def test_Endpoint():
"""
Tests Endpoint
"""
endpoint = endpoint_factory('foo')
b = endpoint.encode()
c = EndpointDecoder(b).get_endpoint()
a = {'tenant': 'foo', 'mac': '00:00:00:00:00:00'}
hashed_val = Endpoint.make_hash(a)
def find_new_machines(self, machines):
'''parse switch structure to find new machines added to network
since last call'''
self.get_stored_endpoints()
for machine in machines:
h = Endpoint.make_hash(machine)
ep = None
for endpoint in self.endpoints:
if h == endpoint.name:
ep = endpoint
if ep is not None and ep.endpoint_data != machine and not ep.ignore:
self.logger.info('Endpoint changed: {0}:{1}'.format(
h, machine))
ep.endpoint_data = deepcopy(machine)
if ep.state == 'inactive' and machine['active'] == 1:
if ep.p_next_state in ['known', 'abnormal']:
ep.trigger(ep.p_next_state)
else:
ep.unknown()
ep.p_prev_states.append((ep.state, int(time.time())))
elif ep.state != 'inactive' and machine['active'] == 0:
if ep.state in ['mirroring', 'reinvestigating']:
status = Actions(ep, self.sdnc).unmirror_endpoint()
if not status:
self.logger.warning(
'Unable to unmirror the endpoint: {0}'.format(
ep.name))
self.investigations -= 1
if ep.state == 'mirroring':
ep.p_next_state = 'mirror'
elif ep.state == 'reinvestigating':
ep.p_next_state = 'reinvestigate'
if ep.state in ['known', 'abnormal']:
ep.p_next_state = ep.state
ep.inactive()
ep.p_prev_states.append((ep.state, int(time.time())))
elif ep is None:
self.logger.info('Detected new endpoint: {0}:{1}'.format(
h, machine))
m = Endpoint(h)
m.p_prev_states.append((m.state, int(time.time())))
m.endpoint_data = deepcopy(machine)
self.endpoints.append(m)
self.store_endpoints()
return
def find_new_machines(self, machines):
'''parse switch structure to find new machines added to network
since last call'''
change_acls = False
for machine in machines:
machine['ether_vendor'] = get_ether_vendor(
machine['mac'],
'/poseidon/poseidon/metadata/nmap-mac-prefixes.txt')
machine.update(self._parse_machine_ip(machine))
if not 'controller_type' in machine:
machine.update({'controller_type': 'none', 'controller': ''})
trunk = False
for sw in self.trunk_ports:
if sw == machine['segment'] and self.trunk_ports[sw].split(
',')[1] == str(
machine['port']) and self.trunk_ports[sw].split(
',')[0] == machine['mac']:
trunk = True
h = Endpoint.make_hash(machine, trunk=trunk)
ep = self.endpoints.get(h, None)
if ep is None:
change_acls = True
m = endpoint_factory(h)
m.p_prev_states.append((m.state, int(time.time())))
m.endpoint_data = deepcopy(machine)
self.endpoints[m.name] = m
self.logger.info('Detected new endpoint: {0}:{1}'.format(
m.name, machine))
else:
self.merge_machine_ip(ep.endpoint_data, machine)
if ep and ep.endpoint_data != machine and not ep.ignore:
diff_txt = self._diff_machine(ep.endpoint_data, machine)
self.logger.info('Endpoint changed: {0}:{1}'.format(
h, diff_txt))
change_acls = True
ep.endpoint_data = deepcopy(machine)
if ep.state == 'inactive' and machine['active'] == 1:
if ep.p_next_state in ['known', 'abnormal']:
ep.trigger(ep.p_next_state)
else:
ep.unknown()
ep.p_prev_states.append((ep.state, int(time.time())))
elif ep.state != 'inactive' and machine['active'] == 0:
if ep.state in ['mirroring', 'reinvestigating']:
status = Actions(ep, self.sdnc).unmirror_endpoint()
if not status:
self.logger.warning(
'Unable to unmirror the endpoint: {0}'.format(
ep.name))
if ep.state == 'mirroring':
ep.p_next_state = 'mirror'
elif ep.state == 'reinvestigating':
ep.p_next_state = 'reinvestigate'
if ep.state in ['known', 'abnormal']:
ep.p_next_state = ep.state
ep.inactive()
ep.p_prev_states.append((ep.state, int(time.time())))
if change_acls and self.controller['AUTOMATED_ACLS']:
status = Actions(None, self.sdnc).update_acls(
rules_file=self.controller['RULES_FILE'],
endpoints=self.endpoints.values())
if isinstance(status, list):
self.logger.info(
'Automated ACLs did the following: {0}'.format(status[1]))
for item in status[1]:
machine = {
'mac': item[1],
'segment': item[2],
'port': item[3]
}
h = Endpoint.make_hash(machine)
ep = self.endpoints.get(h, None)
if ep:
ep.acl_data.append((item[0], item[4], item[5]),
int(time.time()))
self.store_endpoints()
self.get_stored_endpoints()
def find_new_machines(self, machines):
'''parse switch structure to find new machines added to network
since last call'''
for machine in machines:
machine['ether_vendor'] = get_ether_vendor(
machine['mac'],
'/poseidon/poseidon/metadata/nmap-mac-prefixes.txt')
if 'ipv4' in machine and machine['ipv4'] and machine[
'ipv4'] is not 'None' and machine['ipv4'] is not '0':
machine['ipv4_rdns'] = get_rdns_lookup(machine['ipv4'])
machine['ipv4_subnet'] = '.'.join(
machine['ipv4'].split('.')[:-1]) + '.0/24'
else:
machine['ipv4_rdns'] = 'NO DATA'
machine['ipv4_subnet'] = 'NO DATA'
if 'ipv6' in machine and machine['ipv6'] and machine[
'ipv6'] is not 'None' and machine['ipv6'] is not '0':
machine['ipv6_rdns'] = get_rdns_lookup(machine['ipv6'])
machine['ipv6_subnet'] = '.'.join(
machine['ipv6'].split(':')[0:4]) + '::0/64'
else:
machine['ipv6_rdns'] = 'NO DATA'
machine['ipv6_subnet'] = 'NO DATA'
if not 'controller_type' in machine:
machine['controller_type'] = 'none'
machine['controller'] = ''
trunk = False
for sw in self.trunk_ports:
if sw == machine['segment'] and self.trunk_ports[sw].split(
',')[1] == str(
machine['port']) and self.trunk_ports[sw].split(
',')[0] == machine['mac']:
trunk = True
h = Endpoint.make_hash(machine, trunk=trunk)
ep = None
for endpoint in self.endpoints:
if h == endpoint.name:
ep = endpoint
if ep is not None and ep.endpoint_data != machine and not ep.ignore:
self.logger.info('Endpoint changed: {0}:{1}'.format(
h, machine))
ep.endpoint_data = deepcopy(machine)
if ep.state == 'inactive' and machine['active'] == 1:
if ep.p_next_state in ['known', 'abnormal']:
ep.trigger(ep.p_next_state)
else:
ep.unknown()
ep.p_prev_states.append((ep.state, int(time.time())))
elif ep.state != 'inactive' and machine['active'] == 0:
if ep.state in ['mirroring', 'reinvestigating']:
status = Actions(ep, self.sdnc).unmirror_endpoint()
if not status:
self.logger.warning(
'Unable to unmirror the endpoint: {0}'.format(
ep.name))
self.investigations -= 1
if ep.state == 'mirroring':
ep.p_next_state = 'mirror'
elif ep.state == 'reinvestigating':
ep.p_next_state = 'reinvestigate'
if ep.state in ['known', 'abnormal']:
ep.p_next_state = ep.state
ep.inactive()
ep.p_prev_states.append((ep.state, int(time.time())))
elif ep is None:
self.logger.info('Detected new endpoint: {0}:{1}'.format(
h, machine))
m = Endpoint(h)
m.p_prev_states.append((m.state, int(time.time())))
m.endpoint_data = deepcopy(machine)
self.endpoints.append(m)
self.store_endpoints()
return
def find_new_machines(self, machines):
'''parse switch structure to find new machines added to network
since last call'''
change_acls = False
machine_ips = set()
for machine in machines:
machine['ether_vendor'] = get_ether_vendor(
machine['mac'],
'/poseidon/poseidon/metadata/nmap-mac-prefixes.txt')
machine_ips.update(self._parse_machine_ip(machine))
if 'controller_type' not in machine:
machine.update({'controller_type': 'none', 'controller': ''})
if machine_ips:
self.logger.debug('resolving %s' % machine_ips)
resolved_machine_ips = self.dns_resolver.resolve_ips(
list(machine_ips))
self.logger.debug('resolver results %s', resolved_machine_ips)
for machine in machines:
self._update_machine_rdns(machine, resolved_machine_ips)
for machine in machines:
trunk = False
for sw in self.trunk_ports:
if sw == machine['segment'] and self.trunk_ports[sw].split(
',')[1] == str(
machine['port']) and self.trunk_ports[sw].split(
',')[0] == machine['mac']:
trunk = True
h = Endpoint.make_hash(machine, trunk=trunk)
ep = self.endpoints.get(h, None)
if ep is None:
change_acls = True
m = endpoint_factory(h)
m.endpoint_data = deepcopy(machine)
self.endpoints[m.name] = m
self.logger.info('Detected new endpoint: {0}:{1}'.format(
m.name, machine))
else:
self.merge_machine_ip(ep.endpoint_data, machine)
if ep and ep.endpoint_data != machine and not ep.ignore:
diff_txt = self._diff_machine(ep.endpoint_data, machine)
self.logger.info('Endpoint changed: {0}:{1}'.format(
h, diff_txt))
change_acls = True
ep.endpoint_data = deepcopy(machine)
if ep.state == 'inactive' and machine['active'] == 1:
ep.reactivate()
elif ep.state != 'inactive' and machine['active'] == 0:
if ep.mirror_active():
self.unmirror_endpoint(ep)
ep.deactivate()
if change_acls and self.controller['AUTOMATED_ACLS']:
status = Actions(None, self.sdnc).update_acls(
rules_file=self.controller['RULES_FILE'],
endpoints=self.endpoints.values())
if isinstance(status, list):
self.logger.info(
'Automated ACLs did the following: {0}'.format(status[1]))
for item in status[1]:
machine = {
'mac': item[1],
'segment': item[2],
'port': item[3]
}
h = Endpoint.make_hash(machine)
ep = self.endpoints.get(h, None)
if ep:
ep.acl_data.append(
((item[0], item[4], item[5]), int(time.time())))
self.refresh_endpoints()
