Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
re6stnet
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Commits
Open sidebar
Kirill Smelkov
re6stnet
Commits
648e6774
Commit
648e6774
authored
Feb 17, 2015
by
Julien Muchembled
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Forget peers whose certificate expires
parent
a7a86341
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
40 additions
and
19 deletions
+40
-19
re6st/tunnel.py
re6st/tunnel.py
+32
-10
re6st/utils.py
re6st/utils.py
+3
-0
re6st/x509.py
re6st/x509.py
+1
-0
re6stnet
re6stnet
+4
-9
No files found.
re6st/tunnel.py
View file @
648e6774
...
...
@@ -164,7 +164,7 @@ class BaseTunnelManager(object):
_forward
=
None
def
__init__
(
self
,
peer_db
,
cert
,
address
=
()):
def
__init__
(
self
,
peer_db
,
cert
,
cert_renew
,
address
=
()):
self
.
cert
=
cert
self
.
_network
=
cert
.
network
self
.
_prefix
=
cert
.
prefix
...
...
@@ -185,11 +185,28 @@ class BaseTunnelManager(object):
# about binding and anycast.
self
.
sock
.
bind
((
'::'
,
PORT
))
# Initialize with a dummy peer (self) so that '_peers' is never empty.
self
.
_peers
=
[
x509
.
Peer
(
self
.
_prefix
)]
p
=
x509
.
Peer
(
self
.
_prefix
)
self
.
_next_invalidated
=
p
.
stop_date
=
cert_renew
self
.
_peers
=
[
p
]
def
select
(
self
,
r
,
w
,
t
):
r
[
self
.
sock
]
=
self
.
handlePeerEvent
t
.
append
((
self
.
_next_invalidated
,
self
.
invalidatePeers
))
def
invalidatePeers
(
self
):
next
=
float
(
'inf'
)
now
=
time
.
time
()
remove
=
[]
for
i
,
peer
in
enumerate
(
self
.
_peers
):
if
peer
.
stop_date
<
now
:
if
peer
.
prefix
==
self
.
_prefix
:
raise
utils
.
ReexecException
(
"Restart to renew certificate"
)
remove
.
append
(
i
)
elif
peer
.
stop_date
<
next
:
next
=
peer
.
stop_date
for
i
in
reversed
(
remove
):
del
self
.
_peers
[
i
]
self
.
_next_invalidated
=
next
def
sendto
(
self
,
prefix
,
msg
):
to
=
utils
.
ipFromBin
(
self
.
_network
+
prefix
),
PORT
...
...
@@ -266,9 +283,10 @@ class BaseTunnelManager(object):
try
:
cert
=
self
.
cert
.
loadVerify
(
msg
,
True
,
crypto
.
FILETYPE_ASN1
)
except
x509
.
VerifyError
,
e
:
stop_date
=
x509
.
notAfter
(
cert
)
except
(
x509
.
VerifyError
,
ValueError
),
e
:
logging
.
debug
(
'ignored invalid certificate from %r (%s)'
,
address
,
e
.
args
[
2
])
address
,
e
.
args
[
-
1
])
return
p
=
utils
.
binFromSubnet
(
x509
.
subnetFromCert
(
cert
))
if
p
!=
peer
.
prefix
:
...
...
@@ -279,6 +297,9 @@ class BaseTunnelManager(object):
peer
=
x509
.
Peer
(
p
)
insort
(
self
.
_peers
,
peer
)
peer
.
cert
=
cert
peer
.
stop_date
=
stop_date
if
stop_date
<
self
.
_next_invalidated
:
self
.
_next_invalidated
=
stop_date
if
seqno
:
self
.
_sendto
(
to
,
peer
.
hello
(
self
.
cert
))
else
:
...
...
@@ -335,10 +356,11 @@ class BaseTunnelManager(object):
class
TunnelManager
(
BaseTunnelManager
):
def
__init__
(
self
,
control_socket
,
peer_db
,
cert
,
openvpn_args
,
timeout
,
refresh
,
client_count
,
iface_list
,
address
,
ip_changed
,
encrypt
,
remote_gateway
,
disable_proto
,
neighbour_list
=
()):
super
(
TunnelManager
,
self
).
__init__
(
peer_db
,
cert
,
address
)
def
__init__
(
self
,
control_socket
,
peer_db
,
cert
,
cert_renew
,
openvpn_args
,
timeout
,
refresh
,
client_count
,
iface_list
,
address
,
ip_changed
,
encrypt
,
remote_gateway
,
disable_proto
,
neighbour_list
=
()):
super
(
TunnelManager
,
self
).
__init__
(
peer_db
,
cert
,
cert_renew
,
address
)
self
.
ctl
=
ctl
.
Babel
(
control_socket
,
weakref
.
proxy
(
self
),
self
.
_network
)
self
.
encrypt
=
encrypt
self
.
ovpn_args
=
openvpn_args
...
...
@@ -403,8 +425,8 @@ class TunnelManager(BaseTunnelManager):
del
self
.
_iface_to_prefix
[
iface
]
def
select
(
self
,
r
,
w
,
t
):
super
(
TunnelManager
,
self
).
select
(
r
,
w
,
t
)
r
[
self
.
_read_pipe
]
=
self
.
handleTunnelEvent
r
[
self
.
sock
]
=
self
.
handlePeerEvent
if
self
.
_next_refresh
:
t
.
append
((
self
.
_next_refresh
,
self
.
refresh
))
self
.
ctl
.
select
(
r
,
w
,
t
)
...
...
re6st/utils.py
View file @
648e6774
...
...
@@ -3,6 +3,9 @@ import socket, struct, subprocess, sys, textwrap, threading, time, traceback
HMAC_LEN
=
len
(
hashlib
.
sha1
(
''
).
digest
())
class
ReexecException
(
Exception
):
pass
try
:
subprocess
.
CalledProcessError
(
0
,
''
,
''
)
except
TypeError
:
# BBB: Python < 2.7
...
...
re6st/x509.py
View file @
648e6774
...
...
@@ -173,6 +173,7 @@ class Peer(object):
"""
_hello
=
_last
=
0
_key
=
newHmacSecret
()
stop_date
=
float
(
'inf'
)
def
__init__
(
self
,
prefix
):
assert
len
(
prefix
)
==
16
or
prefix
==
(
'0'
*
14
+
'1'
+
'0'
*
65
),
prefix
...
...
re6stnet
View file @
648e6774
...
...
@@ -3,10 +3,7 @@ import atexit, errno, logging, os, signal, socket
import
sqlite3
,
subprocess
,
sys
,
time
,
threading
from
collections
import
deque
from
re6st
import
ctl
,
db
,
plib
,
tunnel
,
utils
,
version
,
x509
from
re6st.utils
import
exit
class
ReexecException
(
Exception
):
pass
from
re6st.utils
import
exit
,
ReexecException
def
getConfig
():
parser
=
utils
.
ArgParser
(
fromfile_prefix_chars
=
'@'
,
...
...
@@ -260,7 +257,7 @@ def main():
cleanup
=
[
lambda
:
peer_db
.
cacheMinimize
(
config
.
client_count
)]
if
config
.
client_count
and
not
config
.
client
:
tunnel_manager
=
tunnel
.
TunnelManager
(
config
.
control_socket
,
peer_db
,
cert
,
config
.
openvpn_args
,
timeout
,
peer_db
,
cert
,
next_renew
,
config
.
openvpn_args
,
timeout
,
config
.
tunnel_refresh
,
config
.
client_count
,
config
.
iface_list
,
address
,
ip_changed
,
config
.
encrypt
,
remote_gateway
,
config
.
disable_proto
,
config
.
neighbour
)
...
...
@@ -268,7 +265,7 @@ def main():
write_pipe
=
tunnel_manager
.
write_pipe
else
:
write_pipe
=
None
tunnel_manager
=
tunnel
.
BaseTunnelManager
(
peer_db
,
cert
)
tunnel_manager
=
tunnel
.
BaseTunnelManager
(
peer_db
,
cert
,
next_renew
)
cleanup
.
append
(
tunnel_manager
.
sock
.
close
)
try
:
...
...
@@ -380,12 +377,10 @@ def main():
# main loop
exit
.
release
()
def
renew
():
raise
ReexecException
(
"Restart to renew certificate"
)
select_list
=
[
forwarder
.
select
]
if
forwarder
else
[]
select_list
+=
tunnel_manager
.
select
,
utils
.
select
while
True
:
args
=
{},
{},
[
(
next_renew
,
renew
)
]
args
=
{},
{},
[]
for
s
in
select_list
:
s
(
*
args
)
finally
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment