Commit 1257f36c authored by Julien Muchembled's avatar Julien Muchembled

Some network option should be the same everywhere so move them to the registry

parent ef5401a4
......@@ -2,12 +2,9 @@ log m1/
state m1/
babel-pidfile m1/babeld.pid
pp 1194 tcp
hello 4
dh dh2048.pem
ca ca.crt
cert m1/cert.crt
key m1/cert.key
table 0
client-count 2
tunnel-refresh 100
neighbour 6/16
......@@ -2,11 +2,8 @@ log m2/
state m2/
babel-pidfile m2/babeld.pid
pp 1194 tcp
hello 4
dh dh2048.pem
ca ca.crt
cert m2/cert.crt
key m2/cert.key
table 0
client-count 2
tunnel-refresh 100
......@@ -2,11 +2,8 @@ log m3/
state m3/
babel-pidfile m3/babeld.pid
pp 1194 tcp
hello 4
dh dh2048.pem
ca ca.crt
cert m3/cert.crt
key m3/cert.key
table 0
client-count 2
tunnel-refresh 100
......@@ -2,11 +2,8 @@ log m4/
state m4/
babel-pidfile m4/babeld.pid
pp 1194 tcp
hello 4
dh dh2048.pem
ca ca.crt
cert m4/cert.crt
key m4/cert.key
table 0
client-count 2
tunnel-refresh 100
log m5/
state m5/
babel-pidfile m5/babeld.pid
hello 4
ca ca.crt
cert m5/cert.crt
key m5/cert.key
......
......@@ -2,14 +2,11 @@ log m6/
state m6/
babel-pidfile m6/babeld.pid
pp 1194 tcp
hello 4
dh dh2048.pem
ca ca.crt
cert m6/cert.crt
key m6/cert.key
table 0
client-count 2
tunnel-refresh 100
# TODO: Run a DHCPv4 client on machine9. Unfortunately, isc-dhcp-client 4.2.4
# fails with "Bind socket to interface: No such device"
daemon "exec dnsmasq -d8 - -i $re6stnet_iface -F 192.168.42.2,192.168.42.254,255.255.255.0,infinite -F ${re6stnet_subnet%/*},ra-only,${re6stnet_subnet#*/},1d -O option:router,192.168.42.1 -l m6/dnsmasq.leases"
......@@ -2,11 +2,8 @@ log m7/
state m7/
babel-pidfile m7/babeld.pid
pp 1194 tcp
hello 4
dh dh2048.pem
ca ca.crt
cert m7/cert.crt
key m7/cert.key
table 0
client-count 2
tunnel-refresh 100
log m8/
state m8/
babel-pidfile m8/babeld.pid
hello 4
ca ca.crt
cert m8/cert.crt
key m8/cert.key
......
ca ca.crt
key registry/ca.key
logfile registry/registry.log
hello 4
client-count 2
tunnel-refresh 100
log registry/
state registry/
babel-pidfile registry/babeld.pid
hello 4
dh dh2048.pem
ca ca.crt
cert registry/cert.crt
key registry/cert.key
gateway
client-count 2
tunnel-refresh 100
......@@ -92,6 +92,28 @@ def main():
_('--min-protocol', default=version.min_protocol, type=int,
help="Reject nodes that are too old. Current is %s." % version.protocol)
_ = parser.add_argument_group('routing').add_argument
_('--hello', type=int, default=15,
help="Hello interval in seconds, for both wired and wireless"
" connections. OpenVPN ping-exit option is set to 4 times the"
" hello interval. It takes between 3 and 4 times the"
" hello interval for Babel to re-establish connection with a"
" node for which the direct connection has been cut.")
_ = parser.add_argument_group('tunnelling').add_argument
_('--encrypt', action='store_true',
help='Specify that tunnels should be encrypted.')
_('--client-count', default=10, type=int,
help="Number of client tunnels to set up.")
_('--max-clients', type=int,
help="Maximum number of accepted clients per OpenVPN server. (default:"
" client-count * 2, which actually represents the average number"
" of tunnels to other peers)")
_('--tunnel-refresh', default=300, type=int,
help="Interval in seconds between two tunnel refresh: the worst"
" tunnel is closed if the number of client tunnels has reached"
" its maximum number (client-count).")
config = parser.parse_args()
if not version.min_protocol <= config.min_protocol <= version.protocol:
......@@ -100,6 +122,9 @@ def main():
utils.setupLog(config.verbose, config.logfile)
if config.max_clients is None:
config.max_clients = config.client_count * 2
server = registry.RegistryServer(config)
def requestHandler(request, client_address, _):
RequestHandler(request, client_address, server)
......
......@@ -61,7 +61,7 @@ def client(iface, address_list, encrypt, *args, **kw):
def router(subnet, hello_interval, table, log_path, state_path, pidfile,
tunnel_interfaces, control_socket, *args, **kw):
tunnel_interfaces, control_socket, default, *args, **kw):
s = utils.ipFromBin(subnet)
n = len(subnet)
cmd = ['babeld',
......@@ -71,7 +71,7 @@ def router(subnet, hello_interval, table, log_path, state_path, pidfile,
'-S', state_path,
'-I', pidfile,
'-s',
'-C', 'default max-rtt-penalty 5000 rtt-max 500 rtt-decay 125',
'-C', 'default ' + default,
'-C', 'redistribute local deny',
'-C', 'redistribute ip %s/%u eq %u' % (s, n, n),
'-C', 'redistribute deny']
......
......@@ -99,10 +99,12 @@ class RegistryServer(object):
def updateNetworkConfig(self):
kw = {
'babel_default': 'max-rtt-penalty 5000 rtt-max 500 rtt-decay 125',
'protocol': version.protocol,
'registry_prefix': self.prefix,
}
for x in 'min_protocol',:
for x in ('client_count', 'encrypt', 'hello',
'max_clients', 'min_protocol', 'tunnel_refresh'):
kw[x] = getattr(self.config, x)
config = json.dumps(kw, sort_keys=True)
if config != self.getConfig('last_config', None):
......
......@@ -6,8 +6,6 @@ from . import ctl, plib, utils, version, x509
PORT = 326
# Be careful the refresh interval should let the routes be established
class MultiGatewayManager(dict):
......@@ -165,7 +163,7 @@ class BaseTunnelManager(object):
# TODO: To minimize downtime when network parameters change, we should do
# our best to not restart any process. Ideally, this list should be
# empty and the affected subprocesses reloaded.
NEED_RESTART = frozenset()
NEED_RESTART = frozenset(('babel_default', 'encrypt', 'hello'))
_forward = None
......@@ -425,13 +423,14 @@ class BaseTunnelManager(object):
class TunnelManager(BaseTunnelManager):
NEED_RESTART = BaseTunnelManager.NEED_RESTART.union((
'client_count', 'max_clients', 'tunnel_refresh'))
def __init__(self, control_socket, cache, cert, cert_renew, openvpn_args,
timeout, refresh, client_count, iface_list, address,
ip_changed, encrypt, remote_gateway, disable_proto,
neighbour_list=()):
timeout, client_count, iface_list, address, ip_changed,
remote_gateway, disable_proto, neighbour_list=()):
super(TunnelManager, self).__init__(cache, cert, cert_renew, address)
self.ctl = ctl.Babel(control_socket, weakref.proxy(self), self._network)
self.encrypt = encrypt
self.ovpn_args = openvpn_args
self.timeout = timeout
# Create and open read_only pipe to get server events
......@@ -440,7 +439,6 @@ class TunnelManager(BaseTunnelManager):
self._disconnected = 0
self._distant_peers = []
self._iface_to_prefix = {}
self._refresh_time = refresh
self._iface_list = iface_list
self._ip_changed = ip_changed
self._gateway_manager = MultiGatewayManager(remote_gateway) \
......@@ -457,8 +455,12 @@ class TunnelManager(BaseTunnelManager):
for i in xrange(1, self._client_count + 1))
self._free_iface_list = []
@property
def encrypt(self):
return self.cache.encrypt
def resetTunnelRefresh(self):
self._next_tunnel_refresh = time.time() + self._refresh_time
self._next_tunnel_refresh = time.time() + self.cache.tunnel_refresh
def _tuntap(self, iface=None):
if iface:
......
......@@ -59,12 +59,6 @@ def getConfig():
_('--control-socket', metavar='CTL_SOCK', default=ctl.SOCK_PATH,
help="Socket path to use for communication between re6stnet and babeld"
" (option -R of Babel).")
_('--hello', type=int, default=15,
help="Hello interval in seconds, for both wired and wireless"
" connections. OpenVPN ping-exit option is set to 4 times the"
" hello interval. It takes between 3 and 4 times the"
" hello interval for Babel to re-establish connection with a"
" node for which the direct connection has been cut.")
_('--table', type=int, default=42,
help="Use given table id. Set 0 to use the main table, if you want to"
" access internet via this network (in this case, make sure you"
......@@ -80,8 +74,6 @@ def getConfig():
" subprocesses. Often used to configure verbosity.")
_('--ovpnlog', action='store_true',
help="Tell each OpenVPN subprocess to log to a dedicated file.")
_('--encrypt', action='store_true',
help='Specify that tunnels should be encrypted.')
_('--pp', nargs=2, action='append', metavar=('PORT', 'PROTO'),
help="Port and protocol to be announced to other peers, ordered by"
" preference. For each protocol (udp, tcp, udp6, tcp6), start one"
......@@ -95,16 +87,12 @@ def getConfig():
" Common name defines the allocated prefix in the network.")
_('--key', required=True,
help="Local peer's private key in .pem format.")
_('--client-count', default=10, type=int,
help="Number of client tunnels to set up.")
_('--client-count', type=int,
help="Number of client tunnels to set up."
" (default: value from registry)")
_('--max-clients', type=int,
help="Maximum number of accepted clients per OpenVPN server. (default:"
" client-count * 2, which actually represents the average number"
" of tunnels to other peers)")
_('--tunnel-refresh', default=300, type=int,
help="Interval in seconds between two tunnel refresh: the worst"
" tunnel is closed if the number of client tunnels has reached"
" its maximum number (client-count).")
help="Maximum number of accepted clients per OpenVPN server."
" (default: value from registry)")
_('--remote-gateway', action='append', dest='gw_list',
help="Force each tunnel to be created through one the given gateways,"
" in a round-robin fashion.")
......@@ -145,10 +133,13 @@ def main():
exit.signal(-1, signal.SIGHUP, signal.SIGUSR2)
next_renew = cert.maybeRenew(config.registry)
cache = Cache(db_path, config.registry, cert)
network = cert.network
if config.client_count is None:
config.client_count = cache.client_count
if config.max_clients is None:
config.max_clients = config.client_count * 2
config.max_clients = cache.max_clients
if 'none' in config.disable_proto:
config.disable_proto = ()
......@@ -253,15 +244,13 @@ def main():
# Init db and tunnels
tunnel_interfaces = server_tunnels.keys()
timeout = 4 * config.hello
cache = Cache(db_path, config.registry, cert)
timeout = 4 * cache.hello
cleanup = [lambda: cache.cacheMinimize(config.client_count)]
if config.client_count and not config.client:
tunnel_manager = tunnel.TunnelManager(config.control_socket,
cache, cert, next_renew, config.openvpn_args, timeout,
config.tunnel_refresh, config.client_count, config.iface_list,
address, ip_changed, config.encrypt, remote_gateway,
config.disable_proto, config.neighbour)
config.client_count, config.iface_list, address, ip_changed,
remote_gateway, config.disable_proto, config.neighbour)
tunnel_interfaces += tunnel_manager.new_iface_list
write_pipe = tunnel_manager.write_pipe
else:
......@@ -293,13 +282,13 @@ def main():
sys.exit("error: --disable_proto option disables"
" all addresses given by --client")
cleanup.append(plib.client('re6stnet',
address_list, config.encrypt, '--ping-restart',
address_list, cache.encrypt, '--ping-restart',
str(timeout), *config.openvpn_args).stop)
elif server_tunnels:
required('dh')
for iface, (port, proto) in server_tunnels.iteritems():
cleanup.append(plib.server(iface, config.max_clients,
config.dh, write_pipe, port, proto, config.encrypt,
config.dh, write_pipe, port, proto, cache.encrypt,
'--ping-exit', str(timeout), *config.openvpn_args).stop)
ip('addr', my_ip, 'dev', config.main_interface)
......@@ -356,11 +345,11 @@ def main():
ip('route', 'unreachable', *x)
config.babel_args += config.iface_list
cleanup.append(plib.router(subnet, config.hello, config.table,
cleanup.append(plib.router(subnet, cache.hello, config.table,
os.path.join(config.log, 'babeld.log'),
os.path.join(config.state, 'babeld.state'),
config.babel_pidfile, tunnel_interfaces,
config.control_socket,
config.control_socket, cache.babel_default,
*config.babel_args).stop)
if config.up:
exit.release()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment