Commit 667831ff authored by Julien Muchembled's avatar Julien Muchembled

Review some re6stnet options and update demo

parent df77b6a2
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIDDTCCAfWgAwIBAgIHASABDbgAQjANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQG MIIDTTCCAjWgAwIBAgIHASABDbgAQjANBgkqhkiG9w0BAQUFADA+MRowGAYDVQQD
EwJGUjEPMA0GA1UEAwwGVlBOIENBMB4XDTEyMDcxNjExNTMwNVoXDTEzMDcxNjEx DBFyZTZzdC5leGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJARYRcmU2c3RAZXhhbXBs
NTMwNVowHjELMAkGA1UEBhMCRlIxDzANBgNVBAMMBlZQTiBDQTCCASIwDQYJKoZI ZS5jb20wHhcNMTIwOTA2MTI0MTM0WhcNMjAwMTAxMTI0MTM0WjA+MRowGAYDVQQD
hvcNAQEBBQADggEPADCCAQoCggEBALMp1ojWB123yI3kxM0x75sq5W3QJ+rfg5SH DBFyZTZzdC5leGFtcGxlLmNvbTEgMB4GCSqGSIb3DQEJARYRcmU2c3RAZXhhbXBs
TLvc1CbUeNQwMeJT/l2OQG7D5jyrw4wjAK43w+DKnoJ8WK8sfdrjZ5uDEmfaR9Tv ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzKdaI1gddt8iN
TvyCJsIS4g9YP0ZdCNKA/7swlW/erbiDhhlOxrqUonxjU58/aLa41He/v/cEEiyh 5MTNMe+bKuVt0Cfq34OUh0y73NQm1HjUMDHiU/5djkBuw+Y8q8OMIwCuN8Pgyp6C
vymJqXaRsuDP3ov5zMOM85WxX5Uf3UySrqQ7uN82k2gEdVJfORClW6nGLzrAQUiu fFivLH3a42ebgxJn2kfU7078gibCEuIPWD9GXQjSgP+7MJVv3q24g4YZTsa6lKJ8
TOUBhlGZjR9FymuGi8jWIMul2wmxj/LI+B9c0mT3GFOU9Sg3HIfQQ+Ea/QoCslmT Y1OfP2i2uNR3v7/3BBIsob8pial2kbLgz96L+czDjPOVsV+VH91Mkq6kO7jfNpNo
CXN0OPlFVhhwtMSB7fviCvUQgzLN7H+Q3nLVqza1f2XBdNE5zmkCAwEAAaNQME4w BHVSXzkQpVupxi86wEFIrkzlAYZRmY0fRcprhovI1iDLpdsJsY/yyPgfXNJk9xhT
HQYDVR0OBBYEFKAM2cc4IXnFIZuYD1IK6MItGzSdMB8GA1UdIwQYMBaAFKAM2cc4 lPUoNxyH0EPhGv0KArJZkwlzdDj5RVYYcLTEge374gr1EIMyzex/kN5y1as2tX9l
IXnFIZuYD1IK6MItGzSdMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB wXTROc5pAgMBAAGjUDBOMB0GA1UdDgQWBBSgDNnHOCF5xSGbmA9SCujCLRs0nTAf
AFIqN4FoxebGAd2f60J9s60a7IExmrrGOCEL+x74XCV+4QBI4UQ27KYzGltXgBO6 BgNVHSMEGDAWgBSgDNnHOCF5xSGbmA9SCujCLRs0nTAMBgNVHRMEBTADAQH/MA0G
eyY2urg2b8MyCjU/U/N5iK6QhzIUw9oGY927V/6WxlMX/DzKAx9VQg2oIxDrj+tA CSqGSIb3DQEBBQUAA4IBAQBZQvMkCSCrrJoS432kJUg//iB0+c1mftbYTez+wqHq
TpUw9MxlhL/VBJDxuJe6tjM0zdevTVeDgQAJa0UGMTqfMDFjN53WY+ZUyI/0TXwg NzEPnv5EWJtYsYvZUx6huNvrv5UR9S9MkGyH1u8kw3mW5lRKTPBC9NdAgywhsDES
