diff --git a/.gitignore b/.gitignore
index 52e4e61..e3fad3c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,52 @@
-*.pyc
-*.pyo
+# Python
+*.py[co]
+*.egg
+*.egg-info
+dist
+build
+eggs
+parts
+bin
+var
+sdist
+tmp
+develop-eggs
+share
+.installed.cfg
+pip-log.txt
+
+# Nose
+.coverage
+.tox
+
+# Translations
+*.mo
+
+# Mr Developer
+.mr.developer.cfg
+
+# Others
+*~
+*#
+.#*
+*.orig
+data
+lg.log*
+
+# Virtualenv
+.Python
+include
+lib
+local
+man
+
+# Sphinx
+doc/build/
+
+# Database
+db/*
+
+# Local development
+local.yaml
+local.ini
+
diff --git a/lg.cfg b/lg.cfg
index 7e9bc23..4520404 100644
--- a/lg.cfg
+++ b/lg.cfg
@@ -30,3 +30,13 @@ AS_NUMBER = {
ASN_ZONE = "asn.cymru.com"
SESSION_KEY = '\xd77\xf9\xfa\xc2\xb5\xcd\x85)`+H\x9d\xeeW\\%\xbe/\xbaT\x89\xe8\xa7'
+
+# Set to True if you're using one BIRD with full view of the network graph
+BIRD_HAS_FULL_VIEW = True
+
+# Maximum number of paths to show
+MAX_PATHS = 7
+
+# Shorten router names (xxx-yyy-zzz.telecom.local -> xxx-yyy-zzz, provided you specify '.telecom.local' as a value)
+ROUTER_NAME_REMOVE = '.telecom.local.'
+
diff --git a/lg.py b/lg.py
index 477e29a..b2199e2 100644
--- a/lg.py
+++ b/lg.py
@@ -20,22 +20,22 @@
#
###
-import memcache
-import subprocess
-import logging
+from collections import defaultdict
from logging.handlers import TimedRotatingFileHandler
-import re
-from urllib2 import urlopen
from urllib import quote, unquote
+from urllib2 import urlopen
import json
+import logging
+import memcache
import random
+import re
+import subprocess
-from toolbox import mask_is_valid, ipv6_is_valid, ipv4_is_valid, resolve, save_cache_pickle, load_cache_pickle, unescape
-#from xml.sax.saxutils import escape
+from toolbox import mask_is_valid, ipv6_is_valid, ipv4_is_valid, resolve, resolve_ptr, save_cache_pickle, load_cache_pickle, unescape
-
-import pydot
+from dns.resolver import NXDOMAIN
from flask import Flask, render_template, jsonify, redirect, session, request, abort, Response, Markup
+import pydot
app = Flask(__name__)
app.config.from_pyfile('lg.cfg')
@@ -47,16 +47,17 @@ file_handler.setLevel(getattr(logging, app.config["LOG_LEVEL"].upper()))
app.logger.addHandler(file_handler)
memcache_server = app.config.get("MEMCACHE_SERVER", "127.0.0.1:11211")
-memcache_expiration = int(app.config.get("MEMCACHE_EXPIRATION", "1296000")) # 15 days by default
+memcache_expiration = int(app.config.get("MEMCACHE_EXPIRATION", "1296000")) # 15 days by default
mc = memcache.Client([memcache_server])
+
def get_asn_from_as(n):
asn_zone = app.config.get("ASN_ZONE", "asn.cymru.com")
try:
- data = resolve("AS%s.%s" % (n, asn_zone) ,"TXT").replace("'","").replace('"','')
+ data = resolve("AS%s.%s" % (n, asn_zone), "TXT").replace("'", "").replace('"', '')
except:
- return " "*5
- return [ field.strip() for field in data.split("|") ]
+ return " " * 5
+ return [field.strip() for field in data.split("|")]
def add_links(text):
@@ -69,8 +70,7 @@ def add_links(text):
ret_text = []
for line in text:
# Some heuristic to create link
- if line.strip().startswith("BGP.as_path:") or \
- line.strip().startswith("Neighbor AS:"):
+ if line.strip().startswith("BGP.as_path:") or line.strip().startswith("Neighbor AS:"):
ret_text.append(re.sub(r'(\d+)', r'\1', line))
else:
line = re.sub(r'([a-zA-Z0-9\-]*\.([a-zA-Z]{2,3}){1,2})(\s|$)', r'\1\3', line)
@@ -111,7 +111,7 @@ def set_session(request_type, hosts, proto, request_args):
def whois_command(query):
server = []
if app.config.get("WHOIS_SERVER", ""):
- server = [ "-h", app.config.get("WHOIS_SERVER") ]
+ server = ["-h", app.config.get("WHOIS_SERVER")]
return subprocess.Popen(['whois'] + server + [query], stdout=subprocess.PIPE).communicate()[0].decode('utf-8', 'ignore')
@@ -143,7 +143,7 @@ def bird_proxy(host, proto, service, query):
elif not path:
return False, 'Proto "%s" invalid' % proto
else:
- url = "http://%s.%s:%d/%s?q=%s" % (host, app.config["DOMAIN"], port, path, quote(query))
+ url = 'http://{}:{}/{}?q={}'.format(app.config['ROUTER_IP'][host][0], port, path, quote(query))
try:
f = urlopen(url)
resultat = f.read()
@@ -157,18 +157,18 @@ def bird_proxy(host, proto, service, query):
@app.context_processor
def inject_commands():
commands = [
- ("traceroute", "traceroute ..."),
- ("summary", "show protocols"),
- ("detail", "show protocols ... all"),
- ("prefix", "show route for ..."),
- ("prefix_detail", "show route for ... all"),
- ("prefix_bgpmap", "show route for ... (bgpmap)"),
- ("where", "show route where net ~ [ ... ]"),
- ("where_detail", "show route where net ~ [ ... ] all"),
- ("where_bgpmap", "show route where net ~ [ ... ] (bgpmap)"),
- ("adv", "show route ..."),
- ("adv_bgpmap", "show route ... (bgpmap)"),
- ]
+ ("traceroute", "traceroute ..."),
+ ("summary", "show protocols"),
+ ("detail", "show protocols ... all"),
+ ("prefix", "show route for ..."),
+ ("prefix_detail", "show route for ... all"),
+ ("prefix_bgpmap", "show route for ... (bgpmap)"),
+ ("where", "show route where net ~ [ ... ]"),
+ ("where_detail", "show route where net ~ [ ... ] all"),
+ ("where_bgpmap", "show route where net ~ [ ... ] (bgpmap)"),
+ ("adv", "show route ..."),
+ ("adv_bgpmap", "show route ... (bgpmap)"),
+ ]
commands_dict = {}
for id, text in commands:
commands_dict[id] = text
@@ -198,10 +198,12 @@ def incorrect_request(e):
def page_not_found(e):
return render_template('error.html', warnings=["The requested URL was not found on the server."]), 404
+
def get_query():
q = unquote(request.args.get('q', '').strip())
return q
+
@app.route("/whois")
def whois():
query = get_query()
@@ -317,7 +319,6 @@ def traceroute(hosts, proto):
errors.append("%s" % resultat)
continue
-
infos[host] = add_links(resultat)
return render_template('traceroute.html', infos=infos, errors=errors)
@@ -377,7 +378,7 @@ def get_as_name(_as):
name = mc.get(str('lg_%s' % _as))
if not name:
app.logger.info("asn for as %s not found in memcache", _as)
- name = get_asn_from_as(_as)[-1].replace(" ","\r",1)
+ name = get_asn_from_as(_as)[-1].replace(" ", "\r", 1)
if name:
mc.set(str("lg_%s" % _as), str(name), memcache_expiration)
return "AS%s | %s" % (_as, name)
@@ -415,7 +416,7 @@ def show_bgpmap():
def add_node(_as, **kwargs):
if _as not in nodes:
- kwargs["label"] = '<' + escape(kwargs.get("label", get_as_name(_as))).replace("\r","
") + " |
>"
+ kwargs["label"] = '<' + escape(kwargs.get("label", get_as_name(_as))).replace("\r", "
") + " |
>"
nodes[_as] = pydot.Node(_as, style="filled", fontsize="10", **kwargs)
graph.add_node(nodes[_as])
return nodes[_as]
@@ -433,17 +434,17 @@ def show_bgpmap():
e = edges[edge_tuple]
label_without_star = kwargs["label"].replace("*", "")
- labels = e.get_label().split("\r")
+ labels = e.get_label().split("\r")
if "%s*" % label_without_star not in labels:
- labels = [ kwargs["label"] ] + [ l for l in labels if not l.startswith(label_without_star) ]
- labels = sorted(labels, cmp=lambda x,y: x.endswith("*") and -1 or 1)
-
+ labels = [kwargs["label"]] + [l for l in labels if not l.startswith(label_without_star)]
+ labels = sorted(labels, cmp=lambda x, y: x.endswith("*") and -1 or 1)
+
label = escape("\r".join(labels))
e.set_label(label)
return edges[edge_tuple]
for host, asmaps in data.iteritems():
- add_node(host, label= "%s\r%s" % (host.upper(), app.config["DOMAIN"].upper()), shape="box", fillcolor="#F5A9A9")
+ add_node(host, label="%s\r%s" % (host.upper(), app.config["DOMAIN"].upper()), shape="box", fillcolor="#F5A9A9")
as_number = app.config["AS_NUMBER"].get(host, None)
if as_number:
@@ -451,8 +452,8 @@ def show_bgpmap():
edge = add_edge(as_number, nodes[host])
edge.set_color("red")
edge.set_style("bold")
-
- #colors = [ "#009e23", "#1a6ec1" , "#d05701", "#6f879f", "#939a0e", "#0e9a93", "#9a0e85", "#56d8e1" ]
+
+ # colors = [ "#009e23", "#1a6ec1" , "#d05701", "#6f879f", "#939a0e", "#0e9a93", "#9a0e85", "#56d8e1" ]
previous_as = None
hosts = data.keys()
for host, asmaps in data.iteritems():
@@ -468,16 +469,18 @@ def show_bgpmap():
continue
if not hop:
- hop = True
- if _as not in hosts:
- hop_label = _as
+ if app.config.get('BIRD_HAS_FULL_VIEW', False):
+ hop = True
+ hop_label = ''
+ continue
+ elif _as not in hosts:
+ hop_label = _as
if first:
hop_label = hop_label + "*"
continue
else:
hop_label = ""
-
add_node(_as, fillcolor=(first and "#F5A9A9" or "white"))
if hop_label:
edge = add_edge(nodes[previous_as], nodes[_as], label=hop_label, fontsize="7")
@@ -500,7 +503,7 @@ def show_bgpmap():
node = add_node(previous_as)
node.set_shape("box")
- #return Response("" + graph.create_dot() + "
")
+ # return Response("" + graph.create_dot() + "
")
return Response(graph.create_png(), mimetype='image/png')
@@ -510,10 +513,14 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
path = None
paths = []
net_dest = None
+
+ re_via = re.compile(r'(.*)via\s+([0-9a-fA-F:\.]+)\s+on.*\[(\w+)\s+')
+ re_unreachable = re.compile(r'(.*)unreachable\s+\[(\w+)\s+')
+
for line in text:
line = line.strip()
- expr = re.search(r'(.*)via\s+([0-9a-fA-F:\.]+)\s+on.*\[(\w+)\s+', line)
+ expr = re_via.search(line)
if expr:
if path:
path.append(net_dest)
@@ -533,10 +540,10 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
break
else:
# ugly hack for good printing
- path = [ peer_protocol_name ]
-# path = ["%s\r%s" % (peer_protocol_name, get_as_name(get_as_number_from_protocol_name(host, proto, peer_protocol_name)))]
-
- expr2 = re.search(r'(.*)unreachable\s+\[(\w+)\s+', line)
+ path = [peer_protocol_name]
+ # path = ["%s\r%s" % (peer_protocol_name, get_as_name(get_as_number_from_protocol_name(host, proto, peer_protocol_name)))]
+
+ expr2 = re_unreachable.search(line)
if expr2:
if path:
path.append(net_dest)
@@ -548,7 +555,7 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
if line.startswith("BGP.as_path:"):
path.extend(line.replace("BGP.as_path:", "").strip().split(" "))
-
+
if path:
path.append(net_dest)
paths.append(path)
@@ -556,6 +563,93 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
return paths
+def build_as_tree_from_full_view(host, proto, res):
+ re_chunk_start = re.compile(r'(.*)unreachable\s+\[(.*)\s+.*\s+from\s+(.*)\].*\(.*\)\s\[.*\]')
+ dest_subnet = None
+ raw = defaultdict(dict)
+
+ for line in res:
+ line = line.strip()
+ expr = re_chunk_start.search(line)
+
+ if expr:
+ # Beginning of the BGP reply chunk
+ if not dest_subnet:
+ dest_subnet = expr.group(1).strip()
+
+ router_tag = expr.group(2).strip()
+ router_ip = expr.group(3).strip()
+
+ try:
+ router_ip = resolve_ptr(router_ip)
+ except NXDOMAIN:
+ # If PTR record can't be found, IP will do too
+ pass
+
+ elif line.startswith('BGP.as_path:'):
+ # BGP AS path
+ line = line.replace('BGP.as_path:', '')
+ line = line.strip()
+ path = [router_tag, ]
+ for as_num in line.split(' '):
+ if as_num:
+ path.append(as_num)
+
+ path_tag = '+'.join(path[1:])
+
+ if path_tag not in raw:
+ raw[path_tag] = list()
+
+ raw[path_tag].append(dict(router_tag=router_tag, router_ip=router_ip, path=path))
+
+ elif line.startswith('BGP.community:'):
+ # BGP community
+ line = line.replace('BGP.community:', '')
+ line = line.strip()
+ raw[path_tag][-1]['community'] = line.split(' ')
+
+ elif line.startswith('BGP.cluster_list:'):
+ # BGP cluster size
+ line = line.replace('BGP.cluster_list:', '')
+ line = line.strip()
+ raw[path_tag][-1]['cluster_size'] = len(line.split(' '))
+
+ for path_tag in raw:
+ raw[path_tag] = iter(raw[path_tag])
+
+ result = defaultdict(list)
+ exhausted_tags = set()
+ existing_paths_num = len(raw)
+ if len(raw) > app.config.get('MAX_PATHS', 10):
+ max_paths = existing_paths_num
+ else:
+ max_paths = app.config.get('MAX_PATHS', 10)
+ path_count = 0
+
+ while path_count < max_paths:
+ for path_tag in sorted(raw, key=lambda x: x.count('+')):
+ if path_tag in exhausted_tags:
+ continue
+
+ try:
+ path = next(raw[path_tag])
+ except StopIteration:
+ exhausted_tags.add(path_tag)
+ continue
+
+ result[path['router_ip']].append(path['path'])
+ result[path['router_ip']][-1].append(dest_subnet)
+
+ path_count += 1
+ if path_count == max_paths:
+ break
+
+ if path_count == max_paths or len(exhausted_tags) == existing_paths_num:
+ break
+
+ return result
+
+
def show_route(request_type, hosts, proto):
expression = get_query()
if not expression:
@@ -618,7 +712,10 @@ def show_route(request_type, hosts, proto):
continue
if bgpmap:
- detail[host] = build_as_tree_from_raw_bird_ouput(host, proto, res)
+ if app.config['BIRD_HAS_FULL_VIEW']:
+ detail = build_as_tree_from_full_view(host, proto, res)
+ else:
+ detail[host] = build_as_tree_from_raw_bird_ouput(host, proto, res)
else:
detail[host] = add_links(res)
diff --git a/lgproxy.cfg b/lgproxy.cfg
index 6268964..8e84a69 100644
--- a/lgproxy.cfg
+++ b/lgproxy.cfg
@@ -5,3 +5,6 @@ LOG_LEVEL="WARNING"
ACCESS_LIST = ["91.224.149.206", "178.33.111.110", "2a01:6600:8081:ce00::1"]
IPV4_SOURCE=""
IPV6_SOURCE=""
+FEATURES=['traceroute', 'bird' ]
+SOCKET_PATH={4: '/var/run/bird.ctl', 6: '/var/run/bird6.ctl'}
+
diff --git a/lgproxy.py b/lgproxy.py
index 13ba667..82039c6 100644
--- a/lgproxy.py
+++ b/lgproxy.py
@@ -35,60 +35,69 @@ app = Flask(__name__)
app.debug = app.config["DEBUG"]
app.config.from_pyfile('lgproxy.cfg')
-file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight")
+file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight")
app.logger.setLevel(getattr(logging, app.config["LOG_LEVEL"].upper()))
app.logger.addHandler(file_handler)
+
@app.before_request
def access_log_before(*args, **kwargs):
- app.logger.info("[%s] request %s, %s", request.remote_addr, request.url, "|".join(["%s:%s"%(k,v) for k,v in request.headers.items()]))
+ app.logger.info("[%s] request %s, %s", request.remote_addr, request.url, "|".join(["%s:%s" % (k, v) for k, v in request.headers.items()]))
+
@app.after_request
def access_log_after(response, *args, **kwargs):
- app.logger.info("[%s] reponse %s, %s", request.remote_addr, request.url, response.status_code)
+ app.logger.info("[%s] reponse %s, %s", request.remote_addr, request.url, response.status_code)
return response
+
def check_accesslist():
- if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]:
+ if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]:
abort(401)
+
+def check_features():
+ features = app.config.get('FEATURES', [])
+ if request.endpoint not in features:
+ abort(401)
+
+
@app.route("/traceroute")
@app.route("/traceroute6")
def traceroute():
check_accesslist()
-
+
if sys.platform.startswith('freebsd') or sys.platform.startswith('netbsd') or sys.platform.startswith('openbsd'):
- traceroute4 = [ 'traceroute' ]
- traceroute6 = [ 'traceroute6' ]
- else: # For Linux
- traceroute4 = [ 'traceroute', '-4' ]
- traceroute6 = [ 'traceroute', '-6' ]
+ traceroute4 = ['traceroute']
+ traceroute6 = ['traceroute6']
+ else: # For Linux
+ traceroute4 = ['traceroute', '-4']
+ traceroute6 = ['traceroute', '-6']
src = []
- if request.path == '/traceroute6':
- traceroute = traceroute6
- if app.config.get("IPV6_SOURCE",""):
- src = [ "-s", app.config.get("IPV6_SOURCE") ]
+ if request.path == '/traceroute6':
+ traceroute = traceroute6
+ if app.config.get("IPV6_SOURCE", ""):
+ src = ["-s", app.config.get("IPV6_SOURCE")]
- else:
- traceroute = traceroute4
- if app.config.get("IPV4_SOURCE",""):
- src = [ "-s", app.config.get("IPV4_SOURCE") ]
+ else:
+ traceroute = traceroute4
+ if app.config.get("IPV4_SOURCE", ""):
+ src = ["-s", app.config.get("IPV4_SOURCE")]
- query = request.args.get("q","")
+ query = request.args.get("q", "")
query = unquote(query)
if sys.platform.startswith('freebsd') or sys.platform.startswith('netbsd'):
- options = [ '-a', '-q1', '-w1', '-m15' ]
+ options = ['-a', '-q1', '-w1', '-m15']
elif sys.platform.startswith('openbsd'):
- options = [ '-A', '-q1', '-w1', '-m15' ]
- else: # For Linux
- options = [ '-A', '-q1', '-N32', '-w1', '-m15' ]
- command = traceroute + src + options + [ query ]
- result = subprocess.Popen( command , stdout=subprocess.PIPE).communicate()[0].decode('utf-8', 'ignore').replace("\n","
")
-
- return result
+ options = ['-A', '-q1', '-w1', '-m15']
+ else: # For Linux
+ options = ['-A', '-q1', '-N32', '-w1', '-m15']
+ command = traceroute + src + options + [query]
+ result = subprocess.Popen(command, stdout=subprocess.PIPE).communicate()[0].decode('utf-8', 'ignore').replace("\n", "
")
+ return result
@app.route("/bird")
@@ -96,18 +105,21 @@ def traceroute():
def bird():
check_accesslist()
- if request.path == "/bird": b = BirdSocket(file="/var/run/bird.ctl")
- elif request.path == "/bird6": b = BirdSocket(file="/var/run/bird6.ctl")
- else: return "No bird socket selected"
+ if request.path == "/bird":
+ b = BirdSocket(file=app.config.get('SOCKET_PATH').get(4))
+ elif request.path == "/bird6":
+ b = BirdSocket(file=app.config.get('SOCKET_PATH').get(6))
+ else:
+ return "No bird socket selected"
- query = request.args.get("q","")
+ query = request.args.get("q", "")
query = unquote(query)
status, result = b.cmd(query)
b.close()
# FIXME: use status
return result
-
+
if __name__ == "__main__":
app.logger.info("lgproxy start")
diff --git a/toolbox.py b/toolbox.py
index f2b50e1..f5cadc7 100644
--- a/toolbox.py
+++ b/toolbox.py
@@ -19,26 +19,41 @@
#
###
-from dns import resolver
+from dns import resolver, reversename
import socket
import pickle
import xml.parsers.expat
+from flask import Flask
+
+
resolv = resolver.Resolver()
resolv.timeout = 0.5
resolv.lifetime = 1
+app = Flask(__name__)
+app.config.from_pyfile('lg.cfg')
+
+
def resolve(n, q):
- return str(resolv.query(n,q)[0])
+ return str(resolv.query(n, q)[0])
+
+
+def resolve_ptr(ip):
+ ptr = str(resolve(reversename.from_address(ip), 'PTR')).lower()
+ ptr = ptr.replace(app.config.get('ROUTER_NAME_REMOVE', ''), '')
+ return ptr
+
def mask_is_valid(n):
- if not n:
- return True
- try:
- mask = int(n)
- return ( mask >= 1 and mask <= 128)
- except:
- return False
+ if not n:
+ return True
+ try:
+ mask = int(n)
+ return (mask >= 1 and mask <= 128)
+ except:
+ return False
+
def ipv4_is_valid(n):
try:
@@ -47,6 +62,7 @@ def ipv4_is_valid(n):
except socket.error:
return False
+
def ipv6_is_valid(n):
try:
socket.inet_pton(socket.AF_INET6, n)
@@ -54,22 +70,25 @@ def ipv6_is_valid(n):
except socket.error:
return False
-def save_cache_pickle(filename, data):
- output = open(filename, 'wb')
- pickle.dump(data, output)
- output.close()
-def load_cache_pickle(filename, default = None):
- try:
- pkl_file = open(filename, 'rb')
- except IOError:
- return default
- try:
- data = pickle.load(pkl_file)
- except:
- data = default
- pkl_file.close()
- return data
+def save_cache_pickle(filename, data):
+ output = open(filename, 'wb')
+ pickle.dump(data, output)
+ output.close()
+
+
+def load_cache_pickle(filename, default=None):
+ try:
+ pkl_file = open(filename, 'rb')
+ except IOError:
+ return default
+ try:
+ data = pickle.load(pkl_file)
+ except:
+ data = default
+ pkl_file.close()
+ return data
+
def unescape(s):
want_unicode = False