyÚget_config_policygs8$ .    ÿr(c CsRg}t|ƒD]$\}}|ttƒt|ƒkrnd|j| ¡f}|tdkr*| |¡q|D]y}|ttƒ}|||…}t|ƒ|krE||nd}d} |dj|dj} } |dj} t|ƒD]&\}}d|j| ¡f}|t|ks|j| ks|j| ks|j| krƒd} nq]| r¦|D]}d|_ qˆ|r¦|  ¡s¦|j| kr¦|j| kr¦|j| kr¦d|_ q-dS)zÈ Determine if part of our policy was expanded from the 'private' keyword. This doesn't differentiate if this actually came from the 'private' keyword or a series of rules exactly matching it. z%s/%srNTF) Ú enumerateÚlenrÚaddressÚget_masked_bitsrÚmin_portÚmax_portÚ is_acceptÚ _is_privateÚis_address_wildcard) r"ÚmatchesÚir$Zrule_strÚ start_indexZ last_indexZrule_setZ last_ruleÚis_matchr-r.r/r&r&r'Ú_flag_private_rules¦s8  €  *þ*€ár6cCsJt|ƒttƒkrt|ttƒ d…ƒ}|tkr!|D] }d|_qdSdSdS)zN Determine if part of our policy ends with the defaultly appended suffix. NT)r*ÚDEFAULT_POLICY_RULESÚtupleÚ_is_default_suffix)r"Z rules_suffixr$r&r&r'Ú_flag_default_rulesÚsûr:c@s¢eZdZdZdd„Zeƒd"dd„ƒZeƒdd „ƒZeƒd d „ƒZd d „Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„Zeƒdd„ƒZdd„Zdd„Zd d!„ZdS)#r!a Policy for the destinations that a relay allows or denies exiting to. This is, in effect, just a list of :class:`~stem.exit_policy.ExitPolicyRule` entries. :param list rules: **str** or :class:`~stem.exit_policy.ExitPolicyRule` entries that make up this policy cGs˜|D]}tj |¡st|tƒstdt|ƒ|fƒ‚qd}|D] }tj |¡s(d}q|r>|r>dd„|Dƒ}t d  |¡¡|_ n||_ d|_ d|_ d|_ dS)NzLExit policy rules can only contain strings or ExitPolicyRules, got a %s (%s)TFcSsg|] }tjj |¡‘qSr&)rrÚ str_toolsZ _to_bytes)Ú.0Úrr&r&r'Ú sz'ExitPolicy.__init__..ó,)rrrÚ isinstancer Ú TypeErrorÚtypeÚzlibÚcompressÚjoinÚ _input_rulesÚ_rulesÚ_hashÚ_is_allowed_default)Úselfr"r$Z is_all_strZ byte_rulesr&r&r'Ú__init__ñs € € zExitPolicy.__init__NFcCs8| ¡sdS| ¡D]}| |||¡r|jSq |jS)a& Checks if this policy allows exiting to a given destination or not. If the address or port is omitted then this will check if we're allowed to exit to any instances of the defined address or port. :param str address: IPv4 or IPv6 address (with or without brackets) :param int port: port number :param bool strict: if the address or port is excluded then check if we can exit to **all** instances of the defined address or port :returns: **True** if exiting to this destination is allowed, **False** otherwise F)Úis_exiting_allowedÚ _get_rulesr5r/rI)rJr+r%Ústrictr$r&r&r'Ú can_exit_tos  ÿzExitPolicy.can_exit_tocCsxtƒ}| ¡D]1}|jr!t|j|jdƒD] }||vrdSqq| ¡r8| ¡r,dS| t|j|jdƒ¡q|j S)z] Provides **True** if the policy allows exiting whatsoever, **False** otherwise. rTF) ÚsetrMr/Úranger-r.r1Úis_port_wildcardÚupdaterI)rJZrejected_portsr$r%r&r&r'rL*s ÿÿ€zExitPolicy.is_exiting_allowedc CsX|j }| ¡D]}| ¡r| ¡r|j }nqgtƒ}}| ¡D]-}| ¡s*q#| ¡r0n!t|j|jdƒD]}||vr@q9|j|krJ|  |¡|  |¡q9q#|r—gg}}|  ¡|  d¡|D]2}|ro|dd|kru|  |¡qct |ƒdkr‰|  d|d|df¡n |  t |dƒ¡|g}qcn| }dg}|r¡dnd}|d  |¡ ¡S) aB Provides a short description of our policy chain, similar to a microdescriptor. This excludes entries that don't cover all IP addresses, and is either white-list or blacklist policy based on the final entry. For instance... :: >>> policy = ExitPolicy('accept *:80', 'accept *:443', 'reject *:*') >>> policy.summary() 'accept 80, 443' >>> policy = ExitPolicy('accept *:443', 'reject *:1-1024', 'accept *:*') >>> policy.summary() 'reject 1-442, 444-1024' :returns: **str** with a concise summary for our policy rNr ú%i-%irz1-65535úaccept úreject ú, )rIrMr1rRr/rPrQr-r.rÚaddÚsortr*ÚstrrEr) rJZ is_whitelistr$Z display_portsZ skip_portsr%Zdisplay_rangesZ temp_rangeZ label_prefixr&r&r'Úsummary@sF €     ÷    ÷  zExitPolicy.summarycCó | ¡D] }| ¡r dSqdS)aS Checks if we have any rules expanded from the 'private' keyword. Tor appends these by default to the start of the policy and includes a dynamic address (the relay's public IP). .. versionadded:: 1.3.0 :returns: **True** if we have any private rules expanded from the 'private' keyword, **False** otherwise TF)rMÚ is_private©rJr$r&r&r'Ú has_privates ÿzExitPolicy.has_privatecCótdd„| ¡DƒŽS)z› Provides a copy of this policy without 'private' policy entries. .. versionadded:: 1.3.0 :returns: **ExitPolicy** without private rules cSóg|]}| ¡s|‘qSr&)r]©r<r$r&r&r'r>ªóz,ExitPolicy.strip_private..©r!rM©rJr&r&r'Ú strip_private¡ó zExitPolicy.strip_privatecCr\)z¥ Checks if we have the default policy suffix. .. versionadded:: 1.3.0 :returns: **True** if we have the default policy suffix, **False** otherwise TF)rMÚ is_defaultr^r&r&r'Ú has_default¬s ÿzExitPolicy.has_defaultcCr`)zœ Provides a copy of this policy without the default policy suffix. .. versionadded:: 1.3.0 :returns: **ExitPolicy** without default rules cSrar&)rhrbr&r&r'r>Ärcz,ExitPolicy.strip_default..rdrer&r&r'Ú strip_default»rgzExitPolicy.strip_defaultcCs|j}|jdur†|dur†g}d\}}t|tƒr t |¡ d¡}n|}|D]6}t|tƒr2tjj   |¡}tj  |¡rC|  ¡s=q$t |  ¡ƒ}|jrId}nd}| |¡| ¡rZ| ¡rZnq$|rx|d ¡rx|d ¡rx|rqt dƒg}n|rxt dƒg}t|ƒt|ƒ||_d|_|jS)N)TTr?Fr ú accept *:*z reject *:*)rFrGr@ÚbytesrCÚ decompressrrrr;Ú _to_unicoderrr r/rr1rRr6r:)rJZ input_rulesr"Z is_all_acceptZ is_all_rejectZdecompressed_rulesr$r&r&r'rMÆs>     €  zExitPolicy._get_rulescCs t| ¡ƒS©N)r*rMrer&r&r'Ú__len__ó zExitPolicy.__len__ccs| ¡D]}|VqdSro)rMr^r&r&r'Ú__iter__s€ ÿzExitPolicy.__iter__cCsd dd„| ¡Dƒ¡S)NrWcSóg|]}t|ƒ‘qSr&)rZrbr&r&r'r> óz&ExitPolicy.__str__..)rErMrer&r&r'Ú__str__ szExitPolicy.__str__cCs<|jdurd}| ¡D] }|d9}|t|ƒ7}q ||_|jS)Nré)rHrMÚhash)rJZmy_hashr$r&r&r'Ú__hash__s  zExitPolicy.__hash__cCót|tƒr t|ƒt|ƒkSdS©NF)r@r!rw©rJÚotherr&r&r'Ú__eq__ózExitPolicy.__eq__cCó ||k Sror&r{r&r&r'Ú__ne__ó zExitPolicy.__ne__©NNF)Ú__name__Ú __module__Ú __qualname__Ú__doc__rKrrOrLr[r_rfrirjrMrprrrurxr}r€r&r&r&r'r!çs* !   N  >  r!cs@eZdZdZ‡fdd„Zdd„Zdd„Zdd „Zd d „Z‡Z S) ÚMicroExitPolicya: Exit policy provided by the microdescriptors. This is a distilled version of a normal :class:`~stem.exit_policy.ExitPolicy` contains, just consisting of a list of ports that are either accepted or rejected. For instance... :: accept 80,443 # only accepts common http ports reject 1-1024 # only accepts non-privileged ports Since these policies are a subset of the exit policy information (lacking IP ranges) clients can only use them to guess if a relay will accept traffic or not. To quote the `dir-spec `_ (section 3.2.1)... :: With microdescriptors, clients don't learn exact exit policies: clients can only guess whether a relay accepts their request, try the BEGIN request, and might get end-reason-exit-policy if they guessed wrong, in which case they'll have to try elsewhere. :var bool is_accept: **True** if these are ports that we accept, **False** if they're ports that we reject :param str policy: policy string that describes this policy csú||_| d¡r d|_n| d¡rd|_ntd|ƒ‚|dd…}| d¡s-td|jƒ‚| ¡}g}| d ¡D]5}d |vrG| d d ¡\}}n|}}tjj  |¡rYtjj  |¡s_td |ƒ‚|  t |jt |ƒt |ƒƒ¡q8t t|ƒj|Ž|j |_dS) NÚacceptTÚrejectFzMA microdescriptor exit policy must start with either 'accept' or 'reject': %sér zaA microdescriptor exit policy should have a space separating accept/reject from its port list: %sr ú-rz'%s' is an invalid port range)Ú_policyÚ startswithr/rÚlstriprrrrÚ is_valid_portrÚMicroExitPolicyRuleÚintÚsuperr‡rKrI)rJZpolicyr"Z port_entryr-r.©Ú __class__r&r'rK>s,      ÿ zMicroExitPolicy.__init__cCó|jSro)rŒrer&r&r'ruhózMicroExitPolicy.__str__cCs tt|ƒƒSro)rwrZrer&r&r'rxkrqzMicroExitPolicy.__hash__cCryrz)r@r‡rwr{r&r&r'r}nr~zMicroExitPolicy.__eq__cCrror&r{r&r&r'r€qrzMicroExitPolicy.__ne__) rƒr„r…r†rKrurxr}r€Ú __classcell__r&r&r“r'r‡"s *r‡c@s®eZdZdZdd„Zdd„Zdd„Zd'd d „Zd d „Zd(dd„Z dd„Z dd„Z dd„Z e ƒdd„ƒZe ƒdd„ƒZe ƒdd„ƒZdd„Zdd „Zd!d"„Zd#d$„Zd%d&„ZdS))r ao Single rule from the user's exit policy. These rules are chained together to form complete policies that describe where a relay will and will not allow traffic to exit. The format of these rules are formally described in the `dir-spec `_ as an 'exitpattern'. Note that while these are similar to tor's man page entry for ExitPolicies, it's not the exact same. An exitpattern is better defined and stricter in what it'll accept. For instance, ports are not optional and it does not contain the 'private' alias. This should be treated as an immutable object. .. versionchanged:: 1.5.0 Support for 'accept6/reject6' entries and '\*4/6' wildcards. :var bool is_accept: indicates if exiting is allowed or disallowed :var str address: address that this rule is for :var int min_port: lower end of the port range that we include (inclusive) :var int max_port: upper end of the port range that we include (inclusive) :param str rule: exit policy rule to be parsed :raises: **ValueError** if input isn't a valid tor exit policy rule cCs.tjj |¡}| d¡|_| d¡p| d¡}| d¡s!| d¡r(|dd…}n| d¡s2| d¡r9|dd…}ntd|ƒ‚| d¡sJtd |ƒ‚| ¡}d |vs\d | d d ¡d vrbtd |ƒ‚d|_ d|_ d|_ d|_ |_ d|_d|_d|_| d d ¡\}}| |||¡| ||¡d|_d|_dS)NrˆZaccept6Zreject6ér‰rŠzDAn exit policy must start with either 'accept[6]' or 'reject[6]': %sr zYAn exit policy should have a space separating its accept/reject from the exit pattern: %srr rz:An exitpattern must be of the form 'addrspec:portspec': %sF)rrr;rnrr/rrŽrr+Ú _address_typeÚ _masked_bitsr-r.rHÚ_maskÚ _skip_ruleÚ_apply_addrspecÚ_apply_portspecr0r9)rJr$Ú is_ipv6_onlyZ exitpatternÚaddrspecÚportspecr&r&r'rK“s2        zExitPolicyRule.__init__cCs|jttjƒkS)a **True** if we'll match against **any** address, **False** otherwise. Note that this is different than \*4, \*6, or '/0' address which are wildcards for only either IPv4 or IPv6. :returns: **bool** for if our address matching is a wildcard )r™Ú_address_type_to_intÚ AddressTyperrer&r&r'r1És z"ExitPolicyRule.is_address_wildcardcCs|jdvo |jdkS)z‡ **True** if we'll match against any port, **False** otherwise. :returns: **bool** for if our port matching is a wildcard )rréÿÿ)r-r.rer&r&r'rRÕszExitPolicyRule.is_port_wildcardNFcCs|jrdS|dur;| ¡}tjj |¡r|tjkrdSntjjj|ddr5|tj kr,dS|  d¡  d¡}nt d|ƒ‚|durLtjj  |¡sLt d|ƒ‚d}| ¡sn|durYd}ntjj |¡}|| ¡M}| ¡|krndS| ¡s…|duryd}n ||jksƒ||jkr…dS|rŒ||jkSdS) af **True** if we match against the given destination, **False** otherwise. If the address or port is omitted then this will check if we're allowed to exit to any instances of the defined address or port. :param str address: IPv4 or IPv6 address (with or without brackets) :param int port: port number :param bool strict: if the address or port is excluded then check if we can exit to **all** instances of the defined address or port :returns: **bool** indicating if we match against this destination :raises: **ValueError** if provided with a malformed address or port FNTrrr z''%s' isn't a valid IPv4 or IPv6 addressz'%s' isn't a valid port)rœÚget_address_typerrrrr£rrrrŽÚrstriprrr1Úaddress_to_intÚ _get_mask_binÚ_get_address_binrRr-r.r/)rJr+r%rNÚ address_typeZ fuzzy_matchZcomparison_addr_binr&r&r'r5Þs> ÿ      zExitPolicyRule.is_matchcCs t|jƒS)z¦ Provides the :data:`~stem.exit_policy.AddressType` for our policy. :returns: :data:`~stem.exit_policy.AddressType` for the type of address that we have )Ú_int_to_address_typer™rer&r&r'r¥%s zExitPolicyRule.get_address_typeTcCsh|js1| ¡}|tjkrd}n|tjkrtjj |j ¡}n |tj kr*tjj  |j ¡}|s.|S||_|jS)zñ Provides the address represented by our mask. This is **None** if our address type is a wildcard. :param bool cache: caches the result if **True** :returns: str of our subnet mask for the address (ex. '255.255.255.0') N) r›r¥r£rrrrrZ get_mask_ipv4ršrZ get_mask_ipv6)rJÚcacherªÚmaskr&r&r'Úget_mask.s    zExitPolicyRule.get_maskcCr•)z¾ Provides the number of bits our subnet mask represents. This is **None** if our mask can't have a bit representation. :returns: int with the bit representation of our mask )ršrer&r&r'r,LszExitPolicyRule.get_masked_bitscCr•)zÍ Checks if this rule was expanded from the 'private' policy keyword. .. versionadded:: 1.3.0 :returns: **True** if this rule was expanded from the 'private' keyword, **False** otherwise. )r0rer&r&r'r]Vó zExitPolicyRule.is_privatecCr•)zÈ Checks if this rule belongs to the default exit policy suffix. .. versionadded:: 1.3.0 :returns: **True** if this rule was part of the default end of a policy, **False** otherwise. )r9rer&r&r'rhar¯zExitPolicyRule.is_defaultcCsò|jrdnd}| ¡r|d7}nD| ¡}|tjkr||j7}n|d|j7}|tjkr0|jdks:|tjkr?|jdkr?|d7}n|jdurL|d |j7}n|d | ¡7}|  ¡r^|d 7}|S|j |j krm|t |j ƒ7}|S|d |j |j f7}|S) aP Provides the string representation of our policy. This does not necessarily match the rule that we were constructed from (due to things like IPv6 address collapsing or the multiple representations that our mask can have). However, it is a valid that would be accepted by our constructor to re-create this rule. rUrVz*:r é é€rNz/%i:z/%s:Ú*rT) r/r1r¥r£rr+ršrr®rRr-r.rZ)rJZlabelrªr&r&r'ruls0    ÿÿ   ûþzExitPolicyRule.__str__cCsttjj | d¡¡dƒS)NFé)r‘rrrZ_address_to_binaryr®rer&r&r'r¨˜szExitPolicyRule._get_mask_bincCstjj |j¡| ¡@Sro)rrrr§r+r¨rer&r&r'r©žszExitPolicyRule._get_address_bincCsð|dkrd}n |dks|dkr|rd}d|vr!| dd¡\|_}n|d|_}|dkr9ttjƒ|_d|_|_dStjj   |j¡r™|rFd|_ ttj ƒ|_|durUd |_dStjj   |¡rxz tjj   |¡|_WdStyw||_d|_YdSw| ¡r‘t|ƒ|_|jd ks‹|jd krtd ƒ‚dStd ||fƒ‚|j d ¡rð|j d¡rðtjj  |jdd…¡rðtjj  |jdd… ¡¡|_ttjƒ|_|durÏd|_dS| ¡rèt|ƒ|_|jd ksâ|jdkrætdƒ‚dStd||fƒ‚td||fƒ‚)Nz*4z 0.0.0.0/0z*6r²z+[0000:0000:0000:0000:0000:0000:0000:0000]/0ú/rTr°rz,IPv4 masks must be in the range of 0-32 bitsz,The '%s' isn't a mask nor number of bits: %srr r r±z-IPv6 masks must be in the range of 0-128 bitsz#The '%s' isn't a number of bits: %sz0'%s' isn't a wildcard, IPv4, or IPv6 address: %s)rr+r¢r£rr™ršrrrrrœrZ_get_masked_bitsrr›Úisdigitr‘rÚendswithrZexpand_ipv6_addressÚupperr)rJr$r rŸZ addr_extrar&r&r'r¤sV      ý ÿÿ   ÿzExitPolicyRule._apply_addrspeccCsÌ|dkr d\|_|_dS| ¡r+tjjj|ddr#t|ƒ|_|_dStd||fƒ‚d|vr`|  dd¡}tjjj|ddrZt|dƒ|_t|dƒ|_|j|jkrXtd |ƒ‚dStd |ƒ‚td |ƒ‚) Nr²)rr¤T)Z allow_zeroz('%s' isn't within a valid port range: %sr‹rrzDPort range has a lower bound that's greater than its upper bound: %szMalformed port range: %sz2Port value isn't a wildcard, integer, or range: %s) r-r.rµrrrrr‘rr)rJr$r¡Z port_compr&r&r'ržës    ÿ  zExitPolicyRule._apply_portspeccCs8|jdurtj |dddd¡dt| d¡ƒ|_|jS)Nr/r+r-r.rvF)rHrrÚ _hash_attrrwr®rer&r&r'rx s (zExitPolicyRule.__hash__cCryrz)r@r rwr{r&r&r'r}r~zExitPolicyRule.__eq__cCrror&r{r&r&r'r€rzExitPolicyRule.__ne__r‚©T)rƒr„r…r†rKr1rRr5r¥r®r,r]rhrrur¨r©rržrxr}r€r&r&r&r'r us,6 G    +  G r cCs t |¡Sro)r£Zindex_of)rªr&r&r'r¢rr¢cCs ttƒ|Sro)rr£)Zaddress_type_intr&r&r'r«rqr«c@sReZdZdZdd„Zdd„Zdd„Zdd d „Zd d „Zd d„Z dd„Z dd„Z dS)rzD Lighter weight ExitPolicyRule derivative for microdescriptors. cCs"||_d|_||_||_d|_dSrz)r/r+r-r.rœ)rJr/r-r.r&r&r'rK$s  zMicroExitPolicyRule.__init__cCsdS)NTr&rer&r&r'r1+óz'MicroExitPolicyRule.is_address_wildcardcCstjSro)r£rrer&r&r'r¥.r–z$MicroExitPolicyRule.get_address_typeTcCódSror&)rJr¬r&r&r'r®1rºzMicroExitPolicyRule.get_maskcCr»ror&rer&r&r'r,4rºz#MicroExitPolicyRule.get_masked_bitscCstjj|dddddS)Nr/r-r.T)r¬)rrr¸rer&r&r'rx7szMicroExitPolicyRule.__hash__cCryrz)r@rrwr{r&r&r'r}:r~zMicroExitPolicyRule.__eq__cCrror&r{r&r&r'r€=rzMicroExitPolicyRule.__ne__Nr¹) rƒr„r…r†rKr1r¥r®r,rxr}r€r&r&r&r'rs  rcCrsr&)r rbr&r&r'r>Artr>) z reject *:25z reject *:119zreject *:135-139z reject *:445z reject *:563z reject *:1214zreject *:4661-4666zreject *:6346-6429z reject *:6699zreject *:6881-6999rkro)"r†Z __future__rrrrCZ stem.prereqrZ stem.utilZstem.util.connectionZstem.util.enumZstem.util.str_toolsZprereqZ_is_lru_cache_availableÚ functoolsrZstem.util.lru_cacherÚenumÚEnumr£rr(r6r:Úobjectr!r‡r r¢r«rr8r7r&r&r&r'Ús< @   ?4 =S%"