--- /dev/null
--- /dev/null
++data.dump.dbg
++[tuv]
++tmp
++srcbomb.tar.gz
++srcpkgsbomb.tar
++
++build
++.pybuild
++hippotat.egg-info
++
++debian/files
++debian/debhelper-*-stamp
++debian/*.debhelper.log
++debian/hippotat.substvars
++debian/hippotat.*.debhelper
++
++debian/hippotat/
--- /dev/null
+ hippotat is an IP-over-HTTP client and server pair
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as
+ published by the Free Software Foundation, either version 3 of the
+ License, or (at your option) any later version, with the "CAF Login
+ Exception" as published by Ian Jackson (version 1, or at your option
+ any later version) as an Additional Permission.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ ------------------------------
+
+ CAF Login Exception (version 2)
+
+ To avoid forcing users to make the source code of their whole
+ application available to non-users, I (Ian Jackson) have granted this
+ exception as part of the licence of CGI::Auth::Flexible (and
+ some other programs, where declared in their copyright rubrics).
+
+ When considering AGPLv3 section 13 "Remote Network Interaction" (or
+ similar provisions in successor licences):
+
+ If all interactions with the Program (other than interactions with the
+ user authentication system) require user authentication, the
+ provisions of that section apply only to interaction with the Program
+ by authenticated users.
+
+ This is an Additional Permission as contemplated by AGPLv3 section 7.
+
+ - Ian Jackson
+
+ ------------------------------
+
+ GNU AFFERO GENERAL PUBLIC LICENSE
+ Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU Affero General Public License is a free, copyleft license
+ for software and other kinds of works, specifically designed to ensure
+ cooperation with the community in the case of network server software.
+
+ The licenses for most software and other practical works are
+ designed to take away your freedom to share and change the works. By
+ contrast, our General Public Licenses are intended to guarantee your
+ freedom to share and change all versions of a program--to make sure it
+ remains free software for all its users.
+
+ When we speak of free software, we are referring to freedom, not
+ price. Our General Public Licenses are designed to make sure that you
+ have the freedom to distribute copies of free software (and charge for
+ them if you wish), that you receive source code or can get it if you
+ want it, that you can change the software or use pieces of it in new
+ free programs, and that you know you can do these things.
+
+ Developers that use our General Public Licenses protect your rights
+ with two steps: (1) assert copyright on the software, and (2) offer
+ you this License which gives you legal permission to copy, distribute
+ and/or modify the software.
+
+ A secondary benefit of defending all users' freedom is that
+ improvements made in alternate versions of the program, if they
+ receive widespread use, become available for other developers to
+ incorporate. Many developers of free software are heartened and
+ encouraged by the resulting cooperation. However, in the case of
+ software used on network servers, this result may fail to come about.
+ The GNU General Public License permits making a modified version and
+ letting the public access it on a server without ever releasing its
+ source code to the public.
+
+ The GNU Affero General Public License is designed specifically to
+ ensure that, in such cases, the modified source code becomes available
+ to the community. It requires the operator of a network server to
+ provide the source code of the modified version running there to the
+ users of that server. Therefore, public use of a modified version, on
+ a publicly accessible server, gives the public access to the source
+ code of the modified version.
+
+ An older license, called the Affero General Public License and
+ published by Affero, was designed to accomplish similar goals. This is
+ a different license, not a version of the Affero GPL, but Affero has
+ released a new version of the Affero GPL which permits relicensing under
+ this license.
+
+ The precise terms and conditions for copying, distribution and
+ modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU Affero General Public
+ License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds
+ of works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+ License. Each licensee is addressed as "you". "Licensees" and
+ "recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+ in a fashion requiring copyright permission, other than the making of an
+ exact copy. The resulting work is called a "modified version" of the
+ earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+ on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+ permission, would make you directly or secondarily liable for
+ infringement under applicable copyright law, except executing it on a
+ computer or modifying a private copy. Propagation includes copying,
+ distribution (with or without modification), making available to the
+ public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+ parties to make or receive copies. Mere interaction with a user through
+ a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+ to the extent that it includes a convenient and prominently visible
+ feature that (1) displays an appropriate copyright notice, and (2)
+ tells the user that there is no warranty for the work (except to the
+ extent that warranties are provided), that licensees may convey the
+ work under this License, and how to view a copy of this License. If
+ the interface presents a list of user commands or options, such as a
+ menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+ for making modifications to it. "Object code" means any non-source
+ form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+ standard defined by a recognized standards body, or, in the case of
+ interfaces specified for a particular programming language, one that
+ is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+ than the work as a whole, that (a) is included in the normal form of
+ packaging a Major Component, but which is not part of that Major
+ Component, and (b) serves only to enable use of the work with that
+ Major Component, or to implement a Standard Interface for which an
+ implementation is available to the public in source code form. A
+ "Major Component", in this context, means a major essential component
+ (kernel, window system, and so on) of the specific operating system
+ (if any) on which the executable work runs, or a compiler used to
+ produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+ the source code needed to generate, install, and (for an executable
+ work) run the object code and to modify the work, including scripts to
+ control those activities. However, it does not include the work's
+ System Libraries, or general-purpose tools or generally available free
+ programs which are used unmodified in performing those activities but
+ which are not part of the work. For example, Corresponding Source
+ includes interface definition files associated with source files for
+ the work, and the source code for shared libraries and dynamically
+ linked subprograms that the work is specifically designed to require,
+ such as by intimate data communication or control flow between those
+ subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+ can regenerate automatically from other parts of the Corresponding
+ Source.
+
+ The Corresponding Source for a work in source code form is that
+ same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+ copyright on the Program, and are irrevocable provided the stated
+ conditions are met. This License explicitly affirms your unlimited
+ permission to run the unmodified Program. The output from running a
+ covered work is covered by this License only if the output, given its
+ content, constitutes a covered work. This License acknowledges your
+ rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+ convey, without conditions so long as your license otherwise remains
+ in force. You may convey covered works to others for the sole purpose
+ of having them make modifications exclusively for you, or provide you
+ with facilities for running those works, provided that you comply with
+ the terms of this License in conveying all material for which you do
+ not control copyright. Those thus making or running the covered works
+ for you must do so exclusively on your behalf, under your direction
+ and control, on terms that prohibit them from making any copies of
+ your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+ the conditions stated below. Sublicensing is not allowed; section 10
+ makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+ measure under any applicable law fulfilling obligations under article
+ 11 of the WIPO copyright treaty adopted on 20 December 1996, or
+ similar laws prohibiting or restricting circumvention of such
+ measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+ circumvention of technological measures to the extent such circumvention
+ is effected by exercising rights under this License with respect to
+ the covered work, and you disclaim any intention to limit operation or
+ modification of the work as a means of enforcing, against the work's
+ users, your or third parties' legal rights to forbid circumvention of
+ technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+ receive it, in any medium, provided that you conspicuously and
+ appropriately publish on each copy an appropriate copyright notice;
+ keep intact all notices stating that this License and any
+ non-permissive terms added in accord with section 7 apply to the code;
+ keep intact all notices of the absence of any warranty; and give all
+ recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+ and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+ produce it from the Program, in the form of source code under the
+ terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+ works, which are not by their nature extensions of the covered work,
+ and which are not combined with it such as to form a larger program,
+ in or on a volume of a storage or distribution medium, is called an
+ "aggregate" if the compilation and its resulting copyright are not
+ used to limit the access or legal rights of the compilation's users
+ beyond what the individual works permit. Inclusion of a covered work
+ in an aggregate does not cause this License to apply to the other
+ parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+ of sections 4 and 5, provided that you also convey the
+ machine-readable Corresponding Source under the terms of this License,
+ in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+ from the Corresponding Source as a System Library, need not be
+ included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+ tangible personal property which is normally used for personal, family,
+ or household purposes, or (2) anything designed or sold for incorporation
+ into a dwelling. In determining whether a product is a consumer product,
+ doubtful cases shall be resolved in favor of coverage. For a particular
+ product received by a particular user, "normally used" refers to a
+ typical or common use of that class of product, regardless of the status
+ of the particular user or of the way in which the particular user
+ actually uses, or expects or is expected to use, the product. A product
+ is a consumer product regardless of whether the product has substantial
+ commercial, industrial or non-consumer uses, unless such uses represent
+ the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+ procedures, authorization keys, or other information required to install
+ and execute modified versions of a covered work in that User Product from
+ a modified version of its Corresponding Source. The information must
+ suffice to ensure that the continued functioning of the modified object
+ code is in no case prevented or interfered with solely because
+ modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+ specifically for use in, a User Product, and the conveying occurs as
+ part of a transaction in which the right of possession and use of the
+ User Product is transferred to the recipient in perpetuity or for a
+ fixed term (regardless of how the transaction is characterized), the
+ Corresponding Source conveyed under this section must be accompanied
+ by the Installation Information. But this requirement does not apply
+ if neither you nor any third party retains the ability to install
+ modified object code on the User Product (for example, the work has
+ been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+ requirement to continue to provide support service, warranty, or updates
+ for a work that has been modified or installed by the recipient, or for
+ the User Product in which it has been modified or installed. Access to a
+ network may be denied when the modification itself materially and
+ adversely affects the operation of the network or violates the rules and
+ protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+ in accord with this section must be in a format that is publicly
+ documented (and with an implementation available to the public in
+ source code form), and must require no special password or key for
+ unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+ License by making exceptions from one or more of its conditions.
+ Additional permissions that are applicable to the entire Program shall
+ be treated as though they were included in this License, to the extent
+ that they are valid under applicable law. If additional permissions
+ apply only to part of the Program, that part may be used separately
+ under those permissions, but the entire Program remains governed by
+ this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+ remove any additional permissions from that copy, or from any part of
+ it. (Additional permissions may be written to require their own
+ removal in certain cases when you modify the work.) You may place
+ additional permissions on material, added by you to a covered work,
+ for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+ add to a covered work, you may (if authorized by the copyright holders of
+ that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+ restrictions" within the meaning of section 10. If the Program as you
+ received it, or any part of it, contains a notice stating that it is
+ governed by this License along with a term that is a further restriction,
+ you may remove that term. If a license document contains a further
+ restriction but permits relicensing or conveying under this License, you
+ may add to a covered work material governed by the terms of that license
+ document, provided that the further restriction does not survive such
+ relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+ must place, in the relevant source files, a statement of the
+ additional terms that apply to those files, or a notice indicating
+ where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+ form of a separately written license, or stated as exceptions;
+ the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+ provided under this License. Any attempt otherwise to propagate or
+ modify it is void, and will automatically terminate your rights under
+ this License (including any patent licenses granted under the third
+ paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+ license from a particular copyright holder is reinstated (a)
+ provisionally, unless and until the copyright holder explicitly and
+ finally terminates your license, and (b) permanently, if the copyright
+ holder fails to notify you of the violation by some reasonable means
+ prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+ reinstated permanently if the copyright holder notifies you of the
+ violation by some reasonable means, this is the first time you have
+ received notice of violation of this License (for any work) from that
+ copyright holder, and you cure the violation prior to 30 days after
+ your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+ licenses of parties who have received copies or rights from you under
+ this License. If your rights have been terminated and not permanently
+ reinstated, you do not qualify to receive new licenses for the same
+ material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+ run a copy of the Program. Ancillary propagation of a covered work
+ occurring solely as a consequence of using peer-to-peer transmission
+ to receive a copy likewise does not require acceptance. However,
+ nothing other than this License grants you permission to propagate or
+ modify any covered work. These actions infringe copyright if you do
+ not accept this License. Therefore, by modifying or propagating a
+ covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+ receives a license from the original licensors, to run, modify and
+ propagate that work, subject to this License. You are not responsible
+ for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+ organization, or substantially all assets of one, or subdividing an
+ organization, or merging organizations. If propagation of a covered
+ work results from an entity transaction, each party to that
+ transaction who receives a copy of the work also receives whatever
+ licenses to the work the party's predecessor in interest had or could
+ give under the previous paragraph, plus a right to possession of the
+ Corresponding Source of the work from the predecessor in interest, if
+ the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+ rights granted or affirmed under this License. For example, you may
+ not impose a license fee, royalty, or other charge for exercise of
+ rights granted under this License, and you may not initiate litigation
+ (including a cross-claim or counterclaim in a lawsuit) alleging that
+ any patent claim is infringed by making, using, selling, offering for
+ sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+ License of the Program or a work on which the Program is based. The
+ work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+ owned or controlled by the contributor, whether already acquired or
+ hereafter acquired, that would be infringed by some manner, permitted
+ by this License, of making, using, or selling its contributor version,
+ but do not include claims that would be infringed only as a
+ consequence of further modification of the contributor version. For
+ purposes of this definition, "control" includes the right to grant
+ patent sublicenses in a manner consistent with the requirements of
+ this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+ patent license under the contributor's essential patent claims, to
+ make, use, sell, offer for sale, import and otherwise run, modify and
+ propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+ agreement or commitment, however denominated, not to enforce a patent
+ (such as an express permission to practice a patent or covenant not to
+ sue for patent infringement). To "grant" such a patent license to a
+ party means to make such an agreement or commitment not to enforce a
+ patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+ and the Corresponding Source of the work is not available for anyone
+ to copy, free of charge and under the terms of this License, through a
+ publicly available network server or other readily accessible means,
+ then you must either (1) cause the Corresponding Source to be so
+ available, or (2) arrange to deprive yourself of the benefit of the
+ patent license for this particular work, or (3) arrange, in a manner
+ consistent with the requirements of this License, to extend the patent
+ license to downstream recipients. "Knowingly relying" means you have
+ actual knowledge that, but for the patent license, your conveying the
+ covered work in a country, or your recipient's use of the covered work
+ in a country, would infringe one or more identifiable patents in that
+ country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+ arrangement, you convey, or propagate by procuring conveyance of, a
+ covered work, and grant a patent license to some of the parties
+ receiving the covered work authorizing them to use, propagate, modify
+ or convey a specific copy of the covered work, then the patent license
+ you grant is automatically extended to all recipients of the covered
+ work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+ the scope of its coverage, prohibits the exercise of, or is
+ conditioned on the non-exercise of one or more of the rights that are
+ specifically granted under this License. You may not convey a covered
+ work if you are a party to an arrangement with a third party that is
+ in the business of distributing software, under which you make payment
+ to the third party based on the extent of your activity of conveying
+ the work, and under which the third party grants, to any of the
+ parties who would receive the covered work from you, a discriminatory
+ patent license (a) in connection with copies of the covered work
+ conveyed by you (or copies made from those copies), or (b) primarily
+ for and in connection with specific products or compilations that
+ contain the covered work, unless you entered into that arrangement,
+ or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+ any implied license or other defenses to infringement that may
+ otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+ otherwise) that contradict the conditions of this License, they do not
+ excuse you from the conditions of this License. If you cannot convey a
+ covered work so as to satisfy simultaneously your obligations under this
+ License and any other pertinent obligations, then as a consequence you may
+ not convey it at all. For example, if you agree to terms that obligate you
+ to collect a royalty for further conveying from those to whom you convey
+ the Program, the only way you could satisfy both those terms and this
+ License would be to refrain entirely from conveying the Program.
+
+ 13. Remote Network Interaction; Use with the GNU General Public License.
+
+ Notwithstanding any other provision of this License, if you modify the
+ Program, your modified version must prominently offer all users
+ interacting with it remotely through a computer network (if your version
+ supports such interaction) an opportunity to receive the Corresponding
+ Source of your version by providing access to the Corresponding Source
+ from a network server at no charge, through some standard or customary
+ means of facilitating copying of software. This Corresponding Source
+ shall include the Corresponding Source for any work covered by version 3
+ of the GNU General Public License that is incorporated pursuant to the
+ following paragraph.
+
+ Notwithstanding any other provision of this License, you have permission
+ to link or combine any covered work with a work licensed under version 3
+ of the GNU General Public License into a single combined work, and to
+ convey the resulting work. The terms of this License will continue to
+ apply to the part which is the covered work, but the work with which it is
+ combined will remain governed by version 3 of the GNU General Public
+ License.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+ the GNU Affero General Public License from time to time. Such new
+ versions will be similar in spirit to the present version, but may differ
+ in detail to address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+ Program specifies that a certain numbered version of the GNU Affero
+ General Public License "or any later version" applies to it, you have
+ the option of following the terms and conditions either of that
+ numbered version or of any later version published by the Free
+ Software Foundation. If the Program does not specify a version number
+ of the GNU Affero General Public License, you may choose any version
+ ever published by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+ versions of the GNU Affero General Public License can be used, that
+ proxy's public statement of acceptance of a version permanently
+ authorizes you to choose that version for the Program.
+
+ Later license versions may give you additional or different
+ permissions. However, no additional obligations are imposed on any
+ author or copyright holder as a result of your choosing to follow a
+ later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+ APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+ HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+ OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+ THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+ IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+ WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+ THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+ GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+ USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+ DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+ PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+ EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+ above cannot be given local legal effect according to their terms,
+ reviewing courts shall apply local law that most closely approximates
+ an absolute waiver of all civil liability in connection with the
+ Program, unless a warranty or assumption of liability accompanies a
+ copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+ possible use to the public, the best way to achieve this is to make it
+ free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+ to attach them to the start of each source file to most effectively
+ state the exclusion of warranty; and each file should have at least
+ the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as
+ published by the Free Software Foundation, either version 3 of the
+ License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ Also add information on how to contact you by electronic and paper mail.
+
+ If your software can interact with users remotely through a computer
+ network, you should also make sure that it provides a way for users to
+ get its source. For example, if your program is a web application, its
+ interface could display a "Source" link that leads users to an archive
+ of the code. There are many ways you could offer source, and different
+ solutions will be better for different programs; see section 13 for the
+ specific requirements.
+
+ You should also get your employer (if you work as a programmer) or school,
+ if any, to sign a "copyright disclaimer" for the program, if necessary.
+ For more information on this, and how to apply and follow the GNU AGPL, see
+ <http://www.gnu.org/licenses/>.
--- /dev/null
+ Developer's Certificate of Origin
+ ---------------------------------
+
+ All commits to the Hippotat code base must include the line
+ `Signed-off-by: name <email>' at the end of the commit message.
+ This indicates that the author certifies the patch under the
+ `Developer's Certificate of Origin':
+
+ Developer's Certificate of Origin 1.1
+
+ By making a contribution to this project, I certify that:
+
+ (a) The contribution was created in whole or in part by me and I
+ have the right to submit it under the open source license
+ indicated in the file; or
+
+ (b) The contribution is based upon previous work that, to the best
+ of my knowledge, is covered under an appropriate open source
+ license and I have the right under that license to submit that
+ work with modifications, whether created in whole or in part
+ by me, under the same open source license (unless I am
+ permitted to submit under a different license), as indicated
+ in the file; or
+
+ (c) The contribution was provided directly to me by some other
+ person who certified (a), (b) or (c) and I have not modified
+ it.
+
+ (d) I understand and agree that this project and the contribution
+ are public and that a record of the contribution (including all
+ personal information I submit with it, including my sign-off) is
+ maintained indefinitely and may be redistributed consistent with
+ this project or the open source license(s) involved.
--- /dev/null
+ Hippotat - Asinine IP Over HTTP program
+
+ Copyright 2017 Ian Jackson
+
+
+ The client is:
+
+ GPLv3+
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program, in the file GPLv3. If not,
+ see <http://www.gnu.org/licenses/>.
+
+ (This licence applies to all the short files without their own
+ copyright notices, too.)
+
+
+ The server is:
+
+ AGPLv3+ + CAFv2+
+
+ This program is free software: you can redistribute it and/or
+ modify it under the terms of the GNU Affero General Public
+ License as published by the Free Software Foundation, either
+ version 3 of the License, or (at your option) any later version,
+ with the "CAF Login Exception" as published by Ian Jackson
+ (version 2, or at your option any later version) as an Additional
+ Permission.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public
+ License and the CAF Login Exception along with this program, in
+ the file AGPLv3+CAFv2. If not, email Ian Jackson
+ <ijackson@chiark.greenend.org.uk>.
+
+ ----------------------------------------------------------------------
--- /dev/null
--- /dev/null
++ GNU GENERAL PUBLIC LICENSE
++ Version 3, 29 June 2007
++
++ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
++ Everyone is permitted to copy and distribute verbatim copies
++ of this license document, but changing it is not allowed.
++
++ Preamble
++
++ The GNU General Public License is a free, copyleft license for
++software and other kinds of works.
++
++ The licenses for most software and other practical works are designed
++to take away your freedom to share and change the works. By contrast,
++the GNU General Public License is intended to guarantee your freedom to
++share and change all versions of a program--to make sure it remains free
++software for all its users. We, the Free Software Foundation, use the
++GNU General Public License for most of our software; it applies also to
++any other work released this way by its authors. You can apply it to
++your programs, too.
++
++ When we speak of free software, we are referring to freedom, not
++price. Our General Public Licenses are designed to make sure that you
++have the freedom to distribute copies of free software (and charge for
++them if you wish), that you receive source code or can get it if you
++want it, that you can change the software or use pieces of it in new
++free programs, and that you know you can do these things.
++
++ To protect your rights, we need to prevent others from denying you
++these rights or asking you to surrender the rights. Therefore, you have
++certain responsibilities if you distribute copies of the software, or if
++you modify it: responsibilities to respect the freedom of others.
++
++ For example, if you distribute copies of such a program, whether
++gratis or for a fee, you must pass on to the recipients the same
++freedoms that you received. You must make sure that they, too, receive
++or can get the source code. And you must show them these terms so they
++know their rights.
++
++ Developers that use the GNU GPL protect your rights with two steps:
++(1) assert copyright on the software, and (2) offer you this License
++giving you legal permission to copy, distribute and/or modify it.
++
++ For the developers' and authors' protection, the GPL clearly explains
++that there is no warranty for this free software. For both users' and
++authors' sake, the GPL requires that modified versions be marked as
++changed, so that their problems will not be attributed erroneously to
++authors of previous versions.
++
++ Some devices are designed to deny users access to install or run
++modified versions of the software inside them, although the manufacturer
++can do so. This is fundamentally incompatible with the aim of
++protecting users' freedom to change the software. The systematic
++pattern of such abuse occurs in the area of products for individuals to
++use, which is precisely where it is most unacceptable. Therefore, we
++have designed this version of the GPL to prohibit the practice for those
++products. If such problems arise substantially in other domains, we
++stand ready to extend this provision to those domains in future versions
++of the GPL, as needed to protect the freedom of users.
++
++ Finally, every program is threatened constantly by software patents.
++States should not allow patents to restrict development and use of
++software on general-purpose computers, but in those that do, we wish to
++avoid the special danger that patents applied to a free program could
++make it effectively proprietary. To prevent this, the GPL assures that
++patents cannot be used to render the program non-free.
++
++ The precise terms and conditions for copying, distribution and
++modification follow.
++
++ TERMS AND CONDITIONS
++
++ 0. Definitions.
++
++ "This License" refers to version 3 of the GNU General Public License.
++
++ "Copyright" also means copyright-like laws that apply to other kinds of
++works, such as semiconductor masks.
++
++ "The Program" refers to any copyrightable work licensed under this
++License. Each licensee is addressed as "you". "Licensees" and
++"recipients" may be individuals or organizations.
++
++ To "modify" a work means to copy from or adapt all or part of the work
++in a fashion requiring copyright permission, other than the making of an
++exact copy. The resulting work is called a "modified version" of the
++earlier work or a work "based on" the earlier work.
++
++ A "covered work" means either the unmodified Program or a work based
++on the Program.
++
++ To "propagate" a work means to do anything with it that, without
++permission, would make you directly or secondarily liable for
++infringement under applicable copyright law, except executing it on a
++computer or modifying a private copy. Propagation includes copying,
++distribution (with or without modification), making available to the
++public, and in some countries other activities as well.
++
++ To "convey" a work means any kind of propagation that enables other
++parties to make or receive copies. Mere interaction with a user through
++a computer network, with no transfer of a copy, is not conveying.
++
++ An interactive user interface displays "Appropriate Legal Notices"
++to the extent that it includes a convenient and prominently visible
++feature that (1) displays an appropriate copyright notice, and (2)
++tells the user that there is no warranty for the work (except to the
++extent that warranties are provided), that licensees may convey the
++work under this License, and how to view a copy of this License. If
++the interface presents a list of user commands or options, such as a
++menu, a prominent item in the list meets this criterion.
++
++ 1. Source Code.
++
++ The "source code" for a work means the preferred form of the work
++for making modifications to it. "Object code" means any non-source
++form of a work.
++
++ A "Standard Interface" means an interface that either is an official
++standard defined by a recognized standards body, or, in the case of
++interfaces specified for a particular programming language, one that
++is widely used among developers working in that language.
++
++ The "System Libraries" of an executable work include anything, other
++than the work as a whole, that (a) is included in the normal form of
++packaging a Major Component, but which is not part of that Major
++Component, and (b) serves only to enable use of the work with that
++Major Component, or to implement a Standard Interface for which an
++implementation is available to the public in source code form. A
++"Major Component", in this context, means a major essential component
++(kernel, window system, and so on) of the specific operating system
++(if any) on which the executable work runs, or a compiler used to
++produce the work, or an object code interpreter used to run it.
++
++ The "Corresponding Source" for a work in object code form means all
++the source code needed to generate, install, and (for an executable
++work) run the object code and to modify the work, including scripts to
++control those activities. However, it does not include the work's
++System Libraries, or general-purpose tools or generally available free
++programs which are used unmodified in performing those activities but
++which are not part of the work. For example, Corresponding Source
++includes interface definition files associated with source files for
++the work, and the source code for shared libraries and dynamically
++linked subprograms that the work is specifically designed to require,
++such as by intimate data communication or control flow between those
++subprograms and other parts of the work.
++
++ The Corresponding Source need not include anything that users
++can regenerate automatically from other parts of the Corresponding
++Source.
++
++ The Corresponding Source for a work in source code form is that
++same work.
++
++ 2. Basic Permissions.
++
++ All rights granted under this License are granted for the term of
++copyright on the Program, and are irrevocable provided the stated
++conditions are met. This License explicitly affirms your unlimited
++permission to run the unmodified Program. The output from running a
++covered work is covered by this License only if the output, given its
++content, constitutes a covered work. This License acknowledges your
++rights of fair use or other equivalent, as provided by copyright law.
++
++ You may make, run and propagate covered works that you do not
++convey, without conditions so long as your license otherwise remains
++in force. You may convey covered works to others for the sole purpose
++of having them make modifications exclusively for you, or provide you
++with facilities for running those works, provided that you comply with
++the terms of this License in conveying all material for which you do
++not control copyright. Those thus making or running the covered works
++for you must do so exclusively on your behalf, under your direction
++and control, on terms that prohibit them from making any copies of
++your copyrighted material outside their relationship with you.
++
++ Conveying under any other circumstances is permitted solely under
++the conditions stated below. Sublicensing is not allowed; section 10
++makes it unnecessary.
++
++ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
++
++ No covered work shall be deemed part of an effective technological
++measure under any applicable law fulfilling obligations under article
++11 of the WIPO copyright treaty adopted on 20 December 1996, or
++similar laws prohibiting or restricting circumvention of such
++measures.
++
++ When you convey a covered work, you waive any legal power to forbid
++circumvention of technological measures to the extent such circumvention
++is effected by exercising rights under this License with respect to
++the covered work, and you disclaim any intention to limit operation or
++modification of the work as a means of enforcing, against the work's
++users, your or third parties' legal rights to forbid circumvention of
++technological measures.
++
++ 4. Conveying Verbatim Copies.
++
++ You may convey verbatim copies of the Program's source code as you
++receive it, in any medium, provided that you conspicuously and
++appropriately publish on each copy an appropriate copyright notice;
++keep intact all notices stating that this License and any
++non-permissive terms added in accord with section 7 apply to the code;
++keep intact all notices of the absence of any warranty; and give all
++recipients a copy of this License along with the Program.
++
++ You may charge any price or no price for each copy that you convey,
++and you may offer support or warranty protection for a fee.
++
++ 5. Conveying Modified Source Versions.
++
++ You may convey a work based on the Program, or the modifications to
++produce it from the Program, in the form of source code under the
++terms of section 4, provided that you also meet all of these conditions:
++
++ a) The work must carry prominent notices stating that you modified
++ it, and giving a relevant date.
++
++ b) The work must carry prominent notices stating that it is
++ released under this License and any conditions added under section
++ 7. This requirement modifies the requirement in section 4 to
++ "keep intact all notices".
++
++ c) You must license the entire work, as a whole, under this
++ License to anyone who comes into possession of a copy. This
++ License will therefore apply, along with any applicable section 7
++ additional terms, to the whole of the work, and all its parts,
++ regardless of how they are packaged. This License gives no
++ permission to license the work in any other way, but it does not
++ invalidate such permission if you have separately received it.
++
++ d) If the work has interactive user interfaces, each must display
++ Appropriate Legal Notices; however, if the Program has interactive
++ interfaces that do not display Appropriate Legal Notices, your
++ work need not make them do so.
++
++ A compilation of a covered work with other separate and independent
++works, which are not by their nature extensions of the covered work,
++and which are not combined with it such as to form a larger program,
++in or on a volume of a storage or distribution medium, is called an
++"aggregate" if the compilation and its resulting copyright are not
++used to limit the access or legal rights of the compilation's users
++beyond what the individual works permit. Inclusion of a covered work
++in an aggregate does not cause this License to apply to the other
++parts of the aggregate.
++
++ 6. Conveying Non-Source Forms.
++
++ You may convey a covered work in object code form under the terms
++of sections 4 and 5, provided that you also convey the
++machine-readable Corresponding Source under the terms of this License,
++in one of these ways:
++
++ a) Convey the object code in, or embodied in, a physical product
++ (including a physical distribution medium), accompanied by the
++ Corresponding Source fixed on a durable physical medium
++ customarily used for software interchange.
++
++ b) Convey the object code in, or embodied in, a physical product
++ (including a physical distribution medium), accompanied by a
++ written offer, valid for at least three years and valid for as
++ long as you offer spare parts or customer support for that product
++ model, to give anyone who possesses the object code either (1) a
++ copy of the Corresponding Source for all the software in the
++ product that is covered by this License, on a durable physical
++ medium customarily used for software interchange, for a price no
++ more than your reasonable cost of physically performing this
++ conveying of source, or (2) access to copy the
++ Corresponding Source from a network server at no charge.
++
++ c) Convey individual copies of the object code with a copy of the
++ written offer to provide the Corresponding Source. This
++ alternative is allowed only occasionally and noncommercially, and
++ only if you received the object code with such an offer, in accord
++ with subsection 6b.
++
++ d) Convey the object code by offering access from a designated
++ place (gratis or for a charge), and offer equivalent access to the
++ Corresponding Source in the same way through the same place at no
++ further charge. You need not require recipients to copy the
++ Corresponding Source along with the object code. If the place to
++ copy the object code is a network server, the Corresponding Source
++ may be on a different server (operated by you or a third party)
++ that supports equivalent copying facilities, provided you maintain
++ clear directions next to the object code saying where to find the
++ Corresponding Source. Regardless of what server hosts the
++ Corresponding Source, you remain obligated to ensure that it is
++ available for as long as needed to satisfy these requirements.
++
++ e) Convey the object code using peer-to-peer transmission, provided
++ you inform other peers where the object code and Corresponding
++ Source of the work are being offered to the general public at no
++ charge under subsection 6d.
++
++ A separable portion of the object code, whose source code is excluded
++from the Corresponding Source as a System Library, need not be
++included in conveying the object code work.
++
++ A "User Product" is either (1) a "consumer product", which means any
++tangible personal property which is normally used for personal, family,
++or household purposes, or (2) anything designed or sold for incorporation
++into a dwelling. In determining whether a product is a consumer product,
++doubtful cases shall be resolved in favor of coverage. For a particular
++product received by a particular user, "normally used" refers to a
++typical or common use of that class of product, regardless of the status
++of the particular user or of the way in which the particular user
++actually uses, or expects or is expected to use, the product. A product
++is a consumer product regardless of whether the product has substantial
++commercial, industrial or non-consumer uses, unless such uses represent
++the only significant mode of use of the product.
++
++ "Installation Information" for a User Product means any methods,
++procedures, authorization keys, or other information required to install
++and execute modified versions of a covered work in that User Product from
++a modified version of its Corresponding Source. The information must
++suffice to ensure that the continued functioning of the modified object
++code is in no case prevented or interfered with solely because
++modification has been made.
++
++ If you convey an object code work under this section in, or with, or
++specifically for use in, a User Product, and the conveying occurs as
++part of a transaction in which the right of possession and use of the
++User Product is transferred to the recipient in perpetuity or for a
++fixed term (regardless of how the transaction is characterized), the
++Corresponding Source conveyed under this section must be accompanied
++by the Installation Information. But this requirement does not apply
++if neither you nor any third party retains the ability to install
++modified object code on the User Product (for example, the work has
++been installed in ROM).
++
++ The requirement to provide Installation Information does not include a
++requirement to continue to provide support service, warranty, or updates
++for a work that has been modified or installed by the recipient, or for
++the User Product in which it has been modified or installed. Access to a
++network may be denied when the modification itself materially and
++adversely affects the operation of the network or violates the rules and
++protocols for communication across the network.
++
++ Corresponding Source conveyed, and Installation Information provided,
++in accord with this section must be in a format that is publicly
++documented (and with an implementation available to the public in
++source code form), and must require no special password or key for
++unpacking, reading or copying.
++
++ 7. Additional Terms.
++
++ "Additional permissions" are terms that supplement the terms of this
++License by making exceptions from one or more of its conditions.
++Additional permissions that are applicable to the entire Program shall
++be treated as though they were included in this License, to the extent
++that they are valid under applicable law. If additional permissions
++apply only to part of the Program, that part may be used separately
++under those permissions, but the entire Program remains governed by
++this License without regard to the additional permissions.
++
++ When you convey a copy of a covered work, you may at your option
++remove any additional permissions from that copy, or from any part of
++it. (Additional permissions may be written to require their own
++removal in certain cases when you modify the work.) You may place
++additional permissions on material, added by you to a covered work,
++for which you have or can give appropriate copyright permission.
++
++ Notwithstanding any other provision of this License, for material you
++add to a covered work, you may (if authorized by the copyright holders of
++that material) supplement the terms of this License with terms:
++
++ a) Disclaiming warranty or limiting liability differently from the
++ terms of sections 15 and 16 of this License; or
++
++ b) Requiring preservation of specified reasonable legal notices or
++ author attributions in that material or in the Appropriate Legal
++ Notices displayed by works containing it; or
++
++ c) Prohibiting misrepresentation of the origin of that material, or
++ requiring that modified versions of such material be marked in
++ reasonable ways as different from the original version; or
++
++ d) Limiting the use for publicity purposes of names of licensors or
++ authors of the material; or
++
++ e) Declining to grant rights under trademark law for use of some
++ trade names, trademarks, or service marks; or
++
++ f) Requiring indemnification of licensors and authors of that
++ material by anyone who conveys the material (or modified versions of
++ it) with contractual assumptions of liability to the recipient, for
++ any liability that these contractual assumptions directly impose on
++ those licensors and authors.
++
++ All other non-permissive additional terms are considered "further
++restrictions" within the meaning of section 10. If the Program as you
++received it, or any part of it, contains a notice stating that it is
++governed by this License along with a term that is a further
++restriction, you may remove that term. If a license document contains
++a further restriction but permits relicensing or conveying under this
++License, you may add to a covered work material governed by the terms
++of that license document, provided that the further restriction does
++not survive such relicensing or conveying.
++
++ If you add terms to a covered work in accord with this section, you
++must place, in the relevant source files, a statement of the
++additional terms that apply to those files, or a notice indicating
++where to find the applicable terms.
++
++ Additional terms, permissive or non-permissive, may be stated in the
++form of a separately written license, or stated as exceptions;
++the above requirements apply either way.
++
++ 8. Termination.
++
++ You may not propagate or modify a covered work except as expressly
++provided under this License. Any attempt otherwise to propagate or
++modify it is void, and will automatically terminate your rights under
++this License (including any patent licenses granted under the third
++paragraph of section 11).
++
++ However, if you cease all violation of this License, then your
++license from a particular copyright holder is reinstated (a)
++provisionally, unless and until the copyright holder explicitly and
++finally terminates your license, and (b) permanently, if the copyright
++holder fails to notify you of the violation by some reasonable means
++prior to 60 days after the cessation.
++
++ Moreover, your license from a particular copyright holder is
++reinstated permanently if the copyright holder notifies you of the
++violation by some reasonable means, this is the first time you have
++received notice of violation of this License (for any work) from that
++copyright holder, and you cure the violation prior to 30 days after
++your receipt of the notice.
++
++ Termination of your rights under this section does not terminate the
++licenses of parties who have received copies or rights from you under
++this License. If your rights have been terminated and not permanently
++reinstated, you do not qualify to receive new licenses for the same
++material under section 10.
++
++ 9. Acceptance Not Required for Having Copies.
++
++ You are not required to accept this License in order to receive or
++run a copy of the Program. Ancillary propagation of a covered work
++occurring solely as a consequence of using peer-to-peer transmission
++to receive a copy likewise does not require acceptance. However,
++nothing other than this License grants you permission to propagate or
++modify any covered work. These actions infringe copyright if you do
++not accept this License. Therefore, by modifying or propagating a
++covered work, you indicate your acceptance of this License to do so.
++
++ 10. Automatic Licensing of Downstream Recipients.
++
++ Each time you convey a covered work, the recipient automatically
++receives a license from the original licensors, to run, modify and
++propagate that work, subject to this License. You are not responsible
++for enforcing compliance by third parties with this License.
++
++ An "entity transaction" is a transaction transferring control of an
++organization, or substantially all assets of one, or subdividing an
++organization, or merging organizations. If propagation of a covered
++work results from an entity transaction, each party to that
++transaction who receives a copy of the work also receives whatever
++licenses to the work the party's predecessor in interest had or could
++give under the previous paragraph, plus a right to possession of the
++Corresponding Source of the work from the predecessor in interest, if
++the predecessor has it or can get it with reasonable efforts.
++
++ You may not impose any further restrictions on the exercise of the
++rights granted or affirmed under this License. For example, you may
++not impose a license fee, royalty, or other charge for exercise of
++rights granted under this License, and you may not initiate litigation
++(including a cross-claim or counterclaim in a lawsuit) alleging that
++any patent claim is infringed by making, using, selling, offering for
++sale, or importing the Program or any portion of it.
++
++ 11. Patents.
++
++ A "contributor" is a copyright holder who authorizes use under this
++License of the Program or a work on which the Program is based. The
++work thus licensed is called the contributor's "contributor version".
++
++ A contributor's "essential patent claims" are all patent claims
++owned or controlled by the contributor, whether already acquired or
++hereafter acquired, that would be infringed by some manner, permitted
++by this License, of making, using, or selling its contributor version,
++but do not include claims that would be infringed only as a
++consequence of further modification of the contributor version. For
++purposes of this definition, "control" includes the right to grant
++patent sublicenses in a manner consistent with the requirements of
++this License.
++
++ Each contributor grants you a non-exclusive, worldwide, royalty-free
++patent license under the contributor's essential patent claims, to
++make, use, sell, offer for sale, import and otherwise run, modify and
++propagate the contents of its contributor version.
++
++ In the following three paragraphs, a "patent license" is any express
++agreement or commitment, however denominated, not to enforce a patent
++(such as an express permission to practice a patent or covenant not to
++sue for patent infringement). To "grant" such a patent license to a
++party means to make such an agreement or commitment not to enforce a
++patent against the party.
++
++ If you convey a covered work, knowingly relying on a patent license,
++and the Corresponding Source of the work is not available for anyone
++to copy, free of charge and under the terms of this License, through a
++publicly available network server or other readily accessible means,
++then you must either (1) cause the Corresponding Source to be so
++available, or (2) arrange to deprive yourself of the benefit of the
++patent license for this particular work, or (3) arrange, in a manner
++consistent with the requirements of this License, to extend the patent
++license to downstream recipients. "Knowingly relying" means you have
++actual knowledge that, but for the patent license, your conveying the
++covered work in a country, or your recipient's use of the covered work
++in a country, would infringe one or more identifiable patents in that
++country that you have reason to believe are valid.
++
++ If, pursuant to or in connection with a single transaction or
++arrangement, you convey, or propagate by procuring conveyance of, a
++covered work, and grant a patent license to some of the parties
++receiving the covered work authorizing them to use, propagate, modify
++or convey a specific copy of the covered work, then the patent license
++you grant is automatically extended to all recipients of the covered
++work and works based on it.
++
++ A patent license is "discriminatory" if it does not include within
++the scope of its coverage, prohibits the exercise of, or is
++conditioned on the non-exercise of one or more of the rights that are
++specifically granted under this License. You may not convey a covered
++work if you are a party to an arrangement with a third party that is
++in the business of distributing software, under which you make payment
++to the third party based on the extent of your activity of conveying
++the work, and under which the third party grants, to any of the
++parties who would receive the covered work from you, a discriminatory
++patent license (a) in connection with copies of the covered work
++conveyed by you (or copies made from those copies), or (b) primarily
++for and in connection with specific products or compilations that
++contain the covered work, unless you entered into that arrangement,
++or that patent license was granted, prior to 28 March 2007.
++
++ Nothing in this License shall be construed as excluding or limiting
++any implied license or other defenses to infringement that may
++otherwise be available to you under applicable patent law.
++
++ 12. No Surrender of Others' Freedom.
++
++ If conditions are imposed on you (whether by court order, agreement or
++otherwise) that contradict the conditions of this License, they do not
++excuse you from the conditions of this License. If you cannot convey a
++covered work so as to satisfy simultaneously your obligations under this
++License and any other pertinent obligations, then as a consequence you may
++not convey it at all. For example, if you agree to terms that obligate you
++to collect a royalty for further conveying from those to whom you convey
++the Program, the only way you could satisfy both those terms and this
++License would be to refrain entirely from conveying the Program.
++
++ 13. Use with the GNU Affero General Public License.
++
++ Notwithstanding any other provision of this License, you have
++permission to link or combine any covered work with a work licensed
++under version 3 of the GNU Affero General Public License into a single
++combined work, and to convey the resulting work. The terms of this
++License will continue to apply to the part which is the covered work,
++but the special requirements of the GNU Affero General Public License,
++section 13, concerning interaction through a network will apply to the
++combination as such.
++
++ 14. Revised Versions of this License.
++
++ The Free Software Foundation may publish revised and/or new versions of
++the GNU General Public License from time to time. Such new versions will
++be similar in spirit to the present version, but may differ in detail to
++address new problems or concerns.
++
++ Each version is given a distinguishing version number. If the
++Program specifies that a certain numbered version of the GNU General
++Public License "or any later version" applies to it, you have the
++option of following the terms and conditions either of that numbered
++version or of any later version published by the Free Software
++Foundation. If the Program does not specify a version number of the
++GNU General Public License, you may choose any version ever published
++by the Free Software Foundation.
++
++ If the Program specifies that a proxy can decide which future
++versions of the GNU General Public License can be used, that proxy's
++public statement of acceptance of a version permanently authorizes you
++to choose that version for the Program.
++
++ Later license versions may give you additional or different
++permissions. However, no additional obligations are imposed on any
++author or copyright holder as a result of your choosing to follow a
++later version.
++
++ 15. Disclaimer of Warranty.
++
++ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
++APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
++HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
++OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
++THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
++IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
++ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
++
++ 16. Limitation of Liability.
++
++ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
++WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
++THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
++GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
++USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
++DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
++PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
++EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
++SUCH DAMAGES.
++
++ 17. Interpretation of Sections 15 and 16.
++
++ If the disclaimer of warranty and limitation of liability provided
++above cannot be given local legal effect according to their terms,
++reviewing courts shall apply local law that most closely approximates
++an absolute waiver of all civil liability in connection with the
++Program, unless a warranty or assumption of liability accompanies a
++copy of the Program in return for a fee.
++
++ END OF TERMS AND CONDITIONS
++
++ How to Apply These Terms to Your New Programs
++
++ If you develop a new program, and you want it to be of the greatest
++possible use to the public, the best way to achieve this is to make it
++free software which everyone can redistribute and change under these terms.
++
++ To do so, attach the following notices to the program. It is safest
++to attach them to the start of each source file to most effectively
++state the exclusion of warranty; and each file should have at least
++the "copyright" line and a pointer to where the full notice is found.
++
++ <one line to give the program's name and a brief idea of what it does.>
++ Copyright (C) <year> <name of author>
++
++ This program is free software: you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation, either version 3 of the License, or
++ (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program. If not, see <http://www.gnu.org/licenses/>.
++
++Also add information on how to contact you by electronic and paper mail.
++
++ If the program does terminal interaction, make it output a short
++notice like this when it starts in an interactive mode:
++
++ <program> Copyright (C) <year> <name of author>
++ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
++ This is free software, and you are welcome to redistribute it
++ under certain conditions; type `show c' for details.
++
++The hypothetical commands `show w' and `show c' should show the appropriate
++parts of the General Public License. Of course, your program's commands
++might be different; for a GUI interface, you would use an "about box".
++
++ You should also get your employer (if you work as a programmer) or school,
++if any, to sign a "copyright disclaimer" for the program, if necessary.
++For more information on this, and how to apply and follow the GNU GPL, see
++<http://www.gnu.org/licenses/>.
++
++ The GNU General Public License does not permit incorporating your program
++into proprietary programs. If your program is a subroutine library, you
++may consider it more useful to permit linking proprietary applications with
++the library. If this is what you want to do, use the GNU Lesser General
++Public License instead of this License. But first, please read
++<http://www.gnu.org/philosophy/why-not-lgpl.html>.
--- /dev/null
--- /dev/null
++Server maintains a queue of outbound packets for each user
++
++Packets which are older than the applicable max_queue_time are discarded
++
++Each incoming request to the server takes up to max_batch_down bytes
++from the queue and returns them as the POST response body payload
++
++Each incoming request contains up to max_batch_up bytes of payload.
++It's a multipart/form-data.
++
++Authentication: clock-based lifetime-limited bearer tokens.
++
++Encryption and integrity checking: none. Use a real VPN over this!
++
++Routing assistance: none in hippotat; can be requested on client
++ from userv-ipif via `vroutes' parameter. Use with secnet polypath
++ ideally uses the special support in secnet 0.4.x.
++
++Client form parameters (multipart/form-data):
++ m metadata, newline-separated list (text file) of
++ client ip address (textual)
++ token
++ target_requests_outstanding
++ http_timeout
++ d data (SLIP format, with SLIP_ESC and `-' swapped)
++
++
++Authentication token is:
++ <time_t in hex with no leading 0s> <hmac in base64>
++(separated by a single space). The hmac is
++ HMAC(secret, <time_t in hex>)
++
++
++Possible future nonce-based authentication:
++
++server keeps big nonce counter for each client
++meaning is:
++ nonce counter is most recent nonce client has sent
++also server keeps bitmap of the previous ?64 nonces,
++ whether client has sent them
++
++client picks.... xxx
--- /dev/null
+ -*- Fundamental -*-
+
+ Sections
+
+ [<servername> - <client>]
+ [<client>]
+ [<servername>] often [SERVER]
+ [COMMON]
+
+ Keys are looked up in that order, unless otherwise specified.
+ <client> is the client's virtual address.
+ <servername> must be a valid DNS hostname and not look like an address.
+
+ Exceptional settings:
+
+ server
+ Specifies <servername>.
+ Is looked up in [SERVER] and [COMMON] only.
+ If not specified there, it is SERVER.
+
+ Used by server to select the appropriate parts of the
+ rest of the configuration. Ignored by the client.
+
+ secret
+ Looked up in the usual way, but used by client and server to
+ determine which possible peerings to try to set up, and which to
+ ignore.
+
+ We define the sets of putative clients and servers, as follows:
+ all those, for which there is any section (even an empty one)
+ whose name is based on <client> or <servername> (as applicable).
+ (LIMIT sections do not count.)
+
+ The server queue packets for, and accept requests from, each
+ putative client for which the config search yields a secret.
+
+ Each client will create a local interface, and try to communicate
+ with the server, for each possible pair (putative server,
+ putative client) for which the config search yields a secret.
+
+ ipif
+ Command to run to create and communicate with local network
+ interface. Passed to sh -c. Must speak SLIP on stdin/stdout.
+ The following additional interpolations aare substituted:
+ %(local)s %(peer)s %(rnet)s %(ifname)s
+ on server <vaddr> <vrelay> <vnetwork> <ifname_server>
+ on client <client> <vaddr> <vroutes> <ifname_client>
+ ["userv root ipif %(local)s,%(peer)s,%(mtu)s,slip %(rnets)s"]
+
+ On server: applies to all clients; not looked up in
+ client-specific sections.
+ On client: may be different for different servers.
+
+ Capped settings:
+
+ Values in [<server> LIMIT] and [LIMIT] are a cap (maximum) on
+ those from the other sections (including COMMON).
+
+ max_batch_down
+ Size limit for response payloads (used by server only)
+ [65536 bytes; LIMIT: 262144 bytes]
+
+ max_queue_time
+ Discard packets after they have been queued this long waiting
+ for http.
+ On server: setting applies to downward packets, and is capped
+ by LIMIT values.
+ On client: setting applies to upward packets, and is
+ not affected by LIMIT values.
+ [10 s; LIMIT: 121 s]
+
+ http_timeout
+ On server: return with empty payload any http request oustanding
+ for this long
+ On client: give up on any http request outstanding for
+ for this long plus http_timeout_grace
+ Client's effective timeout must be at least server's (checked).
+ [30 s; LIMIT: 121]
+
+ target_requests_outstanding
+ On server: whenever number of outstanding requests for
+ a client exceeds this, return oldest with empty payload
+ On client: try to keep this many requests outstanding.
+ Must match between client and server (checked).
+ [3; LIMIT: 10]
+
+ Ordinary settings, used by both, not client-specific:
+
+ These are not looked up in the client-specific config sections.
+
+ addrs
+ Public IP (v4 or v6) address(es) of the server;
+ space-separated.
+ On server: mandatory; used for bind. No default.
+ On client: used only to construct default url.
+
+ vnetwork
+ Private network range (<prefix>/<length>). Must contain all
+ <client>s. Must contain <vaddr> and <vrelay>, and used
+ to compute their defaults. [172.24.230.192/28]
+
+ vaddr
+ Address of server's virtual interface.
+
+ vrelay
+ Virtual point-to-point address used for tunnel routing
+ (does not appear in packets).
+ [first host entry in <vnetwork> other than <vaddr>,
+ so 172.24.230.194]
+
+ port
+ Public port number of the server. [80]
+ On server: used for bind.
+ On client: used only to construct default url.
+
+ mtu
+ Must match exactly. (UNCHECKED) [1500 bytes]
+
+ ifname_server
+ Virtual interface name on the server. [shippo%d]
+ ifname_client
+ Virtual interface name on the client. [hippo%d]
+ Any %d is interpolated (by the kernel).
+
+ Ordinary settings, used by server only:
+
+ max_clock_skew
+ Permissible clock skew between client and server.
+ hippotat will not work if clock skew is more than this.
+ Conversely: when moving client from one public network to
+ another, the first network can deny service to the client for
+ this period after the client leaves the first network.
+ [300s]
+
+ Ordinary settings, used by client only:
+
+ http_timeout_grace
+ See http_timeout. [5 s]
+
+ max_requests_outstanding
+ Client will hold off sending more requests than this to
+ server even if it has data to send. [6]
+
+ max_batch_up
+ Size limit for request payloads. [4000 bytes]
+
+ http_retry
+ If a request fails, wait this long before considering it
+ "finished" - to limit rate of futile requests. [5 s]
+
+ url
+ Public url of server.
+ [http://<first-entry-in-addrs>:<port>/]
+
+ vroutes
+ Virtual addresses (in CIDR syntax) to be found at the server
+ end, space-separated. Routes to those will be created on
+ the client. [""]
--- /dev/null
--- /dev/null
++hippotat (0.1~UNRELEASED) unstable; urgency=medium
++
++ *
++
++ -- Ian Jackson <ijackson@chiark.greenend.org.uk> Sat, 08 Apr 2017 17:57:42 +0100
++
--- /dev/null
--- /dev/null
++9
--- /dev/null
--- /dev/null
++Source: hippotat
++Build-Depends: debhelper (>= 9), dh-python, python3
++Maintainer: Ian Jackson <ijackson@chiark.greenend.org.uk>
++
++Package: hippotat
++Depends: python3, ${python3:Depends}
++Recommends: userv, userv-utils (>= 0.6.0~~iwj4), cpio
++Suggests: authbind
++Architecture: all
++Description: IP Over HTTP (Asinine)
++ IP-over-HTTP client and server.
--- /dev/null
+ Hippotat - Asinine IP Over HTTP program
+
+ Copyright 2017 Ian Jackson
+
+
+ The client is:
+
+ GPLv3+
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program, in the file GPLv3. If not,
+ see <http://www.gnu.org/licenses/>.
+
+ (This licence applies to all the short files without their own
+ copyright notices, too.)
+
+
+ The server is:
+
+ AGPLv3+ + CAFv2+
+
+ This program is free software: you can redistribute it and/or
+ modify it under the terms of the GNU Affero General Public
+ License as published by the Free Software Foundation, either
+ version 3 of the License, or (at your option) any later version,
+ with the "CAF Login Exception" as published by Ian Jackson
+ (version 2, or at your option any later version) as an Additional
+ Permission.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public
+ License and the CAF Login Exception along with this program, in
+ the file AGPLv3+CAFv2. If not, email Ian Jackson
+ <ijackson@chiark.greenend.org.uk>.
+
+ ----------------------------------------------------------------------
+ hippotat is an IP-over-HTTP client and server pair
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as
+ published by the Free Software Foundation, either version 3 of the
+ License, or (at your option) any later version, with the "CAF Login
+ Exception" as published by Ian Jackson (version 1, or at your option
+ any later version) as an Additional Permission.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ ------------------------------
+
+ CAF Login Exception (version 2)
+
+ To avoid forcing users to make the source code of their whole
+ application available to non-users, I (Ian Jackson) have granted this
+ exception as part of the licence of CGI::Auth::Flexible (and
+ some other programs, where declared in their copyright rubrics).
+
+ When considering AGPLv3 section 13 "Remote Network Interaction" (or
+ similar provisions in successor licences):
+
+ If all interactions with the Program (other than interactions with the
+ user authentication system) require user authentication, the
+ provisions of that section apply only to interaction with the Program
+ by authenticated users.
+
+ This is an Additional Permission as contemplated by AGPLv3 section 7.
+
+ - Ian Jackson
+
+ ------------------------------
+
+ GNU AFFERO GENERAL PUBLIC LICENSE
+ Version 3, 19 November 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU Affero General Public License is a free, copyleft license
+ for software and other kinds of works, specifically designed to ensure
+ cooperation with the community in the case of network server software.
+
+ The licenses for most software and other practical works are
+ designed to take away your freedom to share and change the works. By
+ contrast, our General Public Licenses are intended to guarantee your
+ freedom to share and change all versions of a program--to make sure it
+ remains free software for all its users.
+
+ When we speak of free software, we are referring to freedom, not
+ price. Our General Public Licenses are designed to make sure that you
+ have the freedom to distribute copies of free software (and charge for
+ them if you wish), that you receive source code or can get it if you
+ want it, that you can change the software or use pieces of it in new
+ free programs, and that you know you can do these things.
+
+ Developers that use our General Public Licenses protect your rights
+ with two steps: (1) assert copyright on the software, and (2) offer
+ you this License which gives you legal permission to copy, distribute
+ and/or modify the software.
+
+ A secondary benefit of defending all users' freedom is that
+ improvements made in alternate versions of the program, if they
+ receive widespread use, become available for other developers to
+ incorporate. Many developers of free software are heartened and
+ encouraged by the resulting cooperation. However, in the case of
+ software used on network servers, this result may fail to come about.
+ The GNU General Public License permits making a modified version and
+ letting the public access it on a server without ever releasing its
+ source code to the public.
+
+ The GNU Affero General Public License is designed specifically to
+ ensure that, in such cases, the modified source code becomes available
+ to the community. It requires the operator of a network server to
+ provide the source code of the modified version running there to the
+ users of that server. Therefore, public use of a modified version, on
+ a publicly accessible server, gives the public access to the source
+ code of the modified version.
+
+ An older license, called the Affero General Public License and
+ published by Affero, was designed to accomplish similar goals. This is
+ a different license, not a version of the Affero GPL, but Affero has
+ released a new version of the Affero GPL which permits relicensing under
+ this license.
+
+ The precise terms and conditions for copying, distribution and
+ modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU Affero General Public
+ License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds
+ of works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+ License. Each licensee is addressed as "you". "Licensees" and
+ "recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+ in a fashion requiring copyright permission, other than the making of an
+ exact copy. The resulting work is called a "modified version" of the
+ earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+ on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+ permission, would make you directly or secondarily liable for
+ infringement under applicable copyright law, except executing it on a
+ computer or modifying a private copy. Propagation includes copying,
+ distribution (with or without modification), making available to the
+ public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+ parties to make or receive copies. Mere interaction with a user through
+ a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+ to the extent that it includes a convenient and prominently visible
+ feature that (1) displays an appropriate copyright notice, and (2)
+ tells the user that there is no warranty for the work (except to the
+ extent that warranties are provided), that licensees may convey the
+ work under this License, and how to view a copy of this License. If
+ the interface presents a list of user commands or options, such as a
+ menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+ for making modifications to it. "Object code" means any non-source
+ form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+ standard defined by a recognized standards body, or, in the case of
+ interfaces specified for a particular programming language, one that
+ is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+ than the work as a whole, that (a) is included in the normal form of
+ packaging a Major Component, but which is not part of that Major
+ Component, and (b) serves only to enable use of the work with that
+ Major Component, or to implement a Standard Interface for which an
+ implementation is available to the public in source code form. A
+ "Major Component", in this context, means a major essential component
+ (kernel, window system, and so on) of the specific operating system
+ (if any) on which the executable work runs, or a compiler used to
+ produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+ the source code needed to generate, install, and (for an executable
+ work) run the object code and to modify the work, including scripts to
+ control those activities. However, it does not include the work's
+ System Libraries, or general-purpose tools or generally available free
+ programs which are used unmodified in performing those activities but
+ which are not part of the work. For example, Corresponding Source
+ includes interface definition files associated with source files for
+ the work, and the source code for shared libraries and dynamically
+ linked subprograms that the work is specifically designed to require,
+ such as by intimate data communication or control flow between those
+ subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+ can regenerate automatically from other parts of the Corresponding
+ Source.
+
+ The Corresponding Source for a work in source code form is that
+ same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+ copyright on the Program, and are irrevocable provided the stated
+ conditions are met. This License explicitly affirms your unlimited
+ permission to run the unmodified Program. The output from running a
+ covered work is covered by this License only if the output, given its
+ content, constitutes a covered work. This License acknowledges your
+ rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+ convey, without conditions so long as your license otherwise remains
+ in force. You may convey covered works to others for the sole purpose
+ of having them make modifications exclusively for you, or provide you
+ with facilities for running those works, provided that you comply with
+ the terms of this License in conveying all material for which you do
+ not control copyright. Those thus making or running the covered works
+ for you must do so exclusively on your behalf, under your direction
+ and control, on terms that prohibit them from making any copies of
+ your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+ the conditions stated below. Sublicensing is not allowed; section 10
+ makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+ measure under any applicable law fulfilling obligations under article
+ 11 of the WIPO copyright treaty adopted on 20 December 1996, or
+ similar laws prohibiting or restricting circumvention of such
+ measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+ circumvention of technological measures to the extent such circumvention
+ is effected by exercising rights under this License with respect to
+ the covered work, and you disclaim any intention to limit operation or
+ modification of the work as a means of enforcing, against the work's
+ users, your or third parties' legal rights to forbid circumvention of
+ technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+ receive it, in any medium, provided that you conspicuously and
+ appropriately publish on each copy an appropriate copyright notice;
+ keep intact all notices stating that this License and any
+ non-permissive terms added in accord with section 7 apply to the code;
+ keep intact all notices of the absence of any warranty; and give all
+ recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+ and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+ produce it from the Program, in the form of source code under the
+ terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+ works, which are not by their nature extensions of the covered work,
+ and which are not combined with it such as to form a larger program,
+ in or on a volume of a storage or distribution medium, is called an
+ "aggregate" if the compilation and its resulting copyright are not
+ used to limit the access or legal rights of the compilation's users
+ beyond what the individual works permit. Inclusion of a covered work
+ in an aggregate does not cause this License to apply to the other
+ parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+ of sections 4 and 5, provided that you also convey the
+ machine-readable Corresponding Source under the terms of this License,
+ in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+ from the Corresponding Source as a System Library, need not be
+ included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+ tangible personal property which is normally used for personal, family,
+ or household purposes, or (2) anything designed or sold for incorporation
+ into a dwelling. In determining whether a product is a consumer product,
+ doubtful cases shall be resolved in favor of coverage. For a particular
+ product received by a particular user, "normally used" refers to a
+ typical or common use of that class of product, regardless of the status
+ of the particular user or of the way in which the particular user
+ actually uses, or expects or is expected to use, the product. A product
+ is a consumer product regardless of whether the product has substantial
+ commercial, industrial or non-consumer uses, unless such uses represent
+ the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+ procedures, authorization keys, or other information required to install
+ and execute modified versions of a covered work in that User Product from
+ a modified version of its Corresponding Source. The information must
+ suffice to ensure that the continued functioning of the modified object
+ code is in no case prevented or interfered with solely because
+ modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+ specifically for use in, a User Product, and the conveying occurs as
+ part of a transaction in which the right of possession and use of the
+ User Product is transferred to the recipient in perpetuity or for a
+ fixed term (regardless of how the transaction is characterized), the
+ Corresponding Source conveyed under this section must be accompanied
+ by the Installation Information. But this requirement does not apply
+ if neither you nor any third party retains the ability to install
+ modified object code on the User Product (for example, the work has
+ been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+ requirement to continue to provide support service, warranty, or updates
+ for a work that has been modified or installed by the recipient, or for
+ the User Product in which it has been modified or installed. Access to a
+ network may be denied when the modification itself materially and
+ adversely affects the operation of the network or violates the rules and
+ protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+ in accord with this section must be in a format that is publicly
+ documented (and with an implementation available to the public in
+ source code form), and must require no special password or key for
+ unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+ License by making exceptions from one or more of its conditions.
+ Additional permissions that are applicable to the entire Program shall
+ be treated as though they were included in this License, to the extent
+ that they are valid under applicable law. If additional permissions
+ apply only to part of the Program, that part may be used separately
+ under those permissions, but the entire Program remains governed by
+ this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+ remove any additional permissions from that copy, or from any part of
+ it. (Additional permissions may be written to require their own
+ removal in certain cases when you modify the work.) You may place
+ additional permissions on material, added by you to a covered work,
+ for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+ add to a covered work, you may (if authorized by the copyright holders of
+ that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+ restrictions" within the meaning of section 10. If the Program as you
+ received it, or any part of it, contains a notice stating that it is
+ governed by this License along with a term that is a further restriction,
+ you may remove that term. If a license document contains a further
+ restriction but permits relicensing or conveying under this License, you
+ may add to a covered work material governed by the terms of that license
+ document, provided that the further restriction does not survive such
+ relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+ must place, in the relevant source files, a statement of the
+ additional terms that apply to those files, or a notice indicating
+ where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+ form of a separately written license, or stated as exceptions;
+ the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+ provided under this License. Any attempt otherwise to propagate or
+ modify it is void, and will automatically terminate your rights under
+ this License (including any patent licenses granted under the third
+ paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+ license from a particular copyright holder is reinstated (a)
+ provisionally, unless and until the copyright holder explicitly and
+ finally terminates your license, and (b) permanently, if the copyright
+ holder fails to notify you of the violation by some reasonable means
+ prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+ reinstated permanently if the copyright holder notifies you of the
+ violation by some reasonable means, this is the first time you have
+ received notice of violation of this License (for any work) from that
+ copyright holder, and you cure the violation prior to 30 days after
+ your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+ licenses of parties who have received copies or rights from you under
+ this License. If your rights have been terminated and not permanently
+ reinstated, you do not qualify to receive new licenses for the same
+ material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+ run a copy of the Program. Ancillary propagation of a covered work
+ occurring solely as a consequence of using peer-to-peer transmission
+ to receive a copy likewise does not require acceptance. However,
+ nothing other than this License grants you permission to propagate or
+ modify any covered work. These actions infringe copyright if you do
+ not accept this License. Therefore, by modifying or propagating a
+ covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+ receives a license from the original licensors, to run, modify and
+ propagate that work, subject to this License. You are not responsible
+ for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+ organization, or substantially all assets of one, or subdividing an
+ organization, or merging organizations. If propagation of a covered
+ work results from an entity transaction, each party to that
+ transaction who receives a copy of the work also receives whatever
+ licenses to the work the party's predecessor in interest had or could
+ give under the previous paragraph, plus a right to possession of the
+ Corresponding Source of the work from the predecessor in interest, if
+ the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+ rights granted or affirmed under this License. For example, you may
+ not impose a license fee, royalty, or other charge for exercise of
+ rights granted under this License, and you may not initiate litigation
+ (including a cross-claim or counterclaim in a lawsuit) alleging that
+ any patent claim is infringed by making, using, selling, offering for
+ sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+ License of the Program or a work on which the Program is based. The
+ work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+ owned or controlled by the contributor, whether already acquired or
+ hereafter acquired, that would be infringed by some manner, permitted
+ by this License, of making, using, or selling its contributor version,
+ but do not include claims that would be infringed only as a
+ consequence of further modification of the contributor version. For
+ purposes of this definition, "control" includes the right to grant
+ patent sublicenses in a manner consistent with the requirements of
+ this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+ patent license under the contributor's essential patent claims, to
+ make, use, sell, offer for sale, import and otherwise run, modify and
+ propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+ agreement or commitment, however denominated, not to enforce a patent
+ (such as an express permission to practice a patent or covenant not to
+ sue for patent infringement). To "grant" such a patent license to a
+ party means to make such an agreement or commitment not to enforce a
+ patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+ and the Corresponding Source of the work is not available for anyone
+ to copy, free of charge and under the terms of this License, through a
+ publicly available network server or other readily accessible means,
+ then you must either (1) cause the Corresponding Source to be so
+ available, or (2) arrange to deprive yourself of the benefit of the
+ patent license for this particular work, or (3) arrange, in a manner
+ consistent with the requirements of this License, to extend the patent
+ license to downstream recipients. "Knowingly relying" means you have
+ actual knowledge that, but for the patent license, your conveying the
+ covered work in a country, or your recipient's use of the covered work
+ in a country, would infringe one or more identifiable patents in that
+ country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+ arrangement, you convey, or propagate by procuring conveyance of, a
+ covered work, and grant a patent license to some of the parties
+ receiving the covered work authorizing them to use, propagate, modify
+ or convey a specific copy of the covered work, then the patent license
+ you grant is automatically extended to all recipients of the covered
+ work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+ the scope of its coverage, prohibits the exercise of, or is
+ conditioned on the non-exercise of one or more of the rights that are
+ specifically granted under this License. You may not convey a covered
+ work if you are a party to an arrangement with a third party that is
+ in the business of distributing software, under which you make payment
+ to the third party based on the extent of your activity of conveying
+ the work, and under which the third party grants, to any of the
+ parties who would receive the covered work from you, a discriminatory
+ patent license (a) in connection with copies of the covered work
+ conveyed by you (or copies made from those copies), or (b) primarily
+ for and in connection with specific products or compilations that
+ contain the covered work, unless you entered into that arrangement,
+ or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+ any implied license or other defenses to infringement that may
+ otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+ otherwise) that contradict the conditions of this License, they do not
+ excuse you from the conditions of this License. If you cannot convey a
+ covered work so as to satisfy simultaneously your obligations under this
+ License and any other pertinent obligations, then as a consequence you may
+ not convey it at all. For example, if you agree to terms that obligate you
+ to collect a royalty for further conveying from those to whom you convey
+ the Program, the only way you could satisfy both those terms and this
+ License would be to refrain entirely from conveying the Program.
+
+ 13. Remote Network Interaction; Use with the GNU General Public License.
+
+ Notwithstanding any other provision of this License, if you modify the
+ Program, your modified version must prominently offer all users
+ interacting with it remotely through a computer network (if your version
+ supports such interaction) an opportunity to receive the Corresponding
+ Source of your version by providing access to the Corresponding Source
+ from a network server at no charge, through some standard or customary
+ means of facilitating copying of software. This Corresponding Source
+ shall include the Corresponding Source for any work covered by version 3
+ of the GNU General Public License that is incorporated pursuant to the
+ following paragraph.
+
+ Notwithstanding any other provision of this License, you have permission
+ to link or combine any covered work with a work licensed under version 3
+ of the GNU General Public License into a single combined work, and to
+ convey the resulting work. The terms of this License will continue to
+ apply to the part which is the covered work, but the work with which it is
+ combined will remain governed by version 3 of the GNU General Public
+ License.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+ the GNU Affero General Public License from time to time. Such new
+ versions will be similar in spirit to the present version, but may differ
+ in detail to address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+ Program specifies that a certain numbered version of the GNU Affero
+ General Public License "or any later version" applies to it, you have
+ the option of following the terms and conditions either of that
+ numbered version or of any later version published by the Free
+ Software Foundation. If the Program does not specify a version number
+ of the GNU Affero General Public License, you may choose any version
+ ever published by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+ versions of the GNU Affero General Public License can be used, that
+ proxy's public statement of acceptance of a version permanently
+ authorizes you to choose that version for the Program.
+
+ Later license versions may give you additional or different
+ permissions. However, no additional obligations are imposed on any
+ author or copyright holder as a result of your choosing to follow a
+ later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+ APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+ HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+ OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+ THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+ IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+ WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+ THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+ GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+ USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+ DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+ PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+ EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+ above cannot be given local legal effect according to their terms,
+ reviewing courts shall apply local law that most closely approximates
+ an absolute waiver of all civil liability in connection with the
+ Program, unless a warranty or assumption of liability accompanies a
+ copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+ possible use to the public, the best way to achieve this is to make it
+ free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+ to attach them to the start of each source file to most effectively
+ state the exclusion of warranty; and each file should have at least
+ the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as
+ published by the Free Software Foundation, either version 3 of the
+ License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ Also add information on how to contact you by electronic and paper mail.
+
+ If your software can interact with users remotely through a computer
+ network, you should also make sure that it provides a way for users to
+ get its source. For example, if your program is a web application, its
+ interface could display a "Source" link that leads users to an archive
+ of the code. There are many ways you could offer source, and different
+ solutions will be better for different programs; see section 13 for the
+ specific requirements.
+
+ You should also get your employer (if you work as a programmer) or school,
+ if any, to sign a "copyright disclaimer" for the program, if necessary.
+ For more information on this, and how to apply and follow the GNU AGPL, see
+ <http://www.gnu.org/licenses/>.
--- /dev/null
+ /etc/hippotat
+ /etc/hippotat/config.d
--- /dev/null
+ #!/bin/sh
+
+ ### BEGIN INIT INFO
+ # Provides: hippotatd
+ # Required-Start: $syslog $network userv
+ # Required-Stop: $syslog $network
+ # Default-Start: 2 3 4 5
+ # Default-Stop: 0 1 6
+ # Short-Description: hippotatd
+ # Description: Asinine IP over HTTP server
+ ### END INIT INFO
+
+ DAEMON=/usr/sbin/hippotatd
+ MASTER_CONFIG=/etc/hippotat/master.cfg
+ USER=Debian-hippotat
+ PIDFILE=/var/run/hippotat/hippotatd.pid
+ LOGFACILITY=daemon
+ CHECK_FIREWALL=true
+ # HIPPOTATD_ARGS
+ AS_USER=as_user_userv
+ DESCRIPTION='Asinine IP over HTTP server'
+ if type authbind >/dev/null 2>&1; then AUTHBIND=authbind; fi
+
+ test -e /etc/default/hippotatd &&
+ . /etc/default/hippotatd
+
+ set -e
+
+ test -f $DAEMON || exit 0
+ egrep '^[^ #]' $MASTER_CONFIG >/dev/null 2>&1 || exit 0
+
+ . /lib/lsb/init-functions
+
+ as_user_userv () {
+ userv --override '
+ execute-from-path
+ no-suppress-args
+ ' $USER "$@"
+ }
+
+ ssd () {
+ set +e
+ start-stop-daemon --quiet --user $USER --pidfile=$PIDFILE "$@"
+ rc=$?
+ set -e
+ }
+ ensure_dirs () {
+ pidfiledir=${PIDFILE%/*}
+ if test -d ${pidfiledir}; then return; fi
+ mkdir -m 755 $pidfiledir
+ chown $USER $pidfiledir
+ }
+
+ dump_firewall () {
+ iptables -L -v -n
+ }
+
+ print_config () {
+ $AS_USER $DAEMON $HIPPOTATD_ARGS --print-config "$1"
+ }
+
+ check_firewall () {
+ vnetwork=$(print_config vnetwork)
+ if dump_firewall | fgrep " $vnetwork " >/dev/null; then :; else
+ log_failure_msg \
+ "no entry in firewall for insecure vnetwork $vnetwork"
+ exit 1
+ fi
+ }
+
+ do_start () {
+ check_firewall
+ ensure_dirs
+ ssd --chuid $USER --start \
+ --startas /bin/sh -- -ec '"$@"' x \
+ $AUTHBIND $DAEMON --daemon --pidfile=$PIDFILE \
+ --syslog-facility=$LOGFACILITY $HIPPOTATD_ARGS
+ }
+ do_stop () {
+ ssd --stop --oknodo --retry 5
+ }
+
+ case "$1" in
+ start)
+ log_daemon_msg "Starting $DESCRIPTION" hippotatd
+ do_start
+ log_end_msg $rc
+ exit $rc
+ ;;
+
+ stop)
+ log_daemon_msg "Stopping $DESCRIPTION" hippotatd
+ do_stop
+ log_end_msg $rc
+ exit $rc
+ ;;
+
+ restart|force-reload)
+ log_daemon_msg "Restarting $DESCRIPTION" hippotatd
+ do_stop
+ sleep 1
+ do_start
+ log_end_msg $rc
+ ;;
+
+ reload)
+ log_failure_msg "Cannot reload hippotat - need restart"
+ exit 1
+ ;;
+
+ *)
+ echo >&2 "$0: unknown action $1"
+ exit 1
+ ;;
+
+ esac
+
+ exit 0
--- /dev/null
+ README.config PROTOCOL CONTRIBUTING /usr/share/doc/hippotat
+ simple.cfg sgo-demo.cfg test.cfg /usr/share/doc/hippotat/examples
--- /dev/null
+ #!/bin/sh
+ set -e
+
+ adduser --system --group --force-badname --shell=/bin/bash \
+ --quiet --home /etc/hippotat Debian-hippotat
+
+ umask 077
+
+ pd=/etc/hippotat/secrets.d
+ test -d $pd || \
+ install -m 750 -o root -g Debian-hippotat -d $pd
+
+ #DEBHELPER#
--- /dev/null
+ #!/bin/sh
+ set -e
+ case "$1" in
+ purge)
+ rm -rf /etc/hippotat
+ ;;
+ esac
--- /dev/null
--- /dev/null
++#!/usr/bin/make -f
++
++SHELL=/bin/bash
++
++export PYBUILD_INSTALL_DIR=/usr/share/hippotat/python3
++
++%:
++ dh $@ --with python3 --buildsystem=pybuild
++
++i=debian/hippotat
++
++debian/copyright: COPYING AGPLv3+CAFv2
++ cat $^ >$@.tmp && mv -f $@.tmp $@
++
++override_dh_python3:
++ dh_python3 -O--buildsystem=pybuild
++ dh_installdirs /usr/sbin
++ mv $i/usr/{bin,sbin}/hippotatd
++
++override_dh_installinit:
++ dh_installinit --name=hippotatd
++
++override_dh_compress:
++ find $i/usr/{bin,sbin} -type f | xargs ./subst-sys-path
++ dh_compress
--- /dev/null
+ #!/bin/sh
+ set -ex
+ echo >&2 "$0: invoked as $0 $*"
+ exec 3<&0 4>&1 5>&2 >&2 </dev/null
+ exec xterm -geometry -0+0 -T netns -e unshare -n -- sh -xc '
+ "$@" <&3 >&4 2>&5 &
+ sleep 0.1
+ env - bash -i
+ ' x "$@"
--- /dev/null
+ <body>
+ <h1>no data</h1>
+ <form method="POST" action="http://localhost:8099/"
+ enctype="multipart/form-data">
+ <textarea cols=20 rows=4 name="m"></textarea>
+ <input type="submit">
+ </form>
+ <h2>with data</h1>
+ <form method="POST" action="http://localhost:8099/"
+ enctype="multipart/form-data">
+ <textarea cols=20 rows=4 name="m"></textarea>
+ <p>
+ <input type="file" name="d">
+ <input type="submit">
+ </form>
+ </body>
--- /dev/null
+ #!/usr/bin/python3
+ #
+ # Hippotat - Asinine IP Over HTTP program
+ # ./hippotat - client main program
+ #
+ # Copyright 2017 Ian Jackson
+ #
+ # GPLv3+
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program, in the file GPLv3. If not,
+ # see <http://www.gnu.org/licenses/>.
+
+ #@ import sys; sys.path.append('@PYBUILD_INSTALL_DIR@')
+ from hippotatlib import *
+
+ import twisted.web
+ import twisted.web.client
+ import urllib.parse
+
+ import io
+
+ class GeneralResponseConsumer(twisted.internet.protocol.Protocol):
+ def __init__(self, cl, req, resp, desc):
+ self._cl = cl
+ self._req = req
+ self._resp = resp
+ self._desc = desc
+
+ def _log(self, dflag, msg, **kwargs):
+ self._cl.log(dflag, '%s: %s' % (self._desc, msg), idof=self._req, **kwargs)
+
+ def connectionMade(self):
+ self._log(DBG.HTTP_CTRL, 'connectionMade')
+
+ def connectionLostOK(self, reason):
+ return (reason.check(twisted.web.client.ResponseDone) or
+ reason.check(twisted.web.client.PotentialDataLoss))
+ # twisted.web.client.PotentialDataLoss is an entirely daft
+ # exception. It will occur every time if the origin server does
+ # not provide a Content-Length. (hippotatd does, of course, but
+ # the HTTP transaction might be proxied.)
+
+ class ResponseConsumer(GeneralResponseConsumer):
+ def __init__(self, cl, req, resp):
+ super().__init__(cl, req, resp, 'RC')
+ ssddesc = '[%s] %s' % (id(req), self._desc)
+ self._ssd = SlipStreamDecoder(ssddesc, partial(queue_inbound, cl.ipif),
+ cl.c.mtu)
+ self._log(DBG.HTTP_CTRL, '__init__')
+
+ def dataReceived(self, data):
+ self._log(DBG.HTTP, 'dataReceived', d=data)
+ try:
+ self._ssd.inputdata(data)
+ except Exception as e:
+ self._handleexception()
+
+ def connectionLost(self, reason):
+ reason_msg = 'connectionLost ' + str(reason)
+ self._log(DBG.HTTP_CTRL, reason_msg)
+ if not self.connectionLostOK(reason):
+ self._latefailure(reason_msg)
+ return
+ try:
+ self._log(DBG.HTTP, 'ResponseDone')
+ self._ssd.flush()
+ self._cl.req_fin(self._req)
+ except Exception as e:
+ self._handleexception()
+ self._cl.report_running()
+
+ def _handleexception(self):
+ self._latefailure(traceback.format_exc())
+
+ def _latefailure(self, reason):
+ self._log(DBG.HTTP_CTRL, '_latefailure ' + str(reason))
+ self._cl.req_err(self._req, reason)
+
+ class ErrorResponseConsumer(GeneralResponseConsumer):
+ def __init__(self, cl, req, resp):
+ super().__init__(cl, req, resp, 'ERROR-RC')
+ self._m = b''
+ try:
+ self._phrase = resp.phrase.decode('utf-8')
+ except Exception:
+ self._phrase = repr(resp.phrase)
+ self._log(DBG.HTTP_CTRL, '__init__ %d %s' % (resp.code, self._phrase))
+
+ def dataReceived(self, data):
+ self._log(DBG.HTTP_CTRL, 'dataReceived ' + repr(data))
+ self._m += data
+
+ def connectionLost(self, reason):
+ try:
+ mbody = self._m.decode('utf-8')
+ except Exception:
+ mbody = repr(self._m)
+ if not self.connectionLostOK(reason):
+ mbody += ' || ' + str(reason)
+ self._cl.req_err(self._req,
+ "FAILED %d %s | %s"
+ % (self._resp.code, self._phrase, mbody))
+
+ class Client():
+ def __init__(cl, c,ss,cs):
+ cl.c = c
+ cl.outstanding = { }
+ cl.desc = '[%s %s] ' % (ss,cs)
+ cl.running_reported = False
+ cl.log_info('setting up')
+
+ def log_info(cl, msg):
+ log.info(cl.desc + msg, dflag=False)
+
+ def report_running(cl):
+ if not cl.running_reported:
+ cl.log_info('running OK')
+ cl.running_reported = True
+
+ def log(cl, dflag, msg, **kwargs):
+ log_debug(dflag, cl.desc + msg, **kwargs)
+
+ def log_outstanding(cl):
+ cl.log(DBG.CTRL_DUMP, 'OS %s' % cl.outstanding)
+
+ def start(cl):
+ cl.queue = PacketQueue('up', cl.c.max_queue_time)
+ cl.agent = twisted.web.client.Agent(
+ reactor, connectTimeout = cl.c.http_timeout)
+
+ def outbound(cl, packet, saddr, daddr):
+ #print('OUT ', saddr, daddr, repr(packet))
+ cl.queue.append(packet)
+ cl.check_outbound()
+
+ def req_ok(cl, req, resp):
+ cl.log(DBG.HTTP_CTRL,
+ 'req_ok %d %s %s' % (resp.code, repr(resp.phrase), str(resp)),
+ idof=req)
+ if resp.code == 200:
+ rc = ResponseConsumer(cl, req, resp)
+ else:
+ rc = ErrorResponseConsumer(cl, req, resp)
+
+ resp.deliverBody(rc)
+ # now rc is responsible for calling req_fin
+
+ def req_err(cl, req, err):
+ # called when the Deferred fails, or (if it completes),
+ # later, by ResponsConsumer or ErrorResponsConsumer
+ try:
+ cl.log(DBG.HTTP_CTRL, 'req_err ' + str(err), idof=req)
+ cl.running_reported = False
+ if isinstance(err, twisted.python.failure.Failure):
+ err = err.getTraceback()
+ print('%s[%#x] %s' % (cl.desc, id(req), err.strip('\n').replace('\n',' / ')),
+ file=sys.stderr)
+ if not isinstance(cl.outstanding[req], int):
+ raise RuntimeError('[%#x] previously %s' %
+ (id(req), cl.outstanding[req]))
+ cl.outstanding[req] = err
+ cl.log_outstanding()
+ reactor.callLater(cl.c.http_retry, partial(cl.req_fin, req))
+ except Exception as e:
+ crash(traceback.format_exc() + '\n----- handling -----\n' + err)
+
+ def req_fin(cl, req):
+ del cl.outstanding[req]
+ cl.log(DBG.HTTP_CTRL, 'req_fin OS=%d' % len(cl.outstanding), idof=req)
+ cl.check_outbound()
+
+ def check_outbound(cl):
+ while True:
+ if len(cl.outstanding) >= cl.c.max_outstanding:
+ break
+
+ if (not cl.queue.nonempty() and
+ len(cl.outstanding) >= cl.c.target_requests_outstanding):
+ break
+
+ d = b''
+ def moredata(s): nonlocal d; d += s
+ cl.queue.process((lambda: len(d)),
+ moredata,
+ cl.c.max_batch_up)
+
+ d = mime_translate(d)
+
+ token = authtoken_make(cl.c.secret)
+
+ crlf = b'\r\n'
+ lf = b'\n'
+ mime = (b'--b' + crlf +
+ b'Content-Type: text/plain; charset="utf-8"' + crlf +
+ b'Content-Disposition: form-data; name="m"' + crlf + crlf +
+ str(cl.c.client) .encode('ascii') + crlf +
+ token + crlf +
+ str(cl.c.target_requests_outstanding)
+ .encode('ascii') + crlf +
+ str(cl.c.http_timeout) .encode('ascii') + crlf +
+ ((
+ b'--b' + crlf +
+ b'Content-Type: application/octet-stream' + crlf +
+ b'Content-Disposition: form-data; name="d"' + crlf + crlf +
+ d + crlf
+ ) if len(d) else b'') +
+ b'--b--' + crlf)
+
+ #df = open('data.dump.dbg', mode='wb')
+ #df.write(mime)
+ #df.close()
+ # POST -use -c 'multipart/form-data; boundary="b"' http://localhost:8099/ <data.dump.dbg
+
+ cl.log(DBG.HTTP_FULL, 'requesting: ' + str(mime))
+
+ hh = { 'User-Agent': ['hippotat'],
+ 'Content-Type': ['multipart/form-data; boundary="b"'] }
+
+ bytesreader = io.BytesIO(mime)
+ producer = twisted.web.client.FileBodyProducer(bytesreader)
+
+ req = cl.agent.request(b'POST',
+ cl.c.url,
+ twisted.web.client.Headers(hh),
+ producer)
+
+ cl.outstanding[req] = len(d)
+ cl.log(DBG.HTTP_CTRL,
+ 'request OS=%d' % len(cl.outstanding),
+ idof=req, d=d)
+ req.addTimeout(cl.c.http_timeout, reactor)
+ req.addCallback(partial(cl.req_ok, req))
+ req.addErrback(partial(cl.req_err, req))
+
+ cl.log_outstanding()
+
+ clients = [ ]
+
+ def encode_url(urlstr):
+ # Oh, this is a disaster. We're given a URL as a `str', but the underlying
+ # machinery insists on having `bytes'. Assume we've been given a sensible
+ # URL, with escaping in all of the necessary places, except that it may
+ # contain non-ASCII characters: then encode as UTF-8 and squash the top-
+ # bit-set bytes down to percent escapes.
+ #
+ # This conses like it's going out of fashion, but it gets the job done.
+ return b''.join(bytes([b]) if b < 128 else '%%%02X' % b
+ for b in urlstr.encode('utf-8'))
+
+ def process_cfg(_opts, putative_servers, putative_clients):
+ global clients
+
+ for ss in putative_servers.values():
+ for (ci,cs) in putative_clients.items():
+ c = ConfigResults()
+
+ sections = cfg_process_client_common(c,ss,cs,ci)
+ if not sections: continue
+
+ log_debug_config('processing client [%s %s]' % (ss, cs))
+
+ def srch(getter,key): return cfg_search(getter,key,sections)
+
+ c.http_timeout += srch(cfg.getint, 'http_timeout_grace')
+ c.max_outstanding = srch(cfg.getint, 'max_requests_outstanding')
+ c.max_batch_up = srch(cfg.getint, 'max_batch_up')
+ c.http_retry = srch(cfg.getint, 'http_retry')
+ c.max_queue_time = srch(cfg.getint, 'max_queue_time')
+ c.vroutes = srch(cfg.get, 'vroutes')
+
+ try: c.ifname = srch(cfg_get_raw, 'ifname_client')
+ except NoOptionError: pass
+
+ try: c.url = encode_url(srch(cfg.get,'url'))
+ except NoOptionError:
+ cfg_process_saddrs(c, ss)
+ c.url = c.saddrs[0].url()
+
+ c.client = ci
+
+ cfg_process_vaddr(c,ss)
+
+ cfg_process_ipif(c,
+ sections,
+ (('local','client'),
+ ('peer', 'vaddr'),
+ ('rnets','vroutes')))
+
+ clients.append(Client(c,ss,cs))
+
+ common_startup(process_cfg)
+
+ for cl in clients:
+ cl.start()
+ cl.ipif = start_ipif(cl.c.ipif_command, cl.outbound, cl.c.mtu)
+ cl.check_outbound()
+
+ common_run()
--- /dev/null
+ #!/usr/bin/python3
+ #
+ # Hippotat - Asinine IP Over HTTP program
+ # ./hippotatd - server main program
+ #
+ # Copyright 2017 Ian Jackson
+ #
+ # AGPLv3+ + CAFv2+
+ #
+ # This program is free software: you can redistribute it and/or
+ # modify it under the terms of the GNU Affero General Public
+ # License as published by the Free Software Foundation, either
+ # version 3 of the License, or (at your option) any later version,
+ # with the "CAF Login Exception" as published by Ian Jackson
+ # (version 2, or at your option any later version) as an Additional
+ # Permission.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ # Affero General Public License for more details.
+ #
+ # You should have received a copy of the GNU Affero General Public
+ # License and the CAF Login Exception along with this program, in
+ # the file AGPLv3+CAFv2. If not, email Ian Jackson
+ # <ijackson@chiark.greenend.org.uk>.
+
+ #@ import sys; sys.path.append('@PYBUILD_INSTALL_DIR@')
+ from hippotatlib import *
+
+ import os
+ import tempfile
+ import atexit
+ import shutil
+ import subprocess
+
+ import twisted.internet
+ from twisted.web.server import NOT_DONE_YET
+
+ import twisted.web.static
+
+ import hippotatlib.ownsource
+ from hippotatlib.ownsource import SourceShipmentPreparer
+
+ #import twisted.web.server import Site
+ #from twisted.web.resource import Resource
+
+ import syslog
+
+ cleanups = [ ]
+
+ clients = { }
+
+ #---------- "router" ----------
+
+ def route(packet, iface, saddr, daddr):
+ def lt(dest):
+ log_debug(DBG.ROUTE, 'route: %s -> %s: %s' % (saddr,daddr,dest), d=packet)
+ try: dclient = clients[daddr]
+ except KeyError: dclient = None
+ if dclient is not None:
+ lt('client')
+ dclient.queue_outbound(packet)
+ elif daddr == c.vaddr or daddr not in c.vnetwork:
+ lt('inbound')
+ queue_inbound(ipif, packet)
+ elif daddr == c.vrelay:
+ lt('discard relay')
+ log_discard(packet, iface, saddr, daddr, 'relay')
+ else:
+ lt('discard no-client')
+ log_discard(packet, iface, saddr, daddr, 'no-client')
+
+ #---------- client ----------
+
+ class Client():
+ def __init__(self, ip, cc):
+ # instance data members
+ self._ip = ip
+ self.cc = cc
+ self._rq = collections.deque() # requests
+ self._pq = PacketQueue(str(ip), self.cc.max_queue_time)
+
+ if ip not in c.vnetwork:
+ raise ValueError('client %s not in vnetwork' % ip)
+
+ if ip in clients:
+ raise ValueError('multiple client cfg sections for %s' % ip)
+ clients[ip] = self
+
+ self._log(DBG.INIT, 'new')
+
+ def _log(self, dflag, msg, **kwargs):
+ log_debug(dflag, ('client %s: ' % self._ip)+msg, **kwargs)
+
+ def process_arriving_data(self, d):
+ self._log(DBG.FLOW, "req data (enc'd)", d=d)
+ if not len(d): return
+ for packet in slip.decode(d):
+ (saddr, daddr) = packet_addrs(packet)
+ if saddr != self._ip:
+ raise ValueError('wrong source address %s' % saddr)
+ route(packet, self._ip, saddr, daddr)
+
+ def _req_cancel(self, request):
+ self._log(DBG.HTTP_CTRL, 'cancel', idof=request)
+ try: request.finish()
+ except Exception: pass
+
+ def _req_error(self, err, request):
+ self._log(DBG.HTTP_CTRL, 'error %s' % err, idof=request)
+ self._req_cancel(request)
+
+ def queue_outbound(self, packet):
+ self._pq.append(packet)
+ self._check_outbound()
+
+ def _req_fin(self, dummy, request, cl):
+ self._log(DBG.HTTP_CTRL, '_req_fin ' + repr(dummy), idof=request)
+ try: cl.cancel()
+ except twisted.internet.error.AlreadyCalled: pass
+
+ def new_request(self, request):
+ request.setHeader('Content-Type','application/octet-stream')
+ cl = reactor.callLater(self.cc.http_timeout, self._req_cancel, request)
+ nf = request.notifyFinish()
+ nf.addErrback(self._req_error, request)
+ nf.addCallback(self._req_fin, request, cl)
+ self._rq.append((request,nf))
+ self._check_outbound()
+
+ def _req_write(self, req, d):
+ self._log(DBG.HTTP, 'req_write ', idof=req, d=d)
+ req.write(d)
+
+ def _check_outbound(self):
+ log_debug(DBG.HTTP_CTRL, 'CHKO')
+ while True:
+ try: (request,nf) = self._rq[0]
+ except IndexError: request = None
+ if request and nf.called:
+ self._log(DBG.HTTP_CTRL, 'CHKO req finished, discard', idof=request)
+ self._rq.popleft()
+ continue
+
+ if not self._pq.nonempty():
+ # no packets, oh well
+ self._log(DBG.HTTP_CTRL, 'CHKO no packets, OUT-DONE', idof=request)
+ break
+
+ if request is None:
+ # no request
+ self._log(DBG.HTTP_CTRL, 'CHKO no request, OUT-DONE', idof=request)
+ break
+
+ self._log(DBG.HTTP_CTRL, 'CHKO processing', idof=request)
+ # request, and also some non-expired packets
+ self._pq.process((lambda: request.sentLength),
+ (lambda d: self._req_write(request, d)),
+ self.cc.max_batch_down)
+
+ assert(request.sentLength)
+ self._rq.popleft()
+ request.finish()
+ self._log(DBG.HTTP, 'complete', idof=request)
+ # round again, looking for more to do
+
+ while len(self._rq) > self.cc.target_requests_outstanding:
+ (request, nf) = self._rq.popleft()
+ self._log(DBG.HTTP, 'CHKO above target, returning empty', idof=request)
+ request.finish()
+
+ def process_request(request, desca):
+ # find client, update config, etc.
+ metadata = request.args[b'm'][0]
+ metadata = metadata.split(b'\r\n')
+ (ci_s, token, tro, cto) = metadata[0:4]
+ desca['m[0,2:3]'] = [ci_s, tro, cto]
+ ci_s = ci_s.decode('utf-8')
+ tro = int(tro); desca['tro']= tro
+ cto = int(cto); desca['cto']= cto
+ ci = ipaddr(ci_s)
+ desca['ci'] = ci
+ cl = clients[ci]
+ authtoken_check(cl.cc.secret, token, cl.cc.max_clock_skew)
+ desca['pwok']=True
+
+ if tro != cl.cc.target_requests_outstanding:
+ raise ValueError('tro must be %d' % cl.cc.target_requests_outstanding)
+
+ if cto < cl.cc.http_timeout:
+ raise ValueError('cto must be >= %d' % cl.cc.http_timeout)
+
+ try:
+ d = request.args[b'd'][0]
+ desca['d'] = d
+ desca['dlen'] = len(d)
+ except KeyError:
+ d = b''
+ desca['dlen'] = None
+
+ log_http(desca, 'processing', idof=id(request), d=d)
+
+ d = mime_translate(d)
+
+ cl.process_arriving_data(d)
+ cl.new_request(request)
+
+ def log_http(desca, msg, **kwargs):
+ try:
+ kwargs['d'] = desca['d']
+ del desca['d']
+ except KeyError:
+ pass
+ log_debug(DBG.HTTP, msg + repr(desca), **kwargs)
+
+ class NotStupidResource(twisted.web.resource.Resource):
+ # why this is not the default is a mystery!
+ def getChild(self, name, request):
+ if name == b'': return self
+ else: return twisted.web.resource.Resource.getChild(self, name, request)
+
+ class IphttpResource(NotStupidResource):
+ def render_POST(self, request):
+ log_debug(DBG.HTTP_FULL,
+ 'req recv: ' + repr(request) + ' ' + repr(request.args),
+ idof=id(request))
+ desca = {'d': None}
+ try: process_request(request, desca)
+ except Exception as e:
+ emsg = traceback.format_exc()
+ log_http(desca, 'RETURNING EXCEPTION ' + emsg)
+ request.setHeader('Content-Type','text/plain; charset="utf-8"')
+ request.setResponseCode(400)
+ return (emsg + ' # ' + repr(desca) + '\r\n').encode('utf-8')
+ log_debug(DBG.HTTP_CTRL, '...', idof=id(request))
+ return NOT_DONE_YET
+
+ # instantiator should set
+ # self.hippotat_sources = (source_names[0], source_names[1])
+ def __init__(self):
+ self.hippotat_sources = [None, None]
+ super().__init__()
+
+ def render_GET(self, request):
+ log_debug(DBG.HTTP, 'GET request')
+ s = '<html><body>hippotat\n'
+ (s0,s1) = self.hippotat_sources
+ if s0:
+ s += '<p><a href="%s">source</a>\n' % s0
+ if self.hippotat_sources[1]:
+ s += ('(and that of dependency <a href="%s">packages</a>)\n' % s1)
+ s += 'available'
+ else:
+ s += 'TESTING'
+ s += '</body></html>'
+ return s.encode('utf-8')
+
+ def start_http():
+ resource = IphttpResource()
+ site = twisted.web.server.Site(resource)
+
+ for sa in c.saddrs:
+ ep = sa.make_endpoint()
+ crash_on_defer(ep.listen(site))
+ log_debug(DBG.INIT, 'listening on %s' % sa)
+
+ td = tempfile.mkdtemp()
+
+ def cleanup():
+ try: shutil.rmtree(td)
+ except FileNotFoundError: pass
+
+ cleanups.append(cleanup)
+
+ ssp = SourceShipmentPreparer(td)
+ ssp.logger = partial(log_debug, DBG.OWNSOURCE)
+ if DBG.OWNSOURCE in debug_set: ssp.stream_debug = sys.stdout
+ ssp.download_packages = opts.ownsource >= 2
+ if opts.ownsource >= 1: ssp.generate()
+
+ for ix in (0,1):
+ bn = ssp.output_names[ix]
+ op = ssp.output_paths[ix]
+ if op is None: continue
+ resource.hippotat_sources[ix] = bn
+ subresource =twisted.web.static.File(op)
+ resource.putChild(bn.encode('utf-8'), subresource)
+
+ reactor.callLater(0.1, (lambda: log.info('hippotatd started', dflag=False)))
+
+ #---------- config and setup ----------
+
+ def process_cfg(_opts, putative_servers, putative_clients):
+ global opts
+ opts = _opts
+
+ global c
+ c = ConfigResults()
+ try: c.server = cfg1get('SERVER','server')
+ except NoOptionError: c.server = 'SERVER'
+
+ cfg_process_general(c, c.server)
+ cfg_process_saddrs(c, c.server)
+ cfg_process_vnetwork(c, c.server)
+ cfg_process_vaddr(c, c.server)
+
+ for (ci,cs) in putative_clients.items():
+ cc = ConfigResults()
+ sections = cfg_process_client_common(cc,c.server,cs,ci)
+ if not sections: continue
+ cfg_process_client_limited(cc,c.server,sections, 'max_batch_down')
+ cfg_process_client_limited(cc,c.server,sections, 'max_queue_time')
+ cc.max_clock_skew = cfg_search(cfg.getint, 'max_clock_skew', sections)
+ Client(ci, cc)
+
+ try:
+ c.vrelay = cfg1get(c.server, 'vrelay')
+ except NoOptionError:
+ for search in c.vnetwork.hosts():
+ if search == c.vaddr: continue
+ c.vrelay = search
+ break
+
+ try: c.ifname = cfg1get(c.server, 'ifname_server', raw=True)
+ except NoOptionError: pass
+
+ cfg_process_ipif(c,
+ [c.server, 'COMMON'],
+ (('local','vaddr'),
+ ('peer', 'vrelay'),
+ ('rnets','vnetwork')))
+
+ if opts.printconfig is not None:
+ try: val = cfg1get(c.server, opts.printconfig)
+ except NoOptionError: pass
+ else: print(val)
+ sys.exit(0)
+
+ def catch_termination():
+ def run_cleanups():
+ for cleanup in cleanups:
+ cleanup()
+
+ atexit.register(run_cleanups)
+
+ def signal_handler(name, sig, *args):
+ signal.signal(sig, signal.SIG_DFL)
+ print('exiting due to %s' % name, file=sys.stderr)
+ run_cleanups()
+ os.kill(os.getpid(), sig)
+ raise RuntimeError('did not die due to signal %s !' % name)
+
+ for sig in (signal.SIGINT, signal.SIGTERM):
+ try: signame = sig.name
+ except AttributeError: signame = "signal %d" % sig
+ signal.signal(sig, partial(signal_handler, signame))
+
+ def daemonise():
+ global syslogfacility
+ if opts.daemon and opts.syslogfacility is None:
+ opts.syslogfacility = 'daemon'
+
+ if opts.syslogfacility is not None:
+ facilnum = syslog.__dict__['LOG_' + opts.syslogfacility.upper()]
+ syslog.openlog('hippotatd',
+ facility=facilnum,
+ logoption=syslog.LOG_PID)
+ def emit(event):
+ if logevent_is_boringtwisted(event): return
+ m = twisted.logger.formatEvent(event)
+ #print(repr(event), m, file=org_stderr)
+ level = event.get('log_level')
+ if event.get('dflag',None) is not None: sl = syslog.LOG_DEBUG
+ elif level == LogLevel.critical : sl = syslog.LOG_CRIT
+ elif level == LogLevel.error : sl = syslog.LOG_ERR
+ elif level == LogLevel.warn : sl = syslog.LOG_WARNING
+ else : sl = syslog.LOG_INFO
+ syslog.syslog(sl,m)
+ failure = event.get('log_failure')
+ if failure is not None:
+ for l in failure.getTraceback().split('\n'):
+ syslog.syslog(sl,l)
+ glp = twisted.logger.globalLogPublisher
+ glp.addObserver(emit)
+ log_debug(DBG.INIT, 'starting to log to syslog')
+
+ #log.crit('daemonic hippotatd crashed', dflag=False)
+ if opts.daemon:
+ daemonic_reactor = (twisted.internet.interfaces.IReactorDaemonize
+ .providedBy(reactor))
+ if daemonic_reactor: reactor.beforeDaemonize()
+ if opts.pidfile is not None:
+ pidfile_h = open(opts.pidfile, 'w')
+ rfd, wfd = os.pipe()
+ childpid = os.fork()
+ if childpid:
+ # we are the parent
+ os.close(wfd)
+ st = os.read(rfd, 1)
+ try:
+ st = st[0]
+ except IndexError:
+ st = 127
+ log.critical('daemonic hippotatd crashed', dflag=False)
+ os._exit(st)
+ os.close(rfd)
+ os.setsid()
+ grandchildpid = os.fork()
+ if grandchildpid:
+ # we are the intermediate child
+ if opts.pidfile is not None:
+ print(grandchildpid, file=pidfile_h)
+ pidfile_h.close()
+ os._exit(0)
+
+ if opts.pidfile is not None:
+ pidfile_h.close()
+
+ logger = subprocess.Popen(['logger','-d',
+ '-t','hippotat[%d](stderr)' % os.getpid(),
+ '-p',opts.syslogfacility + '.err'],
+ stdin=subprocess.PIPE,
+ stdout=subprocess.DEVNULL,
+ stderr=subprocess.DEVNULL,
+ restore_signals=True)
+
+ nullfd = os.open('/dev/null', os.O_RDWR)
+ os.dup2(nullfd, 0)
+ os.dup2(nullfd, 1)
+ os.dup2(logger.stdin.fileno(), 2)
+ os.close(nullfd)
+ if daemonic_reactor: reactor.afterDaemonize()
+ log_debug(DBG.INIT, 'daemonised')
+ os.write(wfd, b'\0')
+ os.close(wfd)
+
+ if opts.syslogfacility is not None:
+ glp.removeObserver(hippotatlib.file_log_observer)
+
+ optparser.add_option('--ownsource', default=2,
+ action='store_const', dest='ownsource', const=2,
+ help='source download fully enabled (default)')
+
+ optparser.add_option('--ownsource-local',
+ action='store_const', dest='ownsource', const=1,
+ help='source download is local source code only')
+
+ optparser.add_option('--no-ownsource',
+ action='store_const', dest='ownsource', const=0,
+ help='source download disabled (for testing only)')
+
+ optparser.add_option('--daemon',
+ action='store_true', dest='daemon', default=False,
+ help='daemonize (and log to syslog)')
+
+ optparser.add_option('--pidfile',
+ nargs=1, type='string',
+ action='store', dest='pidfile', default=None,
+ help='write pid to this file')
+
+ optparser.add_option('--syslog-facility',
+ nargs=1, type='string',action='store',
+ metavar='FACILITY', dest='syslogfacility',
+ default=None,
+ help='log to syslog, with specified facility')
+
+ optparser.add_option('--print-config',
+ nargs=1, type='string',action='store',
+ metavar='OPTION', dest='printconfig',
+ default=None,
+ help='print one config option value and exit')
+
+ common_startup(process_cfg)
+ catch_termination()
+ start_http()
+ daemonise()
+ ipif = start_ipif(c.ipif_command,
+ (lambda p,s,d: route(p,"[ipif]",s,d)),
+ c.mtu)
+ common_run()
--- /dev/null
+ # -*- python -*-
+ #
+ # Hippotat - Asinine IP Over HTTP program
+ # hippotatlib/__init__.py - common library code
+ #
+ # Copyright 2017 Ian Jackson
+ #
+ # GPLv3+
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program, in the file GPLv3. If not,
+ # see <http://www.gnu.org/licenses/>.
+
+
+ import signal
+ signal.signal(signal.SIGINT, signal.SIG_DFL)
+
+ import sys
+ import os
+
+ from zope.interface import implementer
+
+ import twisted
+ from twisted.internet import reactor
+ import twisted.internet.endpoints
+ import twisted.logger
+ from twisted.logger import LogLevel
+ import twisted.python.constants
+ from twisted.python.constants import NamedConstant
+
+ import ipaddress
+ from ipaddress import AddressValueError
+
+ from optparse import OptionParser
+ import configparser
+ from configparser import ConfigParser
+ from configparser import NoOptionError
+
+ from functools import partial
+
+ import collections
+ import time
+ import hmac
+ import hashlib
+ import base64
+ import codecs
+ import traceback
+
+ import re as regexp
+
+ import hippotatlib.slip as slip
+
+ class DBG(twisted.python.constants.Names):
+ INIT = NamedConstant()
+ CONFIG = NamedConstant()
+ ROUTE = NamedConstant()
+ DROP = NamedConstant()
+ OWNSOURCE = NamedConstant()
+ FLOW = NamedConstant()
+ HTTP = NamedConstant()
+ TWISTED = NamedConstant()
+ QUEUE = NamedConstant()
+ HTTP_CTRL = NamedConstant()
+ QUEUE_CTRL = NamedConstant()
+ HTTP_FULL = NamedConstant()
+ CTRL_DUMP = NamedConstant()
+ SLIP_FULL = NamedConstant()
+ DATA_COMPLETE = NamedConstant()
+
+ _hex_codec = codecs.getencoder('hex_codec')
+
+ #---------- logging ----------
+
+ org_stderr = sys.stderr
+
+ log = twisted.logger.Logger()
+
+ debug_set = set()
+ debug_def_detail = DBG.HTTP
+
+ def log_debug(dflag, msg, idof=None, d=None):
+ if dflag not in debug_set: return
+ #print('---------------->',repr((dflag, msg, idof, d)), file=sys.stderr)
+ if idof is not None:
+ msg = '[%#x] %s' % (id(idof), msg)
+ if d is not None:
+ trunc = ''
+ if not DBG.DATA_COMPLETE in debug_set:
+ if len(d) > 64:
+ d = d[0:64]
+ trunc = '...'
+ d = _hex_codec(d)[0].decode('ascii')
+ msg += ' ' + d + trunc
+ log.info('{dflag} {msgcore}', dflag=dflag, msgcore=msg)
+
+ def logevent_is_boringtwisted(event):
+ try:
+ if event.get('log_level') != LogLevel.info:
+ return False
+ dflag = event.get('dflag')
+ if dflag is False : return False
+ if dflag in debug_set: return False
+ if dflag is None and DBG.TWISTED in debug_set: return False
+ return True
+ except Exception:
+ print('EXCEPTION (IN BORINGTWISTED CHECK)',
+ traceback.format_exc(), file=org_stderr)
+ return False
+
+ @implementer(twisted.logger.ILogFilterPredicate)
+ class LogNotBoringTwisted:
+ def __call__(self, event):
+ return (
+ twisted.logger.PredicateResult.no
+ if logevent_is_boringtwisted(event) else
+ twisted.logger.PredicateResult.yes
+ )
+
+ #---------- default config ----------
+
+ defcfg = '''
+ [COMMON]
+ max_batch_down = 65536
+ max_queue_time = 10
+ target_requests_outstanding = 3
+ http_timeout = 30
+ http_timeout_grace = 5
+ max_requests_outstanding = 6
+ max_batch_up = 4000
+ http_retry = 5
+ port = 80
+ vroutes = ''
+ ifname_client = hippo%%d
+ ifname_server = shippo%%d
+ max_clock_skew = 300
+
+ #[server] or [<client>] overrides
+ ipif = userv root ipif %(local)s,%(peer)s,%(mtu)s,slip,%(ifname)s %(rnets)s
+
+ # relating to virtual network
+ mtu = 1500
+
+ # addrs = 127.0.0.1 ::1
+ # url
+
+ # relating to virtual network
+ vvnetwork = 172.24.230.192
+ # vnetwork = <prefix>/<len>
+ # vaddr = <ipaddr>
+ # vrelay = <ipaddr>
+
+
+ # [<client-ip4-or-ipv6-address>]
+ # secret = <secret> # used by both, must match
+
+ [LIMIT]
+ max_batch_down = 262144
+ max_queue_time = 121
+ http_timeout = 121
+ target_requests_outstanding = 10
+ '''
+
+ # these need to be defined here so that they can be imported by import *
+ cfg = ConfigParser(strict=False)
+ optparser = OptionParser()
+
+ _mimetrans = bytes.maketrans(b'-'+slip.esc, slip.esc+b'-')
+ def mime_translate(s):
+ # SLIP-encoded packets cannot contain ESC ESC.
+ # Swap `-' and ESC. The result cannot contain `--'
+ return s.translate(_mimetrans)
+
+ class ConfigResults:
+ def __init__(self):
+ pass
+ def __repr__(self):
+ return 'ConfigResults('+repr(self.__dict__)+')'
+
+ def log_discard(packet, iface, saddr, daddr, why):
+ log_debug(DBG.DROP,
+ 'discarded packet [%s] %s -> %s: %s' % (iface, saddr, daddr, why),
+ d=packet)
+
+ #---------- packet parsing ----------
+
+ def packet_addrs(packet):
+ version = packet[0] >> 4
+ if version == 4:
+ addrlen = 4
+ saddroff = 3*4
+ factory = ipaddress.IPv4Address
+ elif version == 6:
+ addrlen = 16
+ saddroff = 2*4
+ factory = ipaddress.IPv6Address
+ else:
+ raise ValueError('unsupported IP version %d' % version)
+ saddr = factory(packet[ saddroff : saddroff + addrlen ])
+ daddr = factory(packet[ saddroff + addrlen : saddroff + addrlen*2 ])
+ return (saddr, daddr)
+
+ #---------- address handling ----------
+
+ def ipaddr(input):
+ try:
+ r = ipaddress.IPv4Address(input)
+ except AddressValueError:
+ r = ipaddress.IPv6Address(input)
+ return r
+
+ def ipnetwork(input):
+ try:
+ r = ipaddress.IPv4Network(input)
+ except NetworkValueError:
+ r = ipaddress.IPv6Network(input)
+ return r
+
+ #---------- ipif (SLIP) subprocess ----------
+
+ class SlipStreamDecoder():
+ def __init__(self, desc, on_packet, mtu):
+ self._buffer = b''
+ self._on_packet = on_packet
+ self._desc = desc
+ self._mtu = mtu
+ self._log('__init__')
+
+ def _log(self, msg, **kwargs):
+ log_debug(DBG.SLIP_FULL, 'slip %s: %s' % (self._desc, msg), **kwargs)
+
+ def inputdata(self, data):
+ self._log('inputdata', d=data)
+ data = self._buffer + data
+ self._buffer = b''
+ packets = slip.decode(data, True)
+ self._buffer = packets.pop()
+ for packet in packets:
+ self._maybe_packet(packet)
+ self._log('bufremain', d=self._buffer)
+
+ def _maybe_packet(self, packet):
+ self._log('maybepacket', d=packet)
+ if len(packet) and len(packet) <= self._mtu:
+ self._on_packet(packet)
+
+ def flush(self):
+ self._log('flush')
+ data = self._buffer
+ self._buffer = b''
+ packets = slip.decode(data)
+ assert(len(packets) == 1)
+ self._maybe_packet(packets[0])
+
+ class _IpifProcessProtocol(twisted.internet.protocol.ProcessProtocol):
+ def __init__(self, router, mtu):
+ self._router = router
+ self._decoder = SlipStreamDecoder('ipif', self.slip_on_packet, mtu)
+ def connectionMade(self): pass
+ def outReceived(self, data):
+ self._decoder.inputdata(data)
+ def slip_on_packet(self, packet):
+ (saddr, daddr) = packet_addrs(packet)
+ if saddr.is_link_local or daddr.is_link_local:
+ log_discard(packet, 'ipif', saddr, daddr, 'link-local')
+ return
+ self._router(packet, saddr, daddr)
+ def processEnded(self, status):
+ status.raiseException()
+
+ def start_ipif(command, router, mtu):
+ ipif = _IpifProcessProtocol(router, mtu)
+ reactor.spawnProcess(ipif,
+ '/bin/sh',['sh','-xc', command],
+ childFDs={0:'w', 1:'r', 2:2},
+ env=None)
+ return ipif
+
+ def queue_inbound(ipif, packet):
+ log_debug(DBG.FLOW, "queue_inbound", d=packet)
+ ipif.transport.write(slip.delimiter)
+ ipif.transport.write(slip.encode(packet))
+ ipif.transport.write(slip.delimiter)
+
+ #---------- packet queue ----------
+
+ class PacketQueue():
+ def __init__(self, desc, max_queue_time):
+ self._desc = desc
+ assert(desc + '')
+ self._max_queue_time = max_queue_time
+ self._pq = collections.deque() # packets
+
+ def _log(self, dflag, msg, **kwargs):
+ log_debug(dflag, self._desc+' pq: '+msg, **kwargs)
+
+ def append(self, packet):
+ self._log(DBG.QUEUE, 'append', d=packet)
+ self._pq.append((time.monotonic(), packet))
+
+ def nonempty(self):
+ self._log(DBG.QUEUE, 'nonempty ?')
+ while True:
+ try: (queuetime, packet) = self._pq[0]
+ except IndexError:
+ self._log(DBG.QUEUE, 'nonempty ? empty.')
+ return False
+
+ age = time.monotonic() - queuetime
+ if age > self._max_queue_time:
+ # strip old packets off the front
+ self._log(DBG.QUEUE, 'dropping (old)', d=packet)
+ self._pq.popleft()
+ continue
+
+ self._log(DBG.QUEUE, 'nonempty ? nonempty.')
+ return True
+
+ def process(self, sizequery, moredata, max_batch):
+ # sizequery() should return size of batch so far
+ # moredata(s) should add s to batch
+ self._log(DBG.QUEUE, 'process...')
+ while True:
+ try: (dummy, packet) = self._pq[0]
+ except IndexError:
+ self._log(DBG.QUEUE, 'process... empty')
+ break
+
+ self._log(DBG.QUEUE_CTRL, 'process... packet', d=packet)
+
+ encoded = slip.encode(packet)
+ sofar = sizequery()
+
+ self._log(DBG.QUEUE_CTRL,
+ 'process... (sofar=%d, max=%d) encoded' % (sofar, max_batch),
+ d=encoded)
+
+ if sofar > 0:
+ if sofar + len(slip.delimiter) + len(encoded) > max_batch:
+ self._log(DBG.QUEUE_CTRL, 'process... overflow')
+ break
+ moredata(slip.delimiter)
+
+ moredata(encoded)
+ self._pq.popleft()
+
+ #---------- error handling ----------
+
+ _crashing = False
+
+ def crash(err):
+ global _crashing
+ _crashing = True
+ print('========== CRASH ==========', err,
+ '===========================', file=sys.stderr)
+ try: reactor.stop()
+ except twisted.internet.error.ReactorNotRunning: pass
+
+ def crash_on_defer(defer):
+ defer.addErrback(lambda err: crash(err))
+
+ def crash_on_critical(event):
+ if event.get('log_level') >= LogLevel.critical:
+ crash(twisted.logger.formatEvent(event))
+
+ #---------- authentication tokens ----------
+
+ _authtoken_digest = hashlib.sha256
+
+ def _authtoken_time():
+ return int(time.time())
+
+ def _authtoken_hmac(secret, hextime):
+ return hmac.new(secret, hextime, _authtoken_digest).digest()
+
+ def authtoken_make(secret):
+ hextime = ('%x' % _authtoken_time()).encode('ascii')
+ mac = _authtoken_hmac(secret, hextime)
+ return hextime + b' ' + base64.b64encode(mac)
+
+ def authtoken_check(secret, token, maxskew):
+ (hextime, theirmac64) = token.split(b' ')
+ now = _authtoken_time()
+ then = int(hextime, 16)
+ skew = then - now;
+ if (abs(skew) > maxskew):
+ raise ValueError('too much clock skew (client %ds ahead)' % skew)
+ theirmac = base64.b64decode(theirmac64)
+ ourmac = _authtoken_hmac(secret, hextime)
+ if not hmac.compare_digest(theirmac, ourmac):
+ raise ValueError('invalid token (wrong secret?)')
+ pass
+
+ #---------- config processing ----------
+
+ def _cfg_process_putatives():
+ servers = { }
+ clients = { }
+ # maps from abstract object to canonical name for cs's
+
+ def putative(cmap, abstract, canoncs):
+ try:
+ current_canoncs = cmap[abstract]
+ except KeyError:
+ pass
+ else:
+ assert(current_canoncs == canoncs)
+ cmap[abstract] = canoncs
+
+ server_pat = r'[-.0-9A-Za-z]+'
+ client_pat = r'[.:0-9a-f]+'
+ server_re = regexp.compile(server_pat)
+ serverclient_re = regexp.compile(
+ server_pat + r' ' + '(?:' + client_pat + '|LIMIT)')
+
+ for cs in cfg.sections():
+ def dbg(m):
+ log_debug_config('putatives: section [%s] %s' % (cs, m))
+
+ def log_ignore(why):
+ dbg('X ignore: %s' % (why))
+ print('warning: ignoring config section [%s] (%s)' % (cs, why),
+ file=sys.stderr)
+
+ if cs == 'LIMIT' or cs == 'COMMON':
+ # plan A "[LIMIT]" or "[COMMON]"
+ dbg('A ignore')
+ continue
+
+ try:
+ # plan B "[<client>]" part 1
+ ci = ipaddr(cs)
+ except AddressValueError:
+
+ if server_re.fullmatch(cs):
+ # plan C "[<servername>]"
+ dbg('C <server>')
+ putative(servers, cs, cs)
+ continue
+
+ if serverclient_re.fullmatch(cs):
+ # plan D "[<servername> <client>]" part 1
+ (pss,pcs) = cs.split(' ')
+
+ if pcs == 'LIMIT':
+ # plan E "[<servername> LIMIT]"
+ dbg('E <server> LIMIT')
+ continue
+
+ try:
+ # plan D "[<servername> <client>]" part 2
+ ci = ipaddr(pcs)
+ except AddressValueError:
+ # plan F branch 1 "[<some thing we do not understand>]"
+ log_ignore('bad-addr')
+ continue
+
+ else: # no AddressValueError
+ # plan D "[<servername> <client>]" part 3
+ dbg('D <server> <client>')
+ putative(clients, ci, pcs)
+ putative(servers, pss, pss)
+ continue
+ else:
+ # plan F branch 2 "[<some thing we do not understand>]"
+ log_ignore('nomatch '+ repr(serverclient_re))
+
+ else: # no AddressValueError
+ # plan B "[<client>" part 2
+ dbg('B <client>')
+ putative(clients, ci, cs)
+ continue
+
+ return (servers, clients)
+
+ def cfg_process_general(c, ss):
+ c.mtu = cfg1getint(ss, 'mtu')
+
+ def cfg_process_saddrs(c, ss):
+ class ServerAddr():
+ def __init__(self, port, addrspec):
+ self.port = port
+ # also self.addr
+ try:
+ self.addr = ipaddress.IPv4Address(addrspec)
+ self._endpointfactory = twisted.internet.endpoints.TCP4ServerEndpoint
+ self._inurl = b'%s'
+ except AddressValueError:
+ self.addr = ipaddress.IPv6Address(addrspec)
+ self._endpointfactory = twisted.internet.endpoints.TCP6ServerEndpoint
+ self._inurl = b'[%s]'
+ def make_endpoint(self):
+ return self._endpointfactory(reactor, self.port,
+ interface= '%s' % self.addr)
+ def url(self):
+ url = b'http://' + (self._inurl % str(self.addr).encode('ascii'))
+ if self.port != 80: url += b':%d' % self.port
+ url += b'/'
+ return url
+ def __repr__(self):
+ return 'ServerAddr'+repr((self.port,self.addr))
+
+ c.port = cfg1getint(ss,'port')
+ c.saddrs = [ ]
+ for addrspec in cfg1get(ss, 'addrs').split():
+ sa = ServerAddr(c.port, addrspec)
+ c.saddrs.append(sa)
+
+ def cfg_process_vnetwork(c, ss):
+ c.vnetwork = ipnetwork(cfg1get(ss,'vnetwork'))
+ if c.vnetwork.num_addresses < 3 + 2:
+ raise ValueError('vnetwork needs at least 2^3 addresses')
+
+ def cfg_process_vaddr(c, ss):
+ try:
+ c.vaddr = ipaddr(cfg1get(ss,'vaddr'))
+ except NoOptionError:
+ cfg_process_vnetwork(c, ss)
+ c.vaddr = next(c.vnetwork.hosts())
+
+ def cfg_search_section(key,sections):
+ for section in sections:
+ if cfg.has_option(section, key):
+ return section
+ raise NoOptionError(key, repr(sections))
+
+ def cfg_get_raw(*args, **kwargs):
+ # for passing to cfg_search
+ return cfg.get(*args, raw=True, **kwargs)
+
+ def cfg_search(getter,key,sections):
+ section = cfg_search_section(key,sections)
+ return getter(section, key)
+
+ def cfg1get(section,key, getter=cfg.get,**kwargs):
+ section = cfg_search_section(key,[section,'COMMON'])
+ return getter(section,key,**kwargs)
+
+ def cfg1getint(section,key, **kwargs):
+ return cfg1get(section,key, getter=cfg.getint,**kwargs);
+
+ def cfg_process_client_limited(cc,ss,sections,key):
+ val = cfg_search(cfg1getint, key, sections)
+ lim = cfg_search(cfg1getint, key, ['%s LIMIT' % ss, 'LIMIT'])
+ cc.__dict__[key] = min(val,lim)
+
+ def cfg_process_client_common(cc,ss,cs,ci):
+ # returns sections to search in, iff secret is defined, otherwise None
+ cc.ci = ci
+
+ sections = ['%s %s' % (ss,cs),
+ cs,
+ ss,
+ 'COMMON']
+
+ try: pwsection = cfg_search_section('secret', sections)
+ except NoOptionError: return None
+
+ pw = cfg1get(pwsection, 'secret')
+ cc.secret = pw.encode('utf-8')
+
+ cfg_process_client_limited(cc,ss,sections,'target_requests_outstanding')
+ cfg_process_client_limited(cc,ss,sections,'http_timeout')
+
+ return sections
+
+ def cfg_process_ipif(c, sections, varmap):
+ for d, s in varmap:
+ try: v = getattr(c, s)
+ except AttributeError: continue
+ setattr(c, d, v)
+ for d in ('mtu',):
+ v = cfg_search(cfg1getint, d, sections)
+ setattr(c, d, v)
+
+ #print('CFGIPIF',repr((varmap, sections, c.__dict__)),file=sys.stderr)
+
+ section = cfg_search_section('ipif', sections)
+ c.ipif_command = cfg1get(section,'ipif', vars=c.__dict__)
+
+ #---------- startup ----------
+
+ def log_debug_config(m):
+ if not DBG.CONFIG in debug_set: return
+ print('DBG.CONFIG:', m)
+
+ def common_startup(process_cfg):
+ # calls process_cfg(putative_clients, putative_servers)
+
+ # ConfigParser hates #-comments after values
+ trailingcomments_re = regexp.compile(r'#.*')
+ cfg.read_string(trailingcomments_re.sub('', defcfg))
+ need_defcfg = True
+
+ def readconfig(pathname, mandatory=True):
+ def log(m, p=pathname):
+ if not DBG.CONFIG in debug_set: return
+ log_debug_config('%s: %s' % (m, p))
+
+ try:
+ files = os.listdir(pathname)
+
+ except FileNotFoundError:
+ if mandatory: raise
+ log('skipped')
+ return
+
+ except NotADirectoryError:
+ cfg.read(pathname)
+ log('read file')
+ return
+
+ # is a directory
+ log('directory')
+ re = regexp.compile('[^-A-Za-z0-9_]')
+ for f in os.listdir(pathname):
+ if re.search(f): continue
+ subpath = pathname + '/' + f
+ try:
+ os.stat(subpath)
+ except FileNotFoundError:
+ log('entry skipped', subpath)
+ continue
+ cfg.read(subpath)
+ log('entry read', subpath)
+
+ def oc_config(od,os, value, op):
+ nonlocal need_defcfg
+ need_defcfg = False
+ readconfig(value)
+
+ def oc_extra_config(od,os, value, op):
+ readconfig(value)
+
+ def read_defconfig():
+ readconfig('/etc/hippotat/config.d', False)
+ readconfig('/etc/hippotat/secrets.d', False)
+ readconfig('/etc/hippotat/master.cfg', False)
+
+ def oc_defconfig(od,os, value, op):
+ nonlocal need_defcfg
+ need_defcfg = False
+ read_defconfig(value)
+
+ def dfs_less_detailed(dl):
+ return [df for df in DBG.iterconstants() if df <= dl]
+
+ def ds_default(od,os,dl,op):
+ global debug_set
+ debug_set.clear
+ debug_set |= set(dfs_less_detailed(debug_def_detail))
+
+ def ds_select(od,os, spec, op):
+ for it in spec.split(','):
+
+ if it.startswith('-'):
+ mutator = debug_set.discard
+ it = it[1:]
+ else:
+ mutator = debug_set.add
+
+ if it == '+':
+ dfs = DBG.iterconstants()
+
+ else:
+ if it.endswith('+'):
+ mapper = dfs_less_detailed
+ it = it[0:len(it)-1]
+ else:
+ mapper = lambda x: [x]
+
+ try:
+ dfspec = DBG.lookupByName(it)
+ except ValueError:
+ optparser.error('unknown debug flag %s in --debug-select' % it)
+
+ dfs = mapper(dfspec)
+
+ for df in dfs:
+ mutator(df)
+
+ optparser.add_option('-D', '--debug',
+ nargs=0,
+ action='callback',
+ help='enable default debug (to stdout)',
+ callback= ds_default)
+
+ optparser.add_option('--debug-select',
+ nargs=1,
+ type='string',
+ metavar='[-]DFLAG[+]|[-]+,...',
+ help=
+ '''enable (`-': disable) each specified DFLAG;
+ `+': do same for all "more interesting" DFLAGSs;
+ just `+': all DFLAGs.
+ DFLAGS: ''' + ' '.join([df.name for df in DBG.iterconstants()]),
+ action='callback',
+ callback= ds_select)
+
+ optparser.add_option('-c', '--config',
+ nargs=1,
+ type='string',
+ metavar='CONFIGFILE',
+ dest='configfile',
+ action='callback',
+ callback= oc_config)
+
+ optparser.add_option('--extra-config',
+ nargs=1,
+ type='string',
+ metavar='CONFIGFILE',
+ dest='configfile',
+ action='callback',
+ callback= oc_extra_config)
+
+ optparser.add_option('--default-config',
+ action='callback',
+ callback= oc_defconfig)
+
+ (opts, args) = optparser.parse_args()
+ if len(args): optparser.error('no non-option arguments please')
+
+ if need_defcfg:
+ read_defconfig()
+
+ try:
+ (pss, pcs) = _cfg_process_putatives()
+ process_cfg(opts, pss, pcs)
+ except (configparser.Error, ValueError):
+ traceback.print_exc(file=sys.stderr)
+ print('\nInvalid configuration, giving up.', file=sys.stderr)
+ sys.exit(12)
+
+
+ #print('X', debug_set, file=sys.stderr)
+
+ log_formatter = twisted.logger.formatEventAsClassicLogText
+ stdout_obs = twisted.logger.FileLogObserver(sys.stdout, log_formatter)
+ stderr_obs = twisted.logger.FileLogObserver(sys.stderr, log_formatter)
+ pred = twisted.logger.LogLevelFilterPredicate(LogLevel.error)
+ stdsomething_obs = twisted.logger.FilteringLogObserver(
+ stderr_obs, [pred], stdout_obs
+ )
+ global file_log_observer
+ file_log_observer = twisted.logger.FilteringLogObserver(
+ stdsomething_obs, [LogNotBoringTwisted()]
+ )
+ #log_observer = stdsomething_obs
+ twisted.logger.globalLogBeginner.beginLoggingTo(
+ [ file_log_observer, crash_on_critical ]
+ )
+
+ def common_run():
+ log_debug(DBG.INIT, 'entering reactor')
+ if not _crashing: reactor.run()
+ print('ENDED', file=sys.stderr)
+ sys.exit(16)
--- /dev/null
+ # -*- python -*-
+ #
+ # Hippotat - Asinine IP Over HTTP program
+ # hippotatlib/ownsource.py - Automatic source code provision (AGPL compliance)
+ #
+ # Copyright 2017 Ian Jackson
+ #
+ # AGPLv3+ + CAFv2+
+ #
+ # This program is free software: you can redistribute it and/or
+ # modify it under the terms of the GNU Affero General Public
+ # License as published by the Free Software Foundation, either
+ # version 3 of the License, or (at your option) any later version,
+ # with the "CAF Login Exception" as published by Ian Jackson
+ # (version 2, or at your option any later version) as an Additional
+ # Permission.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ # Affero General Public License for more details.
+ #
+ # You should have received a copy of the GNU Affero General Public
+ # License and the CAF Login Exception along with this program, in
+ # the file AGPLv3+CAFv2. If not, email Ian Jackson
+ # <ijackson@chiark.greenend.org.uk>.
+
+
+ import os
+ import sys
+ import fnmatch
+ import stat
+ import subprocess
+ import tempfile
+ import shutil
+
+ try: import debian.deb822
+ except ImportError: pass
+
+ class SourceShipmentPreparer():
+ def __init__(s, destdir):
+ # caller may modify, and should read after calling generate()
+ s.output_names = ['srcbomb.tar.gz', 'srcpkgsbomb.tar']
+ s.output_paths = [None,None] # alternatively caller may read this
+ # defaults, caller can modify after creation
+ s.logger = lambda m: print('SourceShipmentPreparer',m)
+ s.src_filter = s.src_filter_glob
+ s.src_package_globs = ['!/usr/local/*', '/usr*']
+ s.src_filter_globs = ['!/etc/*']
+ s.src_likeparent = s.src_likeparent_git
+ s.src_direxcludes = s.src_direxcludes_git
+ s.report_from_packages = s.report_from_packages_debian
+ s.cwd = os.getcwd()
+ s.find_rune_base = "find -type f -perm -004 \! -path '*/tmp/*'"
+ s.ignores = ['*~', '*.bak', '*.tmp', '#*#', '__pycache__',
+ '[0-9][0-9][0-9][0-9]-src.tar']
+ s.rune_shell = ['/bin/bash', '-ec']
+ s.show_pathnames = True
+ s.download_packages = True
+ s.stream_stderr = sys.stderr
+ s.stream_debug = open('/dev/null','w')
+ s.rune_cpio = r'''
+ set -o pipefail
+ (
+ %s
+ # ^ by default, is find ... -print0
+ ) | (
+ cpio -Hustar -o --quiet -0 -R 1000:1000 || \
+ cpio -Hustar -o --quiet -0
+ )
+ '''
+ s.rune_portmanteau = r'''
+ GZIP=-1 tar zcf - "$@"
+ '''
+ s.rune_portmanteau_uncompressed = r'''
+ tar cf - "$@"
+ '''
+ s.manifest_name='0000-MANIFEST.txt'
+ # private
+ s._destdir = destdir
+ s._outcounter = 0
+ s._manifest = []
+ s._dirmap = { }
+ s._package_files = { } # map filename => infol
+ s._packages_path = os.path.join(s._destdir, 'packages')
+ s._package_sources = []
+
+ def thing_matches_globs(s, thing, globs):
+ for pat in globs:
+ negate = pat.startswith('!')
+ if negate: pat = pat[1:]
+ if fnmatch.fnmatch(thing, pat):
+ return not negate
+ return negate
+
+ def src_filter_glob(s, src): # default s.src_filter
+ return s.thing_matches_globs(src, s.src_filter_globs)
+
+ def src_direxcludes_git(s, d):
+ try:
+ excl = open(os.path.join(d, '.gitignore'))
+ except FileNotFoundError:
+ return []
+ r = []
+ for l in excl:
+ l = l.strip()
+ if l.startswith('#'): next
+ if not len(l): next
+ r.append(l)
+ return r
+
+ def src_likeparent_git(s, src):
+ try:
+ os.stat(os.path.join(src, '.git/.'))
+ except FileNotFoundError:
+ return False
+ else:
+ return True
+
+ def src_parentfinder(s, src, infol): # callers may monkey-patch away
+ for deref in (False,True):
+ xinfo = []
+
+ search = src
+ if deref:
+ search = os.path.realpath(search)
+
+ def ascend():
+ nonlocal search
+ xinfo.append(os.path.basename(search))
+ search = os.path.dirname(search)
+
+ try:
+ stab = os.lstat(search)
+ except FileNotFoundError:
+ return
+ if stat.S_ISREG(stab.st_mode):
+ ascend()
+
+ while not os.path.ismount(search):
+ if s.src_likeparent(search):
+ xinfo.reverse()
+ if len(xinfo): infol.append('want=' + os.path.join(*xinfo))
+ return search
+
+ ascend()
+
+ # no .git found anywhere
+ return src
+
+ def path_prenormaliser(s, d, infol): # callers may monkey-patch away
+ return os.path.join(s.cwd, os.path.abspath(d))
+
+ def srcdir_find_rune(s, d):
+ script = s.find_rune_base
+ ignores = s.ignores + s.output_names + [s.manifest_name]
+ ignores += s.src_direxcludes(d)
+ for excl in ignores:
+ assert("'" not in excl)
+ script += r" \! -name '%s'" % excl
+ script += r" \! -path '*/%s/*'" % excl
+ script += ' -print0'
+ return script
+
+ def manifest_append(s, name, infol):
+ s._manifest.append({ 'file':name, 'info':' '.join(infol) })
+
+ def manifest_append_absentfile(s, name, infol):
+ s._manifest.append({ 'file_print':name, 'info':' '.join(infol) })
+
+ def new_output_name(s, nametail, infol):
+ s._outcounter += 1
+ name = '%04d-%s' % (s._outcounter, nametail)
+ s.manifest_append(name, infol)
+ return name
+
+ def open_output_fh(s, name, mode):
+ return open(os.path.join(s._destdir, name), mode)
+
+ def src_dir(s, d, infol):
+ try: name = s._dirmap[d]
+ except KeyError: pass
+ else:
+ s.manifest_append(name, infol)
+ return
+
+ if s.show_pathnames: infol.append(d)
+ find_rune = s.srcdir_find_rune(d)
+ total_rune = s.rune_cpio % find_rune
+
+ name = s.new_output_name('src.tar', infol)
+ s._dirmap[d] = name
+ fh = s.open_output_fh(name, 'wb')
+
+ s.logger('packing up into %s: %s (because %s)' %
+ (name, d, ' '.join(infol)))
+
+ subprocess.run(s.rune_shell + [total_rune],
+ cwd=d,
+ stdin=subprocess.DEVNULL,
+ stdout=fh,
+ restore_signals=True,
+ check=True)
+ fh.close()
+
+ def src_indir(s, d, infol):
+ d = s.path_prenormaliser(d, infol)
+ if not s.src_filter(d): return
+
+ d = s.src_parentfinder(d, infol)
+ if d is None: return
+ s.src_dir(d, infol)
+
+ def report_from_packages_debian(s, files):
+ dpkg_S_in = tempfile.TemporaryFile(mode='w+')
+ for (file, infols) in files.items():
+ assert('\n' not in file)
+ dpkg_S_in.write(file)
+ dpkg_S_in.write('\0')
+ dpkg_S_in.seek(0)
+ cmdl = ['xargs','-0r','dpkg','-S','--']
+ dpkg_S = subprocess.Popen(cmdl,
+ cwd='/',
+ stdin=dpkg_S_in,
+ stdout=subprocess.PIPE,
+ stderr=sys.stderr,
+ close_fds=False)
+ dpkg_show_in = tempfile.TemporaryFile(mode='w+')
+ pkginfos = { }
+ for l in dpkg_S.stdout:
+ l = l.strip(b'\n').decode('utf-8')
+ (pkgs, fname) = l.split(': ',1)
+ pks = pkgs.split(', ')
+ for pk in pks:
+ pkginfos.setdefault(pk,{'files':[]})['files'].append(fname)
+ print(pk, file=dpkg_show_in)
+ assert(dpkg_S.wait() == 0)
+ dpkg_show_in.seek(0)
+ cmdl = ['xargs','-r','dpkg-query',
+ r'-f${binary:Package}\t${Package}\t${Architecture}\t${Version}\t${source:Package}\t${source:Version}\t${source:Upstream-Version}\n',
+ '--show','--']
+ dpkg_show = subprocess.Popen(cmdl,
+ cwd='/',
+ stdin=dpkg_show_in,
+ stdout=subprocess.PIPE,
+ stderr=sys.stderr,
+ close_fds=False)
+ for l in dpkg_show.stdout:
+ l = l.strip(b'\n').decode('utf-8')
+ (pk,p,a,v,sp,sv,suv) = l.split('\t')
+ pkginfos[pk]['binary'] = p
+ pkginfos[pk]['arch'] = a
+ pkginfos[pk]['version'] = v
+ pkginfos[pk]['source'] = sp
+ pkginfos[pk]['sourceversion'] = sv
+ pkginfos[pk]['sourceupstreamversion'] = sv
+ assert(dpkg_show.wait() == 0)
+ for pk in sorted(pkginfos.keys()):
+ pi = pkginfos[pk]
+ debfname = '%s_%s_%s.deb' % (pi['binary'], pi['version'], pi['arch'])
+ dscfname = '%s_%s.dsc' % (pi['source'], pi['sourceversion'])
+ s.manifest_append_absentfile(dscfname, [debfname])
+ s.logger('mentioning %s and %s because %s' %
+ (dscfname, debfname, pi['files'][0]))
+ for fname in pi['files']:
+ infol = files[fname]
+ if s.show_pathnames: infol = infol + ['loaded='+fname]
+ s.manifest_append_absentfile(' \t' + debfname, infol)
+
+ if s.download_packages:
+ try: os.mkdir(s._packages_path)
+ except FileExistsError: pass
+
+ cmdl = ['apt-get','--download-only','source',
+ '%s=%s' % (pi['source'], pi['sourceversion'])]
+ subprocess.run(cmdl,
+ cwd=s._packages_path,
+ stdin=subprocess.DEVNULL,
+ stdout=s.stream_debug,
+ stderr=s.stream_stderr,
+ restore_signals=True,
+ check=True)
+
+ s._package_sources.append(dscfname)
+ dsc = debian.deb822.Dsc(open(s._packages_path + '/' + dscfname))
+ for indsc in dsc['Files']:
+ s._package_sources.append(indsc['name'])
+
+ def thing_ought_packaged(s, fname):
+ return s.thing_matches_globs(fname, s.src_package_globs)
+
+ def src_file_packaged(s, fname, infol):
+ s._package_files.setdefault(fname,[]).extend(infol)
+
+ def src_file(s, fname, infol):
+ def fngens():
+ yield (infol, fname)
+ infol_copy = infol.copy()
+ yield (infol_copy, s.path_prenormaliser(fname, infol_copy))
+ yield (infol, os.path.realpath(fname))
+
+ for (tinfol, tfname) in fngens():
+ if s.thing_ought_packaged(tfname):
+ s.src_file_packaged(tfname, tinfol)
+ return
+
+ s.src_indir(fname, infol)
+
+ def src_argv0(s, program, infol):
+ s.src_file(program, infol)
+
+ def src_syspath(s, fname, infol):
+ if s.thing_ought_packaged(fname): return
+ s.src_indir(fname, infol)
+
+ def src_module(s, m, infol):
+ try: fname = m.__file__
+ except AttributeError: return
+ infol.append('module='+m.__name__)
+
+ if s.thing_ought_packaged(fname):
+ s.src_file_packaged(fname, infol)
+ else:
+ s.src_indir(fname, infol)
+
+ def srcs_allitems(s, dirs=sys.path):
+ s.logger('allitems')
+ s.src_argv0(sys.argv[0], ['argv[0]'])
+ for d in sys.path:
+ s.src_syspath(d, ['sys.path'])
+ for m in sys.modules.values():
+ s.src_module(m, ['sys.modules'])
+ s.report_from_packages(s._package_files)
+ s.logger('allitems done')
+
+ def _mk_portmanteau(s, ix, rune, cwd, files):
+ output_name = s.output_names[ix]
+ s.logger('making portmanteau %s' % output_name)
+ output_path = os.path.join(s._destdir, output_name)
+ subprocess.run(s.rune_shell + [ rune, 'x' ] + files,
+ cwd=cwd,
+ stdin=subprocess.DEVNULL,
+ stdout=open(output_path, 'wb'),
+ restore_signals=True,
+ check=True)
+ s.output_paths[ix] = output_path
+
+ def mk_inner_portmanteau(s):
+ outputs = [s.manifest_name]
+ outputs_done = { }
+ mfh = s.open_output_fh(s.manifest_name,'w')
+ for me in s._manifest:
+ try: fname = me['file']
+ except KeyError: fname = me.get('file_print','')
+ else:
+ try: outputs_done[fname]
+ except KeyError:
+ outputs.append(fname)
+ outputs_done[fname] = 1
+ print('%s\t%s' % (fname, me['info']), file=mfh)
+ mfh.close()
+
+ s._mk_portmanteau(0, s.rune_portmanteau,
+ s._destdir, outputs)
+
+ def mk_packages_portmanteau(s):
+ if not s.download_packages: return
+ s._mk_portmanteau(1, s.rune_portmanteau_uncompressed,
+ s._packages_path, s._package_sources)
+
+ def generate(s):
+ s.srcs_allitems()
+ s.mk_inner_portmanteau()
+ s.mk_packages_portmanteau()
+ s.logger('portmanteau ready in %s %s' % tuple(s.output_paths))
--- /dev/null
+ # -*- python -*-
+ #
+ # Hippotat - Asinine IP Over HTTP program
+ # hippotatlib/slip.py - SLIP handling
+ #
+ # Copyright 2017 Ian Jackson
+ #
+ # GPLv3+
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program, in the file GPLv3. If not,
+ # see <http://www.gnu.org/licenses/>.
+
+
+ end = b'\300'
+ esc = b'\333'
+ esc_end = b'\334'
+ esc_esc = b'\335'
+ delimiter = end
+
+ def encode(packet):
+ return (packet
+ .replace(esc, esc + esc_esc)
+ .replace(end, esc + esc_end))
+
+ def decode(data, keep_tail=False):
+ #print('DECODE ', repr(data))
+ out = []
+ inp = data.split(end)
+ tail = []
+ if keep_tail:
+ tail.append(inp.pop())
+ for packet in inp:
+ pdata = b''
+ while True:
+ eix = packet.find(esc)
+ if eix == -1:
+ pdata += packet
+ break
+ #print('ESC ', repr((pdata, packet, eix)))
+ pdata += packet[0 : eix]
+ ck = packet[eix+1]
+ #print('ESC... %o' % ck)
+ if ck == esc_esc[0]: pdata += esc
+ elif ck == esc_end[0]: pdata += end
+ else: raise ValueError('invalid SLIP escape 0%o %#x' % (ck, ck))
+ packet = packet[eix+2 : ]
+ out.append(pdata)
+ #print('DECODED ', repr(out))
+ out += tail
+ return out
+ # -*- python -*-
+
--- /dev/null
+ #!/usr/bin/python3
+
+ from setuptools import setup, find_packages
+
+ import re as regexp
+ import glob
+ import sys
+
+ scripts = ['hippotat','hippotatd']
+ scan = scripts + glob.glob('hippotatlib/*.py')
+
+ def find_requires():
+ mod_pat = r'[._0-9a-zA-Z]+'
+ res = list(map(regexp.compile,
+ [r'from\s+('+mod_pat+r')\s+import\b',
+ r'import\s+('+mod_pat+r')\s']))
+ reqs = { }
+ for scanf in scan:
+ print('scanning %s' % scanf, file=sys.stderr)
+ for l in open(scanf):
+ for re in res:
+ m = re.match(l)
+ if m is not None:
+ reqs[m.group(1)] = True
+ break
+ print(repr(reqs), file=sys.stderr)
+ return list(reqs.keys())
+
+ setup(
+ name="hippotat",
+ packages=find_packages(),
+ install_requires=find_requires(),
+ scripts=scripts
+ )
--- /dev/null
+ # -- in config.d/chiark
+ [chiark]
+ vnetwork
+ vaddr
+ vrelay
+ addrs
+ # port
+ # mtu
+ # limits
+
+ # -- in config.d/davenant
+ [davenant]
+ vnetwork
+ vaddr
+ vrelay
+ addrs
+ # port
+ # mtu
+ # limits eg
+ max_batch_down = 65536
+
+ [192.0.2.4]
+ # adjusts eg
+ http_timeout = 15
+ # ^ applies to all servers
+
+ [davenant 192.0.2.4]
+ # adjusts eg
+ max_batch_down = 32768
+
+
+ # -- in chiark:master.cfg
+ [SERVER]
+ server = chiark
+
+ # -- in secrets.d/chiark-zealot (on zealot and chiark)
+ [chiark 192.0.2.4]
+ secret = sesame
+
+ # zealot knows it's 192.0.2.4 because that's the only client
+ # for which it has a secret
--- /dev/null
+ # -- in master.cfg (on both client and server)
+ [SERVER]
+ addrs = 203.0.113.46
+
+ # -- in secrets.d/secret (on both client and server)
+ [172.24.230.195]
+ secret = sesame
--- /dev/null
+ #!/usr/bin/python3
+
+ from hippotatlib.ownsource import SourceShipmentPreparer
+
+ import twisted
+ import sys
+
+ p = SourceShipmentPreparer('tmp')
+ p.stream_debug = sys.stdout
+ p.generate()
--- /dev/null
+ #!/usr/bin/perl -pi
+ next unless m{^#\@ };
+ my $ok = 1;
+ s{@(\w+)@}{ $ENV{$1} // ($ok=0, $&) }ge;
+ s{^#\@ }{} if $ok;
--- /dev/null
+ [SERVER]
+
+ ipif = PATH=/usr/local/sbin:/sbin:/usr/sbin:$PATH really /home/ian/things/Userv/userv-utils.git/ipif/service \* -- %(local)s,%(peer)s,%(mtu)s,slip '%(rnets)s'
+
+ addrs = 127.0.0.1
+ port = 8099
+ vnetwork = 192.0.2.0/24
+
+ # ./hippotatd --debug-select=+ -c test.cfg
+
+ # nc -n -v -l -p 8100 -c 'dd of=/dev/null'
+
+ [192.0.2.3]
+ secret = sesame
+
+ [192.0.2.3]
+ ipif = PATH=/usr/local/sbin:/sbin:/usr/sbin:$PATH really ./fake-userv /home/ian/things/Userv/userv-utils.git/ipif/service \* -- %(local)s,%(peer)s,%(mtu)s,slip '%(rnets)s'
+
+ # ./hippotat -D -c test.cfg
+
+ [192.0.2.4]
+ #secret = zorkmids
+
+ # dd if=/dev/urandom bs=1024 count=16384 | nc -q 0 -n -v 192.0.2.1 8100
--- /dev/null
+ #!/usr/bin/perl -n
+
+ # strace -s70000 -ot w3m ./form.html
+
+ next unless
+ (m/^connect\((\d+),.*AF_INET/ and $fd = $1) ..
+ m/^close\($fd\)/;
+
+ next unless s{^write\($fd, "}{};
+ s{", \d+\)\s+= \d+\n}{};
+ s{\\r}{\r}g;
+ s{\\n}{\n}g;
+ s{\\(.)}{$1}g;
+ print or die $!;
+