idk-ZddlZddlmZddlmZdZdZGddeZGdd Zy) N getrandbits)SoSMapcF|Dcgc]}|r tdndc}Scc}w)aGenerate a random set of hextets, based on the length of the source hextet. If any hextets are compressed, keep that compression. E.G. '::1234:bcd' will generate a leading empty '' hextet, followed by two 4-character hextets. :param hextets: The extracted hextets from a source address :type hextets: ``list`` :returns: A set of randomized hextets for use in an obfuscated address :rtype: ``list`` ) random_hex)hextetshs ?/usr/lib/python3/dist-packages/sos/cleaner/mappings/ipv6_map.pygenerate_hextetsr s#18 81QJqMB & 88 8sc*td|zd|dS)zGenerate a string of size length of random hex characters. :param length: The number of characters to generate :type length: ``int`` :returns: A string of ``length`` hex characters :rtype: ``str`` r0xr)lengths r r r "s !F(#AfXQ; /0c>eZdZdZiZgdZdgZdZdZdZ dZ d dZ y ) SoSIPv6MapatMapping for IPv6 addresses and networks. Much like the IP map handles IPv4 addresses, this map is designed to take IPv6 strings and obfuscate them consistently to maintain network topology. To do this, addresses will be manipulated by the ipaddress library. If an IPv6 address is encountered without a netmask, it is assumed to be a /64 address. )z^::1/.*z::/0zfd53:.*z^53..:534fFcJd|vry|dD]}tj|}|d|d}|j||}|j|j|j <|d|dD]1}|d|d|}|j ||||j|<3y)zOverride the base conf_update() so that we can load the existing networks into ObfuscatedIPv6Network() objects for the current run. networksN obfuscatedhosts) ipaddress ip_network _get_networkobfuscated_addressdatasetoriginal_addressadd_obfuscated_host_address)selfconfignetwork_orig _obfuscated_nethost_ob_hosts r conf_updatezSoSIPv6Map.conf_updateGs V # j) .G((1E ,W5lCK$$UK8D262I2IDLL.. /z*73G< .!*-g6w?E00x@%- T" .  .rc d|vr|jddnd}|}|s|dz } tj|}|j|}|j}|r d|vr|d|S|S#t $rtj|d}|j|}|j |jvr#|j|j|j<tj|jdd}|j|}YwxYw)N/rz/64F)strictr) splitrrrr ValueError network_addrrr ip_addressobfuscate_host_address)r"ipaddr_prefix_ipaddr_addrr' _hostaddrs r sanitize_itemzSoSIPv6Map.sanitize_itemWs+.&=&,,s#B'b u G =((1E$$U+D--G s')Yay) )! = ((?E$$U+D   46:6M6M T223!,,W]]3-?-BCI11)zBObfuscatedIPv6Network._obfuscate_global_address..s'1u's 5) r1r/alllenr=r appendextendr join)r"_hextets_ob_hex_starts r r^z/ObfuscatedIPv6Network._obfuscate_global_addresss$$**3/3( 'h' ' 3t//0C78FA0GT---#HZ]O4T---    # #G ,iG'12xx  rc|jjddd}dg}|jt|dj |S)a The first 8 bits will always be 'fd', the next 40 bits are meant to be a global ID, followed by 16 bits for the subnet. To keep things relatively simply we maintain the first hextet as 'fd53', and then randomize any remaining hextets rcrNfd53)r1r/rnr ro)r"rprqs r raz0ObfuscatedIPv6Network._obfuscate_private_addresssI $$**3/3('12xx  rcfd}|jjvrjjd}|jt |dj d|}|jj vr$|}|jj vr$j|j|j|jS)aGiven an unobfuscated address, generate an obfuscated match for it, and save it to this network for tracking during the execution of clean. Note: another way to do this would be to convert the obfuscated network to bytes, and add a random amount to that based on the number of addresses that the network can support and from that new bytes count craft a new IPv6 address. This has the advantage of absolutely guaranteeing the new address is within the network space (whereas the method employed below could *theoretically* generate an overlapping address), but would in turn remove any ability to compress obfuscated addresses to match the general format/syntax of the address it is replacing. For the moment, it is assumed that being able to maintain a quick mental note of "unobfuscated device ff00::1 is obfuscated device 53ad::a1b2" is more desireable than "ff00::1 is now obfuscated as 53ad::1234:abcd:9876:a1b2:". :param addr: The unobfuscated IPv6 address :type addr: ``ipaddress.IPv6Address`` :returns: An obfuscated address within this network :rtype: ``str`` c djjdjtjdgS)Nrrc)rorQr r/)_hostr"sr _generate_addresszGObfuscatedIPv6Network.obfuscate_host_address.._generate_addresss=77(()%++c*:;< rrcN)r;rr1rstriprllstripvaluesr!)r"rLrx_nr)rws` @r r3z,ObfuscatedIPv6Network.obfuscate_host_addresss.  ??$** ,""))#.BOOCGH-44S9E(*Hdjj//11,.djj//11  , ,T__h Gzz$//**rc"||j|<y)zjAdds an obfuscated pair to the class for tracking and ongoing consistency in obfuscation. N)r)r"r(rs r r!z1ObfuscatedIPv6Network.add_obfuscated_host_addresss& 4r)rN) r?r@rArBrWpropertyrr rPr^rar3r!rFrr r<r<sP  AD;;$$!"!4 !%+N&rr<) rrandomrsos.cleaner.mappingsrr r rr<rFrr rs5'9" 1O$O$dW&W&r