Skip to content

R
re6stnet
Commit 84e01d2c authored by Ulysse Beaugnon's avatar Ulysse Beaugnon
Browse files
Options

config has now be moved to utils. Still a lot of hack with config to be removed

parent af915652
Hide whitespace changes
Inline Side-by-side
Showing with 78 additions and 76 deletions
TODO
View file @ 84e01d2c
Bugs :
When no peer is avalaible without the --no-boot option, it crash
To be done :
Do a clean-up in the import
To be discuss:
Remove the --no-boot option since we know when no node is avalaible
Maybe we should notify the server of our existence earlier
Find a better solution for config than utils.config = config, openv.config = config, ...
When I created PeersDB, I thought only be used to access the DB and not do some logic.
......@@ -16,13 +17,10 @@ To be discuss:
The organisation of the code
vifibnet.py Just contain the main loop and the init
openpvn.py To launch openvpn processes
utils.py Small functions to do some usefull job
utils.py Small functions to do some usefull job, also contains the config
db.py Function to access the DB (merge with utils ?)
tunnelmanager.py To choose wich connection delete/keep/...
upnpigd.py To open a port and find the external IP
config.py If we find a way to be able to juste have to import config evrywhere,
call config.init() from main and then have the config evrywhere,
it would be great
How we choose which protocol we use :
IMO, we should use UDP. I've read many times than TCP other TCP can be catastrophic in terme of performance
......
tunnelmanager.py
View file @ 84e01d2c
......@@ -2,6 +2,7 @@ import os, random
import openvpn
import utils
import db
from config import *
connection_dict = {} # to remember current connections we made
free_interface_set = set(('client1', 'client2', 'client3', 'client4', 'client5',
......
utils.py
View file @ 84e01d2c
import time
import argparse
from OpenSSL import crypto
def log(message, verbose_level):
if verbose >= verbose_level:
if config.verbose >= verbose_level:
print time.strftime("%d-%m-%Y %H:%M:%S : " + message)
def ipFromBin(prefix):
......@@ -15,3 +17,66 @@ def ipFromPrefix(vifibnet, prefix, prefix_len):
prefix = bin(int(prefix))[2:].rjust(prefix_len, '0')
ip_t = (vifibnet + prefix).ljust(128, '0')
return ipFromBin(ip_t)
def getConfig():
global config
parser = argparse.ArgumentParser(
description='Resilient virtual private network application')
_ = parser.add_argument
# Server address MUST be a vifib address ( else requests will be denied )
_('--server', required=True,
help='Address for peer discovery server')
_('--server-port', required=True, type=int,
help='Peer discovery server port')
_('-l', '--log', default='/var/log',
help='Path to vifibnet logs directory')
_('--client-count', default=2, type=int,
help='Number of client connections')
# TODO: use maxpeer
_('--max-clients', default=10, type=int,
help='the number of peers that can connect to the server')
_('--refresh-time', default=300, type=int,
help='the time (seconds) to wait before changing the connections')
_('--refresh-count', default=1, type=int,
help='The number of connections to drop when refreshing the connections')
_('--db', default='/var/lib/vifibnet/peers.db',
help='Path to peers database')
_('--dh', required=True,
help='Path to dh file')
_('--babel-state', default='/var/lib/vifibnet/babel_state',
help='Path to babeld state-file')
_('--verbose', '-v', default=0, type=int,
help='Defines the verbose level')
_('--ca', required=True,
help='Path to the certificate authority file')
_('--cert', required=True,
help='Path to the certificate file')
_('--ip', required=True, dest='external_ip',
help='Ip address of the machine on the internet')
# Openvpn options
_('openvpn_args', nargs=argparse.REMAINDER,
help="Common OpenVPN options (e.g. certificates)")
config = parser.parse_args()
# Get network prefix from ca.crt
with open(config.ca, 'r') as f:
ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
config.vifibnet = bin(ca.get_serial_number())[3:]
# Get ip from cert.crt
with open(config.cert, 'r') as f:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
subject = cert.get_subject()
prefix, prefix_len = subject.CN.split('/')
config.internal_ip = ipFromPrefix(config.vifibnet, prefix, int(prefix_len))
log('Intranet ip : %s' % (config.internal_ip,), 3)
# Treat openvpn arguments
if config.openvpn_args[0] == "--":
del config.openvpn_args[0]
config.openvpn_args.append('--ca')
config.openvpn_args.append(config.ca)
config.openvpn_args.append('--cert')
config.openvpn_args.append(config.cert)
log("Configuration completed", 1)
vifibnet.py
View file @ 84e01d2c
......@@ -30,72 +30,6 @@ def startBabel(**kw):
print args
return subprocess.Popen(args, **kw)
def getConfig():
global config
parser = argparse.ArgumentParser(
description='Resilient virtual private network application')
_ = parser.add_argument
# Server address MUST be a vifib address ( else requests will be denied )
_('--server', required=True,
help='Address for peer discovery server')
_('--server-port', required=True, type=int,
help='Peer discovery server port')
_('-l', '--log', default='/var/log',
help='Path to vifibnet logs directory')
_('--client-count', default=2, type=int,
help='Number of client connections')
# TODO: use maxpeer
_('--max-clients', default=10, type=int,
help='the number of peers that can connect to the server')
_('--refresh-time', default=300, type=int,
help='the time (seconds) to wait before changing the connections')
_('--refresh-count', default=1, type=int,
help='The number of connections to drop when refreshing the connections')
_('--db', default='/var/lib/vifibnet/peers.db',
help='Path to peers database')
_('--dh', required=True,
help='Path to dh file')
_('--babel-state', default='/var/lib/vifibnet/babel_state',
help='Path to babeld state-file')
_('--verbose', '-v', default=0, type=int,
help='Defines the verbose level')
_('--ca', required=True,
help='Path to the certificate authority file')
_('--cert', required=True,
help='Path to the certificate file')
_('--ip', required=True, dest='external_ip',
help='Ip address of the machine on the internet')
# Openvpn options
_('openvpn_args', nargs=argparse.REMAINDER,
help="Common OpenVPN options (e.g. certificates)")
openvpn.config = config = parser.parse_args()
tunnelmanager.config = config
db.config = config
utils.verbose = config.verbose
# Get network prefix from ca.crt
with open(config.ca, 'r') as f:
ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
config.vifibnet = bin(ca.get_serial_number())[3:]
# Get ip from cert.crt
with open(config.cert, 'r') as f:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
subject = cert.get_subject()
prefix, prefix_len = subject.CN.split('/')
config.internal_ip = utils.ipFromPrefix(config.vifibnet, prefix, int(prefix_len))
utils.log('Intranet ip : %s' % (config.internal_ip,), 3)
# Treat openvpn arguments
if config.openvpn_args[0] == "--":
del config.openvpn_args[0]
config.openvpn_args.append('--ca')
config.openvpn_args.append(config.ca)
config.openvpn_args.append('--cert')
config.openvpn_args.append(config.cert)
utils.log("Configuration completed", 1)
def handle_message(msg):
script_type, arg = msg.split()
if script_type == 'client-connect':
......@@ -111,8 +45,12 @@ def handle_message(msg):
def main():
# Get arguments
getConfig()
utils.getConfig()
global config
from utils import config
openvpn.config = config
tunnelmanager.config = config
db.config = config
# Setup database
tunnelmanager.peers_db = db.PeersDB(config.db)
......@@ -144,7 +82,7 @@ def main():
handle_message(read_pipe.readline())
if time.time() >= next_refresh:
tunnelmanager.peers_db.populate(10)
refreshConnections(write_pipe)
tunnelmanager.refreshConnections(write_pipe)
next_refresh = time.time() + config.refresh_time
except KeyboardInterrupt:
return 0
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7