def _parse_machine_ip(machine):
machine_ip_data = {}
for ip_field, fields in MACHINE_IP_FIELDS.items():
try:
raw_field = machine.get(ip_field, None)
machine_ip = ipaddress.ip_address(raw_field)
machine_subnet = ipaddress.ip_network(machine_ip).supernet(
new_prefix=MACHINE_IP_PREFIXES[ip_field])
except ValueError:
machine_ip = None
machine_subnet = None
machine_ip_data[ip_field] = ''
if machine_ip:
machine_ip_data.update({
ip_field:
str(machine_ip),
'_'.join((ip_field, 'rdns')):
get_rdns_lookup(str(machine_ip)),
'_'.join((ip_field, 'subnet')):
str(machine_subnet)
})
for field in fields:
if field not in machine_ip_data:
machine_ip_data[field] = NO_DATA
return machine_ip_data
def find_new_machines(self, machines):
'''parse switch structure to find new machines added to network
since last call'''
for machine in machines:
machine['ether_vendor'] = get_ether_vendor(
machine['mac'],
'/poseidon/poseidon/metadata/nmap-mac-prefixes.txt')
if 'ipv4' in machine and machine['ipv4'] and machine[
'ipv4'] is not 'None' and machine['ipv4'] is not '0':
machine['ipv4_rdns'] = get_rdns_lookup(machine['ipv4'])
machine['ipv4_subnet'] = '.'.join(
machine['ipv4'].split('.')[:-1]) + '.0/24'
else:
machine['ipv4_rdns'] = 'NO DATA'
machine['ipv4_subnet'] = 'NO DATA'
if 'ipv6' in machine and machine['ipv6'] and machine[
'ipv6'] is not 'None' and machine['ipv6'] is not '0':
machine['ipv6_rdns'] = get_rdns_lookup(machine['ipv6'])
machine['ipv6_subnet'] = '.'.join(
machine['ipv6'].split(':')[0:4]) + '::0/64'
else:
machine['ipv6_rdns'] = 'NO DATA'
machine['ipv6_subnet'] = 'NO DATA'
if not 'controller_type' in machine:
machine['controller_type'] = 'none'
machine['controller'] = ''
trunk = False
for sw in self.trunk_ports:
if sw == machine['segment'] and self.trunk_ports[sw].split(
',')[1] == str(
machine['port']) and self.trunk_ports[sw].split(
',')[0] == machine['mac']:
trunk = True
h = Endpoint.make_hash(machine, trunk=trunk)
ep = None
for endpoint in self.endpoints:
if h == endpoint.name:
ep = endpoint
if ep is not None and ep.endpoint_data != machine and not ep.ignore:
self.logger.info('Endpoint changed: {0}:{1}'.format(
h, machine))
ep.endpoint_data = deepcopy(machine)
if ep.state == 'inactive' and machine['active'] == 1:
if ep.p_next_state in ['known', 'abnormal']:
ep.trigger(ep.p_next_state)
else:
ep.unknown()
ep.p_prev_states.append((ep.state, int(time.time())))
elif ep.state != 'inactive' and machine['active'] == 0:
if ep.state in ['mirroring', 'reinvestigating']:
status = Actions(ep, self.sdnc).unmirror_endpoint()
if not status:
self.logger.warning(
'Unable to unmirror the endpoint: {0}'.format(
ep.name))
self.investigations -= 1
if ep.state == 'mirroring':
ep.p_next_state = 'mirror'
elif ep.state == 'reinvestigating':
ep.p_next_state = 'reinvestigate'
if ep.state in ['known', 'abnormal']:
ep.p_next_state = ep.state
ep.inactive()
ep.p_prev_states.append((ep.state, int(time.time())))
elif ep is None:
self.logger.info('Detected new endpoint: {0}:{1}'.format(
h, machine))
m = Endpoint(h)
m.p_prev_states.append((m.state, int(time.time())))
m.endpoint_data = deepcopy(machine)
self.endpoints.append(m)
self.store_endpoints()
return
