def test_Endpoint(): """ Tests Endpoint """ endpoint = endpoint_factory('foo') b = endpoint.encode() c = EndpointDecoder(b).get_endpoint() a = {'tenant': 'foo', 'mac': '00:00:00:00:00:00'} hashed_val = Endpoint.make_hash(a)
def find_new_machines(self, machines): '''parse switch structure to find new machines added to network since last call''' self.get_stored_endpoints() for machine in machines: h = Endpoint.make_hash(machine) ep = None for endpoint in self.endpoints: if h == endpoint.name: ep = endpoint if ep is not None and ep.endpoint_data != machine and not ep.ignore: self.logger.info('Endpoint changed: {0}:{1}'.format( h, machine)) ep.endpoint_data = deepcopy(machine) if ep.state == 'inactive' and machine['active'] == 1: if ep.p_next_state in ['known', 'abnormal']: ep.trigger(ep.p_next_state) else: ep.unknown() ep.p_prev_states.append((ep.state, int(time.time()))) elif ep.state != 'inactive' and machine['active'] == 0: if ep.state in ['mirroring', 'reinvestigating']: status = Actions(ep, self.sdnc).unmirror_endpoint() if not status: self.logger.warning( 'Unable to unmirror the endpoint: {0}'.format( ep.name)) self.investigations -= 1 if ep.state == 'mirroring': ep.p_next_state = 'mirror' elif ep.state == 'reinvestigating': ep.p_next_state = 'reinvestigate' if ep.state in ['known', 'abnormal']: ep.p_next_state = ep.state ep.inactive() ep.p_prev_states.append((ep.state, int(time.time()))) elif ep is None: self.logger.info('Detected new endpoint: {0}:{1}'.format( h, machine)) m = Endpoint(h) m.p_prev_states.append((m.state, int(time.time()))) m.endpoint_data = deepcopy(machine) self.endpoints.append(m) self.store_endpoints() return
def find_new_machines(self, machines): '''parse switch structure to find new machines added to network since last call''' change_acls = False for machine in machines: machine['ether_vendor'] = get_ether_vendor( machine['mac'], '/poseidon/poseidon/metadata/nmap-mac-prefixes.txt') machine.update(self._parse_machine_ip(machine)) if not 'controller_type' in machine: machine.update({'controller_type': 'none', 'controller': ''}) trunk = False for sw in self.trunk_ports: if sw == machine['segment'] and self.trunk_ports[sw].split( ',')[1] == str( machine['port']) and self.trunk_ports[sw].split( ',')[0] == machine['mac']: trunk = True h = Endpoint.make_hash(machine, trunk=trunk) ep = self.endpoints.get(h, None) if ep is None: change_acls = True m = endpoint_factory(h) m.p_prev_states.append((m.state, int(time.time()))) m.endpoint_data = deepcopy(machine) self.endpoints[m.name] = m self.logger.info('Detected new endpoint: {0}:{1}'.format( m.name, machine)) else: self.merge_machine_ip(ep.endpoint_data, machine) if ep and ep.endpoint_data != machine and not ep.ignore: diff_txt = self._diff_machine(ep.endpoint_data, machine) self.logger.info('Endpoint changed: {0}:{1}'.format( h, diff_txt)) change_acls = True ep.endpoint_data = deepcopy(machine) if ep.state == 'inactive' and machine['active'] == 1: if ep.p_next_state in ['known', 'abnormal']: ep.trigger(ep.p_next_state) else: ep.unknown() ep.p_prev_states.append((ep.state, int(time.time()))) elif ep.state != 'inactive' and machine['active'] == 0: if ep.state in ['mirroring', 'reinvestigating']: status = Actions(ep, self.sdnc).unmirror_endpoint() if not status: self.logger.warning( 'Unable to unmirror the endpoint: {0}'.format( ep.name)) if ep.state == 'mirroring': ep.p_next_state = 'mirror' elif ep.state == 'reinvestigating': ep.p_next_state = 'reinvestigate' if ep.state in ['known', 'abnormal']: ep.p_next_state = ep.state ep.inactive() ep.p_prev_states.append((ep.state, int(time.time()))) if change_acls and self.controller['AUTOMATED_ACLS']: status = Actions(None, self.sdnc).update_acls( rules_file=self.controller['RULES_FILE'], endpoints=self.endpoints.values()) if isinstance(status, list): self.logger.info( 'Automated ACLs did the following: {0}'.format(status[1])) for item in status[1]: machine = { 'mac': item[1], 'segment': item[2], 'port': item[3] } h = Endpoint.make_hash(machine) ep = self.endpoints.get(h, None) if ep: ep.acl_data.append((item[0], item[4], item[5]), int(time.time())) self.store_endpoints() self.get_stored_endpoints()
def find_new_machines(self, machines): '''parse switch structure to find new machines added to network since last call''' for machine in machines: machine['ether_vendor'] = get_ether_vendor( machine['mac'], '/poseidon/poseidon/metadata/nmap-mac-prefixes.txt') if 'ipv4' in machine and machine['ipv4'] and machine[ 'ipv4'] is not 'None' and machine['ipv4'] is not '0': machine['ipv4_rdns'] = get_rdns_lookup(machine['ipv4']) machine['ipv4_subnet'] = '.'.join( machine['ipv4'].split('.')[:-1]) + '.0/24' else: machine['ipv4_rdns'] = 'NO DATA' machine['ipv4_subnet'] = 'NO DATA' if 'ipv6' in machine and machine['ipv6'] and machine[ 'ipv6'] is not 'None' and machine['ipv6'] is not '0': machine['ipv6_rdns'] = get_rdns_lookup(machine['ipv6']) machine['ipv6_subnet'] = '.'.join( machine['ipv6'].split(':')[0:4]) + '::0/64' else: machine['ipv6_rdns'] = 'NO DATA' machine['ipv6_subnet'] = 'NO DATA' if not 'controller_type' in machine: machine['controller_type'] = 'none' machine['controller'] = '' trunk = False for sw in self.trunk_ports: if sw == machine['segment'] and self.trunk_ports[sw].split( ',')[1] == str( machine['port']) and self.trunk_ports[sw].split( ',')[0] == machine['mac']: trunk = True h = Endpoint.make_hash(machine, trunk=trunk) ep = None for endpoint in self.endpoints: if h == endpoint.name: ep = endpoint if ep is not None and ep.endpoint_data != machine and not ep.ignore: self.logger.info('Endpoint changed: {0}:{1}'.format( h, machine)) ep.endpoint_data = deepcopy(machine) if ep.state == 'inactive' and machine['active'] == 1: if ep.p_next_state in ['known', 'abnormal']: ep.trigger(ep.p_next_state) else: ep.unknown() ep.p_prev_states.append((ep.state, int(time.time()))) elif ep.state != 'inactive' and machine['active'] == 0: if ep.state in ['mirroring', 'reinvestigating']: status = Actions(ep, self.sdnc).unmirror_endpoint() if not status: self.logger.warning( 'Unable to unmirror the endpoint: {0}'.format( ep.name)) self.investigations -= 1 if ep.state == 'mirroring': ep.p_next_state = 'mirror' elif ep.state == 'reinvestigating': ep.p_next_state = 'reinvestigate' if ep.state in ['known', 'abnormal']: ep.p_next_state = ep.state ep.inactive() ep.p_prev_states.append((ep.state, int(time.time()))) elif ep is None: self.logger.info('Detected new endpoint: {0}:{1}'.format( h, machine)) m = Endpoint(h) m.p_prev_states.append((m.state, int(time.time()))) m.endpoint_data = deepcopy(machine) self.endpoints.append(m) self.store_endpoints() return
def find_new_machines(self, machines): '''parse switch structure to find new machines added to network since last call''' change_acls = False machine_ips = set() for machine in machines: machine['ether_vendor'] = get_ether_vendor( machine['mac'], '/poseidon/poseidon/metadata/nmap-mac-prefixes.txt') machine_ips.update(self._parse_machine_ip(machine)) if 'controller_type' not in machine: machine.update({'controller_type': 'none', 'controller': ''}) if machine_ips: self.logger.debug('resolving %s' % machine_ips) resolved_machine_ips = self.dns_resolver.resolve_ips( list(machine_ips)) self.logger.debug('resolver results %s', resolved_machine_ips) for machine in machines: self._update_machine_rdns(machine, resolved_machine_ips) for machine in machines: trunk = False for sw in self.trunk_ports: if sw == machine['segment'] and self.trunk_ports[sw].split( ',')[1] == str( machine['port']) and self.trunk_ports[sw].split( ',')[0] == machine['mac']: trunk = True h = Endpoint.make_hash(machine, trunk=trunk) ep = self.endpoints.get(h, None) if ep is None: change_acls = True m = endpoint_factory(h) m.endpoint_data = deepcopy(machine) self.endpoints[m.name] = m self.logger.info('Detected new endpoint: {0}:{1}'.format( m.name, machine)) else: self.merge_machine_ip(ep.endpoint_data, machine) if ep and ep.endpoint_data != machine and not ep.ignore: diff_txt = self._diff_machine(ep.endpoint_data, machine) self.logger.info('Endpoint changed: {0}:{1}'.format( h, diff_txt)) change_acls = True ep.endpoint_data = deepcopy(machine) if ep.state == 'inactive' and machine['active'] == 1: ep.reactivate() elif ep.state != 'inactive' and machine['active'] == 0: if ep.mirror_active(): self.unmirror_endpoint(ep) ep.deactivate() if change_acls and self.controller['AUTOMATED_ACLS']: status = Actions(None, self.sdnc).update_acls( rules_file=self.controller['RULES_FILE'], endpoints=self.endpoints.values()) if isinstance(status, list): self.logger.info( 'Automated ACLs did the following: {0}'.format(status[1])) for item in status[1]: machine = { 'mac': item[1], 'segment': item[2], 'port': item[3] } h = Endpoint.make_hash(machine) ep = self.endpoints.get(h, None) if ep: ep.acl_data.append( ((item[0], item[4], item[5]), int(time.time()))) self.refresh_endpoints()