Commit 1440915b authored by Killian Lufau's avatar Killian Lufau

demo: add option to test HMAC

The option '-m' is added to the demo to check that babeld processes
of nodes contain the call to babeld corresponding to the current HMAC
state of the registry database.
parent d868f09a
#!/usr/bin/python2
import argparse, math, nemu, os, re, signal
import socket, subprocess, sys, time, weakref
import socket, sqlite3, subprocess, sys, time, weakref
from collections import defaultdict
from contextlib import contextmanager
from threading import Thread
IPTABLES = 'iptables'
SCREEN = 'screen'
VERBOSE = 4
......@@ -60,6 +61,8 @@ parser.add_argument('-d', '--duration', type = int,
help = 'time of the demo execution in seconds')
parser.add_argument('-p', '--ping', action = 'store_true',
help = 'execute ping utility')
parser.add_argument('-m', '--hmac', action = 'store_true',
help = 'execute HMAC test')
args = parser.parse_args()
def handler(signum, frame):
......@@ -243,7 +246,8 @@ def new_network(registry, reg_addr, serial, ca):
""")).wait()
db = sqlite3.connect(db_path, isolation_level=None)
def new_node(node, folder, args='', prefix_len=None, registry=registry_url):
nodes.append(node)
if node not in nodes:
nodes.append(node)
if not os.path.exists(folder + '/cert.crt'):
dh_path = folder + '/dh2048.pem'
if not os.path.exists(dh_path):
......@@ -263,6 +267,7 @@ def new_network(registry, reg_addr, serial, ca):
p.communicate(str(token[0]))
os.remove(dh_path)
os.remove(folder + '/ca.crt')
print 'went into function to create files....'
node.screen('./py re6stnet @%s/re6stnet.conf -v%u --registry %s'
' --console %s/run/console.sock %s' % (
folder, VERBOSE, registry, folder, args))
......@@ -297,6 +302,45 @@ if args.ping:
name = machine.name if machine.short[0] == 'R' else 'm' + machine.short
machine.screen('python ping.py {} {}'.format(name, ' '.join(ips)))
class testHMAC(Thread):
def run(self):
reg1_db = sqlite3.connect('registry/registry.db', isolation_level=None,
check_same_thread=False)
reg2_db = sqlite3.connect('registry2/registry.db', isolation_level=None,
check_same_thread=False)
reg1_db.text_factory = reg2_db.text_factory = str
m_net1 = ['registry', 'm1', 'm2', 'm3', 'm4', 'm5', 'm6', 'm7', 'm8']
m_net2 = ['registry2', 'm10']
# Test that machines can join the network (hence get the new config)
# when they reboot and that their hmac config is different than the
# up-to-date machines (but still compatible).
print 'Testing HMAC...'
test_hmac.checkHMAC(reg1_db, m_net1)
print 'Letting the time to machines to create tunnels...'
time.sleep(45)
registry.screen('wget 10.0.0.2/updateHMAC')
print 'Updated HMAC (config = hmac0 & hmac1), waiting...'
time.sleep(45)
print 'Checking HMAC on machines connected to registry 1...'
test_hmac.checkHMAC(reg1_db, m_net1)
test_hmac.killRe6st('m1')
print 'Re6st on machine 1 is stopped'
time.sleep(5)
registry.screen('wget 10.0.0.2/updateHMAC')
print 'Updated HMAC on registry (config = hmac1 & hmac2), waiting...'
time.sleep(45)
new_node(machine1, 'm1', '-I%s' % m1_if_0.name,
None, 'http://%s/' % REGISTRY)
print 'Started re6st on machine 1, waiting for it to get new conf'
time.sleep(60)
print 'Checking HMAC on machines connected to registry 1...'
test_hmac.checkHMAC(reg1_db, m_net1)
if args.hmac:
import test_hmac
testHMAC().start()
_ll = {}
def node_by_ll(addr):
try:
......
import sqlite3, subprocess
def getConfig(db, name):
r, = next(db.execute(
"SELECT value FROM config WHERE name=?", (name,)), (None,))
if r is not None:
r = str(r).encode('hex')
return r
def getCurrentHmacs(db):
true_hmacs = {'babel_hmac0': None, 'babel_hmac1': None, 'babel_hmac2': None}
for k in true_hmacs.keys():
true_hmacs[k] = getConfig(db, k)
return true_hmacs
def killRe6st(machine):
p = subprocess.Popen(['pgrep', '-f', 'set ./py re6stnet @%s' %machine],
stdout=subprocess.PIPE)
ps_id = p.communicate()[0].split('\n', 1)[0]
if ps_id:
subprocess.Popen(['kill', ps_id])
def checkHMAC(db, machines):
hmac = getCurrentHmacs(db)
rc = True
ps = subprocess.Popen(['pgrep', '-a', 'babel'], stdout=subprocess.PIPE)
for p in (p for p in ps.communicate()[0].split('\n') if p):
if p.split('/',1)[0].split()[-1] in machines:
if hmac['babel_hmac0'] and not hmac['babel_hmac1']: # state = hmac0
if ('sign' not in p or
'accept' in p or
p.split('sign value ',1)[1].split()[0]\
!= hmac['babel_hmac0']):
rc = False
print 'HMAC config wrong for in %s' % p
else:
if hmac['babel_hmac0']: # state = hmac0 and hmac1
sign = 'babel_hmac0'
accept = 'babel_hmac1'
else: # state = hmac1 and hmac2
sign = 'babel_hmac1'
accept = 'babel_hmac2'
if ('accept' not in p or
'sign' not in p or
p.split('sign value ',1)[1].split()[0] != hmac[sign] or
p.split('accept value ',1)[1].split()[0] != hmac[accept]):
rc = False
print 'HMAC config wrong in %s' % p
if rc:
print('Babel OK')
return rc
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment