Merge branch 'master' of https://github.com/sileht/bird-lg

.gitignore

@@ -1,2 +1,4 @@
 *.pyc
 *.pyo
+lg.cfg
+lgproxy.cfg

README.mkd

@@ -1,6 +1,9 @@
 BIRD-LG
 =======
 
+Overview
+--------
+
 This is a looking glass for the Internet Routing Daemon "Bird".
 
 Software is split in two parts:
@@ -8,7 +11,8 @@ Software is split in two parts:
  - lgproxy.py:
 
    It must be installed and started on all bird nodes. It act as a proxy to make traceroute and bird query on the node.
-   Access restriction to this web service can be done in file "lgproxy.cfg" (only IP address based restriction for now).
+   Access restriction to this web service can be done in file "lgproxy.cfg". Two access restriction methods can be configured:
+   based on source IP address or based on a shared secret. Both methods can be used at the same time.
 
  - lg.py:
 
@@ -33,17 +37,42 @@ Software is split in two parts:
 ```
 
 
-bird-lg depends on :
+Installation
+------------
+
+The web service (lg.py) depends on:
 
  - python-flask  >= 0.8
  - python-dnspython
  - python-pydot
- - python-memcache
  - graphviz
  - whois
- - traceroute
 
-Each services can be embedded in any webserver by following regular python-flask configuration.
+The proxy running on routers (lgproxy.py) depends on:
+
+ - python-flask  >= 0.8
+ - traceroute
+ - ping
+
+Each service can be embedded in any webserver by following regular python-flask configuration.
+It is also possible to run the services directly with python for developping / testing:
+
+    python2 lg.py
+    python2 lgproxy.py
+
+Systemd unit files are provided in the `init/` subdirectory.
+
+
+Configuration
+-------------
+
+On your routers, copy `lgproxy.cfg.example` to `lgproxy.cfg` and edit the values.
+
+On the web host, copy `lg.cfg.example` to `lg.cfg` and edit the values.
+
+
+License
+-------
 
 Source code is under GPL 3.0, powered by Flask, jQuery and Bootstrap.
 
@@ -67,7 +96,8 @@ Happy users
 * https://lg.man-da.de/
 * http://route-server.belwue.net/
 * https://lg.exn.uk/
-* http://lg.meerfarbig.net/
+* https://meerblick.io/
+* https://lg.as49697.net/
 * http://lg.netnation.com/
 * http://lg.edxnetwork.eu/
 * https://lg.hivane.net/
@@ -83,3 +113,4 @@ Happy users
 * https://lg.fullsave.net/
 * http://lg.catnix.net/
 * https://lg.worldstream.nl/
+* https://lg.angolacables.co.ao/

bird.py

@@ -25,153 +25,150 @@ import sys
 BUFSIZE = 4096
 
 SUCCESS_CODES = {
-	"0000" : "OK",
+    "0000" : "OK",
-	"0001" : "Welcome",
+    "0001" : "Welcome",
-	"0002" : "Reading configuration",
+    "0002" : "Reading configuration",
-	"0003" : "Reconfigured",
+    "0003" : "Reconfigured",
-	"0004" : "Reconfiguration in progress",
+    "0004" : "Reconfiguration in progress",
-	"0005" : "Reconfiguration already in progress, queueing",
+    "0005" : "Reconfiguration already in progress, queueing",
-	"0006" : "Reconfiguration ignored, shutting down",
+    "0006" : "Reconfiguration ignored, shutting down",
-	"0007" : "Shutdown ordered",
+    "0007" : "Shutdown ordered",
-	"0008" : "Already disabled",
+    "0008" : "Already disabled",
-	"0009" : "Disabled",
+    "0009" : "Disabled",
-	"0010" : "Already enabled",
+    "0010" : "Already enabled",
-	"0011" : "Enabled",
+    "0011" : "Enabled",
-	"0012" : "Restarted",
+    "0012" : "Restarted",
-	"0013" : "Status report",
+    "0013" : "Status report",
-	"0014" : "Route count",
+    "0014" : "Route count",
-	"0015" : "Reloading",
+    "0015" : "Reloading",
-	"0016" : "Access restricted",
+    "0016" : "Access restricted",
 }
 
 TABLES_ENTRY_CODES = {
-	"1000" : "BIRD version",
+    "1000" : "BIRD version",
-	"1001" : "Interface list",
+    "1001" : "Interface list",
-	"1002" : "Protocol list",
+    "1002" : "Protocol list",
-	"1003" : "Interface address",
+    "1003" : "Interface address",
-	"1004" : "Interface flags",
+    "1004" : "Interface flags",
-	"1005" : "Interface summary",
+    "1005" : "Interface summary",
-	"1006" : "Protocol details",
+    "1006" : "Protocol details",
-	"1007" : "Route list",
+    "1007" : "Route list",
-	"1008" : "Route details",
+    "1008" : "Route details",
-	"1009" : "Static route list",
+    "1009" : "Static route list",
-	"1010" : "Symbol list",
+    "1010" : "Symbol list",
-	"1011" : "Uptime",
+    "1011" : "Uptime",
-	"1012" : "Route extended attribute list",
+    "1012" : "Route extended attribute list",
-	"1013" : "Show ospf neighbors",
+    "1013" : "Show ospf neighbors",
-	"1014" : "Show ospf",
+    "1014" : "Show ospf",
-	"1015" : "Show ospf interface",
+    "1015" : "Show ospf interface",
-	"1016" : "Show ospf state/topology",
+    "1016" : "Show ospf state/topology",
-	"1017" : "Show ospf lsadb",
+    "1017" : "Show ospf lsadb",
-	"1018" : "Show memory",
+    "1018" : "Show memory",
 }
 
 ERROR_CODES = {
-	"8000" : "Reply too long",
+    "8000" : "Reply too long",
-	"8001" : "Route not found",
+    "8001" : "Route not found",
-	"8002" : "Configuration file error",
+    "8002" : "Configuration file error",
-	"8003" : "No protocols match",
+    "8003" : "No protocols match",
-	"8004" : "Stopped due to reconfiguration",
+    "8004" : "Stopped due to reconfiguration",
-	"8005" : "Protocol is down => cannot dump",
+    "8005" : "Protocol is down => cannot dump",
-	"8006" : "Reload failed",
+    "8006" : "Reload failed",
-	"8007" : "Access denied",
+    "8007" : "Access denied",
 
-	"9000" : "Command too long",
+    "9000" : "Command too long",
-	"9001" : "Parse error",
+    "9001" : "Parse error",
-	"9002" : "Invalid symbol type",
+    "9002" : "Invalid symbol type",
 }
 
 END_CODES = ERROR_CODES.keys() + SUCCESS_CODES.keys()
 
-global bird_sockets 
+global bird_sockets
 bird_sockets = {}
 
 def BirdSocketSingleton(host, port):
-	global bird_sockets 
+    global bird_sockets
-	s = bird_sockets.get((host,port), None)
+    s = bird_sockets.get((host,port), None)
-	if not s:
+    if not s:
-		s = BirdSocket(host,port)
+        s = BirdSocket(host,port)
-		bird_sockets[(host,port)] = s
+        bird_sockets[(host,port)] = s
-	return s
+    return s
 
 class BirdSocket:
 
-	def __init__(self, host="", port="", file=""):
+    def __init__(self, host="", port="", file=""):
-		self.__file = file
+        self.__file = file
-		self.__host = host
+        self.__host = host
-		self.__port = port
+        self.__port = port
-		self.__sock = None
+        self.__sock = None
 
-	def __connect(self):
+    def __connect(self):
-		if self.__sock:  return 
+        if self.__sock:  return
 
-		if not file:
+        if not file:
-			self.__sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            self.__sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-			self.__sock.settimeout(3.0)
+            self.__sock.settimeout(3.0)
-			self.__sock.connect((self.__host, self.__port))
+            self.__sock.connect((self.__host, self.__port))
-		else:
+        else:
-			self.__sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+            self.__sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
-			self.__sock.settimeout(3.0)
+            self.__sock.settimeout(3.0)
-			self.__sock.connect(self.__file)
+            self.__sock.connect(self.__file)
 
-		# read welcome message
+        # read welcome message
-		self.__sock.recv(1024)
+        self.__sock.recv(1024)
-		self.cmd("restrict")
+        self.cmd("restrict")
 
-	def close(self):
+    def close(self):
-		if self.__sock:
+        if self.__sock:
-			try: self.__sock.close()
+            try: self.__sock.close()
-			except: pass
+            except: pass
-			self.__sock = None
+            self.__sock = None
-		
-	def cmd(self, cmd):
-		try:
-			self.__connect()
-			self.__sock.send(cmd + "\n")
-			data = self.__read()
-			return data
-		except socket.error:
-			why = sys.exc_info()[1]
-			self.close()
-			return False, "Bird connection problem: %s" % why
 
-	def __read(self):
+    def cmd(self, cmd):
-		code = "7000" # Not used  in bird
+        try:
-		parsed_string = ""
+            self.__connect()
-		lastline = ""
+            self.__sock.send(cmd + "\n")
+            data = self.__read()
+            return data
+        except socket.error:
+            why = sys.exc_info()[1]
+            self.close()
+            return False, "Bird connection problem: %s" % why
 
-		while code not in END_CODES:
+    def __read(self):
-			data = self.__sock.recv(BUFSIZE)
+        code = "7000" # Not used  in bird
-			
+        parsed_string = ""
-			lines = (lastline + data).split("\n")
+        lastline = ""
-			if len(data) == BUFSIZE:
-				lastline = lines[-1]
-				lines = lines[:-1]
 
-			for line in lines:
+        while code not in END_CODES:
-				code = line[0:4]
+            data = self.__sock.recv(BUFSIZE)
 
-				if not line.strip():
+            lines = (lastline + data).split("\n")
-					continue
+            if len(data) == BUFSIZE:
-				elif code == "0000":
+                lastline = lines[-1]
-					return True, parsed_string
+                lines = lines[:-1]
-				elif code in SUCCESS_CODES.keys():
-					return True, SUCCESS_CODES.get(code)
-				elif code in ERROR_CODES.keys():
-					return False, ERROR_CODES.get(code)
-				elif code[0] in [ "1", "2"] :
-					parsed_string += line[5:] + "\n"
-				elif code[0] == " ":
-					parsed_string += line[1:] + "\n"
-				elif code[0] == "+": 
-					parsed_string += line[1:]
-				else:
-					parsed_string += "<<<unparsable_string(%s)>>>\n"%line
 
-		return True, parsed_string
+            for line in lines:
-
+                code = line[0:4]
-
+
-__all__ = ['BirdSocketSingleton' , 'BirdSocket' ]
+                if not line.strip():
-		
+                    continue
+                elif code == "0000":
+                    return True, parsed_string
+                elif code in SUCCESS_CODES.keys():
+                    return True, SUCCESS_CODES.get(code)
+                elif code in ERROR_CODES.keys():
+                    return False, ERROR_CODES.get(code)
+                elif code[0] in [ "1", "2"] :
+                    parsed_string += line[5:] + "\n"
+                elif code[0] == " ":
+                    parsed_string += line[1:] + "\n"
+                elif code[0] == "+":
+                    parsed_string += line[1:]
+                else:
+                    parsed_string += "<<<unparsable_string(%s)>>>\n"%line
+
+        return True, parsed_string
 
 
+__all__ = ['BirdSocketSingleton', 'BirdSocket']

lg.cfg.example

@@ -1,10 +1,19 @@
+# Configuration file example for lg.py
+# Adapt and copy to lg.cfg
 
+WEBSITE_TITLE="Bird-LG / Looking Glass"
 DEBUG = False
 LOG_FILE="/var/log/lg.log"
 LOG_LEVEL="WARNING"
+# Keep log history indefinitely by default.
+LOG_NUM_DAYS=0
 
 DOMAIN = "tetaneutral.net"
 
+# Used to optionally restrict access to lgproxy based on a shared secret.
+# Empty string or unset = no shared secret is used to run queries on lgproxies.
+SHARED_SECRET="ThisTokenIsNotSecret"
+
 BIND_IP = "0.0.0.0"
 BIND_PORT = 5000
 
@@ -29,4 +38,5 @@ AS_NUMBER = {
 # DNS zone to query for ASN -> name mapping
 ASN_ZONE = "asn.cymru.com"
 
+# Used for secure session storage, change this
 SESSION_KEY = '\xd77\xf9\xfa\xc2\xb5\xcd\x85)`+H\x9d\xeeW\\%\xbe/\xbaT\x89\xe8\xa7'

lg.py

@@ -22,7 +22,6 @@
 
 import base64
 from datetime import datetime
-import memcache
 import subprocess
 import logging
 from logging.handlers import TimedRotatingFileHandler
@@ -49,13 +48,10 @@ app.config.from_pyfile(args.config_file)
 app.secret_key = app.config["SESSION_KEY"]
 app.debug = app.config["DEBUG"]
 
-file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight")
+file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight", backupCount=app.config.get("LOG_NUM_DAYS", 0))
 file_handler.setLevel(getattr(logging, app.config["LOG_LEVEL"].upper()))
 app.logger.addHandler(file_handler)
 
-memcache_server = app.config.get("MEMCACHE_SERVER", "127.0.0.1:11211")
-memcache_expiration = int(app.config.get("MEMCACHE_EXPIRATION", "1296000")) # 15 days by default
-mc = memcache.Client([memcache_server])
 
 def get_asn_from_as(n):
     asn_zone = app.config.get("ASN_ZONE", "asn.cymru.com")
@@ -149,16 +145,25 @@ def bird_proxy(host, proto, service, query):
         return False, 'Host "%s" invalid' % host
     elif not path:
         return False, 'Proto "%s" invalid' % proto
-    else:
+
-        url = "http://%s.%s:%d/%s?q=%s" % (host, app.config["DOMAIN"], port, path, quote(query))
+    url = "http://%s" % (host)
-        try:
+    if "DOMAIN" in app.config:
-            f = urlopen(url)
+        url = "%s.%s" % (url, app.config["DOMAIN"])
-            resultat = f.read()
+    url = "%s:%d/%s?" % (url, port, path)
-            status = True                # retreive remote status
+    if "SHARED_SECRET" in app.config:
-        except IOError:
+        url = "%ssecret=%s&" % (url, app.config["SHARED_SECRET"])
-            resultat = "Failed retreive url: %s" % url
+    url = "%sq=%s" % (url, quote(query))
-            status = False
+
-        return status, resultat
+    try:
+        f = urlopen(url)
+        resultat = f.read()
+        status = True                # retreive remote status
+    except IOError:
+        resultat = "Failed to retrieve URL for host %s" % host
+        app.logger.warning("Failed to retrieve URL for host %s: %s", host, url)
+        status = False
+
+    return status, resultat
 
 
 @app.context_processor
@@ -231,7 +236,7 @@ def whois():
         if m:
             query = query.groupdict()["domain"]
 
-    output = whois_command(query).replace("\n", "<br>")
+    output = whois_command(query)
     return jsonify(output=output, title=query)
 
 
@@ -415,10 +420,7 @@ def show_route_for_bgpmap(hosts, proto):
 
 
 def get_as_name(_as):
-    """return a string that contain the as number following by the as name
+    """Returns a string that contain the as number following by the as name
-
-    It's the use whois database informations
-    # Warning, the server can be blacklisted from ripe is too many requests are done
     """
     if not _as:
         return "AS?????"
@@ -426,12 +428,7 @@ def get_as_name(_as):
     if not _as.isdigit():
         return _as.strip()
 
-    name = mc.get(str('lg_%s' % _as))
+    name = get_asn_from_as(_as)[-1].replace(" ", "\r", 1)
-    if not name:
-        app.logger.info("asn for as %s not found in memcache", _as)
-        name = get_asn_from_as(_as)[-1].replace(" ","\r",1)
-        if name:
-            mc.set(str("lg_%s" % _as), str(name), memcache_expiration)
     return "AS%s | %s" % (_as, name)
 
 
@@ -488,19 +485,21 @@ def show_bgpmap():
 
             label_without_star = kwargs["label"].replace("*", "")
             if e.get_label() is not None:
-                labels = e.get_label().split("\r") 
+                labels = e.get_label().split("\r")
             else:
                 return edges[edge_tuple]
             if "%s*" % label_without_star not in labels:
-                labels = [ kwargs["label"] ]  + [ l for l in labels if not l.startswith(label_without_star) ] 
+                labels = [ kwargs["label"] ]  + [ l for l in labels if not l.startswith(label_without_star) ]
                 labels = sorted(labels, cmp=lambda x,y: x.endswith("*") and -1 or 1)
-                
                 label = escape("\r".join(labels))
                 e.set_label(label)
         return edges[edge_tuple]
 
     for host, asmaps in data.iteritems():
-        add_node(host, label= "%s\r%s" % (host.upper(), app.config["DOMAIN"].upper()), shape="box", fillcolor="#F5A9A9")
+        if "DOMAIN" in app.config:
+            add_node(host, label= "%s\r%s" % (host.upper(), app.config["DOMAIN"].upper()), shape="box", fillcolor="#F5A9A9")
+        else:
+            add_node(host, label= "%s" % (host.upper()), shape="box", fillcolor="#F5A9A9")
 
         as_number = app.config["AS_NUMBER"].get(host, None)
         if as_number:
@@ -508,7 +507,7 @@ def show_bgpmap():
             edge = add_edge(as_number, nodes[host])
             edge.set_color("red")
             edge.set_style("bold")
-    
+
     #colors = [ "#009e23", "#1a6ec1" , "#d05701", "#6f879f", "#939a0e", "#0e9a93", "#9a0e85", "#56d8e1" ]
     previous_as = None
     hosts = data.keys()
@@ -522,21 +521,29 @@ def show_bgpmap():
             hop_label = ""
             for _as in asmap:
                 if _as == previous_as:
-                    prepend_as[_as] = prepend_as.get(_as, 1) + 1
+                    if not prepend_as.get(_as, None):
+                        prepend_as[_as] = {}
+                    if not prepend_as[_as].get(host, None):
+                        prepend_as[_as][host] = {}
+                    if not prepend_as[_as][host].get(asmap[0], None):
+                        prepend_as[_as][host][asmap[0]] = 1
+                    prepend_as[_as][host][asmap[0]] += 1
                     continue
 
                 if not hop:
                     hop = True
                     if _as not in hosts:
-                        hop_label = _as 
+                        hop_label = _as
                         if first:
                             hop_label = hop_label + "*"
                         continue
                     else:
                         hop_label = ""
 
-                
+                if _as == asmap[-1]:
-                add_node(_as, fillcolor=(first and "#F5A9A9" or "white"))
+                    add_node(_as, fillcolor="#F5A9A9", shape="box", )
+                else:
+                    add_node(_as, fillcolor=(first and "#F5A9A9" or "white"), )
                 if hop_label:
                     edge = add_edge(nodes[previous_as], nodes[_as], label=hop_label, fontsize="7")
                 else:
@@ -544,22 +551,19 @@ def show_bgpmap():
 
                 hop_label = ""
 
-                if first:
+                if first or _as == asmap[-1]:
                     edge.set_style("bold")
                     edge.set_color("red")
-                elif edge.get_color() != "red":
+                elif edge.get_style() != "bold":
                     edge.set_style("dashed")
                     edge.set_color(color)
 
                 previous_as = _as
             first = False
 
-    if previous_as:
-        node = add_node(previous_as)
-        node.set_shape("box")
-
     for _as in prepend_as:
-        graph.add_edge(pydot.Edge(*(_as, _as), label=" %dx" % prepend_as[_as], color="grey", fontcolor="grey"))
+        for n in set([ n for h, d in prepend_as[_as].iteritems() for p, n in d.iteritems() ]):
+            graph.add_edge(pydot.Edge(*(_as, _as), label=" %dx" % n, color="grey", fontcolor="grey"))
 
     fmt = request.args.get('fmt', 'png')
     #response = Response("<pre>" + graph.create_dot() + "</pre>")
@@ -583,21 +587,29 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
     path = None
     paths = []
     net_dest = None
+    peer_protocol_name = ""
     for line in text:
         line = line.strip()
 
-        expr = re.search(r'(.*)via\s+([0-9a-fA-F:\.]+)\s+on.*\[(\w+)\s+', line)
+        expr = re.search(r'(.*)unicast\s+\[(\w+)\s+', line)
         if expr:
+            if expr.group(1).strip():
+                net_dest = expr.group(1).strip()
+            peer_protocol_name = expr.group(2).strip()
+
+        expr2 = re.search(r'(.*)via\s+([0-9a-fA-F:\.]+)\s+on\s+\S+(\s+\[(\w+)\s+)?', line)
+        if expr2:
             if path:
                 path.append(net_dest)
                 paths.append(path)
                 path = None
 
-            if expr.group(1).strip():
+            if expr2.group(1).strip():
-                net_dest = expr.group(1).strip()
+                net_dest = expr2.group(1).strip()
 
-            peer_ip = expr.group(2).strip()
+            peer_ip = expr2.group(2).strip()
-            peer_protocol_name = expr.group(3).strip()
+            if expr2.group(4):
+                peer_protocol_name = expr2.group(4).strip()
             # Check if via line is a internal route
             for rt_host, rt_ips in app.config["ROUTER_IP"].iteritems():
                 # Special case for internal routing
@@ -608,16 +620,19 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
                 # ugly hack for good printing
                 path = [ peer_protocol_name ]
 #                path = ["%s\r%s" % (peer_protocol_name, get_as_name(get_as_number_from_protocol_name(host, proto, peer_protocol_name)))]
-        
+
-        expr2 = re.search(r'(.*)unreachable\s+\[(\w+)\s+', line)
+        expr3 = re.search(r'(.*)unreachable\s+\[(\w+)\s+', line)
-        if expr2:
+        if expr3:
             if path:
                 path.append(net_dest)
                 paths.append(path)
                 path = None
 
-            if expr2.group(1).strip():
+            if path is None:
-                net_dest = expr2.group(1).strip()
+                path = [ expr3.group(2).strip() ]
+
+            if expr3.group(1).strip():
+                net_dest = expr3.group(1).strip()
 
         if line.startswith("BGP.as_path:"):
             ASes = line.replace("BGP.as_path:", "").strip().split(" ")
@@ -625,7 +640,7 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
                 path.extend(ASes)
             else:
                 path = ASes
-    
+
     if path:
         path.append(net_dest)
         paths.append(path)

lgproxy.cfg

@@ -1,12 +0,0 @@
-
-DEBUG=False
-LOG_FILE="/var/log/lg-proxy/lg-proxy.log"
-LOG_LEVEL="WARNING"
-BIND_IP = "0.0.0.0"
-BIND_PORT = 5000
-ACCESS_LIST = ["91.224.149.206", "178.33.111.110", "2a01:6600:8081:ce00::1"]
-IPV4_SOURCE=""
-IPV6_SOURCE=""
-BIRD_SOCKET="/var/run/bird/bird.ctl"
-BIRD6_SOCKET="/var/run/bird/bird6.ctl"
-

lgproxy.cfg.example

@@ -0,0 +1,28 @@
+# Configuration file example for lgproxy.py
+# Adapt and copy to lgproxy.cfg
+
+DEBUG=False
+
+LOG_FILE="/var/log/lg-proxy/lg-proxy.log"
+LOG_LEVEL="WARNING"
+# Keep log history indefinitely by default.
+LOG_NUM_DAYS=0
+
+BIND_IP = "0.0.0.0"
+BIND_PORT = 5000
+
+# Used to restrict access to lgproxy based on source IP address.
+# Empty list = any IP is allowed to run queries.
+ACCESS_LIST = ["91.224.149.206", "178.33.111.110", "2a01:6600:8081:ce00::1"]
+
+# Used to restrict access to lgproxy based on a shared secret (must also be configured in lg.cfg)
+# Empty string or unset = no shared secret is required to run queries.
+SHARED_SECRET="ThisTokenIsNotSecret"
+
+# Used as source address when running traceroute (optional)
+IPV4_SOURCE="198.51.100.42"
+IPV6_SOURCE="2001:db8:42::1"
+
+BIRD_SOCKET="/var/run/bird/bird.ctl"
+BIRD6_SOCKET="/var/run/bird/bird6.ctl"
+

lgproxy.py

@@ -1,3 +1,4 @@
+#!/usr/bin/python
 # -*- coding: utf-8 -*-
 # vim: ts=4
 ###
@@ -40,7 +41,7 @@ app = Flask(__name__)
 app.debug = app.config["DEBUG"]
 app.config.from_pyfile(args.config_file)
 
-file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight") 
+file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight", backupCount=app.config.get("LOG_NUM_DAYS", 0))
 app.logger.setLevel(getattr(logging, app.config["LOG_LEVEL"].upper()))
 app.logger.addHandler(file_handler)
 
@@ -53,15 +54,20 @@ def access_log_after(response, *args, **kwargs):
     app.logger.info("[%s] reponse %s, %s", request.remote_addr,  request.url, response.status_code)
     return response
 
-def check_accesslist():
+def check_security():
-    if  app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]:
+    if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]:
+        app.logger.info("Your remote address is not valid")
+        abort(401)
+
+    if app.config.get('SHARED_SECRET') and request.args.get("secret") != app.config["SHARED_SECRET"]:
+        app.logger.info("Your shared secret is not valid")
         abort(401)
 
 @app.route("/traceroute")
 @app.route("/traceroute6")
 def traceroute():
-    check_accesslist()
+    check_security()
-    
+
     if sys.platform.startswith('freebsd') or sys.platform.startswith('netbsd') or sys.platform.startswith('openbsd'):
         traceroute4 = [ 'traceroute' ]
         traceroute6 = [ 'traceroute6' ]
@@ -70,15 +76,14 @@ def traceroute():
         traceroute6 = [ 'traceroute', '-6' ]
 
     src = []
-    if request.path == '/traceroute6': 
+    if request.path == '/traceroute6':
-	traceroute = traceroute6
+        traceroute = traceroute6
-	if app.config.get("IPV6_SOURCE",""):
+        if app.config.get("IPV6_SOURCE", ""):
-	     src = [ "-s",  app.config.get("IPV6_SOURCE") ]
+            src = [ "-s",  app.config.get("IPV6_SOURCE") ]
-
     else: 
-	traceroute = traceroute4
+        traceroute = traceroute4
-	if app.config.get("IPV4_SOURCE",""):
+        if app.config.get("IPV4_SOURCE",""):
-	     src = [ "-s",  app.config.get("IPV4_SOURCE") ]
+            src = [ "-s",  app.config.get("IPV4_SOURCE") ]
 
     query = request.args.get("q","")
     query = unquote(query)
@@ -91,15 +96,13 @@ def traceroute():
         options = [ '-A', '-q1', '-N32', '-w1', '-m15' ]
     command = traceroute + src + options + [ query ]
     result = subprocess.Popen( command , stdout=subprocess.PIPE).communicate()[0].decode('utf-8', 'ignore').replace("\n","<br>")
-    
     return result
 
 
-
 @app.route("/bird")
 @app.route("/bird6")
 def bird():
-    check_accesslist()
+    check_security()
 
     if request.path == "/bird": b = BirdSocket(file=app.config.get("BIRD_SOCKET"))
     elif request.path == "/bird6": b = BirdSocket(file=app.config.get("BIRD6_SOCKET"))
@@ -112,7 +115,7 @@ def bird():
     b.close()
     # FIXME: use status
     return result
-	
+
 
 if __name__ == "__main__":
     app.logger.info("lgproxy start")

static/js/lg.js

@@ -1,4 +1,4 @@
-
+const noArgReqs = ["summary"];
 
 $(window).unload(function(){
 		$(".progress").show()
@@ -12,7 +12,7 @@ function change_url(loc){
 
 function reload(){
 	loc = "/" + request_type + "/" + hosts + "/" + proto;
-	if (request_type != "summary" ){
+	if (!noArgReqs.includes(request_type)){
 		if( request_args != undefined && request_args != ""){
 			loc = loc + "?q=" + encodeURIComponent(request_args);
 			change_url(loc)
@@ -22,7 +22,7 @@ function reload(){
 	}
 }
 function update_view(){
-	if (request_type == "summary")
+	if (noArgReqs.includes(request_type))
 		$(".navbar-search").hide();
 	else
 		$(".navbar-search").show();
@@ -58,7 +58,7 @@ $(function(){
 			link = $(this).attr('href');
 			$.getJSON(link, function(data) {
 				$(".modal h3").html(data.title);
-			        $(".modal .modal-body > p").html(data.output);
+			        $(".modal .modal-body > p").css("white-space", "pre-line").text(data.output);
 				$(".modal").modal('show');
 			});
 		});

templates/layout.html

@@ -1,7 +1,7 @@
 <!doctype html>
 <html lang="en">
-	<title>{{config.DOMAIN|capitalize}} looking glass</title>
 	<head>
+		<title>{{config.WEBSITE_TITLE|default("Bird-LG / Looking Glass") }}</title>
 		<meta charset="UTF-8">
 		<link rel=stylesheet type=text/css href="{{ url_for('static', filename='css/bootstrap.min.css') }}">
 		<link rel=stylesheet type=text/css href="{{ url_for('static', filename='css/bootstrap-responsive.min.css') }}">
@@ -18,7 +18,7 @@
 						<span class="icon-bar"></span>
 						<span class="icon-bar"></span>
 					</a>
-					<a class="brand" href="/">{{config.DOMAIN|capitalize}} / Looking Glass</a>
+					<a class="brand" href="/">{{config.WEBSITE_TITLE|default("Bird-LG / Looking Glass") }}</a>
 					<div class="navbar nav-collapse">
 						<ul class="nav nav-pills">
 							<li class="navbar-text">Nodes:&nbsp;&nbsp;</li>
@@ -120,7 +120,7 @@
         <script type="text/javascript" src="{{url_for('static', filename='js/DT_bootstrap.js') }}"></script>
 		<script type="text/javascript">
 			request_type = "{{session.request_type}}";
-			request_args = "{{session.request_args|safe}}";
+			request_args = "{{session.request_args}}";
 			hosts = "{{session.hosts}}";
 			proto = "{{session.proto}}";
 			history_query = {{session.history|tojson|safe}};

toolbox.py

@@ -24,21 +24,23 @@ import socket
 import pickle
 import xml.parsers.expat
 
+dns_cache = resolver.LRUCache(max_size=10000)
 resolv = resolver.Resolver()
 resolv.timeout = 0.5
 resolv.lifetime = 1
+resolv.cache = dns_cache
 
 def resolve(n, q):
-	return str(resolv.query(n,q)[0])
+    return str(resolv.query(n,q)[0])
 
 def mask_is_valid(n):
-	if not n: 
+    if not n:
-		return True
+        return True
-	try:
+    try:
-		mask = int(n)
+        mask = int(n)
-		return ( mask >= 1 and mask <= 128)
+        return ( mask >= 1 and mask <= 128)
-	except:
+    except:
-		return False
+        return False
 
 def ipv4_is_valid(n):
     try:
@@ -55,21 +57,21 @@ def ipv6_is_valid(n):
         return False
 
 def save_cache_pickle(filename, data):
-	output = open(filename, 'wb')
+    output = open(filename, 'wb')
-	pickle.dump(data, output)
+    pickle.dump(data, output)
-	output.close()
+    output.close()
 
 def load_cache_pickle(filename, default = None):
-	try:
+    try:
-		pkl_file = open(filename, 'rb')
+        pkl_file = open(filename, 'rb')
-	except IOError:
+    except IOError:
-		return default
+        return default
-	try:
+    try:
-		data = pickle.load(pkl_file)
+        data = pickle.load(pkl_file)
-	except:
+    except:
-		data = default
+        data = default
-	pkl_file.close()
+    pkl_file.close()
-	return data
+    return data
 
 def unescape(s):
     want_unicode = False