HOME

Mini Shell 1.0
DIR:/lib/python3/dist-packages/ufw/__pycache__/
Current File : //lib/python3/dist-packages/ufw/__pycache__/util.cpython-311.pyc
�

#fd$���"�dZddlmZddlZddlZddlZddlZddlZddlZddl	Z	ddl
Z
ddlZddlZddl
Z
ddlZddlZddlmZddlmZmZdZdZgd�Zgd�Zd	d
gZd�Zd�Zd
�Zd�Zd�Zd;d�Zd�Z d�Z!d�Z"d�Z#d<d�Z$d�Z%d�Z&d�Z'd<d�Z(d�Z)ej*dfd�Z+d�Z,d�Z-d �Z.d!�Z/e	j0��fd"�Z1e	j0��fd#�Z2d$�Z3d%�Z4d&�Z5d'�Z6d(�Z7d)�Z8d*�Z9d+�Z:d=d,�Z;d>d-�Z<d.�Z=d?d/�Z>d0�Z?d1�Z@d2�ZAd3�ZBd4�ZCd5�ZDd6�ZEd7�ZFd@d9�ZGd:�ZHdS)Az"util.py: utility functions for ufw�)�print_functionN)�reduce)�mkstemp�mktempF)�tcp�udp�ipv6�esp�ah�igmp�gre�vrrp)r	r
rrr
rr	rc�
�d}	tj|��n#t$r�wxYw	tj|d��d}n#t$rYnwxYw	tj|d��|dkrd}nd}n#t$rYnwxYw|S)z8Get the protocol for a specified port from /etc/services�rr�any)�socket�
getservbyname�	Exception)�port�protos  �*/usr/lib/python3/dist-packages/ufw/util.py�get_services_protor.s����E����T�"�"�"�"������
�����
���T�5�)�)�)������
�
�
���
����
���T�5�)�)�)��E�>�>��E�E��E����
�
�
���
�����Ls+��%�A�
A�
A� A3�3
B�?Bc�P�d}d}|�d��}t|��dkr|d}d}nlt|��dkr;|d}|d}|tvr!td|z��}t	|���ntd��}t	|���||fS)	zParse port or port and protocolr�/�rr�zInvalid port with protocol '%s'zBad port)�split�len�portless_protocols�_�
ValueError)�p_strrr�tmp�err_msgs     r�parse_port_protor%Hs���
�D��E�
�+�+�c�
�
�C�
�3�x�x�1�}�}��1�v�����	�S���Q����1�v���A����&�&�&��9�E�A�B�B�G��W�%�%�%�'��J�-�-����!�!�!��%�=��c��tjstd��dSt|��dkst	jd|��sdS|�d��}	tjtj|d��n#t$rYdSwxYwt|��dkrdSt|��dkrt|dd	��sdSd	S)
zVerifies if valid IPv6 addressz"python does not have IPv6 support.F�+z^[a-fA-F0-9:\./]+$rrrrT)r�has_ipv6�warnr�re�matchr�	inet_pton�AF_INET6r�_valid_cidr_netmask��addr�nets  r�valid_address6r3\s����?���
1�2�2�2��u��4�y�y�2�~�~�R�X�&;�T�B�B�~��u�
�*�*�S�/�/�C������#�a�&�1�1�1�1�������u�u������3�x�x�!�|�|��u�	�S���Q���"�3�q�6�4�0�0�	��5��4s�%B�
B�Bc��t|��dkstjd|��sdS|�d��}	t	jtj|d��t|dd��sdSn#t$rYdSwxYwt|��dkrdSt|��dkrt|dd��sdSdS)	zVerifies if valid IPv4 address�z^[0-9\./]+$FrrrrT)
rr+r,rrr-�AF_INET�_valid_dotted_quadsr�
valid_netmaskr0s  r�valid_address4r9vs����4�y�y�2�~�~�R�X�n�d�;�;�~��u�
�*�*�S�/�/�C�������Q��0�0�0�"�3�q�6�5�1�1�	��5�	�������u�u������3�x�x�!�|�|��u�	�S���Q����S��V�U�+�+�	��5��4s�;A?�?
B
�B
c�B�t||��pt||��S)z(Verifies if valid cidr or dotted netmask)r/r7)�nm�v6s  rr8r8�s"���r�2�&�&�E�*=�b�"�*E�*E�Er&rc��|dkrt|��S|dkrt|��S|dkrt|��pt|��St�)zValidate IP addresses�6�4r)r3r9r!)r1�versions  r�
valid_addressrA�s\���#�~�~��d�#�#�#�	�C����d�#�#�#�	�E�	�	��d�#�#�;�~�d�';�';�;�
�r&c�0�g}d}d}tj}|rd}tj}d|vrE|�d��}|r|ddkr|d=n3|s|ddks|ddkr|d=n|�|��|sTt|��d	krAt
|d|��r+	t|d|��|d<n#t$rYnwxYw|d
}tj	|tj
||����}||d
krd}t|��d	krA|d|dzz
}|s1t|��}||krd|�d
|�d�}t|��|}d}t||��sd|z}t|��t�||fS)z�Convert address to standard form. Use no netmask for IP addresses. If
       netmask is specified and not all 1's, for IPv4 use cidr if possible,
       otherwise dotted netmask and for IPv6, use cidr.
    Fr?r>rr�128�32z255.255.255.255rrTzUsing 'z' for address '�'zInvalid address '%s')rr6r.r�appendrr7�_dotted_netmask_to_cidrr�	inet_ntopr-�_address4_to_network�debugrAr!)	�origr<r2�changedr@�s_typer1�network�dbg_msgs	         r�normalize_addressrP�s���

�C��G��G�
�^�F�	�!������
�d�{�{��j�j��o�o��
�	�#�a�&�E�/�/��A����	��Q��4���3�q�6�5F�+F�+F��A����
�
�4����
��#�c�(�(�a�-�-�$7��A���$C�$C�-�	�,�S��V�R�8�8�C��F�F���	�	�	��D�	�����q�6�D���F�F�$4�V�T�$B�$B�C�C�D��s�1�v�~�~���
�3�x�x�1�}�}���c�!�f�����	�*�4�0�0�G��$����;B�7�7�D�D�D�I���g����������w�'�'��(�D�1��
�g�������'�?�s�-C�
C�Cc�"�t|d��S)z"Opens the specified file read-only�r)�open)�fns r�open_file_readrU�s����C�=�=�r&c��t|��}	t��\}}n##t$r|����wxYw||||d�S)z=Opens the specified file read-only and a tempfile read-write.)rK�orignamer#�tmpname)rUrr�close)rTrKr#rXs    r�
open_filesrZ�sb���"���D�� �����g�g�������
�
����
������r�#�'�K�K�Ks	�#� Ac��|dkrdS|sttjd���tr>|tj���krt�|��dSd}tjddkr$tj|t|d����}ntj||��}|dkrttjd���dS)	z~Write to the file descriptor and error out of 0 bytes written. Intended
       to be used with open_files() and close_files().rNzNot a valid file descriptor���r��asciiz"Could not write to file descriptor)�OSError�errno�ENOENT�
msg_output�sys�stdout�fileno�write�version_info�os�bytes�EIO)�fd�out�rcs   r�
write_to_filern�s����b�y�y���
�C��e�l�$A�B�B�B���b�C�J�-�-�/�/�/�/����������	�B�
����a���
�X�b�%��W�-�-�
.�
.���
�X�b�#�
�
��	�Q�w�w��e�i�!E�F�F�F��wr&Tc�*�|d���tj|d��|rBtj|d|d��tj|d|d��tj|d��dS)zuCloses the specified files (as returned by open_files), and update
       original file with the temporary file.
    rKr#rWrXN)rYrh�shutil�copystat�copy�unlink)�fns�updates  r�close_filesrvs�����K�������H�S��Z����
�5����J���Y��8�8�8���C�	�N�C�
�O�4�4�4��I�c�)�n�����r&c�,�t|��	tj|tjtjd���}n(#t
$r}dt
|��gcYd}~Sd}~wwxYw|���d}|jt
|��gS)z!Try to execute the given command.T)rd�stderr�universal_newlines�Nr)	rJ�
subprocess�Popen�PIPE�STDOUTr_�str�communicate�
returncode)�command�sp�exrls    r�cmdr�s���	�'�N�N�N��
�
�g�j�o�%/�%6�15�7�7�7���������S��W�W�~���������������
�.�.�
�
�1�
�C��M�3�s�8�8�$�$s�,>�
A#�A�A#�A#c�,�	tj|tj���}tj||j���}n(#t$r}dt|��gcYd}~Sd}~wwxYw|���d}|jt|��gS)z#Try to pipe command1 into command2.)rd)�stdinrzNr)r{r|r}rdr_rr�r�)�command1�command2�sp1�sp2r�rls      r�cmd_piper�$s������x�
��@�@�@����x�s�z�:�:�:���������S��W�W�~����������������/�/�
�
�A�
�C��N�C��H�H�%�%s�;>�
A#�A�A#�A#c�r�	|j}n#t$r|}YnwxYw	|�dd��}n#t$r|}YnwxYwtr4t	jtj��r|�|��n"|�t|����|�
��dS)zQImplement our own print statement that will output utf-8 when
       appropriate.�utf-8�ignoreN)�bufferr�encoderb�inspect�isclass�io�StringIOrfri�flush)�output�s�writerrls    r�_printr�2s�����������������������h�h�w��)�)�����������������!�g�o�b�k�2�2�!����Q��������U�3�Z�Z� � � �
�L�L�N�N�N�N�Ns�
���4�A�Ac��	ttjd|z��n#t$rYnwxYw|rtjd��dSdS)zPrint error message and exitz
ERROR: %s
rN)r�rcrx�IOError�exit)rl�do_exits  r�errorr�Gsf��
��s�z�=�3�.�/�/�/�/���
�
�
���
���������������s� �
-�-c�d�	ttjd|z��dS#t$rYdSwxYw)zPrint warning messagez	WARN: %s
N)r�rcrxr��rls rr*r*RsF��
��s�z�<�#�-�.�.�.�.�.���
�
�
����
���s�!�
/�/c��tr|tjkrt}	|rt|d|z��dSt|d|z��dS#t$rYdSwxYw)z
Print messagez%s
�%sN)rbrcrdr�r�)rlr��newlines   r�msgr�Zs~����f��
�*�*���
��	'��6�6�C�<�(�(�(�(�(��6�4�#�:�&�&�&�&�&���
�
�
����
���s�A�A�
A�Ac�v�tr1	ttjd|z��dS#t$rYdSwxYwdS)zPrint debug messagez
DEBUG: %s
N)�	DEBUGGINGr�rcrxr�r�s rrJrJhsX����	��3�:�}�s�2�3�3�3�3�3���	�	�	��D�D�	�����s�(�
6�6c�N�t|fd�|�d����S)z�
    A word-wrap function that preserves existing line breaks
    and most spaces in the text. Expects that existing line
    breaks are posix newlines (
).
    c	���|�dt|��|�d��z
dz
t|�dd��d��z|k�|��S)Nz 
�
rr)r�rfindr)�line�word�widths   r�<lambda>zword_wrap.<locals>.<lambda>wsk���4��#�d�)�)�D�J�J�t�$4�$4�4�q�8��d�j�j��q�1�1�!�4�5�5�6�9>�?�A�A��4�	3�r&� )rr)�textr�s  r�	word_wrapr�qs6���5����
�*�*�S�/�/���r&c�"�t|d��S)zWord wrap to a specific width�K)r�)r�s r�	wrap_textr��s���T�2���r&c�@��d��|��fd����dS)a$Sorts list of strings into numeric order, with text case-insensitive.
       Modifies list in place.

       Eg:
       [ '80', 'a222', 'a32', 'a2', 'b1', '443', 'telnet', '3', 'http', 'ZZZ']

       sorts to:
       ['3', '80', '443', 'a2', 'a32', 'a222', 'b1', 'http', 'telnet', 'ZZZ']
    c�p�|���rt|��n|���S�N)�isdigit�int�lower)�ts rr�zhuman_sort.<locals>.<lambda>�s%��q�y�y�{�{�9�S��V�V�V����	�	�r&c�F���fd�tjd|��D��S)Nc�&��g|]
}�|����S�r�)�.0�c�norms  �r�
<listcomp>z0human_sort.<locals>.<lambda>.<locals>.<listcomp>�s!���F�F�F��T�T�!�W�W�F�F�Fr&z([0-9]+))r+r)�kr�s �rr�zhuman_sort.<locals>.<lambda>�s(���F�F�F�F�b�h�z�1�.E�.E�F�F�F�r&)�keyN)�sort)�lstr�s @r�
human_sortr��s1���:�9�D��H�H�F�F�F�F�H�G�G�G�G�Gr&c���	t|��}n#t$rtd���wxYwtj�dt
|��d��}tj�|��std|z���t|���
��d�dd��d���d}t|��S)zdFinds parent process id for pid based on /proc/<pid>/stat. See
       'man 5 proc' for details.
    zpid must be an integer�/proc�stat�Couldn't find '%s'r�)r)
r�rr!rh�path�joinr�isfiler�rS�	readlines�rsplitr)�mypid�pid�name�ppids    r�get_ppidr��s���3��%�j�j�����3�3�3��1�2�2�2�3�����7�<�<���S���6�2�2�D�
�7�>�>�$���5��*�d�3�4�4�4���:�:���!�!�!�$�+�+�C��3�3�A�6�<�<�>�>�q�A�D��t�9�9�s��,c��	t|��}nf#t$r"td��}t|��YdSt$r/td��t|��z}t
|���wxYw|dks|dkrdStj�	dt|��d��}tj�
|��s!td��|z}t
|���	t|�����d�
��d}n/#t$r"td	��|z}t
|���wxYwtd
|z��|dkrdSt|��S)
z1Determine if current process is running under sshz%Couldn't find pid (is /proc mounted?)Fz!Couldn't find parent pid for '%s'rr�r�r�rz"Could not find executable for '%s'zunder_ssh: exe is '%s'z(sshd)T)r�r�r r*rrr!rhr�r�r�rSr�rrJ�	under_ssh)r�r��warn_msgr$r��exes      rr�r��s���"���}�}���������<�=�=���X�����u�u��"�"�"��7�8�8�C��H�H�E����!�!�!�"�����a�x�x�4�1�9�9��u�
�7�<�<���T���F�3�3�D�
�7�>�>�$���"��(�)�)�T�2����!�!�!�"��4�j�j�"�"�$�$�Q�'�-�-�/�/��2�����"�"�"��8�9�9�T�B����!�!�!�"����
�
"�c�
*�+�+�+��h����t�����s��(A5�8A5�5?D5�5,E!c��d}|rd}tjd|��r&t|��dkst|��|krdSdS)zVerifies cidr netmasks� ��^[0-9]+$rFT)r+r,r�)r;r<�nums   rr/r/�sN��
�C�	����
�8�K��$�$���B���!���s�2�w�w��}�}��u��4r&c���|rdStjd|��r[tjd|��}t|��dkrdS|D]-}|r&t	|��dkst	|��dkrdS�.ndSdS)z.Verifies dotted quad ip addresses and netmasksFz^[0-9]+\.[0-9\.]+$z\.�r�T)r+r,rrr�)r;r<�quads�qs    rr7r7�s���	���u�
�8�)�2�.�.�	��H�T�2�&�&�E��5�z�z�Q����u��
!�
!���!�C��F�F�Q�J�J�#�a�&�&�3�,�,� �5�5�+7�
!��5��4r&c	� �d}|rt�t||��st�d}	ttjdtj|����d��}nJ#t$r=ttjdtj|����d��}YnwxYwd}td��D]}||z	dzdkrd}�|rd}n|dz
}�|dkr|dkrtd|z
��}t||��st�|S)	z@Convert netmask to cidr. IPv6 dotted netmasks are not supported.rr�>LFr�rTr\)r!r7�long�struct�unpackr�	inet_aton�	NameErrorr��rangerr/)r;r<�cidr�mbits�bits�	found_one�ns       rrGrG�s?��
�D�	�#���"�2�r�*�*�	�����
	E���
�d�F�,<�R�,@�,@�A�A�!�D�E�E�D�D���	E�	E�	E��v�}�T�6�+;�B�+?�+?�@�@��C�D�D�D�D�D�	E�����	��r���	�	�A���	�Q��!�#�#� �	�	����E��E��Q�J�E�E��A�:�:�%�2�+�+��r�E�z�?�?�D��t�R�(�(�����Ks�:A!�!AB(�'B(c�l�d}|rt�t||��st�	td��}n#t$rd}YnwxYwt	d��D] }|t|��kr|dd|z
zz}�!t
jtj	d|����}t||��st�|S)z<Convert cidr to netmask. IPv6 dotted netmasks not supported.rrr�rr5r�)r!r/r�r�r�r�r�	inet_ntoar��packr7)r�r<r;r�r�s     r�_cidr_to_dotted_netmaskr�$s���	�B�	�7���"�4��,�,�	���
	���7�7�D�D���	�	�	��D�D�D�	�����r���	$�	$�A��3�t�9�9�}�}���R�!�V��#���
�
�f�k�$��5�5�
6�
6���r�2�&�&����
�Is�4�A�Ac	�t�d|vrtd��|S|�d��}t|��dkst|dd��st�|d}|d}|}t|d��rt
|d��}	ttj	dtj|����d��}ttj	dtj|����d��}n�#t$rwttj	dtj|����d��}ttj	dtj|����d��}YnwxYw||z}tjtjd|����}|�d|��S)z8Convert an IPv4 address and netmask to a network addressrz8_address4_to_network: skipping address without a netmaskrrFrr�)rJrrr7r!r/r�r�r�r�rr�r�r�r�r�)	r1r#�host�orig_nmr;�	host_bits�nm_bits�network_bitsrNs	         rrIrIAs���
�$���
�H�I�I�I���
�*�*�S�/�/�C�
�3�x�x�1�}�}�/��A���>�>�}����q�6�D��!�f�G�	�B��2�u�%�%�0�
$�R��
/�
/��D����t�V�-=�d�-C�-C�D�D�Q�G�H�H�	��v�}�T�6�+;�B�+?�+?�@�@��C�D�D�����D�D�D���
�d�F�,<�T�,B�,B�C�C�A�F�G�G�	��f�m�D�&�*:�2�*>�*>�?�?��B�C�C����D�����w�&�L���v�{�4��>�>�?�?�G��g�g�w�w�'�'s�A4D�A>F�Fc�t�d�}d|vrtd��|S|�d��}t|��dkst|dd��st�|d}|d}tjdtjtj	|����}	td��}n#t$rd}YnwxYwtd	��D]M}|||d
��}td
��D])}	|dt||	��zd|	z
|d
zz
zz}�*�N	td��}
n#t$rd}
YnwxYwtd��D] }|t|��kr|
dd|z
zz}
�!||
z}g}td	��D]@}|�t||d��|d
z|d
zd
z�d�����Atjtj	tjd|d|d|d|d
|d|d|d|d�	�	��}
|
�d|��S)z8Convert an IPv6 address and netmask to a network addressc�j��d��fd�t|dz
dd��D����S)zDecimal to binaryrc�:��g|]}t�|z	dz����S)r)r)r��yr�s  �rr�z9_address6_to_network.<locals>.dec2bin.<locals>.<listcomp>hs)���L�L�L���S�A�X��N�+�+�L�L�Lr&rr\)r�r�)r��counts` r�dec2binz%_address6_to_network.<locals>.dec2binfs:����w�w�L�L�L�L�U�5��7�B��5K�5K�L�L�L�M�M�Mr&rz8_address6_to_network: skipping address without a netmaskrrTrz>8H��rzr�r]r����)rJrrr8r!r�r�rr-r.r�r�r�r�rFrHr�)r1rr#�	orig_host�netmask�unpackedr��ir��jr�r2r�rNs              r�_address6_to_networkr
ds���N�N�N��$���
�H�I�I�I���
�*�*�S�/�/�C�
�3�x�x�1�}�}�M�#�a�&�$�7�7�}����A��I��!�f�G��}�U�F�$4�V�_�5>�%@�%@�A�A�H����G�G�	�	�������	�	�	������1�X�X�9�9���G�H�Q�K��$�$���r���	9�	9�A��!�c�!�A�$�i�i�-�S��U�1�R�4�Z�8�8�I�I�	9���q�'�'�����������������3�Z�Z�*�*���s�7�|�|����q�W��M�)�)�G���g�
�C�
�C�
�1�X�X�<�<���
�
�3�w�w�s�C�(�(��2��a��d�2�g��6��:�:�;�;�;�;���v��%�{�5�#�a�&�#�a�&�+.�q�6�3�q�6�3�q�6�+.�q�6�3�q�6�3�q�6� C� C�D�D�G�
�g�g�w�w�'�'s$�!B1�1C�?C�!D1�1E�?Ec���|�d��}t|��dkst|d|��st�|d}|d}|dks|dkrdS|}d|vrM|�d��}t|��dkst|d|��st�|d}|dks|dkrdS|r&t	|��rt	|��st�n%t|��rt|��st�t
||��r|st||��}|r[t|�d|�����d��d}t|�d|�����d��d}nZt|�d|�����d��d}t|�d|�����d��d}||kS)z&Determine if address x is in network yrrrrz0.0.0.0z::T)
rrr8r!r3r9r/r�r
rI)	�
tested_add�
tested_netr<r#rr	�address�orig_networkrNs	         r�
in_networkr�s:��
�
�
�3�
�
�C�
�3�x�x�1�}�}�M�#�a�&�"�5�5�}����A��I��!�f�G��I����d�!2�!2��t��G�
�g�~�~��m�m�C� � ���s�8�8�q�=�=�
�c�!�f�b� 9� 9�=����a�&���)���w�$����t�	���g�&�&�	�n�Y�.G�.G�	���	��g�&�&�	�n�Y�.G�.G�	����7�B�'�'�7��7�)�'�2�6�6��
�	I�+�-6�Y�Y���-A�B�B�BG�%��*�*�Q�P��&�(/�����(:�;�;�;@�5��:�:�a�I���,�-6�Y�Y���-A�B�B�BG�%��*�*�Q�P��&�(/�����(:�;�;�;@�5��:�:�a�I���l�"�"r&c���d}dD]E}tj�|d��}tj�|��rnd}�F|dkrt	t
jd���|S)Nr)z/sbinz/binz	/usr/sbinz/usr/binz/usr/local/sbinz/usr/local/bin�iptableszCould not find iptables)rhr�r��existsr_r`ra)r��ds  r�_find_system_iptablesr�sr��
�C�3�����g�l�l�1�j�)�)��
�7�>�>�#���	��E��C�C�
�b�y�y��e�l�$=�>�>�>��Jr&c���|�t��}t|dg��\}}|dkrttjd|z���tjd|��}tjdd|d��S)	zReturn iptables versionNz-VrzError running '%s'z\sz^vrr)rr�r_r`rar+r�sub)r�rmrlr#s    r�get_iptables_versionr�sq��
�{�#�%�%���S�$�K� � �I�R��	�Q�w�w��e�l�$8�C�$@�A�A�A�
�(�4��
�
�C�
�6�$��C��F�#�#�#r&c�x�d�}|r1tj��dkrttjd���|�t��}g}d}|�d��rd}|tdd�	��z
}t|d
|g��\}}|dkrttj	|���|||gd���r|�
d��|||gd
���r|�
d��t|d|g��t|d|g��\}}|dkrttj	|���|S)z[Return capabilities set for netfilter to support new features. Callers
       must be root.c�J�|d|g}t||z��\}}|dkrdSdS)Nz-ArTF)r�)r��chain�rule�argsrmrls      r�test_capz,get_netfilter_capabilities.<locals>.test_cap�s6���T�5�!����t��$�$�	��S�
��7�7��4��ur&rzMust be rootNz
ufw-caps-test�	ip6tableszufw6-caps-testr)�prefix�dirz-N)�-m�	conntrack�	--ctstate�NEWr%�recentz--setz
recent-set)r%r&r'r(r%r)z--updatez	--seconds�30z
--hitcountr>z
recent-updatez-Fz-X)rh�getuidr_r`�EPERMr�endswithrr�rarF)r��	do_checksr!�capsrrmrls       r�get_netfilter_capabilitiesr0�s�������3�R�Y�[�[�A�%�%��e�k�>�2�2�2�
�{�#�%�%��
�D��E�
�|�|�K� � �!� ��
�V�2�2�
&�
&�
&�&�E��S�$��&�'�'�I�R��	�Q�w�w��e�l�C�(�(�(��x��U�6�6�6�7�7�"����L�!�!�!��x��U�0�0�0�1�1�%�	
���O�$�$�$���d�E������S�$��&�'�'�I�R��	�Q�w�w��e�l�C�(�(�(��Kr&c�T�t|��}t��}|���D�]t}|�d��s|�d��s�.|���}|d}|d�d��d}t��}d�|d�d��dd���|d<|d	|d
<|d�d��d|d
<|d
dkr|d
|d<n$|d�d��d|d<||vrt��||<g|||<n|||vrg|||<|||�|����v|S)z:Get and parse netstat the output from get_netstat_output()rrrr�:r\N�laddrr]�uidrrr��-r�)�get_netstat_output�dict�
splitlines�
startswithrr�rF)r<�netstat_outputrr�r#rr�items        r�parse_netstat_outputr<'s���(��+�+�N����A��)�)�+�+�$�$�����u�%�%�	�d�o�o�e�.D�.D�	���j�j�l�l���A����1�v�|�|�C� � ��$���v�v������Q����c�!2�!2�3�B�3�!7�8�8��W�
��!�f��U���!�f�l�l�3�'�'��*��U����;�#����u�+�D��K�K��a�&�,�,�s�+�+�A�.�D��K���>�>��v�v�A�e�H��A�e�H�T�N�N��1�U�8�#�#�!#��%����	�%������d�#�#�#�#��Hr&c���d}|�r1d}tj�|��sttjd|z���t
|�����D]�}|����|�dkr�d�	�fd�tdt�d��d��D����}�d	���d
kr-|�dt�d	���d����}��|dkrttjd
���n�t!jt jt j��}	t!jt)j|���dt/jd|dd�����dd���}n(#t2$rttjd
���wxYwt5||��dS)zGet IP address for interfacer�/proc/net/if_inet6�'%s' does not existrr2c�6��g|]}�d||dz���S�rr�r��r�rr#s  �rr�z"get_ip_from_if.<locals>.<listcomp>[�)���L�L�L�a�C��F�1�Q�q�S�5�M�L�L�Lr&rr�r�80rr�No such devicei��256sN���)rhr�rr_r`rarSr�rr�r�rr�r�r��ENODEVrr6�
SOCK_DGRAMr��fcntl�ioctlrer�r�rrP)�ifnamer<r1�procr�r�r#s      @r�get_ip_from_ifrPMs����
�D�
�:�#���w�~�~�d�#�#�	F��%�,�(=��(D�E�E�E���J�J�(�(�*�*�	E�	E�D��*�*�,�,�C���Q�����x�x�L�L�L�L�5��C��A��K�K��3K�3K�L�L�L�N�N���q�6�<�<�>�>�T�)�)�&*�d�d�C��A�������,C�,C�,C�D�D���2�:�:��%�,�(8�9�9�9��
�M�&�.�&�*;�<�<��	:��#�E�K����
�
�F�$*�K���s��s��$D�$D�%F�%F�FH��e�%M�N�N�D�D���	:�	:�	:��%�,�(8�9�9�9�	:�����T�2�&�&�q�)�)s
�"AG�%G%c���d}d}t|��rd}d}n)t|��sttjd���t
j�|��sttj	d|z���d}|�rt|�����D]�}|�����d�
��}d	��fd
�tdt!�d��d��D����}�d
���dkr-|�dt%�d
���d����}||ksd|vrt'||d��r|}n��n�t|�����D]`}d	|vr�|�d	��d�
��}	t)|d��}n#t$rY�RwxYw||kr|}n�a|S)zGet interface for IP addressFz
/proc/net/devTr>rEr?rrr2c�6��g|]}�d||dz���SrAr�rBs  �rr�z"get_if_from_ip.<locals>.<listcomp>�rCr&rr�rrDrr)r3r9r�r`rJrhr�rr_rarSr�r�stripr�r�rr�r�rrP)	r1r<rO�matchedr�rN�tmp_addr�ipr#s	        @r�get_if_from_iprWms���	�B��D��d���6�
��#���
�D�
!�
!�6��e�l�$4�5�5�5�
�7�>�>�$���B��e�l�$9�D�$@�A�A�A��G�	����J�J�(�(�*�*�	�	�D��*�*�,�,�C���V�\�\�^�^�F��x�x�L�L�L�L�5��C��A��K�K��3K�3K�L�L�L�N�N�H��1�v�|�|�~�~��%�%�&.�h�h��C��F�L�L�N�N�B�0G�0G�0G�H���x����x���J�t�X�t�$D�$D�� ��������J�J�(�(�*�*�	�	�D��$�����Z�Z��_�_�Q�'�-�-�/�/�F�
�#�F�E�2�2�����
�
�
���
�����T�z�z� ������Ns�G+�+
G8�7G8c�6�tjd��}|���tjd��}t��}|D�]J}|�|��s�tj�d|d��}tj	|tj
tjz��s�gd}	tjtj�d|d����}n#t$rYnwxYw	tj|��}n#t$rY��wxYw|D]s}	tjtj�||����d}n#t$rY�HwxYw|�dtj�|����||<�t��L|S)zGet inodes of files in /procr�r�rkr5r�rr)rh�listdirr�r+�compiler7r,r�r��access�F_OK�R_OK�readlinkrr��basename)	�
proc_files�pat�inodesr�fd_path�exe_path�dirsr�inodes	         r�_get_proc_inodesrg�s�����G�$�$�J��O�O����
�*�[�
!�
!�C�
�V�V�F�
�F�F���y�y��|�|�	���'�,�,�w��4�0�0���y��"�'�B�G�"3�4�4�	����	��{�2�7�<�<���E�#B�#B�C�C�H�H���	�	�	��D�	����	��:�g�&�&�D�D���	�	�	��H�	�����	F�	F�A�
�������W�a� 8� 8�9�9�!�<�����
�
�
���
����'(�q�q�"�'�*:�*:�8�*D�*D�*D�E�F�5�M�M�	F��Ms6�73C+�+
C8�7C8�<D�
D�D�&8E�
E,�+E,c���ddddddddd	d
dd�}d
dddd�}tj�d|��}tj|tjtjz��st�g}d}t|�����}|D]�}|�	��}|sd}�|t||dd��}	|�d��rd}	n|�d��r|	d
kr�q||d�	d��\}
}||d}||d}
|�|
t|d��||
|	f����|S)z=Read /proc/net/(tcp|udp)[6] file and return a list of tuples �ESTABLISHED�SYN_SENT�SYN_RECV�	FIN_WAIT1�	FIN_WAIT2�	TIME_WAIT�CLOSE�
CLOSE_WAIT�LAST_ACK�LISTEN�CLOSING)rrr]r�rrrr�	�
�rr]rrt)�
local_addr�stater4rfz	/proc/netFTrxrr�NArrwr2r4rf)
rhr�r�r[r\r]r!rSr�rr�r9rF)�protocol�
tcp_states�proc_net_fieldsrTr��
skipped_first�linesr��fieldsrxr3rr4rfs              r�_read_proc_net_protocolr��s���#� � �!�!�!��"� �� ���J�'(�!"� �!"���O�
����k�8�	,�	,�B�
�9�R���2�7�*�+�+����
�C��M���H�H��� � �E��
>�
>���������	� �M���3�v�o�g�&>�?��D�D�E�����u�%�%�	��E�E�
�
 �
 ��
'�
'�	�E�X�,=�,=���_�\�:�;�A�A�#�F�F���t��_�U�+�,����w�/�0���
�
�E�3�t�R�=�=�#�u�e�<�=�=�=�=��Jr&c�f���d}t���dkr�d�tddd��D]8}�d��fd�t|dz|d��D����z
��9td��fd�tdt���d	��D����d
��d}n{g��fd�tddd��D��D]2}��tt
|d�������3td
����d��d}|S)zDConvert an address from /proc/net/(tcp|udp)* to a normalized addressrrrr�c�*��g|]}�|dz
|���S�rr��r�r�paddrs  �rr�z(convert_proc_address.<locals>.<listcomp>�s%���F�F�F�a�U�1�Q�3�q�5�\�F�F�Fr&���r2c�N��g|]!}�||dz������"S)r�)r�)r�rr#s  �rr�z(convert_proc_address.<locals>.<listcomp>�s1���B�B�B�q��A�a��c�E�
� � �"�"�B�B�Br&r�Tc�*��g|]}�|dz
|���Sr�r�r�s  �rr�z(convert_proc_address.<locals>.<listcomp>�s%���:�:�:�A�5��1��Q��<�:�:�:r&r�.F)rr�r�rPrFrr�)r��	convertedrr#s`  @r�convert_proc_addressr��sG�����I�
�5�z�z�A�~�~����q�"�a���	H�	H�A��2�7�7�F�F�F�F�5��1��a��3D�3D�F�F�F�G�G�G�C�C�%�c�h�h�B�B�B�B�E�!�S��X�X�q�,A�,A�B�B�B�'D�'D������	�	���:�:�:�:��q�!�R���:�:�:�	(�	(�A��J�J�s�3�q�"�:�:���'�'�'�'�%�c�h�h�s�m�m�U�;�;�A�>�	��r&c�4�t��}ddg}|r|ddgz
}|D]F}	t|��||<�#t$r$td|z��}t	|��Y�CwxYwt��}t
|�����}|���d}|D]k}||D]`\}}	}
}}t|��}
d}t|��|vr|t|��}||d�d	|
�d
|	��d�d	|d�d	|
d�d	|d�d	|�d
�z
}�a�l|S)z5netstat-style output, without IPv6 address truncationrr�tcp6�udp6z!Could not get statistics for '%s'rr5�5r�r2�46�11r�)r7r�rr r*rg�list�keysr�r�r�)r<�
proc_net_datar�pr�rb�	protocolsr�r3rr4rfrxr1r�s               rr6r6s����F�F�M�
�E�N�E�	�"�
�&�&�!�!��
����	�6�q�9�9�M�!�����	�	�	��<��B�C�C�H���N�N�N��H�	����
�
�
�F��]�'�'�)�)�*�*�I�
�N�N����
�A�
�
O�
O��0=�a�0@�		O�		O�,�U�D�#�u�e�'��.�.�D��C��5�z�z�V�#�#��S��Z�Z�(��
�q�q�q�q�BF�$�$���7M�7M�7M�7M�7<�u�u�u�c�c�c�c�5�5�5�5�#�#�#�O�
O�A�A�		O�
�Hs�4�+A"�!A"c��|�|S|�d��r?t|��dkr|}nItj�||dd���}n tj�||��}|S)zAdd prefix to dirNrrr)r9rrhr�r�)r$r#�newdirs   r�	_findpathr�&so��
�~��
�
�~�~�c���+��s�8�8�a�<�<��F�F��W�\�\�&�#�a�b�b�'�2�2�F�F�����f�c�*�*���Mr&c���tjddkrtj|d��St	j|�dd������d��S)z,Take a string and convert it to a hex stringrr]�hexr�r�)�errorsr^)rcrg�codecsr��binascii�hexlify�decode)r�s r�
hex_encoder�4sX��
����Q����}�Q��&�&�&���A�H�H�W�X�H�>�>�?�?�F�F�w�O�O�Or&c��tjddkr)|�d����d��Stjdt|��dzr
|dd	�n|z���dd
��S)z,Take a hex string and convert it to a stringrr]r�)�encodingr�r�rNr\�backslashreplace)rcrgr�r��	unhexlifyr)�hs r�
hex_decoder�=s���
����Q����x�x��x�'�'�.�.�w�7�7�7���d��A����
�&A�a����f�f��B�C�C�J�J��#���r&�
/run/ufw.lockc�l�d}|s/t|d��}tj|tj��|S)zCreate a blocking lockfileN�w)rSrL�lockf�LOCK_EX)�lockfile�dryrun�locks   r�create_lockr�Ls7���D��)��H�c�"�"��
��D�%�-�(�(�(��Kr&c��|�dS	tj|tj��|���dS#t$rYdSwxYw)z(Free lockfile created with create_lock()N)rLr��LOCK_UNrYr!)r�s r�release_lockr�UsZ���|���
�
��D�%�-�(�(�(��
�
��������
�
�
�	
���
���s�3;�
A	�A	)r)Tr�)NT)F)r�F)I�__doc__�
__future__rr�r�r`rLr�r�rhr+rprr�r{rc�	functoolsr�tempfilerrr�rb�supported_protocolsr�ipv4_only_protocolsrr%r3r9r8rArPrUrZrnrvr�r�r�r�r*rdr�rJr�r�r��getpidr�r�r/r7rGr�rIr
rrrr0r<rPrWrgr�r�r6r�r�r�r�r�r�r&r�<module>r�s��(�(�"&�%�%�%�%�%�����
�
�
�
���������	�	�	�	�����	�	�	�	�	�	�	�	�
�
�
�
�
�
�
�
�
�
�
�
�����
�
�
�
�������$�$�$�$�$�$�$�$��	�
�
�Q�P�P��A�A�A���v�&�����4���(���4���2F�F�F�	�	�	�	�4�4�4�n���

L�
L�
L�G�G�G�2����%�%�%�	&�	&�	&����*����
�
�
��J��
�
�
�
����������
H�H�H��2�9�;�;�����.�"�)�+�+�!�!�!�!�N	�	�	����2$�$�$�\���: (� (� (�F7(�7(�7(�t,#�,#�,#�h���	$�	$�	$�	$�6�6�6�6�r#
�#
�#
�L*�*�*�*�@,�,�,�^"�"�"�J,�,�,�^���& 
� 
� 
�F���P�P�P��������

�

�

�

�

r&