Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
re6stnet
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Joanne Hugé
re6stnet
Commits
d496e4b8
Commit
d496e4b8
authored
Jun 25, 2021
by
Joanne Hugé
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove backwards compatibility and set min_protocol to 7
parent
ba573ab7
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
53 additions
and
83 deletions
+53
-83
re6st/registry.py
re6st/registry.py
+0
-4
re6st/tunnel.py
re6st/tunnel.py
+50
-74
re6st/utils.py
re6st/utils.py
+1
-1
re6st/version.py
re6st/version.py
+2
-2
re6st/x509.py
re6st/x509.py
+0
-2
No files found.
re6st/registry.py
View file @
d496e4b8
...
...
@@ -548,10 +548,6 @@ class RegistryServer(object):
msg
=
self
.
_queryAddress
(
peer
)
if
msg
is
None
:
return
# Remove country for old nodes
if
self
.
getPeerProtocol
(
cn
)
<
7
:
msg
=
';'
.
join
(
','
.
join
(
a
.
split
(
','
)[:
3
])
for
a
in
msg
.
split
(
';'
))
cert
=
self
.
getCert
(
cn
)
msg
=
"%s %s"
%
(
peer
,
msg
)
logging
.
info
(
"Sending bootstrap peer: %s"
,
msg
)
...
...
re6st/tunnel.py
View file @
d496e4b8
...
...
@@ -195,7 +195,6 @@ class BaseTunnelManager(object):
'babel_hmac_sign'
,
'encrypt'
,
'hello'
,
'ipv4'
,
'ipv4_sublen'
))
_geoiplookup
=
None
_forward
=
None
_next_rina
=
True
...
...
@@ -229,16 +228,6 @@ class BaseTunnelManager(object):
}
==
address_dict
:
address_dict
=
cache_dict
db
=
os
.
getenv
(
'GEOIP2_MMDB'
)
if
db
:
from
geoip2
import
database
,
errors
country
=
database
.
Reader
(
db
).
country
def
geoiplookup
(
ip
):
try
:
return
country
(
ip
).
country
.
iso_code
.
encode
()
except
errors
.
AddressNotFoundError
:
return
self
.
_geoiplookup
=
geoiplookup
if
cache
.
same_country
:
self
.
_country
=
{}
...
...
@@ -392,62 +381,53 @@ class BaseTunnelManager(object):
msg
=
peer
.
decode
(
msg
)
if
type
(
msg
)
is
tuple
:
seqno
,
msg
,
protocol
=
msg
def
handleHello
(
peer
,
seqno
,
msg
,
retry
):
if
seqno
==
2
:
i
=
len
(
msg
)
//
2
h
=
msg
[:
i
]
try
:
peer
.
verify
(
msg
[
i
:],
h
)
peer
.
newSession
(
self
.
cert
.
decrypt
(
h
),
protocol
)
except
(
AttributeError
,
crypto
.
Error
,
x509
.
NewSessionError
,
subprocess
.
CalledProcessError
):
logging
.
debug
(
'ignored new session key from %r'
,
address
,
exc_info
=
1
)
return
peer
.
version
=
self
.
_version
\
if
self
.
_sendto
(
to
,
'
\
0
'
+
self
.
_version
,
peer
)
else
''
return
if
seqno
:
h
=
x509
.
fingerprint
(
self
.
cert
.
cert
).
digest
()
seqno
=
msg
.
startswith
(
h
)
msg
=
msg
[
len
(
h
):]
try
:
cert
=
self
.
cert
.
loadVerify
(
msg
,
True
,
crypto
.
FILETYPE_ASN1
)
stop_date
=
x509
.
notAfter
(
cert
)
serial
=
cert
.
get_serial_number
()
if
serial
in
self
.
cache
.
crl
:
raise
ValueError
(
"revoked"
)
except
(
x509
.
VerifyError
,
ValueError
),
e
:
if
retry
:
return
True
logging
.
debug
(
'ignored invalid certificate from %r (%s)'
,
address
,
e
.
args
[
-
1
])
return
p
=
utils
.
binFromSubnet
(
x509
.
subnetFromCert
(
cert
))
if
p
!=
peer
.
prefix
:
if
not
prefix
.
startswith
(
p
):
logging
.
debug
(
'received %s/%s cert from wrong source %r'
,
int
(
p
,
2
),
len
(
p
),
address
)
return
peer
=
x509
.
Peer
(
p
)
insort
(
self
.
_peers
,
peer
)
peer
.
cert
=
cert
peer
.
serial
=
serial
peer
.
stop_date
=
stop_date
self
.
selectTimeout
(
stop_date
,
self
.
invalidatePeers
,
False
)
if
seqno
:
self
.
_sendto
(
to
,
peer
.
hello
(
self
.
cert
,
protocol
))
else
:
msg
=
peer
.
hello0
(
self
.
cert
.
cert
)
if
msg
and
self
.
_sendto
(
to
,
msg
):
peer
.
hello0Sent
()
if
handleHello
(
peer
,
seqno
,
msg
,
seqno
):
# It is possible to reconstruct the original message because
# the serialization of the protocol version is always unique.
msg
=
utils
.
packInteger
(
protocol
)
+
msg
protocol
=
0
handleHello
(
peer
,
seqno
,
msg
,
False
)
if
seqno
==
2
:
i
=
len
(
msg
)
//
2
h
=
msg
[:
i
]
try
:
peer
.
verify
(
msg
[
i
:],
h
)
peer
.
newSession
(
self
.
cert
.
decrypt
(
h
),
protocol
)
except
(
AttributeError
,
crypto
.
Error
,
x509
.
NewSessionError
,
subprocess
.
CalledProcessError
):
logging
.
debug
(
'ignored new session key from %r'
,
address
,
exc_info
=
1
)
return
peer
.
version
=
self
.
_version
\
if
self
.
_sendto
(
to
,
'
\
0
'
+
self
.
_version
,
peer
)
else
''
return
if
seqno
:
h
=
x509
.
fingerprint
(
self
.
cert
.
cert
).
digest
()
seqno
=
msg
.
startswith
(
h
)
msg
=
msg
[
len
(
h
):]
try
:
cert
=
self
.
cert
.
loadVerify
(
msg
,
True
,
crypto
.
FILETYPE_ASN1
)
stop_date
=
x509
.
notAfter
(
cert
)
serial
=
cert
.
get_serial_number
()
if
serial
in
self
.
cache
.
crl
:
raise
ValueError
(
"revoked"
)
except
(
x509
.
VerifyError
,
ValueError
),
e
:
logging
.
debug
(
'ignored invalid certificate from %r (%s)'
,
address
,
e
.
args
[
-
1
])
return
p
=
utils
.
binFromSubnet
(
x509
.
subnetFromCert
(
cert
))
if
p
!=
peer
.
prefix
:
if
not
prefix
.
startswith
(
p
):
logging
.
debug
(
'received %s/%s cert from wrong source %r'
,
int
(
p
,
2
),
len
(
p
),
address
)
return
peer
=
x509
.
Peer
(
p
)
insort
(
self
.
_peers
,
peer
)
peer
.
cert
=
cert
peer
.
serial
=
serial
peer
.
stop_date
=
stop_date
self
.
selectTimeout
(
stop_date
,
self
.
invalidatePeers
,
False
)
if
seqno
:
self
.
_sendto
(
to
,
peer
.
hello
(
self
.
cert
,
protocol
))
else
:
msg
=
peer
.
hello0
(
self
.
cert
.
cert
)
if
msg
and
self
.
_sendto
(
to
,
msg
):
peer
.
hello0Sent
()
elif
msg
:
# We got a valid and non-empty message. Always reply
# something so that the sender knows we're still connected.
...
...
@@ -471,11 +451,6 @@ class BaseTunnelManager(object):
return
self
.
_makeTunnel
(
peer
,
msg
)
else
:
if
peer
:
# Don't send country to old nodes
if
self
.
_getPeer
(
peer
).
protocol
<
7
:
return
';'
.
join
(
','
.
join
(
a
.
split
(
','
)[:
3
])
for
a
in
';'
.
join
(
self
.
_address
.
itervalues
()).
split
(
';'
))
return
';'
.
join
(
self
.
_address
.
itervalues
())
elif
not
code
:
# network version
if
peer
:
...
...
@@ -886,12 +861,13 @@ class TunnelManager(BaseTunnelManager):
if
x
[
2
]
in
self
.
_disable_proto
:
continue
if
same_country
:
if
len
(
x
)
<
4
:
continue
family
,
ip
=
resolve
(
*
x
[:
3
])
my_country
=
self
.
_country
.
get
(
family
,
self
.
_conf_country
)
if
my_country
:
for
ip
in
ip
:
# Use geoip if there is no country in the address
country
=
x
[
3
]
if
len
(
x
)
>
3
else
self
.
_geoiplookup
(
ip
)
country
=
x
[
3
]
if
country
and
(
country
!=
my_country
if
my_country
in
same_country
else
country
in
same_country
):
...
...
re6st/utils.py
View file @
d496e4b8
...
...
@@ -233,7 +233,7 @@ def ipFromBin(ip, suffix=''):
def
dump_address
(
address
):
return
';'
.
join
(
map
(
','
.
join
,
address
))
# Yield ip, port, protocol, and country
if it is in the address
# Yield ip, port, protocol, and country
def
parse_address
(
address_list
):
for
address
in
address_list
.
split
(
';'
):
try
:
...
...
re6st/version.py
View file @
d496e4b8
...
...
@@ -32,8 +32,8 @@ if dirty:
# they are intended to the network admin.
# Only 'protocol' is important and it must be increased whenever they would be
# a wish to force an update of nodes.
protocol
=
7
min_protocol
=
1
protocol
=
8
min_protocol
=
7
if
__name__
==
"__main__"
:
print
version
re6st/x509.py
View file @
d496e4b8
...
...
@@ -229,8 +229,6 @@ class Peer(object):
def
hello0
(
self
,
cert
):
if
self
.
_hello
<
time
.
time
():
try
:
# Always assume peer is not old, in case it has just upgraded,
# else we would be stuck with the old protocol.
msg
=
(
'
\
0
\
0
\
0
\
1
'
+
PACKED_PROTOCOL
+
fingerprint
(
self
.
cert
).
digest
())
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment