Commit | Line | Data |
---|---|---|
094ee3a2 | 1 | #!/usr/bin/python3 |
3fba9787 | 2 | |
aa663282 IJ |
3 | import signal |
4 | signal.signal(signal.SIGINT, signal.SIG_DFL) | |
5 | ||
e2d41dc1 IJ |
6 | import sys |
7 | import os | |
8 | ||
5bae5ba3 | 9 | import twisted |
e2d41dc1 IJ |
10 | import twisted.internet |
11 | import twisted.internet.endpoints | |
12 | from twisted.internet import reactor | |
13 | from twisted.web.server import NOT_DONE_YET | |
14 | from twisted.logger import LogLevel | |
15 | ||
16 | import ipaddress | |
17 | from ipaddress import AddressValueError | |
5bae5ba3 | 18 | |
5da7763e IJ |
19 | #import twisted.web.server import Site |
20 | #from twisted.web.resource import Resource | |
3fba9787 | 21 | |
e75e9c17 IJ |
22 | from optparse import OptionParser |
23 | from configparser import ConfigParser | |
24 | from configparser import NoOptionError | |
3fba9787 | 25 | |
0ac316c8 IJ |
26 | import collections |
27 | ||
c4b6d990 IJ |
28 | import syslog |
29 | ||
3fba9787 IJ |
30 | clients = { } |
31 | ||
e2d41dc1 | 32 | def ipaddr(input): |
3fba9787 | 33 | try: |
ec88b1f1 | 34 | r = ipaddress.IPv4Address(input) |
3fba9787 | 35 | except AddressValueError: |
ec88b1f1 | 36 | r = ipaddress.IPv6Address(input) |
3fba9787 IJ |
37 | return r |
38 | ||
39 | def ipnetwork(input): | |
40 | try: | |
ec88b1f1 | 41 | r = ipaddress.IPv4Network(input) |
3fba9787 | 42 | except NetworkValueError: |
ec88b1f1 | 43 | r = ipaddress.IPv6Network(input) |
3fba9787 IJ |
44 | return r |
45 | ||
e75e9c17 | 46 | defcfg = ''' |
094ee3a2 IJ |
47 | [DEFAULT] |
48 | max_batch_down = 65536 | |
49 | max_queue_time = 10 | |
50 | max_request_time = 54 | |
51 | ||
e75e9c17 IJ |
52 | [virtual] |
53 | mtu = 1500 | |
54 | # network | |
55 | # [host] | |
56 | # [relay] | |
57 | ||
58 | [server] | |
e2d41dc1 | 59 | ipif = userv root ipif %(host)s,%(relay)s,%(mtu)s,slip %(network)s |
5da7763e | 60 | addrs = 127.0.0.1 ::1 |
aa663282 | 61 | port = 8099 |
e75e9c17 | 62 | |
094ee3a2 IJ |
63 | [limits] |
64 | max_batch_down = 262144 | |
65 | max_queue_time = 121 | |
66 | max_request_time = 121 | |
ec88b1f1 IJ |
67 | ''' |
68 | ||
aa663282 IJ |
69 | #---------- error handling ---------- |
70 | ||
71 | def crash(err): | |
72 | print('CRASH ', err, file=sys.stderr) | |
73 | try: reactor.stop() | |
74 | except twisted.internet.error.ReactorNotRunning: pass | |
75 | ||
76 | def crash_on_defer(defer): | |
77 | defer.addErrback(lambda err: crash(err)) | |
78 | ||
79 | def crash_on_critical(event): | |
80 | if event.get('log_level') >= LogLevel.critical: | |
81 | crash(twisted.logger.formatEvent(event)) | |
82 | ||
5da7763e IJ |
83 | #---------- "router" ---------- |
84 | ||
ec0c4d95 IJ |
85 | def route(packet, saddr, daddr): |
86 | print('TRACE ', saddr, daddr, packet) | |
5da7763e IJ |
87 | try: client = clients[daddr] |
88 | except KeyError: dclient = None | |
89 | if dclient is not None: | |
90 | dclient.queue_outbound(packet) | |
3a6076b4 | 91 | elif saddr.is_link_local or daddr.is_link_local: |
ec0c4d95 | 92 | log_discard(packet, saddr, daddr, 'link-local') |
e2d41dc1 | 93 | elif daddr == host or daddr not in network: |
ec0c4d95 | 94 | print('TRACE INBOUND ', saddr, daddr, packet) |
5da7763e | 95 | queue_inbound(packet) |
e2d41dc1 | 96 | elif daddr == relay: |
5da7763e IJ |
97 | log_discard(packet, saddr, daddr, 'relay') |
98 | else: | |
99 | log_discard(packet, saddr, daddr, 'no client') | |
100 | ||
101 | def log_discard(packet, saddr, daddr, why): | |
3a6076b4 | 102 | print('DROP ', saddr, daddr, why) |
ec0c4d95 IJ |
103 | # syslog.syslog(syslog.LOG_DEBUG, |
104 | # 'discarded packet %s -> %s (%s)' % (saddr, daddr, why)) | |
5da7763e IJ |
105 | |
106 | #---------- ipif (slip subprocess) ---------- | |
107 | ||
5bae5ba3 IJ |
108 | class IpifProcessProtocol(twisted.internet.protocol.ProcessProtocol): |
109 | def __init__(self): | |
110 | self._buffer = b'' | |
111 | def connectionMade(self): pass | |
112 | def outReceived(self, data): | |
ce7f1431 | 113 | #print('RECV ', repr(data)) |
2b95da16 IJ |
114 | self._buffer += data |
115 | packets = slip_decode(self._buffer) | |
116 | self._buffer = packets.pop() | |
5bae5ba3 | 117 | for packet in packets: |
ec0c4d95 | 118 | if not len(packet): continue |
5bae5ba3 | 119 | (saddr, daddr) = packet_addrs(packet) |
ec0c4d95 | 120 | route(packet, saddr, daddr) |
5da7763e IJ |
121 | def processEnded(self, status): |
122 | status.raiseException() | |
5bae5ba3 IJ |
123 | |
124 | def start_ipif(): | |
5da7763e IJ |
125 | global ipif |
126 | ipif = IpifProcessProtocol() | |
127 | reactor.spawnProcess(ipif, | |
ce7f1431 | 128 | '/bin/sh',['sh','-xc', ipif_command], |
5bae5ba3 IJ |
129 | childFDs={0:'w', 1:'r', 2:2}) |
130 | ||
5da7763e IJ |
131 | def queue_inbound(packet): |
132 | ipif.transport.write(slip_delimiter) | |
133 | ipif.transport.write(slip_encode(packet)) | |
134 | ipif.transport.write(slip_delimiter) | |
5bae5ba3 | 135 | |
ce7f1431 IJ |
136 | #---------- SLIP handling ---------- |
137 | ||
138 | slip_end = b'\300' | |
139 | slip_esc = b'\333' | |
140 | slip_esc_end = b'\334' | |
141 | slip_esc_esc = b'\335' | |
142 | slip_delimiter = slip_end | |
143 | ||
144 | def slip_encode(packet): | |
145 | return (packet | |
146 | .replace(slip_esc, slip_esc + slip_esc_esc) | |
147 | .replace(slip_end, slip_esc + slip_esc_end)) | |
148 | ||
149 | def slip_decode(data): | |
150 | print('DECODE ', repr(data)) | |
151 | out = [] | |
152 | for packet in data.split(slip_end): | |
153 | pdata = b'' | |
154 | while True: | |
155 | eix = packet.find(slip_esc) | |
156 | if eix == -1: | |
157 | pdata += packet | |
158 | break | |
159 | #print('ESC ', repr((pdata, packet, eix))) | |
160 | pdata += packet[0 : eix] | |
161 | ck = packet[eix+1] | |
8e279651 IJ |
162 | #print('ESC... %o' % ck) |
163 | if ck == slip_esc_esc[0]: pdata += slip_esc | |
164 | elif ck == slip_esc_end[0]: pdata += slip_end | |
ce7f1431 IJ |
165 | else: raise ValueError('invalid SLIP escape') |
166 | packet = packet[eix+2 : ] | |
167 | out.append(pdata) | |
168 | print('DECODED ', repr(out)) | |
169 | return out | |
170 | ||
171 | #---------- packet parsing ---------- | |
172 | ||
173 | def packet_addrs(packet): | |
ec0c4d95 IJ |
174 | version = packet[0] >> 4 |
175 | if version == 4: | |
176 | addrlen = 4 | |
177 | saddroff = 3*4 | |
178 | factory = ipaddress.IPv4Address | |
179 | elif version == 6: | |
180 | addrlen = 16 | |
181 | saddroff = 2*4 | |
182 | factory = ipaddress.IPv6Address | |
183 | else: | |
184 | raise ValueError('unsupported IP version %d' % version) | |
185 | saddr = factory(packet[ saddroff : saddroff + addrlen ]) | |
186 | daddr = factory(packet[ saddroff + addrlen : saddroff + addrlen*2 ]) | |
187 | return (saddr, daddr) | |
ce7f1431 | 188 | |
5da7763e | 189 | #---------- client ---------- |
c4b6d990 | 190 | |
ec88b1f1 | 191 | class Client(): |
c4b6d990 | 192 | def __init__(self, ip, cs): |
ec88b1f1 IJ |
193 | # instance data members |
194 | self._ip = ip | |
195 | self._cs = cs | |
196 | self.pw = cfg.get(cs, 'password') | |
0ac316c8 IJ |
197 | self._rq = collections.deque() # requests |
198 | self._pq = collections.deque() # packets | |
c4b6d990 IJ |
199 | # plus from config: |
200 | # .max_batch_down | |
201 | # .max_queue_time | |
202 | # .max_request_time | |
ec88b1f1 IJ |
203 | for k in ('max_batch_down','max_queue_time','max_request_time'): |
204 | req = cfg.getint(cs, k) | |
094ee3a2 | 205 | limit = cfg.getint('limits',k) |
c4b6d990 IJ |
206 | self.__dict__[k] = min(req, limit) |
207 | ||
208 | def process_arriving_data(self, d): | |
209 | for packet in slip_decode(d): | |
5bae5ba3 | 210 | (saddr, daddr) = packet_addrs(packet) |
c4b6d990 IJ |
211 | if saddr != self._ip: |
212 | raise ValueError('wrong source address %s' % saddr) | |
ec0c4d95 | 213 | route(packet, saddr, daddr) |
ec88b1f1 | 214 | |
c4b6d990 IJ |
215 | def _req_cancel(self, request): |
216 | request.finish() | |
217 | ||
218 | def _req_error(self, err, request): | |
219 | self._req_cancel(request) | |
220 | ||
0ac316c8 | 221 | def queue_outbound(self, packet): |
094ee3a2 | 222 | self._pq.append((time.monotonic(), packet)) |
0ac316c8 | 223 | |
c4b6d990 IJ |
224 | def http_request(self, request): |
225 | request.setHeader('Content-Type','application/octet-stream') | |
226 | reactor.callLater(self.max_request_time, self._req_cancel, request) | |
227 | request.notifyFinish().addErrback(self._req_error, request) | |
0ac316c8 IJ |
228 | self._rq.append(request) |
229 | self._check_outbound() | |
230 | ||
231 | def _check_outbound(self): | |
232 | while True: | |
233 | try: request = self._rq[0] | |
234 | except IndexError: request = None | |
235 | if request and request.finished: | |
236 | self._rq.popleft() | |
237 | continue | |
238 | ||
239 | # now request is an unfinished request, or None | |
240 | try: (queuetime, packet) = self._pq[0] | |
e2d41dc1 | 241 | except IndexError: |
0ac316c8 | 242 | # no packets, oh well |
094ee3a2 IJ |
243 | break |
244 | ||
245 | age = time.monotonic() - queuetime | |
246 | if age > self.max_queue_time: | |
247 | self._pq.popleft() | |
0ac316c8 IJ |
248 | continue |
249 | ||
094ee3a2 IJ |
250 | if request is None: |
251 | # no request | |
252 | break | |
253 | ||
254 | # request, and also some non-expired packets | |
255 | while True: | |
256 | try: (dummy, packet) = self._pq[0] | |
257 | except IndexError: break | |
258 | ||
259 | encoded = slip_encode(packet) | |
260 | ||
261 | if request.sentLength > 0: | |
262 | if (request.sentLength + len(slip_delimiter) | |
263 | + len(encoded) > self.max_batch_down): | |
264 | break | |
265 | request.write(slip_delimiter) | |
266 | ||
267 | request.write(encoded) | |
268 | self._pq.popLeft() | |
269 | ||
270 | assert(request.sentLength) | |
271 | self._rq.popLeft() | |
272 | request.finish() | |
273 | # round again, looking for more to do | |
ec88b1f1 | 274 | |
5da7763e IJ |
275 | class IphttpResource(twisted.web.resource.Resource): |
276 | def render_POST(self, request): | |
277 | # find client, update config, etc. | |
e2d41dc1 | 278 | ci = ipaddr(request.args['i']) |
5da7763e IJ |
279 | c = clients[ci] |
280 | pw = request.args['pw'] | |
281 | if pw != c.pw: raise ValueError('bad password') | |
282 | ||
283 | # update config | |
284 | for r, w in (('mbd', 'max_batch_down'), | |
285 | ('mqt', 'max_queue_time'), | |
286 | ('mrt', 'max_request_time')): | |
287 | try: v = request.args[r] | |
288 | except KeyError: continue | |
289 | v = int(v) | |
290 | c.__dict__[w] = v | |
291 | ||
292 | try: d = request.args['d'] | |
293 | except KeyError: d = '' | |
294 | ||
295 | c.process_arriving_data(d) | |
296 | c.new_request(request) | |
297 | ||
8e279651 | 298 | def render_GET(self, request): |
b11c6e7a | 299 | return b'<html><body>hippotit</body></html>' |
8e279651 | 300 | |
5da7763e IJ |
301 | def start_http(): |
302 | resource = IphttpResource() | |
b11c6e7a | 303 | site = twisted.web.server.Site(resource) |
e2d41dc1 | 304 | for addrspec in cfg.get('server','addrs').split(): |
5da7763e IJ |
305 | try: |
306 | addr = ipaddress.IPv4Address(addrspec) | |
307 | endpointfactory = twisted.internet.endpoints.TCP4ServerEndpoint | |
308 | except AddressValueError: | |
309 | addr = ipaddress.IPv6Address(addrspec) | |
310 | endpointfactory = twisted.internet.endpoints.TCP6ServerEndpoint | |
311 | ep = endpointfactory(reactor, cfg.getint('server','port'), addr) | |
b11c6e7a | 312 | crash_on_defer(ep.listen(site)) |
5da7763e IJ |
313 | |
314 | #---------- config and setup ---------- | |
315 | ||
3fba9787 IJ |
316 | def process_cfg(): |
317 | global network | |
e75e9c17 IJ |
318 | global host |
319 | global relay | |
5bae5ba3 | 320 | global ipif_command |
3fba9787 | 321 | |
ec88b1f1 | 322 | network = ipnetwork(cfg.get('virtual','network')) |
e75e9c17 IJ |
323 | if network.num_addresses < 3 + 2: |
324 | raise ValueError('network needs at least 2^3 addresses') | |
325 | ||
3fba9787 | 326 | try: |
e75e9c17 IJ |
327 | host = cfg.get('virtual','host') |
328 | except NoOptionError: | |
e2d41dc1 | 329 | host = next(network.hosts()) |
e75e9c17 IJ |
330 | |
331 | try: | |
332 | relay = cfg.get('virtual','relay') | |
e2d41dc1 | 333 | except NoOptionError: |
e75e9c17 | 334 | for search in network.hosts(): |
e2d41dc1 | 335 | if search == host: continue |
e75e9c17 IJ |
336 | relay = search |
337 | break | |
3fba9787 | 338 | |
ec88b1f1 IJ |
339 | for cs in cfg.sections(): |
340 | if not (':' in cs or '.' in cs): continue | |
e2d41dc1 | 341 | ci = ipaddr(cs) |
ec88b1f1 IJ |
342 | if ci not in network: |
343 | raise ValueError('client %s not in network' % ci) | |
344 | if ci in clients: | |
345 | raise ValueError('multiple client cfg sections for %s' % ci) | |
346 | clients[ci] = Client(ci, cs) | |
3fba9787 | 347 | |
e2d41dc1 IJ |
348 | global mtu |
349 | mtu = cfg.get('virtual','mtu') | |
350 | ||
5bae5ba3 IJ |
351 | iic_vars = { } |
352 | for k in ('host','relay','mtu','network'): | |
353 | iic_vars[k] = globals()[k] | |
354 | ||
355 | ipif_command = cfg.get('server','ipif', vars=iic_vars) | |
356 | ||
e75e9c17 | 357 | def startup(): |
e2d41dc1 IJ |
358 | global cfg |
359 | ||
e75e9c17 IJ |
360 | op = OptionParser() |
361 | op.add_option('-c', '--config', dest='configfile', | |
362 | default='/etc/hippottd/server.conf') | |
363 | global opts | |
364 | (opts, args) = op.parse_args() | |
365 | if len(args): op.error('no non-option arguments please') | |
366 | ||
e2d41dc1 IJ |
367 | twisted.logger.globalLogPublisher.addObserver(crash_on_critical) |
368 | ||
e75e9c17 | 369 | cfg = ConfigParser() |
5bae5ba3 | 370 | cfg.read_string(defcfg) |
e2d41dc1 | 371 | cfg.read(opts.configfile) |
5bae5ba3 IJ |
372 | process_cfg() |
373 | ||
374 | start_ipif() | |
375 | start_http() | |
e2d41dc1 IJ |
376 | |
377 | startup() | |
378 | reactor.run() | |
aa663282 | 379 | print('CRASHED (end)', file=sys.stderr) |