tDmEguWFuE/1O1lzZIq9Bv+5lsIsXynzshDLX8t5VGHrPQ8kBs6v7wTLfdtJyDZz VTDx02EZhsKEA2VaxhirGyJEDSgXADQNZNtB0Mw+M8/tociZKOiih6gwJw3sYcDz
/jLm5Us3/tUB71aMUa3+7bJEFdqtdasbhBAJAgI4hKszmZfsI9H4NHKWQ51cQKNh 9mTQFG44YG2nSmxEqP2m+32km0gvxLNIyoCnZN1x25dcRcJ5H9AbbIfSZxC02rqc
P7R0fzBg1J/ueLW5vuPCkXE= Wy0HLmfa7ZPLYD5Qz/TuCXXRXxyy5AYasVsz2GdXDNXRwiEmYqfM69EDtwZqTPZj
cfJdgSNqrysIXYE6SgBi6RUtOlmBubdxke4EZZ4ImdGo
-----END CERTIFICATE----- -----END CERTIFICATE-----
...@@ -26,6 +26,11 @@ if not os.path.exists(registry): ...@@ -26,6 +26,11 @@ if not os.path.exists(registry):
sql = open('registry/registry.sql').read() sql = open('registry/registry.sql').read()
db = sqlite3.connect(registry) db = sqlite3.connect(registry)
db.executescript(sql) db.executescript(sql)
for prefix, cert in db.execute("SELECT prefix, cert FROM cert"
" WHERE cert IS NOT NULL"):
i = int(prefix, 2)
with open(("m%u" % i if i else "registry") + "/cert.crt", 'w') as f:
f.write(cert)
db.close() db.close()
def disable_signal_on_children(sig): def disable_signal_on_children(sig):
......
-----BEGIN CERTIFICATE-----
MIICoDCCAYgCADANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJGUjEPMA0GA1UE
AwwGVlBOIENBMB4XDTEyMDcyNTA1MzAwMVoXDTEzMDcyNTA1MzAwMVowDzENMAsG
A1UEAxMENy8xNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBm39B1
mHqMnb31Eig/FhcWJOvaAMfYwrxcuLWfM0orX+4M0Qj3Loqpg7Cktzj7TOMCxhdw
7cTyoVTAQX0RVFk+jmsYOD7RGZGUB7Wa3+DG/vhEbPcq5SuQMls/VhNOhw1clgBG
Dg6bprdNyTJGVlxAzioZh9m20RHjEiZFiFjd5EZrUUnV6PNAXS4SNF9GQ360Pfh+
/agGliCM9XBRq2zqD0+bmy5RwYKMGvQeeQsK5K4O2PAivel87YGtGQtqfXaKDpVX
RxCUPyBj/irSE2xv/IL3BiMTR2FEUegzPtGs1ryBXx9bls6D6Y6v9+KtKHs4icAD
tKRyUN/AKhUOafcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAOt3KUHqzkMTVsHvy
1AsD+pFwk+l0n8EF7zfACSSRLAWeh2uky8/1T0NSjIPDBwMC44m2n57QScno59mi
QCdI3eJGLHYeOOV/523vuQx3TULjoxEVhux3WkO/OrgRdRSGxyspnb9XR2ExrLXa
jwUkpa74kvFdC7n4UdSdhf5MC3CBOi8k8bs/fzIbj9oW+CtWebwe5dfBAKjHxjPy
s1PiWo8u4fp0D0ljznVEw2Z+HvfmtxKKoXMtz14fM+i05i6A70eFYWgzbv4cb1Fy
jyz1bgEdd9PUeikRRcpHNOYHQd79Q3f10wliqqxZXTB2bsdMD9NFmDnyIk4wEz3N
pAA5fw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICoDCCAYgCADANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJGUjEPMA0GA1UE
AwwGVlBOIENBMB4XDTEyMDcyNTA1Mjg1NloXDTEzMDcyNTA1Mjg1NlowDzENMAsG
A1UEAxMENS8xNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPfcxv4a
S8vmvC5hgXQx/51lviKt9BaBDUr9EPwxvJoyWwDjINRhcxhXg1OhUALJu4fCGOGr
oE9pEvoWZRp+GOTBrTXxf3cEN5OChyhMr0qnZZbDAeFZOtaN4rjTuIH7nONDKkC2
DszWuwTBPJ+p8048Qq8MaAjM08s5sUmvmiWA7zZbtk4RY0coci5W/uf4pnjjB0A/
ZfcpBQIuSxFacAD8aDOv8SEb/OQtX1oAlptGcUTpNS12xgs/sOhF3qqqXg3/OX6I
VK1ffvc2GQd3Ovmu82e7WgFkt031foVPe0kuj0W9zPYvjiLFL2xCBxP6TGn1iLDI
DOMocZTRVFDZP+8CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAg+jU0OWHYuUW6LE9
qkKml7vH8EEeSVmZF82p6YdOxEQMPfhdoNKcLlDWXMPlAk9+areItd7hjhMJj0N1
SZr8+3NeEx8Yde4h21j/MSQNmOkXUppYxXFeFylA4R0EVOFxZs5mrMbaeSn7e11j
E7zUku78dTGKDCKuQLzdvywDHzo260f8CKOJ02XaWYeuVDyziCWO+HpAhdUKHJBy
pQH+TZB+jjbs5dfCaQYUZetmqYWPECx19ZcP39MocsUHveIXJ5gmBLKjU2BqT07C
0dfh38tYazsl1NeblDksKvSOSNdpwfI0DFfMvLE3OY1BiDy/0rLwOSQeKI8kHT3C
+kdkjw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICoDCCAYgCADANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJGUjEPMA0GA1UE
AwwGVlBOIENBMB4XDTEyMDcyMzA5MDU1NVoXDTEzMDcyMzA5MDU1NVowDzENMAsG
A1UEAxMEMi8xNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKqbrhL/
yPlfnh+floUyX9yjk61fXzQD/FymcypFcs+6cNyOxzx2o1JiLOh9ETb9tXrsZ+ZC
pj21Sy/+aEWtAbrRwtLeomU+AbOKB3r3Ln5TnCXc4YFOVuul+yNz6pRrO0qtV5Fx
vmHFynpojPnWOPkIhEXYgnBvpHouDvM/u3Ljs0aGGNgb2BNwnZfncQwtmsaoekCe
V0aao3cxbkg6OmQKVbjfdUb9ditHhv8T4ssNo89UVwfnOsdM60kLhqMNbyI0b51X
s5/TwRxHzNr3i15DeAMKUm534zrnU99z6ba6WnSmLANPR43h3otsljJtU7XHUt3Q
J6CkynVfHclUhvECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAgd4aA37+Rhcw0CCt
3sci74/oN5WZz7zNGhHEkZXTuLCm64h1Z74U0aHO24Kje/fhyha8+3hBXJCHre3V
rDgWQfmZZ+NBwSpo94KNqs4gidBUf1ihEswCTz2qnoJovNjsMUJjUUhiJre8zjag
bbjET40XSBxbmf420tU0q6/hYTN1rboEFIu35QVjH+Gaw35BYSqUUzAyxk1eTEDe
EbxtMvBXCYE2TMKhdTwXa5Rj3oUsirwvKVpre/nmBLdTlXleEP1ALf9RAHCn9XzV
4rzIiGy4zJtgQLBRh66OlweGC+LUSQc2GRDqBBTo5yGnBckkaw3tCIVT4sMJP4mZ
ja8FPA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICoDCCAYgCADANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJGUjEPMA0GA1UE
AwwGVlBOIENBMB4XDTEyMDcyNTA1MjkyNloXDTEzMDcyNTA1MjkyNlowDzENMAsG
A1UEAxMENi8xNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANtC8H6a
Sr79bS+kg8UtNLoQy/mSGjfMMvA8k069mTzzYQ1+0SUadVN00sdEjOEz+HoyhM55
ipBjFhTUCe9A5RSGiMwaaxB9v/dsDqBpuUSXE8APPlEQkhFlGLjlE6OsmGI5mbiZ
VL/gRZ/jigxjcYuekNkB0Vc2HLu1Mka6UksprVk/C0jMSowqRheMQtqH5BmjgLiB
TCx24on8eysPRwuAZ2gIOEs6z0k13jhzoDyp3GGBV1JbREE1GBiN97h9bTeC/ivV
f1kqqioAG6QwdlZvhwo5Q9sVWmHIw/qDgXWYV1CCIsMFsIdmNVejaSiYUI3hm9/o
t9uCAMSlpSIFzY0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAslE24ttNqKNc2Bea
wIwqii1YKSvLxLtN5aXpvj+sFwcfAcjgGc4ccputqknETKUIAZ6WcbnK3gYnx5ya
HYBS5MiJuZh4FWqrSwJLEIo36pTZvYQx8KVEu2P/lOaokzPrXp5a8Lq+bw7EdCQH
1PjK8qo11trZT4thei5lPR0HxFgDexAPQ8CwOhAXb51xIIwWXdAGla7x3MPwf7Xo
R0YNR/zjm1UGb2DMT4vzPoPSjgZNf2Gg2DfqdtcpUlzd8sMyH6c+iiR8qe/7Lpzt
KGE/vo0VZVbKrANbrfdqrn8ZQV7yB+zXlCEWfqfBy+9NymF5uncJcKHSlhmClCuR
VH8hMw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICoDCCAYgCADANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJGUjEPMA0GA1UE
AwwGVlBOIENBMB4XDTEyMDcyMDAyNTc0NFoXDTEzMDcyMDAyNTc0NFowDzENMAsG
A1UEAxMEMS8xNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOXp2VvO
sIpiLl6da9dRvuxjfDHY5yQOlj4DrN/zrVwVM5Wl+4mwafbORmY5d6vLNSLgvu1s
jdlRe0herBzs707YcN/z9XTk+mfxyy1vhWVl9LeqBRLMgoTGYHMLyuKIT6xVFlHd
ECfsC2vjLBzKPjmMSduTjsxkAjm72dfOw51+KJ7Nd0kAeevR7H882Z6yPfvUOuPC
zEQhqAurV0ujuUqjVFzx1OkZNS1yme3cMJWXfg11JpFYIwc9G641vzrAfiOtQnjd
gq0v2eHJMmphLB0cXvf5wop41r5ClxEi/YgZfak5FLNjh5G0uJSG3si1rl4CCTnc
Hz6G1YMCnto8FMkCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAXIVyAqtoy0239HSc
zENpdWL9tmCiYk3sgBqAhmBtxBVOvflcLhA8IIEaiI07LOHXfIZVxkX1D6agFc4B
R/lltDVnjglGa9L7R5eFF9BtlCXyM+bBYzMnCH7yyw4TNspZg2quaOyFETb46pNL
g5FwMZxxtWb2+ehROBnk3VtuDA/0vLW3qQMf8dArtObsp4uj2ZAjUJ9+liBbwsar
wTPVCqnohPFNwEG0g67D5yHD5WinJpRJ7X12m853oSNz6C1Pcna1yb3u9zKOAto5
Iue82Lm/e0U2xPBegIgwwQFbSuAr1HUnmFiV2/KoNW8tFnjYoXRy5nPXoHiCMyCE
jreVUg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICoDCCAYgCADANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJGUjEPMA0GA1UE
AwwGVlBOIENBMB4XDTEyMDcyMDAyNTUzM1oXDTEzMDcyMDAyNTUzM1owDzENMAsG
A1UEAxMEMC8xNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/J8RTg
KmHHsrhx70VJUHQx+tlwoRT9glnSUeFquJwN0sfRs/u9ZaPnwDhwBNOEKBXw1ict
HCqnVJ4DxxgkOcdTftibFEXIdUdtMLEehrfbzZ7jJhbNHzkBsP2DfdISNP/tH09O
EYuNfvfkL8BdJqi2Yc6Fi+V4DpYX9ByjJZQdAFh8ROG71eyheWImw/XJ7Bpu3FLj
xyAMDl7+aLNgj8VCHlxIha5PSEpYyQqhyUXKM4bFI6KrT/1Zx+rkzJ0uP6j6iBPI
UWqktTCvOfyjUYHNv8GjsKT/6bWimj3rPOoPaEDcmIqhA0GdPLuOUkh1lm+PjM0N
7If0U7Hy4ZlBLLUCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAGkI/qlb9SYsbt+zG
MO+ThK17borBkf/HQ8KXJ535xx9KwmEqYo9DqKz8YVm+Cvg1KigyQLoBEx09yGJ7
mvUL8ZC5Q1ag/XgQ0g2+ickaiJ4zkVBCbAi4iykdEjvP5RvZqYMx3l70WcEJKnZB
alP4rXcbfQqCnuan5YNBjgkAZVzn4zyvlUVT0DKqHksJzL38WURmopocD2vocsqk
kPfJDDcaNE+JmHKW1W8CJDy98Eki6yVPcsjeZ+RSxgx5U/xfVYS8AOF2aB0ZcXwd
nH6joJWMUIu/R05of+a7XJGXGR86PMj0XqcwMx4/OlNxXbMgVnAwAb5Xm6auXHdP
dchlKQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICoDCCAYgCADANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJGUjEPMA0GA1UE
AwwGVlBOIENBMB4XDTEyMDcyNTA1MzIyOFoXDTEzMDcyNTA1MzIyOFowDzENMAsG
A1UEAxMEOC8xNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKrSdByu
pjlYwmw+OEcqHkZ9kNf4NFZjwxOojfJcPoC+pelK/IRxDPnZD5nLgxfFSTzQfLBn
QzzMzexzWmPj2ux3p2nhjT5/Sot40zJa6cJycLg3/g9nOZpFlhDEpyqF92KNIuY2
/r4gMZiDiRZNeyY52lnWVTjehGmYizpBU0KoSSVVSTbUJ5tA7l4bbqitb1nv9m6l
fKF/y1C7TfIbHKDRYOk6nnhOEdJxDkvPfSg61qF9UHM3EyPOZ7gq73gPOct59ccL
0v8+tENGtg49X2W/Hlx2OMd+XJHW2nmyvoWlDq9Z1bavuupwlI2bOhOIL309+BpT
JStHWyWE6Sv4088CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAoYRNTBilhwVWOl4R
xaGMtzAKs3FnYjxmh/1AZf0dFIKRPbJ+0fHrwF57oJCXGopgnbcKzqFVzg5XKhZN
09GynKpP0q7d94G077GW4e5XbNnneXs+oEYM9dVRZ2rWdWF4rHNjT6yRxH7Nimw/
9iw2r8fjdidl83zWdhGozBG5AlzuH+i1X88fKBYAR5u6m/HPm5HMUm1o3TgLB3Dt
3C6gyAKRGnvoK9B/RoeloR0Jwz4b5laPoSbH1TotJPLZEjiz8/jFbdG9xmzgS+BM
ciO5NpreBCOrRB9Z7qHf1gX2iRO4mChN7CfWQYVsr5HVqiNmeBQxDkbPx/PomRLT
rlyT1Q==
-----END CERTIFICATE-----
db registry/registry.db db registry/registry.db
ca ca.crt ca ca.crt
key registry/ca.key key registry/ca.key
private 2001:db8:42:8::1 private 2001:db8:42::1
logfile registry/registry.log logfile registry/registry.log
This diff is collapsed.
import errno import logging, errno, os, subprocess
import os from . import utils
import subprocess
import logging
import utils
here = os.path.realpath(os.path.dirname(__file__)) here = os.path.realpath(os.path.dirname(__file__))
ovpn_server = os.path.join(here, 'ovpn-server') ovpn_server = os.path.join(here, 'ovpn-server')
ovpn_client = os.path.join(here, 'ovpn-client') ovpn_client = os.path.join(here, 'ovpn-client')
ovpn_log = None
def openvpn(iface, hello_interval, encrypt, *args, **kw): def openvpn(iface, hello_interval, encrypt, *args, **kw):
args = ['openvpn', args = ['openvpn',
...@@ -17,9 +14,10 @@ def openvpn(iface, hello_interval, encrypt, *args, **kw): ...@@ -17,9 +14,10 @@ def openvpn(iface, hello_interval, encrypt, *args, **kw):
'--persist-key', '--persist-key',
'--script-security', '2', '--script-security', '2',
'--ping-exit', str(4 * hello_interval), '--ping-exit', str(4 * hello_interval),
'--log-append', os.path.join(log, '%s.log' % iface),
#'--user', 'nobody', '--group', 'nogroup', #'--user', 'nobody', '--group', 'nogroup',
] + list(args) ] + list(args)
if ovpn_log:
args += '--log-append', os.path.join(ovpn_log, '%s.log' % iface),
if not encrypt: if not encrypt:
args += '--cipher', 'none' args += '--cipher', 'none'
logging.debug('%r', args) logging.debug('%r', args)
...@@ -60,8 +58,8 @@ def client(iface, server_address, pipe_fd, hello_interval, encrypt, *args, **kw) ...@@ -60,8 +58,8 @@ def client(iface, server_address, pipe_fd, hello_interval, encrypt, *args, **kw)
return openvpn(iface, hello_interval, encrypt, *remote, **kw) return openvpn(iface, hello_interval, encrypt, *remote, **kw)
def router(network, subnet, subnet_size, interface_list, def router(network, subnet, subnet_size, hello_interval, log_path, state_path,
wireless, hello_interval, verbose, pidfile, state_path, **kw): pidfile, *args, **kw):
args = ['babeld', args = ['babeld',
'-C', 'redistribute local ip %s/%s le %s' % (subnet, subnet_size, subnet_size), '-C', 'redistribute local ip %s/%s le %s' % (subnet, subnet_size, subnet_size),
'-C', 'redistribute local deny', '-C', 'redistribute local deny',
...@@ -77,25 +75,18 @@ def router(network, subnet, subnet_size, interface_list, ...@@ -77,25 +75,18 @@ def router(network, subnet, subnet_size, interface_list,
#'-C', 'in ip ::/0 le %s' % network_mask, #'-C', 'in ip ::/0 le %s' % network_mask,
# Don't route other addresses # Don't route other addresses
'-C', 'in deny', '-C', 'in deny',
'-d', str(verbose),
'-h', str(hello_interval), '-h', str(hello_interval),
'-H', str(hello_interval), '-H', str(hello_interval),
'-L', os.path.join(log, 'babeld.log'), '-L', log_path,
'-S', state_path, '-S', state_path,
'-I', pidfile,
'-s', '-s',
] ] + list(args)
if pidfile:
args += '-I', pidfile
# WKRD: babeld fails to start if pidfile already exists # WKRD: babeld fails to start if pidfile already exists
else:
pidfile = '/var/run/babeld.pid'
try: try:
os.remove(pidfile) os.remove(pidfile)
except OSError, e: except OSError, e:
if e.errno != errno.ENOENT: if e.errno != errno.ENOENT:
raise raise
if wireless:
args.append('-w')
args = args + interface_list
logging.info('%r', args) logging.info('%r', args)
return subprocess.Popen(args, **kw) return subprocess.Popen(args, **kw)
...@@ -268,7 +268,7 @@ class TunnelManager(object): ...@@ -268,7 +268,7 @@ class TunnelManager(object):
def handlePeerEvent(self): def handlePeerEvent(self):
msg, address = self.sock.recvfrom(1<<16) msg, address = self.sock.recvfrom(1<<16)
if not utils.binFromIp(address[0]).startswith(self._network): if not (msg or utils.binFromIp(address[0]).startswith(self._network)):
return return
code = ord(msg[0]) code = ord(msg[0])
if code == 1: # answer if code == 1: # answer
......
#!/usr/bin/env python #!/usr/bin/env python
import argparse, atexit, errno, logging, os import atexit, errno, logging, os, select
import select, signal, sqlite3, sys, time, traceback import signal, sqlite3, sys, time, traceback
from re6st import plib, utils, db, tunnel from re6st import plib, utils, db, tunnel
def ovpnArgs(optional_args, ca_path, cert_path, key_path):
# Treat openvpn arguments
if optional_args and optional_args[0] == "--":
del optional_args[0]
optional_args.append('--ca')
optional_args.append(ca_path)
optional_args.append('--cert')
optional_args.append(cert_path)
optional_args.append('--key')
optional_args.append(key_path)
return optional_args
def getConfig(): def getConfig():
parser = utils.ArgParser(fromfile_prefix_chars='@', parser = utils.ArgParser(fromfile_prefix_chars='@',
...@@ -46,21 +34,24 @@ def getConfig(): ...@@ -46,21 +34,24 @@ def getConfig():
" are other re6st node on the same network segment.") " are other re6st node on the same network segment.")
_ = parser.add_argument_group('routing').add_argument _ = parser.add_argument_group('routing').add_argument
_('--babel-pidfile', metavar='PID', _('-B', dest='babel_args', metavar='ARG', action='append', default=[],
help="Extra arguments to forward to Babel.")
_('--babel-pidfile', metavar='PID', default='/var/run/re6st-babeld.pid',
help="Specify a file to write our process id to" help="Specify a file to write our process id to"
" (option -I of Babel).") " (option -I of Babel).")
_('--babel-verb', default=0, metavar='LEVEL',
help="Log level of Babel (option -d of Babel).")
_('--hello', type=int, default=15, _('--hello', type=int, default=15,
help="Hello interval in seconds, for both wired and wireless" help="Hello interval in seconds, for both wired and wireless"
" connections. OpenVPN ping-exit option is set to 4 times the" " connections. OpenVPN ping-exit option is set to 4 times the"
" hello interval. It takes between 3 and 4 times the" " hello interval. It takes between 3 and 4 times the"
" hello interval for Babel to re-establish connection with a" " hello interval for Babel to re-establish connection with a"
" node for which the direct connection has been cut.") " node for which the direct connection has been cut.")
_('-w', '--wireless', action='store_true',
help="Assume all interfaces are wireless (option -w of Babel).")
_ = parser.add_argument_group('tunnelling').add_argument _ = parser.add_argument_group('tunnelling').add_argument
_('-O', dest='openvpn_args', metavar='ARG', action='append', default=[],
help="Extra arguments to forward to both server and client OpenVPN"
" subprocesses. Often used to configure verbosity.")
_('--ovpnlog', action='store_true',
help="Tell each OpenVPN subprocess to log to a dedicated file.")
_('--encrypt', action='store_true', _('--encrypt', action='store_true',
help='Specify that tunnels should be encrypted.') help='Specify that tunnels should be encrypted.')
_('--pp', nargs=2, action='append', metavar=('PORT', 'PROTO'), _('--pp', nargs=2, action='append', metavar=('PORT', 'PROTO'),
...@@ -87,9 +78,6 @@ def getConfig(): ...@@ -87,9 +78,6 @@ def getConfig():
" tunnel is closed if the number of client tunnels has reached" " tunnel is closed if the number of client tunnels has reached"
" its maximum number (client-count).") " its maximum number (client-count).")
_('openvpn_args', nargs=argparse.REMAINDER,
help="Use pseudo-argument '--' to forward positional arguments as extra"
" arguments to both server and client OpenVPN subprocesses.")
return parser.parse_args() return parser.parse_args()
...@@ -98,15 +86,19 @@ def main(): ...@@ -98,15 +86,19 @@ def main():
config = getConfig() config = getConfig()
network = utils.networkFromCa(config.ca) network = utils.networkFromCa(config.ca)
prefix = utils.binFromSubnet(utils.subnetFromCert(config.cert)) prefix = utils.binFromSubnet(utils.subnetFromCert(config.cert))
openvpn_args = ovpnArgs(config.openvpn_args, config.ca, config.cert, config.openvpn_args += (
config.key) '--ca', config.ca,
'--cert', config.cert,
'--key', config.key)
# Set logging # Set logging
utils.setupLog(config.verbose, os.path.join(config.log, 're6stnet.log')) utils.setupLog(config.verbose, os.path.join(config.log, 're6stnet.log'))
logging.trace("Configuration:\n%r", config) logging.trace("Configuration:\n%r", config)
utils.makedirs(config.state) utils.makedirs(config.state)
db_path = os.path.join(config.state, 'peers.db') db_path = os.path.join(config.state, 'peers.db')
plib.log = tunnel.log = config.log if config.ovpnlog:
plib.ovpn_log = config.log
# Create and open read_only pipe to get server events # Create and open read_only pipe to get server events
logging.info('Creating pipe for server events...') logging.info('Creating pipe for server events...')
...@@ -148,20 +140,22 @@ def main(): ...@@ -148,20 +140,22 @@ def main():
try: try:
# Init db and tunnels # Init db and tunnels
peer_db = db.PeerDB(db_path, config.registry, config.key, prefix) peer_db = db.PeerDB(db_path, config.registry, config.key, prefix)
tunnel_manager = tunnel.TunnelManager(write_pipe, peer_db, openvpn_args, tunnel_manager = tunnel.TunnelManager(write_pipe, peer_db,
config.hello, config.tunnel_refresh, config.client_count, config.openvpn_args, config.hello, config.tunnel_refresh,
config.iface_list, network, prefix, address, ip_changed, config.client_count, config.iface_list, network, prefix, address,
config.encrypt) ip_changed, config.encrypt)
server_tunnels = {} server_tunnels = {}
for x in pp: for x in pp:
server_tunnels.setdefault('re6stnet-' + x[1], x) server_tunnels.setdefault('re6stnet-' + x[1], x)
interface_list = list(tunnel_manager.free_interface_set) \
+ config.iface_list + server_tunnels.keys()
subnet = network + prefix subnet = network + prefix
config.babel_args += tunnel_manager.free_interface_set
config.babel_args += config.iface_list
config.babel_args += server_tunnels
router = plib.router(network, utils.ipFromBin(subnet), len(subnet), router = plib.router(network, utils.ipFromBin(subnet), len(subnet),
interface_list, config.wireless, config.hello, config.babel_verb, config.hello, os.path.join(config.log, 'babeld.log'),
config.babel_pidfile, os.path.join(config.state, 'babeld.state')) os.path.join(config.state, 'babeld.state'),
config.babel_pidfile, *config.babel_args)
# main loop # main loop
try: try:
...@@ -171,7 +165,7 @@ def main(): ...@@ -171,7 +165,7 @@ def main():
utils.ipFromBin(subnet, '1') if proto == pp[0][1] else None, utils.ipFromBin(subnet, '1') if proto == pp[0][1] else None,
len(network) + len(prefix), len(network) + len(prefix),
config.max_clients, config.dh, write_pipe, port, config.max_clients, config.dh, write_pipe, port,
proto, config.hello, config.encrypt, *openvpn_args)) proto, config.hello, config.encrypt, *config.openvpn_args))
while True: while True:
next = tunnel_manager.next_refresh next = tunnel_manager.next_refresh
if forwarder: if forwarder:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment