Commit a35450fc authored by Ulysse Beaugnon's avatar Ulysse Beaugnon

routes are now filtered on tunnel manager to anly take the interesting ones

Fix in registry.py to speed up libxmlrpc (it was causing a 5s delay on each request for me on)
parent 77ffa9cd
#!/usr/bin/env python #!/usr/bin/env python
import argparse, math, random, select, smtplib, sqlite3, string, socket, time, traceback import argparse, math, random, select, smtplib, sqlite3, string, socket, time, traceback, errno
from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler from SimpleXMLRPCServer import SimpleXMLRPCServer, SimpleXMLRPCRequestHandler
from email.mime.text import MIMEText from email.mime.text import MIMEText
from OpenSSL import crypto from OpenSSL import crypto
...@@ -11,15 +11,30 @@ import utils ...@@ -11,15 +11,30 @@ import utils
IPV6_V6ONLY = 26 IPV6_V6ONLY = 26
SOL_IPV6 = 41 SOL_IPV6 = 41
# Fix for librpcxml to avoid doing reverse dns on each request : it was causing a 5s delay on each request
import BaseHTTPServer
def not_insane_address_string(self):
host, port = self.client_address[:2]
return '%s (no getfqdn)' % host # used to call: socket.getfqdn(host)
BaseHTTPServer.BaseHTTPRequestHandler.address_string = not_insane_address_string
# end of the fix
class RequestHandler(SimpleXMLRPCRequestHandler): class RequestHandler(SimpleXMLRPCRequestHandler):
def _dispatch(self, method, params): def _dispatch(self, method, params):
return self.server._dispatch(method, (self,) + params) return self.server._dispatch(method, (self,) + params)
class SimpleXMLRPCServer4(SimpleXMLRPCServer): class SimpleXMLRPCServer4(SimpleXMLRPCServer):
allow_reuse_address = True allow_reuse_address = True
class SimpleXMLRPCServer6(SimpleXMLRPCServer4): class SimpleXMLRPCServer6(SimpleXMLRPCServer4):
address_family = socket.AF_INET6 address_family = socket.AF_INET6
...@@ -28,6 +43,7 @@ class SimpleXMLRPCServer6(SimpleXMLRPCServer4): ...@@ -28,6 +43,7 @@ class SimpleXMLRPCServer6(SimpleXMLRPCServer4):
self.socket.setsockopt(SOL_IPV6, IPV6_V6ONLY, 1) self.socket.setsockopt(SOL_IPV6, IPV6_V6ONLY, 1)
SimpleXMLRPCServer4.server_bind(self) SimpleXMLRPCServer4.server_bind(self)
class main(object): class main(object):
def __init__(self): def __init__(self):
...@@ -108,7 +124,7 @@ class main(object): ...@@ -108,7 +124,7 @@ class main(object):
try: try:
self.db.execute("INSERT INTO tokens VALUES (?,?,?,?)", (token, email, 16, int(time.time()))) self.db.execute("INSERT INTO tokens VALUES (?,?,?,?)", (token, email, 16, int(time.time())))
break break
except sqlite3.IntegrityError, e: except sqlite3.IntegrityError:
pass pass
# Creating and sending email # Creating and sending email
...@@ -130,42 +146,42 @@ class main(object): ...@@ -130,42 +146,42 @@ class main(object):
prefix += '0' prefix += '0'
self.db.execute("INSERT INTO vpn VALUES (?,null,null)", (prefix,)) self.db.execute("INSERT INTO vpn VALUES (?,null,null)", (prefix,))
return prefix return prefix
raise RuntimeError # TODO: raise better exception raise RuntimeError # TODO: raise better exception
def requestCertificate(self, handler, token, cert_req): def requestCertificate(self, handler, token, cert_req):
try: try:
req = crypto.load_certificate_request(crypto.FILETYPE_PEM, cert_req) req = crypto.load_certificate_request(crypto.FILETYPE_PEM, cert_req)
with self.db: with self.db:
try: try:
token, email, prefix_len, _ = self.db.execute("SELECT * FROM tokens WHERE token = ?", (token,)).next() token, email, prefix_len, _ = self.db.execute("SELECT * FROM tokens WHERE token = ?", (token,)).next()
except StopIteration: except StopIteration:
# TODO: return nice error message # TODO: return nice error message
raise raise
self.db.execute("DELETE FROM tokens WHERE token = ?", (token,)) self.db.execute("DELETE FROM tokens WHERE token = ?", (token,))
# Get a new prefix # Get a new prefix
prefix = self._getPrefix(prefix_len) prefix = self._getPrefix(prefix_len)
# Create certificate # Create certificate
cert = crypto.X509() cert = crypto.X509()
#cert.set_serial_number(serial) #cert.set_serial_number(serial)
cert.gmtime_adj_notBefore(0) cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(self.cert_duration) cert.gmtime_adj_notAfter(self.cert_duration)
cert.set_issuer(self.ca.get_subject()) cert.set_issuer(self.ca.get_subject())
subject = req.get_subject() subject = req.get_subject()
subject.CN = "%u/%u" % (int(prefix, 2), prefix_len) subject.CN = "%u/%u" % (int(prefix, 2), prefix_len)
cert.set_subject(subject) cert.set_subject(subject)
cert.set_pubkey(req.get_pubkey()) cert.set_pubkey(req.get_pubkey())
cert.sign(self.key, 'sha1') cert.sign(self.key, 'sha1')
cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
# Insert certificate into db # Insert certificate into db
self.db.execute("UPDATE vpn SET email = ?, cert = ? WHERE prefix = ?", (email, cert, prefix) ) self.db.execute("UPDATE vpn SET email = ?, cert = ? WHERE prefix = ?", (email, cert, prefix))
return cert return cert
except: except:
traceback.print_exc() traceback.print_exc()
raise raise
def getCa(self, handler): def getCa(self, handler):
return crypto.dump_certificate(crypto.FILETYPE_PEM, self.ca) return crypto.dump_certificate(crypto.FILETYPE_PEM, self.ca)
......
...@@ -156,22 +156,23 @@ class TunnelManager: ...@@ -156,22 +156,23 @@ class TunnelManager:
for line in f: for line in f:
ip, subnet_size, iface = struct.unpack('32s x 2s 106x %ss x' ip, subnet_size, iface = struct.unpack('32s x 2s 106x %ss x'
% (len(line) - 142), line) % (len(line) - 142), line)
iface = iface.replace(' ', '') ip = bin(int(ip, 16))[2:].rjust(128, '0')
utils.log('Route on iface %s detected to %s/%s'
% (iface, ip, subnet_size), 8) if ip.startswith(self._network):
if iface in self._iface_to_prefix.keys(): iface = iface.replace(' ', '')
self._connection_dict[self._iface_to_prefix[iface]].routes += 1
if iface in self._iface_list:
subnet_size = int(subnet_size, 16) subnet_size = int(subnet_size, 16)
ip = bin(int(ip, 16))[2:].rjust(128, '0') utils.log('Route on iface %s detected to %s/%s'
if self._net_len < subnet_size < 128 and ip.startswith(self._network): % (iface, ip, subnet_size), 8)
if iface in self._iface_to_prefix.keys() and subnet_size <= 64:
self._connection_dict[self._iface_to_prefix[iface]].routes += 1
if iface in self._iface_list and self._net_len < subnet_size < 128:
prefix = ip[self._net_len:subnet_size] prefix = ip[self._net_len:subnet_size]
utils.log('A route to %s has been discovered on the LAN' utils.log('A route to %s has been discovered on the LAN'
% (prefix,), 3) % (prefix,), 3)
self._peer_db.blacklist(prefix) self._peer_db.blacklist(prefix)
utils.log("Routes have been counted", 3) utils.log("Routes have been counted", 3)
for p in self._connection_dict.keys(): for p in self._connection_dict.keys():
utils.log('Routes on iface %s : %s' % ( utils.log('Routes on iface %s : %s' % (
self._connection_dict[p].iface, self._connection_dict[p].iface,
self._connection_dict[p].routes), 5) self._connection_dict[p].routes), 5)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment