-#!/usr/bin/python2
+#!/usr/bin/python3
-from twisted.web.server import Site
-from twisted.web.resource import Resource
-from twisted.web.server import NOT_DONE_YET
+import sys
+import os
+
+import twisted
+import twisted.internet
+import twisted.internet.endpoints
from twisted.internet import reactor
+from twisted.web.server import NOT_DONE_YET
+from twisted.logger import LogLevel
-import ConfigParser
import ipaddress
+from ipaddress import AddressValueError
+
+#import twisted.web.server import Site
+#from twisted.web.resource import Resource
+
+from optparse import OptionParser
+from configparser import ConfigParser
+from configparser import NoOptionError
+
+import collections
+
+import syslog
clients = { }
-def ipaddress(input):
+def ipaddr(input):
try:
r = ipaddress.IPv4Address(input)
except AddressValueError:
r = ipaddress.IPv6Network(input)
return r
-defcfg = u'''
-[default]
-max_batch_down: 65536
-max_queue_time: 10
-max_request_time: 54
+defcfg = '''
+[DEFAULT]
+max_batch_down = 65536
+max_queue_time = 10
+max_request_time = 54
+
+[virtual]
+mtu = 1500
+# network
+# [host]
+# [relay]
+
+[server]
+ipif = userv root ipif %(host)s,%(relay)s,%(mtu)s,slip %(network)s
+addrs = 127.0.0.1 ::1
+port = 80
-[global]
-max_batch_down: 262144
-max_queue_time: 121
-max_request_time: 121
+[limits]
+max_batch_down = 262144
+max_queue_time = 121
+max_request_time = 121
'''
+#---------- "router" ----------
+
+def route(packet, saddr, daddr):
+ print('TRACE ', saddr, daddr, packet)
+ try: client = clients[daddr]
+ except KeyError: dclient = None
+ if dclient is not None:
+ dclient.queue_outbound(packet)
+ elif saddr.is_link_local or daddr.is_link_local:
+ log_discard(packet, saddr, daddr, 'link-local')
+ elif daddr == host or daddr not in network:
+ print('TRACE INBOUND ', saddr, daddr, packet)
+ queue_inbound(packet)
+ elif daddr == relay:
+ log_discard(packet, saddr, daddr, 'relay')
+ else:
+ log_discard(packet, saddr, daddr, 'no client')
+
+def log_discard(packet, saddr, daddr, why):
+ print('DROP ', saddr, daddr, why)
+# syslog.syslog(syslog.LOG_DEBUG,
+# 'discarded packet %s -> %s (%s)' % (saddr, daddr, why))
+
+#---------- ipif (slip subprocess) ----------
+
+class IpifProcessProtocol(twisted.internet.protocol.ProcessProtocol):
+ def __init__(self):
+ self._buffer = b''
+ def connectionMade(self): pass
+ def outReceived(self, data):
+ #print('RECV ', repr(data))
+ self._buffer += data
+ packets = slip_decode(self._buffer)
+ self._buffer = packets.pop()
+ for packet in packets:
+ if not len(packet): continue
+ (saddr, daddr) = packet_addrs(packet)
+ route(packet, saddr, daddr)
+ def processEnded(self, status):
+ status.raiseException()
+
+def start_ipif():
+ global ipif
+ ipif = IpifProcessProtocol()
+ reactor.spawnProcess(ipif,
+ '/bin/sh',['sh','-xc', ipif_command],
+ childFDs={0:'w', 1:'r', 2:2})
+
+def queue_inbound(packet):
+ ipif.transport.write(slip_delimiter)
+ ipif.transport.write(slip_encode(packet))
+ ipif.transport.write(slip_delimiter)
+
+#---------- SLIP handling ----------
+
+slip_end = b'\300'
+slip_esc = b'\333'
+slip_esc_end = b'\334'
+slip_esc_esc = b'\335'
+slip_delimiter = slip_end
+
+def slip_encode(packet):
+ return (packet
+ .replace(slip_esc, slip_esc + slip_esc_esc)
+ .replace(slip_end, slip_esc + slip_esc_end))
+
+def slip_decode(data):
+ print('DECODE ', repr(data))
+ out = []
+ for packet in data.split(slip_end):
+ pdata = b''
+ while True:
+ eix = packet.find(slip_esc)
+ if eix == -1:
+ pdata += packet
+ break
+ #print('ESC ', repr((pdata, packet, eix)))
+ pdata += packet[0 : eix]
+ ck = packet[eix+1]
+ if ck == slip_esc_esc: pdata += slip_esc
+ elif ck == slip_esc_end: pdata += slip_end
+ else: raise ValueError('invalid SLIP escape')
+ packet = packet[eix+2 : ]
+ out.append(pdata)
+ print('DECODED ', repr(out))
+ return out
+
+#---------- packet parsing ----------
+
+def packet_addrs(packet):
+ version = packet[0] >> 4
+ if version == 4:
+ addrlen = 4
+ saddroff = 3*4
+ factory = ipaddress.IPv4Address
+ elif version == 6:
+ addrlen = 16
+ saddroff = 2*4
+ factory = ipaddress.IPv6Address
+ else:
+ raise ValueError('unsupported IP version %d' % version)
+ saddr = factory(packet[ saddroff : saddroff + addrlen ])
+ daddr = factory(packet[ saddroff + addrlen : saddroff + addrlen*2 ])
+ return (saddr, daddr)
+
+#---------- client ----------
+
class Client():
- def __init__(ip, cs):
+ def __init__(self, ip, cs):
# instance data members
self._ip = ip
self._cs = cs
self.pw = cfg.get(cs, 'password')
- # plus:
- # .cfg[<config-key>]
- self.cfg = { }
+ self._rq = collections.deque() # requests
+ self._pq = collections.deque() # packets
+ # plus from config:
+ # .max_batch_down
+ # .max_queue_time
+ # .max_request_time
for k in ('max_batch_down','max_queue_time','max_request_time'):
req = cfg.getint(cs, k)
- limit = cfg.getint('global',k)
- self.cfg[k] = min(req, limit)
+ limit = cfg.getint('limits',k)
+ self.__dict__[k] = min(req, limit)
- def process_arriving_data(d):
-
+ def process_arriving_data(self, d):
+ for packet in slip_decode(d):
+ (saddr, daddr) = packet_addrs(packet)
+ if saddr != self._ip:
+ raise ValueError('wrong source address %s' % saddr)
+ route(packet, saddr, daddr)
-def process_cfg():
- global network
- global ourself
+ def _req_cancel(self, request):
+ request.finish()
- network = ipnetwork(cfg.get('virtual','network'))
- try:
- ourself = cfg.get('virtual','server')
- except ConfigParser.NoOptionError:
- ourself = network.hosts().next()
+ def _req_error(self, err, request):
+ self._req_cancel(request)
- for cs in cfg.sections():
- if not (':' in cs or '.' in cs): continue
- ci = ipaddress(cs)
- if ci not in network:
- raise ValueError('client %s not in network' % ci)
- if ci in clients:
- raise ValueError('multiple client cfg sections for %s' % ci)
- clients[ci] = Client(ci, cs)
+ def queue_outbound(self, packet):
+ self._pq.append((time.monotonic(), packet))
+
+ def http_request(self, request):
+ request.setHeader('Content-Type','application/octet-stream')
+ reactor.callLater(self.max_request_time, self._req_cancel, request)
+ request.notifyFinish().addErrback(self._req_error, request)
+ self._rq.append(request)
+ self._check_outbound()
-class FormPage(Resource):
+ def _check_outbound(self):
+ while True:
+ try: request = self._rq[0]
+ except IndexError: request = None
+ if request and request.finished:
+ self._rq.popleft()
+ continue
+
+ # now request is an unfinished request, or None
+ try: (queuetime, packet) = self._pq[0]
+ except IndexError:
+ # no packets, oh well
+ break
+
+ age = time.monotonic() - queuetime
+ if age > self.max_queue_time:
+ self._pq.popleft()
+ continue
+
+ if request is None:
+ # no request
+ break
+
+ # request, and also some non-expired packets
+ while True:
+ try: (dummy, packet) = self._pq[0]
+ except IndexError: break
+
+ encoded = slip_encode(packet)
+
+ if request.sentLength > 0:
+ if (request.sentLength + len(slip_delimiter)
+ + len(encoded) > self.max_batch_down):
+ break
+ request.write(slip_delimiter)
+
+ request.write(encoded)
+ self._pq.popLeft()
+
+ assert(request.sentLength)
+ self._rq.popLeft()
+ request.finish()
+ # round again, looking for more to do
+
+class IphttpResource(twisted.web.resource.Resource):
def render_POST(self, request):
# find client, update config, etc.
- ci = ipaddress(request.args['i'])
+ ci = ipaddr(request.args['i'])
c = clients[ci]
pw = request.args['pw']
if pw != c.pw: raise ValueError('bad password')
try: v = request.args[r]
except KeyError: continue
v = int(v)
- c.cfg[w] = v
+ c.__dict__[w] = v
try: d = request.args['d']
except KeyError: d = ''
c.process_arriving_data(d)
+ c.new_request(request)
+
+def start_http():
+ resource = IphttpResource()
+ sitefactory = twisted.web.server.Site(resource)
+ for addrspec in cfg.get('server','addrs').split():
+ try:
+ addr = ipaddress.IPv4Address(addrspec)
+ endpointfactory = twisted.internet.endpoints.TCP4ServerEndpoint
+ except AddressValueError:
+ addr = ipaddress.IPv6Address(addrspec)
+ endpointfactory = twisted.internet.endpoints.TCP6ServerEndpoint
+ ep = endpointfactory(reactor, cfg.getint('server','port'), addr)
+ defer = ep.listen(sitefactory)
+ defer.addErrback(lambda err: err.raiseException())
+
+#---------- config and setup ----------
+
+def process_cfg():
+ global network
+ global host
+ global relay
+ global ipif_command
+
+ network = ipnetwork(cfg.get('virtual','network'))
+ if network.num_addresses < 3 + 2:
+ raise ValueError('network needs at least 2^3 addresses')
+
+ try:
+ host = cfg.get('virtual','host')
+ except NoOptionError:
+ host = next(network.hosts())
+
+ try:
+ relay = cfg.get('virtual','relay')
+ except NoOptionError:
+ for search in network.hosts():
+ if search == host: continue
+ relay = search
+ break
+
+ for cs in cfg.sections():
+ if not (':' in cs or '.' in cs): continue
+ ci = ipaddr(cs)
+ if ci not in network:
+ raise ValueError('client %s not in network' % ci)
+ if ci in clients:
+ raise ValueError('multiple client cfg sections for %s' % ci)
+ clients[ci] = Client(ci, cs)
+
+ global mtu
+ mtu = cfg.get('virtual','mtu')
+
+ iic_vars = { }
+ for k in ('host','relay','mtu','network'):
+ iic_vars[k] = globals()[k]
+
+ ipif_command = cfg.get('server','ipif', vars=iic_vars)
+
+def crash_on_critical(event):
+ if event.get('log_level') >= LogLevel.critical:
+ print('crashing: ', twisted.logger.formatEvent(event), file=sys.stderr)
+ #print('crashing!', file=sys.stderr)
+ #os._exit(1)
+ try: reactor.stop()
+ except twisted.internet.error.ReactorNotRunning: pass
+
+def startup():
+ global cfg
+
+ op = OptionParser()
+ op.add_option('-c', '--config', dest='configfile',
+ default='/etc/hippottd/server.conf')
+ global opts
+ (opts, args) = op.parse_args()
+ if len(args): op.error('no non-option arguments please')
+
+ twisted.logger.globalLogPublisher.addObserver(crash_on_critical)
+
+ cfg = ConfigParser()
+ cfg.read_string(defcfg)
+ cfg.read(opts.configfile)
+ process_cfg()
+
+ start_ipif()
+ start_http()
- reactor.
+startup()
+reactor.run()