%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python3/dist-packages/ufw/__pycache__/
Upload File :
Create Path :
Current File : //usr/lib/python3/dist-packages/ufw/__pycache__/util.cpython-312.pyc

�

��e���2�dZddlmZddlZddlZddlZddlZddlZddlZddl	Z	ddl
Z
ddlZddlZddl
Z
ddlZddlZddlmZddlmZmZdZdZgd�Zgd�Zd	d
gZd�Zd�Zd
�Zd�Zd�Zd9d�Zd�Z d�Z!d�Z"d�Z#d:d�Z$d�Z%d�Z&d�Z'd:d�Z(d�Z)ejTdfd�Z+d�Z,d�Z-d�Z.d �Z/e	j`�fd!�Z1e	j`�fd"�Z2d#�Z3d$�Z4d%�Z5d&�Z6d'�Z7d(�Z8d)�Z9d*�Z:d;d+�Z;d<d,�Z<d-�Z=d=d.�Z>d/�Z?d0�Z@d1�ZAd2�ZBd3�ZCd4�ZDd5�ZEd6�ZFd>d7�ZGd8�ZHy)?z"util.py: utility functions for ufw�)�print_functionN)�reduce)�mkstemp�mktempF)�tcp�udp�ipv6�esp�ah�igmp�gre�vrrp)r	r
rrr
rr	rc��d}	tj|�	tj|d�d}	tj|d�|dk(rd}|Sd}	|S#t$r�wxYw#t$rY�>wxYw#t$rY|SwxYw)z8Get the protocol for a specified port from /etc/services�rr�any)�socket�
getservbyname�	Exception)�port�protos  �*/usr/lib/python3/dist-packages/ufw/util.py�get_services_protor.s����E�����T�"�
����T�5�)���
����T�5�)��E�>��E��L�	�E��L��%��
����
��
���
���L�
�s3�A�A%�A4�A4�A"�%	A1�0A1�4	B�Bc��d}d}|jd�}t|�dk(r|d}d}||fSt|�dk(r/|d}|d}|tvrtd|z�}t	|��||fStd�}t	|��)	zParse port or port and protocolr�/�rr�zInvalid port with protocol '%s'zBad port)�split�len�portless_protocols�_�
ValueError)�p_strrr�tmp�err_msgs     r�parse_port_protor%Hs���
�D��E�
�+�+�c�
�C�
�3�x�1�}��1�v����
�%�=��

�S��Q���1�v���A����&�&��9�E�A�B�G��W�%�%�
�%�=���J�-����!�!�c�p�tjstd�yt|�dkDst	j
d|�sy|j
d�}	tjtj|d�t|�dkDryt|�dk(rt|dd	�syy	#t$rYywxYw)
zVerifies if valid IPv6 addressz"python does not have IPv6 support.F�+z^[a-fA-F0-9:\./]+$rrrrT)r�has_ipv6�warnr�re�matchr�	inet_pton�AF_INET6r�_valid_cidr_netmask��addr�nets  r�valid_address6r3\s����?�?��
1�2���4�y�2�~�R�X�X�&;�T�B��
�*�*�S�/�C��������#�a�&�1��3�x�!�|��	�S��Q��"�3�q�6�4�0��������s�'B)�)	B5�4B5c�Z�t|�dkDstjd|�sy|jd�}	t	j
tj|d�t|dd�sy	t|�dkDryt|�dk(rt|dd�syy#t$rYywxYw)	zVerifies if valid IPv4 address�z^[0-9\./]+$FrrrrT)
rr+r,rrr-�AF_INET�_valid_dotted_quadsr�
valid_netmaskr0s  r�valid_address4r9vs����4�y�2�~�R�X�X�n�d�;��
�*�*�S�/�C���������Q��0�"�3�q�6�5�1��2�
�3�x�!�|��	�S��Q���S��V�U�+��������s�6B�	B*�)B*c�6�t||�xst||�S)z(Verifies if valid cidr or dotted netmask)r/r7)�nm�v6s  rr8r8�s���r�2�&�E�*=�b�"�*E�Er&c��|dk(rt|�S|dk(rt|�S|dk(rt|�xst|�St�)zValidate IP addresses�6�4r)r3r9r!)r1�versions  r�
valid_addressrA�sI���#�~��d�#�#�	�C���d�#�#�	�E�	��d�#�;�~�d�';�;�
�r&c��g}d}d}tj}|rd}tj}d|vr5|jd�}|r|ddk(r|d=n'|s%|ddk(s|ddk(r|d=n|j	|�|s0t|�d	k(r"t
|d|�r	t|d|�|d<|d
}tj|tj||��}||d
k7rd}t|�d	k(r5|d|dzz
}|s(t|�}||k7rd|�d
|�d�}t|�|}d}t||�sd|z}t|�t�||fS#t$rY��wxYw)z�Convert address to standard form. Use no netmask for IP addresses. If
       netmask is specified and not all 1's, for IPv4 use cidr if possible,
       otherwise dotted netmask and for IPv6, use cidr.
    Fr?r>rr�128�32z255.255.255.255rrTzUsing 'z' for address '�'zInvalid address '%s')rr6r.r�appendrr7�_dotted_netmask_to_cidrr�	inet_ntopr-�_address4_to_network�debugrAr!)	�origr<r2�changedr@�s_typer1�network�dbg_msgs	         r�normalize_addressrP�s|��

�C��G��G�
�^�^�F�	�������
�d�{��j�j��o��
�#�a�&�E�/��A����Q��4��3�q�6�5F�+F��A���
�
�4��
�#�c�(�a�-�$7��A���$C�	�,�S��V�R�8�C��F�
�q�6�D����F�F�$4�$4�V�T�$B�C�D��s�1�v�~���
�3�x�1�}���c�!�f�����*�4�0�G��$��;B�D�I���g��������w�'�(�D�1��
�g�����'�?���5�	��	�s�E	�		E�Ec��t|d�S)z"Opens the specified file read-only�r)�open)�fns r�open_file_readrU�s����C�=�r&c�~�t|�}	t�\}}||||d�S#t$r|j��wxYw)z=Opens the specified file read-only and a tempfile read-write.)rK�orignamer#�tmpname)rUrr�close)rTrKr#rXs    r�
open_filesrZ�sJ���"��D�� ����g�
�r�#�'�K�K��	���
�
��
��s�
!�<c��|dk(ry|sttjd��tr7|tj
j
�k(rtj|�yd}tjddk\r!tj|t|d��}ntj||�}|dkrttjd��y)	z~Write to the file descriptor and error out of 0 bytes written. Intended
       to be used with open_files() and close_files().rNzNot a valid file descriptor���r��asciiz"Could not write to file descriptor)�OSError�errno�ENOENT�
msg_output�sys�stdout�fileno�write�version_info�os�bytes�EIO)�fd�out�rcs   r�
write_to_filern�s����b�y��
��e�l�l�$A�B�B��b�C�J�J�-�-�/�/�������	�B�
�����a��
�X�X�b�%��W�-�
.��
�X�X�b�#�
��	�Q�w��e�i�i�!E�F�F�r&Tc��|dj�tj|d�|r8tj|d|d�tj|d|d�tj
|d�y)zuCloses the specified files (as returned by open_files), and update
       original file with the temporary file.
    rKr#rWrXN)rYrh�shutil�copystat�copy�unlink)�fns�updates  r�close_filesrvsc����K�����H�H�S��Z��
�����J���Y��8����C�	�N�C�
�O�4��I�I�c�)�n�r&c��t|�	tj|tjtjd��}|j�d}|jt
|�gS#t
$r}dt
|�gcYd}~Sd}~wwxYw)z!Try to execute the given command.T)rd�stderr�universal_newlines�Nr)	rJ�
subprocess�Popen�PIPE�STDOUTr_�str�communicate�
returncode)�command�sp�exrls    r�cmdr�sx��	�'�N��
�
�
�g�j�o�o�%/�%6�%6�15�7��
�.�.�
�1�
�C��M�M�3�s�8�$�$��	���S��W�~����s�5A,�,	B�5B�B�Bc�*�	tj|tj��}tj||j��}|j
�d}|jt|�gS#t$r}dt|�gcYd}~Sd}~wwxYw)z#Try to pipe command1 into command2.)rd)�stdinrzNr)r{r|r}rdr_rr�r�)�command1�command2�sp1�sp2r�rls      r�cmd_piper�$sy������x�
���@�����x�s�z�z�:���/�/�
�A�
�C��N�N�C��H�%�%��	���S��W�~����s�AA2�2	B�;B
�B�
Bc�R�	|j}	|jdd�}tr5t	j
tj�r|j|�n|jt|��|j�y#t$r|}Y��wxYw#t$r|}Y��wxYw)zQImplement our own print statement that will output utf-8 when
       appropriate.�utf-8�ignoreN)�bufferr�encoderb�inspect�isclass�io�StringIOrfri�flush)�output�s�writerrls    r�_printr�2s����������h�h�w��)��
�g�o�o�b�k�k�2����Q�����U�3�Z� �
�L�L�N�������������s"�B�B�B�B�B&�%B&c��	ttjd|z�|rtjd�yy#t$rY�$wxYw)zPrint error message and exitz
ERROR: %s
rN)r�rcrx�IOError�exit)rl�do_exits  r�errorr�GsC��
��s�z�z�=�3�.�/����������
��
�s�8�	A�Ac�^�	ttjd|z�y#t$rYywxYw)zPrint warning messagez	WARN: %s
N)r�rcrxr��rls rr*r*Rs,��
��s�z�z�<�#�-�.���
��
�s� �	,�,c��tr|tjk(rt}	|rt|d|z�yt|d|z�y#t$rYywxYw)z
Print messagez%s
�%sN)rbrcrdr�r�)rlr��newlines   r�msgr�ZsK���f��
�
�*���
���6�6�C�<�(��6�4�#�:�&���
��
�s�A�A�	A�Ac�l�tr	ttjd|z�yy#t$rYywxYw)zPrint debug messagez
DEBUG: %s
N)�	DEBUGGINGr�rcrxr�r�s rrJrJhs6���	��3�:�:�}�s�2�3����	��	�s�'�	3�3c�>�t|fd�|jd��S)z�
    A word-wrap function that preserves existing line breaks
    and most spaces in the text. Expects that existing line
    breaks are posix newlines (
).
    c	��|�dt|�|jd�z
dz
t|jdd�d�z|k\�|��S)Nz 
�
rr)r�rfindr)�line�word�widths   r�<lambda>zword_wrap.<locals>.<lambda>wsV����#�d�)�D�J�J�t�$4�4�q�8��d�j�j��q�1�!�4�5�6�9>�?�A��	3�r&� )rr)�textr�s  r�	word_wrapr�qs%���5��
�*�*�S�/��r&c��t|d�S)zWord wrap to a specific width�K)r�)r�s r�	wrap_textr��s���T�2��r&c�6��d��|j�fd���y)a$Sorts list of strings into numeric order, with text case-insensitive.
       Modifies list in place.

       Eg:
       [ '80', 'a222', 'a32', 'a2', 'b1', '443', 'telnet', '3', 'http', 'ZZZ']

       sorts to:
       ['3', '80', '443', 'a2', 'a32', 'a222', 'b1', 'http', 'telnet', 'ZZZ']
    c�X�|j�rt|�S|j�S�N)�isdigit�int�lower)�ts rr�zhuman_sort.<locals>.<lambda>�s��q�y�y�{�S��V�����	�r&c�b��tjd|�D�cgc]
}�|���c}Scc}w)Nz([0-9]+))r+r)�k�c�norms  �rr�zhuman_sort.<locals>.<lambda>�s$���b�h�h�z�1�.E�F��T�!�W�F���Fs�,)�keyN)�sort)�lstr�s @r�
human_sortr��s���:�D��H�H�F�H�Gr&c��	t|�}tjjdt
|�d�}tjj|�std|z��t|�j�djdd�dj�d}t|�S#t$rtd��wxYw)zdFinds parent process id for pid based on /proc/<pid>/stat. See
       'man 5 proc' for details.
    zpid must be an integer�/proc�stat�Couldn't find '%s'r�)r)
r�rr!rh�path�joinr�isfiler�rS�	readlines�rsplitr)�mypid�pid�name�ppids    r�get_ppidr��s���3��%�j���7�7�<�<���S��6�2�D�
�7�7�>�>�$���*�d�3�4�4���:���!�!�$�+�+�C��3�A�6�<�<�>�q�A�D��t�9����3��1�2�2�3�s�B/�/Cc�x�	t|�}|dk(s|dkrytjjdt|�d�}tjj|�std�|z}t
|��	t|�j�dj�d}td
|z�|dk(ryt|�S#t$rtd�}t|�Yyt$r#td�t|�z}t
|��wxYw#t$rtd	�|z}t
|��wxYw)
z1Determine if current process is running under sshz%Couldn't find pid (is /proc mounted?)Fz!Couldn't find parent pid for '%s'rr�r�r�rz"Could not find executable for '%s'zunder_ssh: exe is '%s'z(sshd)T)r�r�r r*rrr!rhr�r�r�rSr�rrJ�	under_ssh)r�r��warn_msgr$r��exes      rr�r��s/��"���}���a�x�4�1�9��
�7�7�<�<���T��F�3�D�
�7�7�>�>�$���(�)�T�2����!�!�"��4�j�"�"�$�Q�'�-�-�/��2��
�
"�c�
*�+��h��������;���<�=���X����"��7�8�C��H�E����!�!�"�� �"��8�9�T�B����!�!�"�s�C�;-D�D�(+D�#D9c�v�d}|rd}tjd|�rt|�dkst|�|kDryy)zVerifies cidr netmasks� ��^[0-9]+$rFT)r+r,r�)r;r<�nums   rr/r/�s7��
�C�	���
�8�8�K��$��B��!��s�2�w��}��r&c���|rytjd|�rH|jd�}t|�dk7ry|D]"}|rt	|�dkst	|�dkDs�"yyy)z.Verifies dotted quad ip addresses and netmasksFz^[0-9]+\.[0-9\.]+$�.�r�T)r+r,rrr�)r;r<�quads�qs    rr7r7�se��	��
�8�8�)�2�.��H�H�S�M�E��5�z�Q����
!���C��F�Q�J�#�a�&�3�,� �
!��r&c	���d}|rt�t||�st�d}	ttjdtj|��d�}d}td�D]}||z	dzdk(rd}�|rd}n|dz
}�|dk\r|dkrtd|z
�}t||�st�|S#t$r8ttjdtj|��d�}Y��wxYw)	z@Convert netmask to cidr. IPv6 dotted netmasks are not supported.rr�>LFr�rTr\)r!r7�long�struct�unpackr�	inet_aton�	NameErrorr��rangerr/)r;r<�cidr�mbits�bits�	found_one�ns       rrGrG�s���
�D�	���"�2�r�*�����
	E���
�
�d�F�,<�,<�R�,@�A�!�D�E�D��	��r��	�A���	�Q��!�#� �	���E���Q�J�E�	��A�:�%�2�+��r�E�z�?�D��t�R�(����K��)�	E��v�}�}�T�6�+;�+;�B�+?�@��C�D�D�	E�s�5B,�,>C-�,C-c�B�d}|rt�t||�st�	td�}t	d�D]}|t|�ks�|dd|z
zz}�t
jtjd|��}t||�st�|S#t$rd}Y�twxYw)z<Convert cidr to netmask. IPv6 dotted netmasks not supported.rrr�rr5r�)r!r/r�r�r�r�r�	inet_ntoar��packr7)r�r<r;r�r�s     r�_cidr_to_dotted_netmaskr�$s���	�B�	���"�4��,���
	���7�D��r��	$�A��3�t�9�}���R�!�V��#��	$��
�
�f�k�k�$��5�
6���r�2�&���
�I���	��D�	�s�B�B�Bc	��d|vr
td�|S|jd�}t|�dk7st|dd�st�|d}|d}|}t|d�rt
|d�}	ttjdtj|��d�}ttjdtj|��d�}||z}tjtjd|��}|�d|��S#t$rmttjdtj|��d�}ttjdtj|��d�}Y��wxYw)z8Convert an IPv4 address and netmask to a network addressrz8_address4_to_network: skipping address without a netmaskrrFrr�)rJrrr7r!r/r�r�r�r�rr�r�r�r�r�)	r1r#�host�orig_nmr;�	host_bits�nm_bits�network_bitsrNs	         rrIrIAsO��
�$��
�H�I���
�*�*�S�/�C�
�3�x�1�}�/��A���>����q�6�D��!�f�G�	�B��2�u�%�
$�R��
/��D�����t�V�-=�-=�d�-C�D�Q�G�H�	��v�}�}�T�6�+;�+;�B�+?�@��C�D��
�w�&�L����v�{�{�4��>�?�G��w�'�'���D���
�
�d�F�,<�,<�T�,B�C�A�F�G�	��f�m�m�D�&�*:�*:�2�*>�?��B�C��D�s�+A*D
�
A3F�?Fc��d�}d|vr
td�|S|jd�}t|�dk7st|dd�st�|d}|d}tjdtjtj|��}	td�}td	�D]>}|||d
�}td
�D]"}	|dt||	�zd|	z
|d
zz
zz}�$�@	td�}
td�D]}|t|�ks�|
dd|z
zz}
�||
z}g}td	�D]0}|jt||d�|d
z|d
zd
zd���2tjtjtj d|d|d|d|d
|d|d|d|d�	�}
|
�d|��S#t$rd}Y��3wxYw#t$rd}
Y��wxYw)z8Convert an IPv6 address and netmask to a network addressc	��djt|dz
dd�D�cgc]}t||z	dz���c}�Scc}w)zDecimal to binaryrrr\)r�r�r)r��count�ys   r�dec2binz%_address6_to_network.<locals>.dec2binfs9���w�w�U�5��7�B��5K�L���S�A�X��N�+�L�M�M��Ls�=rz8_address6_to_network: skipping address without a netmaskrrTrz>8H��rzr�r]r����)rJrrr8r!r�r�rr-r.r�r�r�r�rFrHr�)r1r�r#�	orig_host�netmask�unpackedr��ir��jr�r2r�rNs              r�_address6_to_networkr	ds��N��$��
�H�I���
�*�*�S�/�C�
�3�x�1�}�M�#�a�&�$�7����A��I��!�f�G��}�}�U�F�$4�$4�V�_�_�5>�%@�A�H����G�	��1�X�9���H�Q�K��$���r��	9�A��!�c�!�A�$�i�-�S��U�1�R�4�Z�8�8�I�	9�9���q�'���3�Z�*���s�7�|���q�W��M�)�)�G�*�
�g�
�C�
�C�
�1�X�<���
�
�3�w�s�C�(��2��a��d�2�g�6��:�;�<����v���%�{�{�5�#�a�&�#�a�&�+.�q�6�3�q�6�3�q�6�+.�q�6�3�q�6�3�q�6� C�D�G�
�w�'�'��A���	��������s$�F<�$G�<G�
G�G�Gc��|jd�}t|�dk7st|d|�st�|d}|d}|dk(s|dk(ry|}d|vr9|jd�}t|�dk7st|d|�st�|d}|dk(s|dk(ry|rt	|�rt	|�s"t�t|�rt|�st�t
||�r|st||�}|rIt|�d|���jd�d}t|�d|���jd�d}||k(St|�d|���jd�d}t|�d|���jd�d}||k(S)z&Determine if address x is in network yrrrrz0.0.0.0z::T)
rrr8r!r3r9r/r�r	rI)	�
tested_add�
tested_netr<r#rr�address�orig_networkrNs	         r�
in_networkr�s���
�
�
�3�
�C�
�3�x�1�}�M�#�a�&�"�5����A��I��!�f�G��I���d�!2���G�
�g�~��m�m�C� ���s�8�q�=�
�c�!�f�b� 9����a�&���)��w�$���	��g�&�n�Y�.G����g�&�n�Y�.G����7�B�'��)�'�2�6��
�+�-6��-A�B�BG�%��*�Q�P��&�(/��(:�;�;@�5��:�a�I���l�"�"�,�-6��-A�B�BG�%��*�Q�P��&�(/��(:�;�;@�5��:�a�I���l�"�"r&c���d}dD]E}tjj|d�}tjj|�rnd}�G|dk(rt	t
jd��|S)Nr)z/sbinz/binz	/usr/sbinz/usr/binz/usr/local/sbinz/usr/local/bin�iptableszCould not find iptables)rhr�r��existsr_r`ra)r��ds  r�_find_system_iptablesr�sf��
�C�3����g�g�l�l�1�j�)��
�7�7�>�>�#����C���b�y��e�l�l�$=�>�>��Jr&c���|�
t�}t|dg�\}}|dk7rttjd|z��|j�}t
jdd|d�S)zReturn iptables versionz-VrzError running '%s'z^vrr)rr�r_r`rarr+�sub)r�rmrlr#s    r�get_iptables_versionr�sa��
�{�#�%���S�$�K� �I�R��	�Q�w��e�l�l�$8�C�$@�A�A�

�)�)�+�C�
�6�6�$��C��F�#�#r&c�(�d�}|r1tj�dk7rttjd��|�
t�}g}d}|j
d�rd}|tdd��z
}t|d	|g�\}}|dk7rttj|��|||gd
��r|jd�|||gd��r|jd
�t|d|g�t|d|g�\}}|dk7rttj|��|S)z[Return capabilities set for netfilter to support new features. Callers
       must be root.c�<�|d|g}t||z�\}}|dk(ryy)Nz-ArTF)r�)r��chain�rule�argsrmrls      r�test_capz,get_netfilter_capabilities.<locals>.test_cap�s-���T�5�!����t��$�	��S�
��7��r&rzMust be rootz
ufw-caps-test�	ip6tableszufw6-caps-testr)�prefix�dirz-N)�-m�	conntrack�	--ctstate�NEWr!�recentz--setz
recent-set)r!r"r#r$r!r%z--updatez	--seconds�30z
--hitcountr>z
recent-updatez-Fz-X)rh�getuidr_r`�EPERMr�endswithrr�rarF)r��	do_checksr�capsrrmrls       r�get_netfilter_capabilitiesr,�s����R�Y�Y�[�A�%��e�k�k�>�2�2�
�{�#�%��
�D��E�
�|�|�K� � ��
�V�2�2�
&�&�E��S�$��&�'�I�R��	�Q�w��e�l�l�C�(�(���U�6�7����L�!���U�0�1�	
���O�$���d�E����S�$��&�'�I�R��	�Q�w��e�l�l�C�(�(��Kr&c�|�t|�}t�}|j�D�]}|jd�s|jd�s�'|j	�}|d}|dj	d�d}t�}dj|dj	d�dd�|d<|d	|d
<|dj	d�d|d
<|d
dk(r	|d
|d<n|dj	d�d|d<||vrt�||<g|||<n|||vrg|||<|||j
|���|S)z:Get and parse netstat the output from get_netstat_output()rrrr�:r\N�laddrr]�uidrrr��-r�)�get_netstat_output�dict�
splitlines�
startswithrr�rF)r<�netstat_outputrr�r#rr�items        r�parse_netstat_outputr8'sP��(��+�N���A��)�)�+�$�����u�%�d�o�o�e�.D���j�j�l���A����1�v�|�|�C� ��$���v������Q����c�!2�3�B�!7�8��W�
��!�f��U���!�f�l�l�3�'��*��U����;�#���u�+�D��K��a�&�,�,�s�+�A�.�D��K���>��v�A�e�H��A�e�H�T�N��1�U�8�#�!#��%����	�%������d�#�1$�4
�Hr&c��d}|�rd}tjj|�sttj
d|z��t
|�j�D]�}|j�}||dk(s�djtdt|d�d�D�cgc]
}|d||dz��c}�}|dj�d	k7s�r|�d
t|dj�d���}��|dk(r�ttjd��t!j t j"t j$�}	t!j&t)j*|j-�d
t/j0d|dd��dd�}t5||�dScc}w#t2$rttjd��wxYw)zGet IP address for interfacer�/proc/net/if_inet6�'%s' does not existrr.rr�r�80rr�No such devicei��256sN���)rhr�rr_r`rarSr�rr�r�rr�r�r��ENODEVrr6�
SOCK_DGRAMr��fcntl�ioctlrer�r�rrP)�ifnamer<r1�procr�r#rr�s        r�get_ip_from_ifrHMs���
�D�
�#���w�w�~�~�d�#��%�,�,�(=��(D�E�E���J�(�(�*�	E�D��*�*�,�C���Q����x�x�38��C��A��K��3K�L�a�C��F�1�Q�q�S�M�L�N���q�6�<�<�>�T�)�&*�C��A������,C�D�D�	E��2�:��%�,�,�(8�9�9��M�M�&�.�.�&�*;�*;�<��	:��#�#�E�K�K����
�F�$*�K�K���s���$D�%F�FH��%M�N�D�
�T�2�&�q�)�)��M���	:��%�,�,�(8�9�9�	:�s�F&
�AF+�+$Gc
��d}d}t|�rd}d}n%t|�sttjd��t
jj|�sttjd|z��d}|r�t|�j�D]�}|j�}|dj�}d	jtd
t!|d
�d�D�cgc]
}|d
||dz��c}�}|dj#�d
k7r"|�dt%|dj#�d���}||k(sd|vs��t'||d�s��|}|S|St|�j�D]@}d	|vr�|jd	�d
j�}	t)|d�}	|	|k(s�=|}|S|Scc}w#t$rY�UwxYw)zGet interface for IP addressFz
/proc/net/devTr:r=r;rrr.rr�rr<rr)r3r9r�r`rBrhr�rr_rarSr�r�stripr�r�rr�r�rrH)
r1r<rG�matchedr�r#rFr�tmp_addr�ips
          r�get_if_from_iprNms���	�B��D��d��
��#��
�D�
!��e�l�l�$4�5�5�
�7�7�>�>�$���e�l�l�$9�D�$@�A�A��G�	���J�(�(�*�	�D��*�*�,�C���V�\�\�^�F��x�x�38��C��A��K��3K�L�a�C��F�1�Q�q�S�M�L�N�H��1�v�|�|�~��%�&.��C��F�L�L�N�B�0G�H���x���x��J�t�X�t�$D� ��� �N�9	�8�N���J�(�(�*�	�D��$����Z�Z��_�Q�'�-�-�/�F�
�#�F�E�2���T�z� ����N�	��N��/M�� �
��
�s�F.
�F3�3	F?�>F?c�2�tjd�}|j�tjd�}t�}|D�]}|j
|�s�tjjd|d�}tj|tjtjz�s�md}	tjtjjd|d��}	tj|�}|D]`}	tjtjj||��d}|�dtjj|���||<�b��!|S#t$rY��wxYw#t$rY��?wxYw#t$rY��wxYw)zGet inodes of files in /procr�r�rkr1r�rr)rh�listdirr�r+�compiler3r,r�r��access�F_OK�R_OK�readlinkrr��basename)	�
proc_files�pat�inodesr�fd_path�exe_path�dirsr�inodes	         r�_get_proc_inodesr^�sZ�����G�$�J��O�O��
�*�*�[�
!�C�
�V�F�
�F���y�y��|���'�'�,�,�w��4�0���y�y��"�'�'�B�G�G�"3�4����	��{�{�2�7�7�<�<���E�#B�C�H�	��:�:�g�&�D��	F�A�
���������W�a� 8�9�!�<��()�"�'�'�*:�*:�8�*D�E�F�5�M�	F�+F�8�M���	��	��
�	��	���
��
�s6�74E+�,E:�6F
�+	E7�6E7�:	F�F�
	F�Fc�l�ddddddddd	d
dd�}d
dddd�}tjjd|�}tj|tjtj
z�st�g}d}t|�j�}|D]�}|j�}|sd}�|t||dd�}	|jd�rd}	n|jd�r|	d
k7r�X||djd�\}
}||d}||d}
|j|
t|d�||
|	f���|S)z=Read /proc/net/(tcp|udp)[6] file and return a list of tuples �ESTABLISHED�SYN_SENT�SYN_RECV�	FIN_WAIT1�	FIN_WAIT2�	TIME_WAIT�CLOSE�
CLOSE_WAIT�LAST_ACK�LISTEN�CLOSING)rrr]r�rrrr��	�
�rr]rrk)�
local_addr�stater0r]z	/proc/netFTrorr�NArrnr.r0r])
rhr�r�rRrSrTr!rSr�rr�r5rF)�protocol�
tcp_states�proc_net_fieldsrTr��
skipped_first�linesr��fieldsror/rr0r]s              r�_read_proc_net_protocolrw�s]��#� � �!�!�!��"� �� ��J�'(�!"� �!"��O�
�����k�8�	,�B�
�9�9�R����2�7�7�*�+���
�C��M���H��� �E��
>�������� �M���3�v�o�g�&>�?��D�E�����u�%��E�
�
 �
 ��
'�E�X�,=���_�\�:�;�A�A�#�F���t��_�U�+�,����w�/�0���
�
�E�3�t�R�=�#�u�e�<�=�
>��Jr&c�X�d}t|�dkDr�d}tddd�D]8}|djt|dz|d�D�cgc]
}||dz
|��c}�z
}�:tdjtdt|�d�D�cgc]}|||dzj	���c}�d	�d}|Sg}tddd�D�cgc]
}||dz
|��c}D]&}|jt
t|d
����(tdj|�d�d}|Scc}wcc}wcc}w)
zDConvert an address from /proc/net/(tcp|udp)* to a normalized addressrr�rr����rr.r�Trr�F)rr�r�rPr�rFrr�)�paddr�	convertedr#rrs     r�convert_proc_addressr|�s2���I�
�5�z�A�~����q�"�a��	H�A��2�7�7�5��1��a��3D�F�a�U�1�Q�3�q�\�F�G�G�C�	H�%�c�h�h�,1�!�S��X�q�,A�B�q��A�a��c�
� � �"�B�'D�����	�����).�q�!�R��:�A�5��1��Q�<�:�	(�A��J�J�s�3�q�"�:��'�	(�%�c�h�h�s�m�U�;�A�>�	����G��B��;s�D�D"�D'c���t�}ddg}|r|ddgz
}|D]}	t|�||<�t�}t
|j��}|j�d}|D][}||D]Q\}}	}
}}t|�}
d}t|�|vr|t|�}||d�d	|
�d
|	��d�d	|d�d	|
d�d	|d�d	|�d
�z
}�S�]|S#t$rtd|z�}t	|�Y��wxYw)z5netstat-style output, without IPv6 address truncationrr�tcp6�udp6z!Could not get statistics for '%s'rr1�5r�r.�46�11r�)r3rwrr r*r^�list�keysr�r|r�)r<�
proc_net_datar�pr�rY�	protocolsr�r/rr0r]ror1r�s               rr2r2s$���F�M�
�E�N�E�	�
�&�&�!�!��
���	�6�q�9�M�!����
�F��]�'�'�)�*�I�
�N�N��
�A�
�
O��0=�a�0@�		O�,�U�D�#�u�e�'��.�D��C��5�z�V�#��S��Z�(��
�q�BF��7M�7<�c�5�#�O�
O�A�		O�
O�
�H��/�	��<��B�C�H���N��	�s�C�"C*�)C*c���|�|S|jd�r7t|�dkr|}|Stjj	||dd�}|Stjj	||�}|S)zAdd prefix to dirNrrr)r5rrhr�r�)r r�newdirs   r�	_findpathr�&sm��
�~��
�
�~�~�c���s�8�a�<��F�
�M��W�W�\�\�&�#�a�b�'�2�F��M������f�c�*���Mr&c���tjddkrtj|d�St	j
|jdd���j
d�S)z,Take a string and convert it to a hex stringrr]�hexr�r�)�errorsr^)rcrg�codecsr��binascii�hexlify�decode)r�s r�
hex_encoder�4sQ��
�����Q���}�}�Q��&�&����A�H�H�W�X�H�>�?�F�F�w�O�Or&c���tjddkr!|jd��jd�Stjdt|�dzr|dd	n|z�jdd
�S)z,Take a hex string and convert it to a stringrr]r�)�encodingr�r�rNr\�backslashreplace)rcrgr�r��	unhexlifyr)�hs r�
hex_decoder�=sn��
�����Q���x�x��x�'�.�.�w�7�7����d��A���
�a���f��B�C�J�J��#��r&c�n�d}|s0t|d�}tj|tj�|S)zCreate a blocking lockfileN�w)rSrD�lockf�LOCK_EX)�lockfile�dryrun�locks   r�create_lockr�Ls-���D���H�c�"��
���D�%�-�-�(��Kr&c��|�y	tj|tj�|j�y#t$rYywxYw)z(Free lockfile created with create_lock()N)rDr��LOCK_UNrYr!)r�s r�release_lockr�Us>���|��
�
���D�%�-�-�(��
�
����
�	
�
�s�4:�	A�A)r)Tr�)NT)F)z
/run/ufw.lockF)I�__doc__�
__future__rr�r�r`rDr�r�rhr+rprr�r{rc�	functoolsr�tempfilerrr�rb�supported_protocolsr�ipv4_only_protocolsrr%r3r9r8rArPrUrZrnrvr�r�r�r�r*rdr�rJr�r�r��getpidr�r�r/r7rGr�rIr	rrrr,r8rHrNr^rwr|r2r�r�r�r�r��r&r�<module>r�sv��(�"&��
���	��	�	�
�
�
��
��$��	�
�
�Q��A���v�&���4�(�4�2F�	�4�n�

L�G�2�%�	&��*�
��J�J��
����
H��2�9�9�;��.�"�)�)�+�!�N	��2$�\�: (�F7(�t,#�h�	$�6�r#
�L*�@,�^"�J,�^�& 
�F�P���

r&

Zerion Mini Shell 1.0