From eaf531eee213ec0bb5936f982497b6a8b548d614 Mon Sep 17 00:00:00 2001 From: tamihiro Date: Sun, 9 Jun 2019 18:35:20 +0900 Subject: [PATCH 01/25] Correctly parse aspath for both bird 1.x and 2.0. Due to the change in the output of `show route for all` since bird-2.0, this patch is necessary to correctly parse aspaths. Without this patch, `build_as_tree_from_raw_bird_ouput()` fails with the following exception if the backend is bird-2.0. ``` Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1836, in __call__ return self.wsgi_app(environ, start_response) File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1820, in wsgi_app response = self.make_response(self.handle_exception(e)) File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1403, in handle_exception reraise(exc_type, exc_value, tb) File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1817, in wsgi_app response = self.full_dispatch_request() File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1477, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1381, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1475, in full_dispatch_request rv = self.dispatch_request() File "/usr/lib/python2.7/dist-packages/flask/app.py", line 1461, in dispatch_request return self.view_functions[rule.endpoint](**req.view_args) File "./lg.py", line 522, in show_bgpmap response = Response(graph.create_png(), mimetype='image/png') File "/usr/lib/python2.7/dist-packages/pydot.py", line 1735, in lambda f=frmt, prog=self.prog: self.create(format=f, prog=prog) File "/usr/lib/python2.7/dist-packages/pydot.py", line 1905, in create self.write(tmp_name) File "/usr/lib/python2.7/dist-packages/pydot.py", line 1830, in write data = self.to_string() File "/usr/lib/python2.7/dist-packages/pydot.py", line 1600, in to_string graph.append(node.to_string() + '\n') File "/usr/lib/python2.7/dist-packages/pydot.py", line 865, in to_string node += ' [' + node_attr + ']' TypeError: unsupported operand type(s) for +=: 'NoneType' and 'str' ``` Consequently, `show route for (bgpmap)` shows an error icon. --- lg.py | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/lg.py b/lg.py index 40caa95..daf3973 100644 --- a/lg.py +++ b/lg.py @@ -538,21 +538,29 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text): path = None paths = [] net_dest = None + peer_protocol_name = None for line in text: line = line.strip() - expr = re.search(r'(.*)via\s+([0-9a-fA-F:\.]+)\s+on.*\[(\w+)\s+', line) + expr = re.search(r'(.*)unicast\s+\[(\w+)\s+', line) if expr: + if expr.group(1).strip(): + net_dest = expr.group(1).strip() + peer_protocol_name = expr.group(2).strip() + + expr2 = re.search(r'(.*)via\s+([0-9a-fA-F:\.]+)\s+on\s+\w+(\s+\[(\w+)\s+)?', line) + if expr2: if path: path.append(net_dest) paths.append(path) path = None - if expr.group(1).strip(): - net_dest = expr.group(1).strip() + if expr2.group(1).strip(): + net_dest = expr2.group(1).strip() - peer_ip = expr.group(2).strip() - peer_protocol_name = expr.group(3).strip() + peer_ip = expr2.group(2).strip() + if expr2.group(4): + peer_protocol_name = expr2.group(4).strip() # Check if via line is a internal route for rt_host, rt_ips in app.config["ROUTER_IP"].iteritems(): # Special case for internal routing @@ -564,15 +572,18 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text): path = [ peer_protocol_name ] # path = ["%s\r%s" % (peer_protocol_name, get_as_name(get_as_number_from_protocol_name(host, proto, peer_protocol_name)))] - expr2 = re.search(r'(.*)unreachable\s+\[(\w+)\s+', line) - if expr2: + expr3 = re.search(r'(.*)unreachable\s+\[(\w+)\s+', line) + if expr3: if path: path.append(net_dest) paths.append(path) path = None - if expr2.group(1).strip(): - net_dest = expr2.group(1).strip() + if path is None: + path = [ expr3.group(2).strip() ] + + if expr3.group(1).strip(): + net_dest = expr3.group(1).strip() if line.startswith("BGP.as_path:"): ASes = line.replace("BGP.as_path:", "").strip().split(" ") From 2c0d5ac2737e0666ffc42bbf4501d61a3c5f0869 Mon Sep 17 00:00:00 2001 From: tamihiro Date: Sun, 9 Jun 2019 21:35:59 +0900 Subject: [PATCH 02/25] Correctly display each of multiple destination prefixes with a box shape. Without this patch, `show route where net ~ [ prefix+ ] (bgpmap)` erroneously returns only one prefix with a box shape, and all the other prefixes with a oval shape as if they were multipath intermediate ASes. --- lg.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/lg.py b/lg.py index 40caa95..ad36a2f 100644 --- a/lg.py +++ b/lg.py @@ -491,7 +491,10 @@ def show_bgpmap(): hop_label = "" - add_node(_as, fillcolor=(first and "#F5A9A9" or "white")) + if _as == asmap[-1]: + add_node(_as, fillcolor="#F5A9A9", shape="box", ) + else: + add_node(_as, fillcolor=(first and "#F5A9A9" or "white"), ) if hop_label: edge = add_edge(nodes[previous_as], nodes[_as], label=hop_label, fontsize="7") else: @@ -499,20 +502,16 @@ def show_bgpmap(): hop_label = "" - if first: + if first or _as == asmap[-1]: edge.set_style("bold") edge.set_color("red") - elif edge.get_color() != "red": + elif edge.get_style() != "bold": edge.set_style("dashed") edge.set_color(color) previous_as = _as first = False - if previous_as: - node = add_node(previous_as) - node.set_shape("box") - for _as in prepend_as: graph.add_edge(pydot.Edge(*(_as, _as), label=" %dx" % prepend_as[_as], color="grey", fontcolor="grey")) From 648197da2403c81145438d63f27bd023cac1e677 Mon Sep 17 00:00:00 2001 From: tamihiro Date: Sun, 9 Jun 2019 21:41:35 +0900 Subject: [PATCH 03/25] Correct AS path prepend count in bgpmap. Without this patch, show_bgpmap() method does duplicate counts of aspath prepends, and returns a larger prepend count than it actually is. --- lg.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lg.py b/lg.py index 40caa95..56873a6 100644 --- a/lg.py +++ b/lg.py @@ -477,7 +477,13 @@ def show_bgpmap(): hop_label = "" for _as in asmap: if _as == previous_as: - prepend_as[_as] = prepend_as.get(_as, 1) + 1 + if not prepend_as.get(_as, None): + prepend_as[_as] = {} + if not prepend_as[_as].get(host, None): + prepend_as[_as][host] = {} + if not prepend_as[_as][host].get(asmap[0], None): + prepend_as[_as][host][asmap[0]] = 1 + prepend_as[_as][host][asmap[0]] += 1 continue if not hop: @@ -514,7 +520,8 @@ def show_bgpmap(): node.set_shape("box") for _as in prepend_as: - graph.add_edge(pydot.Edge(*(_as, _as), label=" %dx" % prepend_as[_as], color="grey", fontcolor="grey")) + for n in set([ n for h, d in prepend_as[_as].iteritems() for p, n in d.iteritems() ]): + graph.add_edge(pydot.Edge(*(_as, _as), label=" %dx" % n, color="grey", fontcolor="grey")) fmt = request.args.get('fmt', 'png') #response = Response("
" + graph.create_dot() + "
") From 86c4cf296569db823b527d0737c82451110f118f Mon Sep 17 00:00:00 2001 From: netfreak98 <31798580+netfreak98@users.noreply.github.com> Date: Sun, 1 Mar 2020 19:57:01 +0100 Subject: [PATCH 04/25] Update README.mkd Added our LG to the list (AS49697) :) --- README.mkd | 1 + 1 file changed, 1 insertion(+) diff --git a/README.mkd b/README.mkd index 1b14ac5..cd7bcb3 100644 --- a/README.mkd +++ b/README.mkd @@ -83,3 +83,4 @@ Happy users * https://lg.fullsave.net/ * http://lg.catnix.net/ * https://lg.worldstream.nl/ +* https://route-server.netshelter.de/ From 1a13a41db73c433201177b0b527551fb97801195 Mon Sep 17 00:00:00 2001 From: vidister Date: Wed, 29 Apr 2020 13:59:42 +0200 Subject: [PATCH 05/25] Add shebang to lgproxy.py --- lgproxy.py | 1 + 1 file changed, 1 insertion(+) diff --git a/lgproxy.py b/lgproxy.py index e6018f0..ef3b06e 100644 --- a/lgproxy.py +++ b/lgproxy.py @@ -1,3 +1,4 @@ +#!/usr/bin/python # -*- coding: utf-8 -*- # vim: ts=4 ### From 9d9d93805eea07b9b099a6b937069c3fa468cc57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 29 Apr 2020 18:51:25 +0300 Subject: [PATCH 06/25] Removed br tag replacer on whois endpoint --- lg.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lg.py b/lg.py index 2db377f..4db3b9c 100644 --- a/lg.py +++ b/lg.py @@ -218,7 +218,7 @@ def whois(): if m: query = query.groupdict()["domain"] - output = whois_command(query).replace("\n", "
") + output = whois_command(query) return jsonify(output=output, title=query) From 95fd86238889017e8513a5aa4525c7084e4e464d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0lteri=C5=9F=20Ero=C4=9Flu?= Date: Wed, 29 Apr 2020 18:52:24 +0300 Subject: [PATCH 07/25] Added css to whois modal to handle newlines --- static/js/lg.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/static/js/lg.js b/static/js/lg.js index 358fc95..1a8b496 100644 --- a/static/js/lg.js +++ b/static/js/lg.js @@ -58,7 +58,7 @@ $(function(){ link = $(this).attr('href'); $.getJSON(link, function(data) { $(".modal h3").html(data.title); - $(".modal .modal-body > p").html(data.output); + $(".modal .modal-body > p").css("white-space", "pre-line").text(data.output); $(".modal").modal('show'); }); }); From d3e9d5c6b9c7badfedf95dd7b1b1c962b8a0689c Mon Sep 17 00:00:00 2001 From: Guillaume Marsay Date: Mon, 15 Jun 2020 09:57:59 +0200 Subject: [PATCH 08/25] DOMAIN is now optional --- lg.py | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/lg.py b/lg.py index 3616c58..3be6307 100644 --- a/lg.py +++ b/lg.py @@ -148,16 +148,23 @@ def bird_proxy(host, proto, service, query): return False, 'Host "%s" invalid' % host elif not path: return False, 'Proto "%s" invalid' % proto - else: - url = "http://%s.%s:%d/%s?q=%s" % (host, app.config["DOMAIN"], port, path, quote(query)) - try: - f = urlopen(url) - resultat = f.read() - status = True # retreive remote status - except IOError: - resultat = "Failed retreive url: %s" % url - status = False - return status, resultat + + url = "http://%s" % (host) + if "DOMAIN" in app.config: + url = "%s.%s" % (url, app.config["DOMAIN"]) + url = "%s:%d/%s?" % (url, port, path) + + url = "%sq=%s" % (url, quote(query)) + + try: + f = urlopen(url) + resultat = f.read() + status = True # retreive remote status + except IOError: + resultat = "Failed retreive url: %s" % url + status = False + + return status, resultat @app.context_processor @@ -459,7 +466,10 @@ def show_bgpmap(): return edges[edge_tuple] for host, asmaps in data.iteritems(): - add_node(host, label= "%s\r%s" % (host.upper(), app.config["DOMAIN"].upper()), shape="box", fillcolor="#F5A9A9") + if "DOMAIN" in app.config: + add_node(host, label= "%s\r%s" % (host.upper(), app.config["DOMAIN"].upper()), shape="box", fillcolor="#F5A9A9") + else: + add_node(host, label= "%s" % (host.upper()), shape="box", fillcolor="#F5A9A9") as_number = app.config["AS_NUMBER"].get(host, None) if as_number: From 96c33da44690adba5c257863ffcf993bcffe7ab5 Mon Sep 17 00:00:00 2001 From: Guillaume Marsay Date: Mon, 15 Jun 2020 13:27:26 +0200 Subject: [PATCH 09/25] Add SHARED_SECRET --- lg.cfg | 3 +++ lg.py | 3 ++- lgproxy.cfg | 9 +++++++++ lgproxy.py | 13 +++++++++---- 4 files changed, 23 insertions(+), 5 deletions(-) diff --git a/lg.cfg b/lg.cfg index 2cc3388..5ddfc5d 100644 --- a/lg.cfg +++ b/lg.cfg @@ -5,6 +5,9 @@ LOG_LEVEL="WARNING" DOMAIN = "tetaneutral.net" +# Used for restrict access on lgproxy - must be same in lgproxy.cfg +SHARED_SECRET="ThisTokenIsNotSecret" + BIND_IP = "0.0.0.0" BIND_PORT = 5000 diff --git a/lg.py b/lg.py index 3be6307..e9ea3e5 100644 --- a/lg.py +++ b/lg.py @@ -153,7 +153,8 @@ def bird_proxy(host, proto, service, query): if "DOMAIN" in app.config: url = "%s.%s" % (url, app.config["DOMAIN"]) url = "%s:%d/%s?" % (url, port, path) - + if "SHARED_SECRET" in app.config: + url = "%ssecret=%s&" % (url, app.config["SHARED_SECRET"]) url = "%sq=%s" % (url, quote(query)) try: diff --git a/lgproxy.cfg b/lgproxy.cfg index e7a6e8a..7019e52 100644 --- a/lgproxy.cfg +++ b/lgproxy.cfg @@ -1,12 +1,21 @@ DEBUG=False + LOG_FILE="/var/log/lg-proxy/lg-proxy.log" LOG_LEVEL="WARNING" + BIND_IP = "0.0.0.0" BIND_PORT = 5000 + +# Used for restrict access on lgproxy - Empty list = all allowed ACCESS_LIST = ["91.224.149.206", "178.33.111.110", "2a01:6600:8081:ce00::1"] + +# Used for restrict access on lgproxy - Must be same in lg.cfg +SHARED_SECRET="ThisTokenIsNotSecret" + IPV4_SOURCE="" IPV6_SOURCE="" + BIRD_SOCKET="/var/run/bird/bird.ctl" BIRD6_SOCKET="/var/run/bird/bird6.ctl" diff --git a/lgproxy.py b/lgproxy.py index e1b3cdb..a81abb9 100644 --- a/lgproxy.py +++ b/lgproxy.py @@ -54,14 +54,19 @@ def access_log_after(response, *args, **kwargs): app.logger.info("[%s] reponse %s, %s", request.remote_addr, request.url, response.status_code) return response -def check_accesslist(): - if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]: +def check_security(): + if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]: + app.logger.info("Your remote address is not valid") + abort(401) + + if app.config.get('SHARED_SECRET') and request.args.get("secret") != app.config["SHARED_SECRET"]: + app.logger.info("Your shared secret is not valid") abort(401) @app.route("/traceroute") @app.route("/traceroute6") def traceroute(): - check_accesslist() + check_security() if sys.platform.startswith('freebsd') or sys.platform.startswith('netbsd') or sys.platform.startswith('openbsd'): traceroute4 = [ 'traceroute' ] @@ -100,7 +105,7 @@ def traceroute(): @app.route("/bird") @app.route("/bird6") def bird(): - check_accesslist() + check_security() if request.path == "/bird": b = BirdSocket(file=app.config.get("BIRD_SOCKET")) elif request.path == "/bird6": b = BirdSocket(file=app.config.get("BIRD6_SOCKET")) From f87719956a156e200112b200545590b71133f884 Mon Sep 17 00:00:00 2001 From: Guillaume Marsay Date: Mon, 15 Jun 2020 13:13:05 +0200 Subject: [PATCH 10/25] Add WEBSITE_TITLE - Issue #69 --- lg.cfg | 2 +- templates/layout.html | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lg.cfg b/lg.cfg index 2cc3388..b40f4d1 100644 --- a/lg.cfg +++ b/lg.cfg @@ -1,4 +1,4 @@ - +WEBSITE_TITLE="Bird-LG / Looking Glass" DEBUG = False LOG_FILE="/var/log/lg.log" LOG_LEVEL="WARNING" diff --git a/templates/layout.html b/templates/layout.html index 34071b0..aa57f29 100644 --- a/templates/layout.html +++ b/templates/layout.html @@ -1,6 +1,6 @@ - {{config.DOMAIN|capitalize}} looking glass + {{config.WEBSITE_TITLE|default("Bird-LG / Looking Glass") }} @@ -18,7 +18,7 @@ - {{config.DOMAIN|capitalize}} / Looking Glass + {{config.WEBSITE_TITLE|default("Bird-LG / Looking Glass") }}
  • Nodes:  
    • From ca4550ae74600715553164fa06ed4c1d1b4c93c6 Mon Sep 17 00:00:00 2001 From: Baptiste Jonglez Date: Mon, 15 Jun 2020 22:06:59 +0200 Subject: [PATCH 11/25] Fix HTML markup (wrong title position) --- templates/layout.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/layout.html b/templates/layout.html index aa57f29..d57ca80 100644 --- a/templates/layout.html +++ b/templates/layout.html @@ -1,7 +1,7 @@ - {{config.WEBSITE_TITLE|default("Bird-LG / Looking Glass") }} + {{config.WEBSITE_TITLE|default("Bird-LG / Looking Glass") }} From a45ae454084282b4b23cfbb0e743066fc8cb6905 Mon Sep 17 00:00:00 2001 From: Baptiste Jonglez Date: Mon, 15 Jun 2020 22:34:25 +0200 Subject: [PATCH 12/25] Basic python reformatting Transform all tabs to spaces and remove trailing spaces. --- bird.py | 241 ++++++++++++++++++++++++++--------------------------- lg.py | 14 ++-- lgproxy.py | 23 +++-- toolbox.py | 42 +++++----- 4 files changed, 156 insertions(+), 164 deletions(-) diff --git a/bird.py b/bird.py index 5f6d546..a55deb9 100644 --- a/bird.py +++ b/bird.py @@ -25,153 +25,150 @@ import sys BUFSIZE = 4096 SUCCESS_CODES = { - "0000" : "OK", - "0001" : "Welcome", - "0002" : "Reading configuration", - "0003" : "Reconfigured", - "0004" : "Reconfiguration in progress", - "0005" : "Reconfiguration already in progress, queueing", - "0006" : "Reconfiguration ignored, shutting down", - "0007" : "Shutdown ordered", - "0008" : "Already disabled", - "0009" : "Disabled", - "0010" : "Already enabled", - "0011" : "Enabled", - "0012" : "Restarted", - "0013" : "Status report", - "0014" : "Route count", - "0015" : "Reloading", - "0016" : "Access restricted", + "0000" : "OK", + "0001" : "Welcome", + "0002" : "Reading configuration", + "0003" : "Reconfigured", + "0004" : "Reconfiguration in progress", + "0005" : "Reconfiguration already in progress, queueing", + "0006" : "Reconfiguration ignored, shutting down", + "0007" : "Shutdown ordered", + "0008" : "Already disabled", + "0009" : "Disabled", + "0010" : "Already enabled", + "0011" : "Enabled", + "0012" : "Restarted", + "0013" : "Status report", + "0014" : "Route count", + "0015" : "Reloading", + "0016" : "Access restricted", } TABLES_ENTRY_CODES = { - "1000" : "BIRD version", - "1001" : "Interface list", - "1002" : "Protocol list", - "1003" : "Interface address", - "1004" : "Interface flags", - "1005" : "Interface summary", - "1006" : "Protocol details", - "1007" : "Route list", - "1008" : "Route details", - "1009" : "Static route list", - "1010" : "Symbol list", - "1011" : "Uptime", - "1012" : "Route extended attribute list", - "1013" : "Show ospf neighbors", - "1014" : "Show ospf", - "1015" : "Show ospf interface", - "1016" : "Show ospf state/topology", - "1017" : "Show ospf lsadb", - "1018" : "Show memory", + "1000" : "BIRD version", + "1001" : "Interface list", + "1002" : "Protocol list", + "1003" : "Interface address", + "1004" : "Interface flags", + "1005" : "Interface summary", + "1006" : "Protocol details", + "1007" : "Route list", + "1008" : "Route details", + "1009" : "Static route list", + "1010" : "Symbol list", + "1011" : "Uptime", + "1012" : "Route extended attribute list", + "1013" : "Show ospf neighbors", + "1014" : "Show ospf", + "1015" : "Show ospf interface", + "1016" : "Show ospf state/topology", + "1017" : "Show ospf lsadb", + "1018" : "Show memory", } ERROR_CODES = { - "8000" : "Reply too long", - "8001" : "Route not found", - "8002" : "Configuration file error", - "8003" : "No protocols match", - "8004" : "Stopped due to reconfiguration", - "8005" : "Protocol is down => cannot dump", - "8006" : "Reload failed", - "8007" : "Access denied", + "8000" : "Reply too long", + "8001" : "Route not found", + "8002" : "Configuration file error", + "8003" : "No protocols match", + "8004" : "Stopped due to reconfiguration", + "8005" : "Protocol is down => cannot dump", + "8006" : "Reload failed", + "8007" : "Access denied", - "9000" : "Command too long", - "9001" : "Parse error", - "9002" : "Invalid symbol type", + "9000" : "Command too long", + "9001" : "Parse error", + "9002" : "Invalid symbol type", } END_CODES = ERROR_CODES.keys() + SUCCESS_CODES.keys() -global bird_sockets +global bird_sockets bird_sockets = {} def BirdSocketSingleton(host, port): - global bird_sockets - s = bird_sockets.get((host,port), None) - if not s: - s = BirdSocket(host,port) - bird_sockets[(host,port)] = s - return s + global bird_sockets + s = bird_sockets.get((host,port), None) + if not s: + s = BirdSocket(host,port) + bird_sockets[(host,port)] = s + return s class BirdSocket: - def __init__(self, host="", port="", file=""): - self.__file = file - self.__host = host - self.__port = port - self.__sock = None + def __init__(self, host="", port="", file=""): + self.__file = file + self.__host = host + self.__port = port + self.__sock = None - def __connect(self): - if self.__sock: return + def __connect(self): + if self.__sock: return - if not file: - self.__sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - self.__sock.settimeout(3.0) - self.__sock.connect((self.__host, self.__port)) - else: - self.__sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) - self.__sock.settimeout(3.0) - self.__sock.connect(self.__file) + if not file: + self.__sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self.__sock.settimeout(3.0) + self.__sock.connect((self.__host, self.__port)) + else: + self.__sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) + self.__sock.settimeout(3.0) + self.__sock.connect(self.__file) - # read welcome message - self.__sock.recv(1024) - self.cmd("restrict") + # read welcome message + self.__sock.recv(1024) + self.cmd("restrict") - def close(self): - if self.__sock: - try: self.__sock.close() - except: pass - self.__sock = None - - def cmd(self, cmd): - try: - self.__connect() - self.__sock.send(cmd + "\n") - data = self.__read() - return data - except socket.error: - why = sys.exc_info()[1] - self.close() - return False, "Bird connection problem: %s" % why + def close(self): + if self.__sock: + try: self.__sock.close() + except: pass + self.__sock = None - def __read(self): - code = "7000" # Not used in bird - parsed_string = "" - lastline = "" + def cmd(self, cmd): + try: + self.__connect() + self.__sock.send(cmd + "\n") + data = self.__read() + return data + except socket.error: + why = sys.exc_info()[1] + self.close() + return False, "Bird connection problem: %s" % why - while code not in END_CODES: - data = self.__sock.recv(BUFSIZE) - - lines = (lastline + data).split("\n") - if len(data) == BUFSIZE: - lastline = lines[-1] - lines = lines[:-1] + def __read(self): + code = "7000" # Not used in bird + parsed_string = "" + lastline = "" - for line in lines: - code = line[0:4] + while code not in END_CODES: + data = self.__sock.recv(BUFSIZE) - if not line.strip(): - continue - elif code == "0000": - return True, parsed_string - elif code in SUCCESS_CODES.keys(): - return True, SUCCESS_CODES.get(code) - elif code in ERROR_CODES.keys(): - return False, ERROR_CODES.get(code) - elif code[0] in [ "1", "2"] : - parsed_string += line[5:] + "\n" - elif code[0] == " ": - parsed_string += line[1:] + "\n" - elif code[0] == "+": - parsed_string += line[1:] - else: - parsed_string += "<<>>\n"%line + lines = (lastline + data).split("\n") + if len(data) == BUFSIZE: + lastline = lines[-1] + lines = lines[:-1] - return True, parsed_string - - -__all__ = ['BirdSocketSingleton' , 'BirdSocket' ] - + for line in lines: + code = line[0:4] + + if not line.strip(): + continue + elif code == "0000": + return True, parsed_string + elif code in SUCCESS_CODES.keys(): + return True, SUCCESS_CODES.get(code) + elif code in ERROR_CODES.keys(): + return False, ERROR_CODES.get(code) + elif code[0] in [ "1", "2"] : + parsed_string += line[5:] + "\n" + elif code[0] == " ": + parsed_string += line[1:] + "\n" + elif code[0] == "+": + parsed_string += line[1:] + else: + parsed_string += "<<>>\n"%line + + return True, parsed_string +__all__ = ['BirdSocketSingleton', 'BirdSocket'] diff --git a/lg.py b/lg.py index e9ea3e5..b26a71b 100644 --- a/lg.py +++ b/lg.py @@ -455,13 +455,12 @@ def show_bgpmap(): label_without_star = kwargs["label"].replace("*", "") if e.get_label() is not None: - labels = e.get_label().split("\r") + labels = e.get_label().split("\r") else: return edges[edge_tuple] if "%s*" % label_without_star not in labels: - labels = [ kwargs["label"] ] + [ l for l in labels if not l.startswith(label_without_star) ] + labels = [ kwargs["label"] ] + [ l for l in labels if not l.startswith(label_without_star) ] labels = sorted(labels, cmp=lambda x,y: x.endswith("*") and -1 or 1) - label = escape("\r".join(labels)) e.set_label(label) return edges[edge_tuple] @@ -478,7 +477,7 @@ def show_bgpmap(): edge = add_edge(as_number, nodes[host]) edge.set_color("red") edge.set_style("bold") - + #colors = [ "#009e23", "#1a6ec1" , "#d05701", "#6f879f", "#939a0e", "#0e9a93", "#9a0e85", "#56d8e1" ] previous_as = None hosts = data.keys() @@ -504,14 +503,13 @@ def show_bgpmap(): if not hop: hop = True if _as not in hosts: - hop_label = _as + hop_label = _as if first: hop_label = hop_label + "*" continue else: hop_label = "" - if _as == asmap[-1]: add_node(_as, fillcolor="#F5A9A9", shape="box", ) else: @@ -592,7 +590,7 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text): # ugly hack for good printing path = [ peer_protocol_name ] # path = ["%s\r%s" % (peer_protocol_name, get_as_name(get_as_number_from_protocol_name(host, proto, peer_protocol_name)))] - + expr3 = re.search(r'(.*)unreachable\s+\[(\w+)\s+', line) if expr3: if path: @@ -612,7 +610,7 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text): path.extend(ASes) else: path = ASes - + if path: path.append(net_dest) paths.append(path) diff --git a/lgproxy.py b/lgproxy.py index a81abb9..89b6a9a 100644 --- a/lgproxy.py +++ b/lgproxy.py @@ -41,7 +41,7 @@ app = Flask(__name__) app.debug = app.config["DEBUG"] app.config.from_pyfile(args.config_file) -file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight") +file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight") app.logger.setLevel(getattr(logging, app.config["LOG_LEVEL"].upper())) app.logger.addHandler(file_handler) @@ -67,7 +67,7 @@ def check_security(): @app.route("/traceroute6") def traceroute(): check_security() - + if sys.platform.startswith('freebsd') or sys.platform.startswith('netbsd') or sys.platform.startswith('openbsd'): traceroute4 = [ 'traceroute' ] traceroute6 = [ 'traceroute6' ] @@ -76,15 +76,14 @@ def traceroute(): traceroute6 = [ 'traceroute', '-6' ] src = [] - if request.path == '/traceroute6': - traceroute = traceroute6 - if app.config.get("IPV6_SOURCE",""): - src = [ "-s", app.config.get("IPV6_SOURCE") ] - + if request.path == '/traceroute6': + traceroute = traceroute6 + if app.config.get("IPV6_SOURCE", ""): + src = [ "-s", app.config.get("IPV6_SOURCE") ] else: - traceroute = traceroute4 - if app.config.get("IPV4_SOURCE",""): - src = [ "-s", app.config.get("IPV4_SOURCE") ] + traceroute = traceroute4 + if app.config.get("IPV4_SOURCE",""): + src = [ "-s", app.config.get("IPV4_SOURCE") ] query = request.args.get("q","") query = unquote(query) @@ -97,11 +96,9 @@ def traceroute(): options = [ '-A', '-q1', '-N32', '-w1', '-m15' ] command = traceroute + src + options + [ query ] result = subprocess.Popen( command , stdout=subprocess.PIPE).communicate()[0].decode('utf-8', 'ignore').replace("\n","
    ") - return result - @app.route("/bird") @app.route("/bird6") def bird(): @@ -118,7 +115,7 @@ def bird(): b.close() # FIXME: use status return result - + if __name__ == "__main__": app.logger.info("lgproxy start") diff --git a/toolbox.py b/toolbox.py index f2b50e1..a25e457 100644 --- a/toolbox.py +++ b/toolbox.py @@ -29,16 +29,16 @@ resolv.timeout = 0.5 resolv.lifetime = 1 def resolve(n, q): - return str(resolv.query(n,q)[0]) + return str(resolv.query(n,q)[0]) def mask_is_valid(n): - if not n: - return True - try: - mask = int(n) - return ( mask >= 1 and mask <= 128) - except: - return False + if not n: + return True + try: + mask = int(n) + return ( mask >= 1 and mask <= 128) + except: + return False def ipv4_is_valid(n): try: @@ -55,21 +55,21 @@ def ipv6_is_valid(n): return False def save_cache_pickle(filename, data): - output = open(filename, 'wb') - pickle.dump(data, output) - output.close() + output = open(filename, 'wb') + pickle.dump(data, output) + output.close() def load_cache_pickle(filename, default = None): - try: - pkl_file = open(filename, 'rb') - except IOError: - return default - try: - data = pickle.load(pkl_file) - except: - data = default - pkl_file.close() - return data + try: + pkl_file = open(filename, 'rb') + except IOError: + return default + try: + data = pickle.load(pkl_file) + except: + data = default + pkl_file.close() + return data def unescape(s): want_unicode = False From 1d3eefa971f468751c105b96ae203bae0b2a921b Mon Sep 17 00:00:00 2001 From: Baptiste Jonglez Date: Mon, 15 Jun 2020 22:47:51 +0200 Subject: [PATCH 13/25] Don't display URL containing shared secret when there is an error --- lg.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lg.py b/lg.py index b26a71b..7b0c8ab 100644 --- a/lg.py +++ b/lg.py @@ -162,7 +162,8 @@ def bird_proxy(host, proto, service, query): resultat = f.read() status = True # retreive remote status except IOError: - resultat = "Failed retreive url: %s" % url + resultat = "Failed to retrieve URL for host %s" % host + app.logger.warning("Failed to retrieve URL for host %s: %s", host, url) status = False return status, resultat From c84267edd8e2df32cf8ca0c565e31654c482dc04 Mon Sep 17 00:00:00 2001 From: Baptiste Jonglez Date: Mon, 15 Jun 2020 22:54:01 +0200 Subject: [PATCH 14/25] Clarify documentation of shared secret and access list --- lg.cfg | 2 +- lgproxy.cfg | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lg.cfg b/lg.cfg index 14a654a..4d120ea 100644 --- a/lg.cfg +++ b/lg.cfg @@ -5,7 +5,7 @@ LOG_LEVEL="WARNING" DOMAIN = "tetaneutral.net" -# Used for restrict access on lgproxy - must be same in lgproxy.cfg +# Used to optionally restrict access to lgproxy based on a shared secret. SHARED_SECRET="ThisTokenIsNotSecret" BIND_IP = "0.0.0.0" diff --git a/lgproxy.cfg b/lgproxy.cfg index 7019e52..e4b08f8 100644 --- a/lgproxy.cfg +++ b/lgproxy.cfg @@ -7,10 +7,12 @@ LOG_LEVEL="WARNING" BIND_IP = "0.0.0.0" BIND_PORT = 5000 -# Used for restrict access on lgproxy - Empty list = all allowed +# Used to restrict access to lgproxy based on source IP address. +# Empty list = any IP is allowed to run queries. ACCESS_LIST = ["91.224.149.206", "178.33.111.110", "2a01:6600:8081:ce00::1"] -# Used for restrict access on lgproxy - Must be same in lg.cfg +# Used to restrict access to lgproxy based on a shared secret (must also be configured in lg.cfg) +# Empty string or unset = no shared secret is required to run queries. SHARED_SECRET="ThisTokenIsNotSecret" IPV4_SOURCE="" From 53e717381d3dca88d3636c5ca0349306a3464e8c Mon Sep 17 00:00:00 2001 From: Baptiste Jonglez Date: Tue, 16 Jun 2020 15:36:44 +0200 Subject: [PATCH 15/25] bgpmap: Fix crash when 'peer_protocol_name' is not matched by regexp This protects against cases where the regexp expr2 is broken (such as currently with some interface names) Fixes: #64 --- lg.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lg.py b/lg.py index 7b0c8ab..4a59d73 100644 --- a/lg.py +++ b/lg.py @@ -558,7 +558,7 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text): path = None paths = [] net_dest = None - peer_protocol_name = None + peer_protocol_name = "" for line in text: line = line.strip() From 967c721b86899b67614bb47277d4c9dc25cd5ab0 Mon Sep 17 00:00:00 2001 From: Baptiste Jonglez Date: Tue, 16 Jun 2020 15:39:55 +0200 Subject: [PATCH 16/25] bgpmap: fix regexp to match interface names with non-alphanumerical characters Commit eaf531eee21 ("Correctly parse aspath for both bird 1.x and 2.0.") inadvertently made a regexp more strict, and it no longer matches some interface names. Example include `eth1.945` (tagged VLAN, which is a common use-case for routers) or `br-foo`. As a result, the regexp would not parse the "peer protocol name" that is normally displayed on the bgpmap. Fixes: #64 --- lg.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lg.py b/lg.py index 4a59d73..59cf17e 100644 --- a/lg.py +++ b/lg.py @@ -568,7 +568,7 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text): net_dest = expr.group(1).strip() peer_protocol_name = expr.group(2).strip() - expr2 = re.search(r'(.*)via\s+([0-9a-fA-F:\.]+)\s+on\s+\w+(\s+\[(\w+)\s+)?', line) + expr2 = re.search(r'(.*)via\s+([0-9a-fA-F:\.]+)\s+on\s+\S+(\s+\[(\w+)\s+)?', line) if expr2: if path: path.append(net_dest) From 73edb4ce1d584037abd3965413c6b48702051209 Mon Sep 17 00:00:00 2001 From: Dimitri Pappas Date: Mon, 17 Aug 2020 04:58:33 +0200 Subject: [PATCH 17/25] Added https://lg.angolacables.co.ao/ to README.mkd --- README.mkd | 1 + 1 file changed, 1 insertion(+) diff --git a/README.mkd b/README.mkd index cd7bcb3..80f8801 100644 --- a/README.mkd +++ b/README.mkd @@ -84,3 +84,4 @@ Happy users * http://lg.catnix.net/ * https://lg.worldstream.nl/ * https://route-server.netshelter.de/ +* https://lg.angolacables.co.ao/ From ef6b32c527478fefe7a4436e10b96ee28ed5b308 Mon Sep 17 00:00:00 2001 From: Baptiste Jonglez Date: Mon, 10 May 2021 19:14:39 +0200 Subject: [PATCH 18/25] Fix XSS when handling query Fixes #63 --- templates/layout.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/layout.html b/templates/layout.html index d57ca80..c0b7281 100644 --- a/templates/layout.html +++ b/templates/layout.html @@ -120,7 +120,7 @@