Skip to content

R
re6stnet
Commit 84e01d2c authored by Ulysse Beaugnon's avatar Ulysse Beaugnon
Browse files
Options

config has now be moved to utils. Still a lot of hack with config to be removed

parent af915652
Hide whitespace changes
Inline Side-by-side
Showing with 78 additions and 76 deletions
TODO
View file @ 84e01d2c
Bugs : Bugs :
When no peer is avalaible without the --no-boot option, it crash When no peer is avalaible without the --no-boot option, it crash
To be done :
Do a clean-up in the import
To be discuss: To be discuss:
Remove the --no-boot option since we know when no node is avalaible Remove the --no-boot option since we know when no node is avalaible
Maybe we should notify the server of our existence earlier
Find a better solution for config than utils.config = config, openv.config = config, ... Find a better solution for config than utils.config = config, openv.config = config, ...
When I created PeersDB, I thought only be used to access the DB and not do some logic. When I created PeersDB, I thought only be used to access the DB and not do some logic.
...@@ -16,13 +17,10 @@ To be discuss: ...@@ -16,13 +17,10 @@ To be discuss:
The organisation of the code The organisation of the code
vifibnet.py Just contain the main loop and the init vifibnet.py Just contain the main loop and the init
openpvn.py To launch openvpn processes openpvn.py To launch openvpn processes
utils.py Small functions to do some usefull job utils.py Small functions to do some usefull job, also contains the config
db.py Function to access the DB (merge with utils ?) db.py Function to access the DB (merge with utils ?)
tunnelmanager.py To choose wich connection delete/keep/... tunnelmanager.py To choose wich connection delete/keep/...
upnpigd.py To open a port and find the external IP upnpigd.py To open a port and find the external IP
config.py If we find a way to be able to juste have to import config evrywhere,
call config.init() from main and then have the config evrywhere,
it would be great
How we choose which protocol we use : How we choose which protocol we use :
IMO, we should use UDP. I've read many times than TCP other TCP can be catastrophic in terme of performance IMO, we should use UDP. I've read many times than TCP other TCP can be catastrophic in terme of performance
......
tunnelmanager.py
View file @ 84e01d2c
...@@ -2,6 +2,7 @@ import os, random ...@@ -2,6 +2,7 @@ import os, random
import openvpn import openvpn
import utils import utils
import db import db
from config import *
connection_dict = {} # to remember current connections we made connection_dict = {} # to remember current connections we made
free_interface_set = set(('client1', 'client2', 'client3', 'client4', 'client5', free_interface_set = set(('client1', 'client2', 'client3', 'client4', 'client5',
......
utils.py
View file @ 84e01d2c
import time import time
import argparse
from OpenSSL import crypto
def log(message, verbose_level): def log(message, verbose_level):
if verbose >= verbose_level: if config.verbose >= verbose_level:
print time.strftime("%d-%m-%Y %H:%M:%S : " + message) print time.strftime("%d-%m-%Y %H:%M:%S : " + message)
def ipFromBin(prefix): def ipFromBin(prefix):
...@@ -15,3 +17,66 @@ def ipFromPrefix(vifibnet, prefix, prefix_len): ...@@ -15,3 +17,66 @@ def ipFromPrefix(vifibnet, prefix, prefix_len):
prefix = bin(int(prefix))[2:].rjust(prefix_len, '0') prefix = bin(int(prefix))[2:].rjust(prefix_len, '0')
ip_t = (vifibnet + prefix).ljust(128, '0') ip_t = (vifibnet + prefix).ljust(128, '0')
return ipFromBin(ip_t) return ipFromBin(ip_t)
def getConfig():
global config
parser = argparse.ArgumentParser(
description='Resilient virtual private network application')
_ = parser.add_argument
# Server address MUST be a vifib address ( else requests will be denied )
_('--server', required=True,
help='Address for peer discovery server')
_('--server-port', required=True, type=int,
help='Peer discovery server port')
_('-l', '--log', default='/var/log',
help='Path to vifibnet logs directory')
_('--client-count', default=2, type=int,
help='Number of client connections')
# TODO: use maxpeer
_('--max-clients', default=10, type=int,
help='the number of peers that can connect to the server')
_('--refresh-time', default=300, type=int,
help='the time (seconds) to wait before changing the connections')
_('--refresh-count', default=1, type=int,
help='The number of connections to drop when refreshing the connections')
_('--db', default='/var/lib/vifibnet/peers.db',
help='Path to peers database')
_('--dh', required=True,
help='Path to dh file')
_('--babel-state', default='/var/lib/vifibnet/babel_state',
help='Path to babeld state-file')
_('--verbose', '-v', default=0, type=int,
help='Defines the verbose level')
_('--ca', required=True,
help='Path to the certificate authority file')
_('--cert', required=True,
help='Path to the certificate file')
_('--ip', required=True, dest='external_ip',
help='Ip address of the machine on the internet')
# Openvpn options
_('openvpn_args', nargs=argparse.REMAINDER,
help="Common OpenVPN options (e.g. certificates)")
config = parser.parse_args()
# Get network prefix from ca.crt
with open(config.ca, 'r') as f:
ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
config.vifibnet = bin(ca.get_serial_number())[3:]
# Get ip from cert.crt
with open(config.cert, 'r') as f:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
subject = cert.get_subject()
prefix, prefix_len = subject.CN.split('/')
config.internal_ip = ipFromPrefix(config.vifibnet, prefix, int(prefix_len))
log('Intranet ip : %s' % (config.internal_ip,), 3)
# Treat openvpn arguments
if config.openvpn_args[0] == "--":
del config.openvpn_args[0]
config.openvpn_args.append('--ca')
config.openvpn_args.append(config.ca)
config.openvpn_args.append('--cert')
config.openvpn_args.append(config.cert)
log("Configuration completed", 1)
vifibnet.py
View file @ 84e01d2c
...@@ -30,72 +30,6 @@ def startBabel(**kw): ...@@ -30,72 +30,6 @@ def startBabel(**kw):
print args print args
return subprocess.Popen(args, **kw) return subprocess.Popen(args, **kw)
def getConfig():
global config
parser = argparse.ArgumentParser(
description='Resilient virtual private network application')
_ = parser.add_argument
# Server address MUST be a vifib address ( else requests will be denied )
_('--server', required=True,
help='Address for peer discovery server')
_('--server-port', required=True, type=int,
help='Peer discovery server port')
_('-l', '--log', default='/var/log',
help='Path to vifibnet logs directory')
_('--client-count', default=2, type=int,
help='Number of client connections')
# TODO: use maxpeer
_('--max-clients', default=10, type=int,
help='the number of peers that can connect to the server')
_('--refresh-time', default=300, type=int,
help='the time (seconds) to wait before changing the connections')
_('--refresh-count', default=1, type=int,
help='The number of connections to drop when refreshing the connections')
_('--db', default='/var/lib/vifibnet/peers.db',
help='Path to peers database')
_('--dh', required=True,
help='Path to dh file')
_('--babel-state', default='/var/lib/vifibnet/babel_state',
help='Path to babeld state-file')
_('--verbose', '-v', default=0, type=int,
help='Defines the verbose level')
_('--ca', required=True,
help='Path to the certificate authority file')
_('--cert', required=True,
help='Path to the certificate file')
_('--ip', required=True, dest='external_ip',
help='Ip address of the machine on the internet')
# Openvpn options
_('openvpn_args', nargs=argparse.REMAINDER,
help="Common OpenVPN options (e.g. certificates)")
openvpn.config = config = parser.parse_args()
tunnelmanager.config = config
db.config = config
utils.verbose = config.verbose
# Get network prefix from ca.crt
with open(config.ca, 'r') as f:
ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
config.vifibnet = bin(ca.get_serial_number())[3:]
# Get ip from cert.crt
with open(config.cert, 'r') as f:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
subject = cert.get_subject()
prefix, prefix_len = subject.CN.split('/')
config.internal_ip = utils.ipFromPrefix(config.vifibnet, prefix, int(prefix_len))
utils.log('Intranet ip : %s' % (config.internal_ip,), 3)
# Treat openvpn arguments
if config.openvpn_args[0] == "--":
del config.openvpn_args[0]
config.openvpn_args.append('--ca')
config.openvpn_args.append(config.ca)
config.openvpn_args.append('--cert')
config.openvpn_args.append(config.cert)
utils.log("Configuration completed", 1)
def handle_message(msg): def handle_message(msg):
script_type, arg = msg.split() script_type, arg = msg.split()
if script_type == 'client-connect': if script_type == 'client-connect':
...@@ -111,8 +45,12 @@ def handle_message(msg): ...@@ -111,8 +45,12 @@ def handle_message(msg):
def main(): def main():
# Get arguments # Get arguments
getConfig() utils.getConfig()
global config
from utils import config
openvpn.config = config
tunnelmanager.config = config
db.config = config
# Setup database # Setup database
tunnelmanager.peers_db = db.PeersDB(config.db) tunnelmanager.peers_db = db.PeersDB(config.db)
...@@ -144,7 +82,7 @@ def main(): ...@@ -144,7 +82,7 @@ def main():
handle_message(read_pipe.readline()) handle_message(read_pipe.readline())
if time.time() >= next_refresh: if time.time() >= next_refresh:
tunnelmanager.peers_db.populate(10) tunnelmanager.peers_db.populate(10)
refreshConnections(write_pipe) tunnelmanager.refreshConnections(write_pipe)
next_refresh = time.time() + config.refresh_time next_refresh = time.time() + config.refresh_time
except KeyboardInterrupt: except KeyboardInterrupt:
return 0 return 0
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7