This commit is contained in:
Peter Hansen 2022-04-05 20:24:00 +02:00
commit f73da84a49
11 changed files with 314 additions and 238 deletions

2
.gitignore vendored
View File

@ -1,2 +1,4 @@
*.pyc *.pyc
*.pyo *.pyo
lg.cfg
lgproxy.cfg

View File

@ -1,6 +1,9 @@
BIRD-LG BIRD-LG
======= =======
Overview
--------
This is a looking glass for the Internet Routing Daemon "Bird". This is a looking glass for the Internet Routing Daemon "Bird".
Software is split in two parts: Software is split in two parts:
@ -8,7 +11,8 @@ Software is split in two parts:
- lgproxy.py: - lgproxy.py:
It must be installed and started on all bird nodes. It act as a proxy to make traceroute and bird query on the node. It must be installed and started on all bird nodes. It act as a proxy to make traceroute and bird query on the node.
Access restriction to this web service can be done in file "lgproxy.cfg" (only IP address based restriction for now). Access restriction to this web service can be done in file "lgproxy.cfg". Two access restriction methods can be configured:
based on source IP address or based on a shared secret. Both methods can be used at the same time.
- lg.py: - lg.py:
@ -33,17 +37,42 @@ Software is split in two parts:
``` ```
bird-lg depends on : Installation
------------
The web service (lg.py) depends on:
- python-flask >= 0.8 - python-flask >= 0.8
- python-dnspython - python-dnspython
- python-pydot - python-pydot
- python-memcache
- graphviz - graphviz
- whois - whois
- traceroute
Each services can be embedded in any webserver by following regular python-flask configuration. The proxy running on routers (lgproxy.py) depends on:
- python-flask >= 0.8
- traceroute
- ping
Each service can be embedded in any webserver by following regular python-flask configuration.
It is also possible to run the services directly with python for developping / testing:
python2 lg.py
python2 lgproxy.py
Systemd unit files are provided in the `init/` subdirectory.
Configuration
-------------
On your routers, copy `lgproxy.cfg.example` to `lgproxy.cfg` and edit the values.
On the web host, copy `lg.cfg.example` to `lg.cfg` and edit the values.
License
-------
Source code is under GPL 3.0, powered by Flask, jQuery and Bootstrap. Source code is under GPL 3.0, powered by Flask, jQuery and Bootstrap.
@ -67,7 +96,8 @@ Happy users
* https://lg.man-da.de/ * https://lg.man-da.de/
* http://route-server.belwue.net/ * http://route-server.belwue.net/
* https://lg.exn.uk/ * https://lg.exn.uk/
* http://lg.meerfarbig.net/ * https://meerblick.io/
* https://lg.as49697.net/
* http://lg.netnation.com/ * http://lg.netnation.com/
* http://lg.edxnetwork.eu/ * http://lg.edxnetwork.eu/
* https://lg.hivane.net/ * https://lg.hivane.net/
@ -83,3 +113,4 @@ Happy users
* https://lg.fullsave.net/ * https://lg.fullsave.net/
* http://lg.catnix.net/ * http://lg.catnix.net/
* https://lg.worldstream.nl/ * https://lg.worldstream.nl/
* https://lg.angolacables.co.ao/

241
bird.py
View File

@ -25,153 +25,150 @@ import sys
BUFSIZE = 4096 BUFSIZE = 4096
SUCCESS_CODES = { SUCCESS_CODES = {
"0000" : "OK", "0000" : "OK",
"0001" : "Welcome", "0001" : "Welcome",
"0002" : "Reading configuration", "0002" : "Reading configuration",
"0003" : "Reconfigured", "0003" : "Reconfigured",
"0004" : "Reconfiguration in progress", "0004" : "Reconfiguration in progress",
"0005" : "Reconfiguration already in progress, queueing", "0005" : "Reconfiguration already in progress, queueing",
"0006" : "Reconfiguration ignored, shutting down", "0006" : "Reconfiguration ignored, shutting down",
"0007" : "Shutdown ordered", "0007" : "Shutdown ordered",
"0008" : "Already disabled", "0008" : "Already disabled",
"0009" : "Disabled", "0009" : "Disabled",
"0010" : "Already enabled", "0010" : "Already enabled",
"0011" : "Enabled", "0011" : "Enabled",
"0012" : "Restarted", "0012" : "Restarted",
"0013" : "Status report", "0013" : "Status report",
"0014" : "Route count", "0014" : "Route count",
"0015" : "Reloading", "0015" : "Reloading",
"0016" : "Access restricted", "0016" : "Access restricted",
} }
TABLES_ENTRY_CODES = { TABLES_ENTRY_CODES = {
"1000" : "BIRD version", "1000" : "BIRD version",
"1001" : "Interface list", "1001" : "Interface list",
"1002" : "Protocol list", "1002" : "Protocol list",
"1003" : "Interface address", "1003" : "Interface address",
"1004" : "Interface flags", "1004" : "Interface flags",
"1005" : "Interface summary", "1005" : "Interface summary",
"1006" : "Protocol details", "1006" : "Protocol details",
"1007" : "Route list", "1007" : "Route list",
"1008" : "Route details", "1008" : "Route details",
"1009" : "Static route list", "1009" : "Static route list",
"1010" : "Symbol list", "1010" : "Symbol list",
"1011" : "Uptime", "1011" : "Uptime",
"1012" : "Route extended attribute list", "1012" : "Route extended attribute list",
"1013" : "Show ospf neighbors", "1013" : "Show ospf neighbors",
"1014" : "Show ospf", "1014" : "Show ospf",
"1015" : "Show ospf interface", "1015" : "Show ospf interface",
"1016" : "Show ospf state/topology", "1016" : "Show ospf state/topology",
"1017" : "Show ospf lsadb", "1017" : "Show ospf lsadb",
"1018" : "Show memory", "1018" : "Show memory",
} }
ERROR_CODES = { ERROR_CODES = {
"8000" : "Reply too long", "8000" : "Reply too long",
"8001" : "Route not found", "8001" : "Route not found",
"8002" : "Configuration file error", "8002" : "Configuration file error",
"8003" : "No protocols match", "8003" : "No protocols match",
"8004" : "Stopped due to reconfiguration", "8004" : "Stopped due to reconfiguration",
"8005" : "Protocol is down => cannot dump", "8005" : "Protocol is down => cannot dump",
"8006" : "Reload failed", "8006" : "Reload failed",
"8007" : "Access denied", "8007" : "Access denied",
"9000" : "Command too long", "9000" : "Command too long",
"9001" : "Parse error", "9001" : "Parse error",
"9002" : "Invalid symbol type", "9002" : "Invalid symbol type",
} }
END_CODES = ERROR_CODES.keys() + SUCCESS_CODES.keys() END_CODES = ERROR_CODES.keys() + SUCCESS_CODES.keys()
global bird_sockets global bird_sockets
bird_sockets = {} bird_sockets = {}
def BirdSocketSingleton(host, port): def BirdSocketSingleton(host, port):
global bird_sockets global bird_sockets
s = bird_sockets.get((host,port), None) s = bird_sockets.get((host,port), None)
if not s: if not s:
s = BirdSocket(host,port) s = BirdSocket(host,port)
bird_sockets[(host,port)] = s bird_sockets[(host,port)] = s
return s return s
class BirdSocket: class BirdSocket:
def __init__(self, host="", port="", file=""): def __init__(self, host="", port="", file=""):
self.__file = file self.__file = file
self.__host = host self.__host = host
self.__port = port self.__port = port
self.__sock = None self.__sock = None
def __connect(self): def __connect(self):
if self.__sock: return if self.__sock: return
if not file: if not file:
self.__sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.__sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.__sock.settimeout(3.0) self.__sock.settimeout(3.0)
self.__sock.connect((self.__host, self.__port)) self.__sock.connect((self.__host, self.__port))
else: else:
self.__sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) self.__sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
self.__sock.settimeout(3.0) self.__sock.settimeout(3.0)
self.__sock.connect(self.__file) self.__sock.connect(self.__file)
# read welcome message # read welcome message
self.__sock.recv(1024) self.__sock.recv(1024)
self.cmd("restrict") self.cmd("restrict")
def close(self): def close(self):
if self.__sock: if self.__sock:
try: self.__sock.close() try: self.__sock.close()
except: pass except: pass
self.__sock = None self.__sock = None
def cmd(self, cmd):
try:
self.__connect()
self.__sock.send(cmd + "\n")
data = self.__read()
return data
except socket.error:
why = sys.exc_info()[1]
self.close()
return False, "Bird connection problem: %s" % why
def __read(self): def cmd(self, cmd):
code = "7000" # Not used in bird try:
parsed_string = "" self.__connect()
lastline = "" self.__sock.send(cmd + "\n")
data = self.__read()
return data
except socket.error:
why = sys.exc_info()[1]
self.close()
return False, "Bird connection problem: %s" % why
while code not in END_CODES: def __read(self):
data = self.__sock.recv(BUFSIZE) code = "7000" # Not used in bird
parsed_string = ""
lines = (lastline + data).split("\n") lastline = ""
if len(data) == BUFSIZE:
lastline = lines[-1]
lines = lines[:-1]
for line in lines: while code not in END_CODES:
code = line[0:4] data = self.__sock.recv(BUFSIZE)
if not line.strip(): lines = (lastline + data).split("\n")
continue if len(data) == BUFSIZE:
elif code == "0000": lastline = lines[-1]
return True, parsed_string lines = lines[:-1]
elif code in SUCCESS_CODES.keys():
return True, SUCCESS_CODES.get(code)
elif code in ERROR_CODES.keys():
return False, ERROR_CODES.get(code)
elif code[0] in [ "1", "2"] :
parsed_string += line[5:] + "\n"
elif code[0] == " ":
parsed_string += line[1:] + "\n"
elif code[0] == "+":
parsed_string += line[1:]
else:
parsed_string += "<<<unparsable_string(%s)>>>\n"%line
return True, parsed_string for line in lines:
code = line[0:4]
__all__ = ['BirdSocketSingleton' , 'BirdSocket' ] if not line.strip():
continue
elif code == "0000":
return True, parsed_string
elif code in SUCCESS_CODES.keys():
return True, SUCCESS_CODES.get(code)
elif code in ERROR_CODES.keys():
return False, ERROR_CODES.get(code)
elif code[0] in [ "1", "2"] :
parsed_string += line[5:] + "\n"
elif code[0] == " ":
parsed_string += line[1:] + "\n"
elif code[0] == "+":
parsed_string += line[1:]
else:
parsed_string += "<<<unparsable_string(%s)>>>\n"%line
return True, parsed_string
__all__ = ['BirdSocketSingleton', 'BirdSocket']

View File

@ -1,10 +1,19 @@
# Configuration file example for lg.py
# Adapt and copy to lg.cfg
WEBSITE_TITLE="Bird-LG / Looking Glass"
DEBUG = False DEBUG = False
LOG_FILE="/var/log/lg.log" LOG_FILE="/var/log/lg.log"
LOG_LEVEL="WARNING" LOG_LEVEL="WARNING"
# Keep log history indefinitely by default.
LOG_NUM_DAYS=0
DOMAIN = "tetaneutral.net" DOMAIN = "tetaneutral.net"
# Used to optionally restrict access to lgproxy based on a shared secret.
# Empty string or unset = no shared secret is used to run queries on lgproxies.
SHARED_SECRET="ThisTokenIsNotSecret"
BIND_IP = "0.0.0.0" BIND_IP = "0.0.0.0"
BIND_PORT = 5000 BIND_PORT = 5000
@ -29,4 +38,5 @@ AS_NUMBER = {
# DNS zone to query for ASN -> name mapping # DNS zone to query for ASN -> name mapping
ASN_ZONE = "asn.cymru.com" ASN_ZONE = "asn.cymru.com"
# Used for secure session storage, change this
SESSION_KEY = '\xd77\xf9\xfa\xc2\xb5\xcd\x85)`+H\x9d\xeeW\\%\xbe/\xbaT\x89\xe8\xa7' SESSION_KEY = '\xd77\xf9\xfa\xc2\xb5\xcd\x85)`+H\x9d\xeeW\\%\xbe/\xbaT\x89\xe8\xa7'

121
lg.py
View File

@ -22,7 +22,6 @@
import base64 import base64
from datetime import datetime from datetime import datetime
import memcache
import subprocess import subprocess
import logging import logging
from logging.handlers import TimedRotatingFileHandler from logging.handlers import TimedRotatingFileHandler
@ -49,13 +48,10 @@ app.config.from_pyfile(args.config_file)
app.secret_key = app.config["SESSION_KEY"] app.secret_key = app.config["SESSION_KEY"]
app.debug = app.config["DEBUG"] app.debug = app.config["DEBUG"]
file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight") file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight", backupCount=app.config.get("LOG_NUM_DAYS", 0))
file_handler.setLevel(getattr(logging, app.config["LOG_LEVEL"].upper())) file_handler.setLevel(getattr(logging, app.config["LOG_LEVEL"].upper()))
app.logger.addHandler(file_handler) app.logger.addHandler(file_handler)
memcache_server = app.config.get("MEMCACHE_SERVER", "127.0.0.1:11211")
memcache_expiration = int(app.config.get("MEMCACHE_EXPIRATION", "1296000")) # 15 days by default
mc = memcache.Client([memcache_server])
def get_asn_from_as(n): def get_asn_from_as(n):
asn_zone = app.config.get("ASN_ZONE", "asn.cymru.com") asn_zone = app.config.get("ASN_ZONE", "asn.cymru.com")
@ -149,16 +145,25 @@ def bird_proxy(host, proto, service, query):
return False, 'Host "%s" invalid' % host return False, 'Host "%s" invalid' % host
elif not path: elif not path:
return False, 'Proto "%s" invalid' % proto return False, 'Proto "%s" invalid' % proto
else:
url = "http://%s.%s:%d/%s?q=%s" % (host, app.config["DOMAIN"], port, path, quote(query)) url = "http://%s" % (host)
try: if "DOMAIN" in app.config:
f = urlopen(url) url = "%s.%s" % (url, app.config["DOMAIN"])
resultat = f.read() url = "%s:%d/%s?" % (url, port, path)
status = True # retreive remote status if "SHARED_SECRET" in app.config:
except IOError: url = "%ssecret=%s&" % (url, app.config["SHARED_SECRET"])
resultat = "Failed retreive url: %s" % url url = "%sq=%s" % (url, quote(query))
status = False
return status, resultat try:
f = urlopen(url)
resultat = f.read()
status = True # retreive remote status
except IOError:
resultat = "Failed to retrieve URL for host %s" % host
app.logger.warning("Failed to retrieve URL for host %s: %s", host, url)
status = False
return status, resultat
@app.context_processor @app.context_processor
@ -231,7 +236,7 @@ def whois():
if m: if m:
query = query.groupdict()["domain"] query = query.groupdict()["domain"]
output = whois_command(query).replace("\n", "<br>") output = whois_command(query)
return jsonify(output=output, title=query) return jsonify(output=output, title=query)
@ -415,10 +420,7 @@ def show_route_for_bgpmap(hosts, proto):
def get_as_name(_as): def get_as_name(_as):
"""return a string that contain the as number following by the as name """Returns a string that contain the as number following by the as name
It's the use whois database informations
# Warning, the server can be blacklisted from ripe is too many requests are done
""" """
if not _as: if not _as:
return "AS?????" return "AS?????"
@ -426,12 +428,7 @@ def get_as_name(_as):
if not _as.isdigit(): if not _as.isdigit():
return _as.strip() return _as.strip()
name = mc.get(str('lg_%s' % _as)) name = get_asn_from_as(_as)[-1].replace(" ", "\r", 1)
if not name:
app.logger.info("asn for as %s not found in memcache", _as)
name = get_asn_from_as(_as)[-1].replace(" ","\r",1)
if name:
mc.set(str("lg_%s" % _as), str(name), memcache_expiration)
return "AS%s | %s" % (_as, name) return "AS%s | %s" % (_as, name)
@ -488,19 +485,21 @@ def show_bgpmap():
label_without_star = kwargs["label"].replace("*", "") label_without_star = kwargs["label"].replace("*", "")
if e.get_label() is not None: if e.get_label() is not None:
labels = e.get_label().split("\r") labels = e.get_label().split("\r")
else: else:
return edges[edge_tuple] return edges[edge_tuple]
if "%s*" % label_without_star not in labels: if "%s*" % label_without_star not in labels:
labels = [ kwargs["label"] ] + [ l for l in labels if not l.startswith(label_without_star) ] labels = [ kwargs["label"] ] + [ l for l in labels if not l.startswith(label_without_star) ]
labels = sorted(labels, cmp=lambda x,y: x.endswith("*") and -1 or 1) labels = sorted(labels, cmp=lambda x,y: x.endswith("*") and -1 or 1)
label = escape("\r".join(labels)) label = escape("\r".join(labels))
e.set_label(label) e.set_label(label)
return edges[edge_tuple] return edges[edge_tuple]
for host, asmaps in data.iteritems(): for host, asmaps in data.iteritems():
add_node(host, label= "%s\r%s" % (host.upper(), app.config["DOMAIN"].upper()), shape="box", fillcolor="#F5A9A9") if "DOMAIN" in app.config:
add_node(host, label= "%s\r%s" % (host.upper(), app.config["DOMAIN"].upper()), shape="box", fillcolor="#F5A9A9")
else:
add_node(host, label= "%s" % (host.upper()), shape="box", fillcolor="#F5A9A9")
as_number = app.config["AS_NUMBER"].get(host, None) as_number = app.config["AS_NUMBER"].get(host, None)
if as_number: if as_number:
@ -508,7 +507,7 @@ def show_bgpmap():
edge = add_edge(as_number, nodes[host]) edge = add_edge(as_number, nodes[host])
edge.set_color("red") edge.set_color("red")
edge.set_style("bold") edge.set_style("bold")
#colors = [ "#009e23", "#1a6ec1" , "#d05701", "#6f879f", "#939a0e", "#0e9a93", "#9a0e85", "#56d8e1" ] #colors = [ "#009e23", "#1a6ec1" , "#d05701", "#6f879f", "#939a0e", "#0e9a93", "#9a0e85", "#56d8e1" ]
previous_as = None previous_as = None
hosts = data.keys() hosts = data.keys()
@ -522,21 +521,29 @@ def show_bgpmap():
hop_label = "" hop_label = ""
for _as in asmap: for _as in asmap:
if _as == previous_as: if _as == previous_as:
prepend_as[_as] = prepend_as.get(_as, 1) + 1 if not prepend_as.get(_as, None):
prepend_as[_as] = {}
if not prepend_as[_as].get(host, None):
prepend_as[_as][host] = {}
if not prepend_as[_as][host].get(asmap[0], None):
prepend_as[_as][host][asmap[0]] = 1
prepend_as[_as][host][asmap[0]] += 1
continue continue
if not hop: if not hop:
hop = True hop = True
if _as not in hosts: if _as not in hosts:
hop_label = _as hop_label = _as
if first: if first:
hop_label = hop_label + "*" hop_label = hop_label + "*"
continue continue
else: else:
hop_label = "" hop_label = ""
if _as == asmap[-1]:
add_node(_as, fillcolor=(first and "#F5A9A9" or "white")) add_node(_as, fillcolor="#F5A9A9", shape="box", )
else:
add_node(_as, fillcolor=(first and "#F5A9A9" or "white"), )
if hop_label: if hop_label:
edge = add_edge(nodes[previous_as], nodes[_as], label=hop_label, fontsize="7") edge = add_edge(nodes[previous_as], nodes[_as], label=hop_label, fontsize="7")
else: else:
@ -544,22 +551,19 @@ def show_bgpmap():
hop_label = "" hop_label = ""
if first: if first or _as == asmap[-1]:
edge.set_style("bold") edge.set_style("bold")
edge.set_color("red") edge.set_color("red")
elif edge.get_color() != "red": elif edge.get_style() != "bold":
edge.set_style("dashed") edge.set_style("dashed")
edge.set_color(color) edge.set_color(color)
previous_as = _as previous_as = _as
first = False first = False
if previous_as:
node = add_node(previous_as)
node.set_shape("box")
for _as in prepend_as: for _as in prepend_as:
graph.add_edge(pydot.Edge(*(_as, _as), label=" %dx" % prepend_as[_as], color="grey", fontcolor="grey")) for n in set([ n for h, d in prepend_as[_as].iteritems() for p, n in d.iteritems() ]):
graph.add_edge(pydot.Edge(*(_as, _as), label=" %dx" % n, color="grey", fontcolor="grey"))
fmt = request.args.get('fmt', 'png') fmt = request.args.get('fmt', 'png')
#response = Response("<pre>" + graph.create_dot() + "</pre>") #response = Response("<pre>" + graph.create_dot() + "</pre>")
@ -583,21 +587,29 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
path = None path = None
paths = [] paths = []
net_dest = None net_dest = None
peer_protocol_name = ""
for line in text: for line in text:
line = line.strip() line = line.strip()
expr = re.search(r'(.*)via\s+([0-9a-fA-F:\.]+)\s+on.*\[(\w+)\s+', line) expr = re.search(r'(.*)unicast\s+\[(\w+)\s+', line)
if expr: if expr:
if expr.group(1).strip():
net_dest = expr.group(1).strip()
peer_protocol_name = expr.group(2).strip()
expr2 = re.search(r'(.*)via\s+([0-9a-fA-F:\.]+)\s+on\s+\S+(\s+\[(\w+)\s+)?', line)
if expr2:
if path: if path:
path.append(net_dest) path.append(net_dest)
paths.append(path) paths.append(path)
path = None path = None
if expr.group(1).strip(): if expr2.group(1).strip():
net_dest = expr.group(1).strip() net_dest = expr2.group(1).strip()
peer_ip = expr.group(2).strip() peer_ip = expr2.group(2).strip()
peer_protocol_name = expr.group(3).strip() if expr2.group(4):
peer_protocol_name = expr2.group(4).strip()
# Check if via line is a internal route # Check if via line is a internal route
for rt_host, rt_ips in app.config["ROUTER_IP"].iteritems(): for rt_host, rt_ips in app.config["ROUTER_IP"].iteritems():
# Special case for internal routing # Special case for internal routing
@ -608,16 +620,19 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
# ugly hack for good printing # ugly hack for good printing
path = [ peer_protocol_name ] path = [ peer_protocol_name ]
# path = ["%s\r%s" % (peer_protocol_name, get_as_name(get_as_number_from_protocol_name(host, proto, peer_protocol_name)))] # path = ["%s\r%s" % (peer_protocol_name, get_as_name(get_as_number_from_protocol_name(host, proto, peer_protocol_name)))]
expr2 = re.search(r'(.*)unreachable\s+\[(\w+)\s+', line) expr3 = re.search(r'(.*)unreachable\s+\[(\w+)\s+', line)
if expr2: if expr3:
if path: if path:
path.append(net_dest) path.append(net_dest)
paths.append(path) paths.append(path)
path = None path = None
if expr2.group(1).strip(): if path is None:
net_dest = expr2.group(1).strip() path = [ expr3.group(2).strip() ]
if expr3.group(1).strip():
net_dest = expr3.group(1).strip()
if line.startswith("BGP.as_path:"): if line.startswith("BGP.as_path:"):
ASes = line.replace("BGP.as_path:", "").strip().split(" ") ASes = line.replace("BGP.as_path:", "").strip().split(" ")
@ -625,7 +640,7 @@ def build_as_tree_from_raw_bird_ouput(host, proto, text):
path.extend(ASes) path.extend(ASes)
else: else:
path = ASes path = ASes
if path: if path:
path.append(net_dest) path.append(net_dest)
paths.append(path) paths.append(path)

View File

@ -1,12 +0,0 @@
DEBUG=False
LOG_FILE="/var/log/lg-proxy/lg-proxy.log"
LOG_LEVEL="WARNING"
BIND_IP = "0.0.0.0"
BIND_PORT = 5000
ACCESS_LIST = ["91.224.149.206", "178.33.111.110", "2a01:6600:8081:ce00::1"]
IPV4_SOURCE=""
IPV6_SOURCE=""
BIRD_SOCKET="/var/run/bird/bird.ctl"
BIRD6_SOCKET="/var/run/bird/bird6.ctl"

28
lgproxy.cfg.example Normal file
View File

@ -0,0 +1,28 @@
# Configuration file example for lgproxy.py
# Adapt and copy to lgproxy.cfg
DEBUG=False
LOG_FILE="/var/log/lg-proxy/lg-proxy.log"
LOG_LEVEL="WARNING"
# Keep log history indefinitely by default.
LOG_NUM_DAYS=0
BIND_IP = "0.0.0.0"
BIND_PORT = 5000
# Used to restrict access to lgproxy based on source IP address.
# Empty list = any IP is allowed to run queries.
ACCESS_LIST = ["91.224.149.206", "178.33.111.110", "2a01:6600:8081:ce00::1"]
# Used to restrict access to lgproxy based on a shared secret (must also be configured in lg.cfg)
# Empty string or unset = no shared secret is required to run queries.
SHARED_SECRET="ThisTokenIsNotSecret"
# Used as source address when running traceroute (optional)
IPV4_SOURCE="198.51.100.42"
IPV6_SOURCE="2001:db8:42::1"
BIRD_SOCKET="/var/run/bird/bird.ctl"
BIRD6_SOCKET="/var/run/bird/bird6.ctl"

View File

@ -1,3 +1,4 @@
#!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# vim: ts=4 # vim: ts=4
### ###
@ -40,7 +41,7 @@ app = Flask(__name__)
app.debug = app.config["DEBUG"] app.debug = app.config["DEBUG"]
app.config.from_pyfile(args.config_file) app.config.from_pyfile(args.config_file)
file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight") file_handler = TimedRotatingFileHandler(filename=app.config["LOG_FILE"], when="midnight", backupCount=app.config.get("LOG_NUM_DAYS", 0))
app.logger.setLevel(getattr(logging, app.config["LOG_LEVEL"].upper())) app.logger.setLevel(getattr(logging, app.config["LOG_LEVEL"].upper()))
app.logger.addHandler(file_handler) app.logger.addHandler(file_handler)
@ -53,15 +54,20 @@ def access_log_after(response, *args, **kwargs):
app.logger.info("[%s] reponse %s, %s", request.remote_addr, request.url, response.status_code) app.logger.info("[%s] reponse %s, %s", request.remote_addr, request.url, response.status_code)
return response return response
def check_accesslist(): def check_security():
if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]: if app.config["ACCESS_LIST"] and request.remote_addr not in app.config["ACCESS_LIST"]:
app.logger.info("Your remote address is not valid")
abort(401)
if app.config.get('SHARED_SECRET') and request.args.get("secret") != app.config["SHARED_SECRET"]:
app.logger.info("Your shared secret is not valid")
abort(401) abort(401)
@app.route("/traceroute") @app.route("/traceroute")
@app.route("/traceroute6") @app.route("/traceroute6")
def traceroute(): def traceroute():
check_accesslist() check_security()
if sys.platform.startswith('freebsd') or sys.platform.startswith('netbsd') or sys.platform.startswith('openbsd'): if sys.platform.startswith('freebsd') or sys.platform.startswith('netbsd') or sys.platform.startswith('openbsd'):
traceroute4 = [ 'traceroute' ] traceroute4 = [ 'traceroute' ]
traceroute6 = [ 'traceroute6' ] traceroute6 = [ 'traceroute6' ]
@ -70,15 +76,14 @@ def traceroute():
traceroute6 = [ 'traceroute', '-6' ] traceroute6 = [ 'traceroute', '-6' ]
src = [] src = []
if request.path == '/traceroute6': if request.path == '/traceroute6':
traceroute = traceroute6 traceroute = traceroute6
if app.config.get("IPV6_SOURCE",""): if app.config.get("IPV6_SOURCE", ""):
src = [ "-s", app.config.get("IPV6_SOURCE") ] src = [ "-s", app.config.get("IPV6_SOURCE") ]
else: else:
traceroute = traceroute4 traceroute = traceroute4
if app.config.get("IPV4_SOURCE",""): if app.config.get("IPV4_SOURCE",""):
src = [ "-s", app.config.get("IPV4_SOURCE") ] src = [ "-s", app.config.get("IPV4_SOURCE") ]
query = request.args.get("q","") query = request.args.get("q","")
query = unquote(query) query = unquote(query)
@ -91,15 +96,13 @@ def traceroute():
options = [ '-A', '-q1', '-N32', '-w1', '-m15' ] options = [ '-A', '-q1', '-N32', '-w1', '-m15' ]
command = traceroute + src + options + [ query ] command = traceroute + src + options + [ query ]
result = subprocess.Popen( command , stdout=subprocess.PIPE).communicate()[0].decode('utf-8', 'ignore').replace("\n","<br>") result = subprocess.Popen( command , stdout=subprocess.PIPE).communicate()[0].decode('utf-8', 'ignore').replace("\n","<br>")
return result return result
@app.route("/bird") @app.route("/bird")
@app.route("/bird6") @app.route("/bird6")
def bird(): def bird():
check_accesslist() check_security()
if request.path == "/bird": b = BirdSocket(file=app.config.get("BIRD_SOCKET")) if request.path == "/bird": b = BirdSocket(file=app.config.get("BIRD_SOCKET"))
elif request.path == "/bird6": b = BirdSocket(file=app.config.get("BIRD6_SOCKET")) elif request.path == "/bird6": b = BirdSocket(file=app.config.get("BIRD6_SOCKET"))
@ -112,7 +115,7 @@ def bird():
b.close() b.close()
# FIXME: use status # FIXME: use status
return result return result
if __name__ == "__main__": if __name__ == "__main__":
app.logger.info("lgproxy start") app.logger.info("lgproxy start")

View File

@ -1,4 +1,4 @@
const noArgReqs = ["summary"];
$(window).unload(function(){ $(window).unload(function(){
$(".progress").show() $(".progress").show()
@ -12,7 +12,7 @@ function change_url(loc){
function reload(){ function reload(){
loc = "/" + request_type + "/" + hosts + "/" + proto; loc = "/" + request_type + "/" + hosts + "/" + proto;
if (request_type != "summary" ){ if (!noArgReqs.includes(request_type)){
if( request_args != undefined && request_args != ""){ if( request_args != undefined && request_args != ""){
loc = loc + "?q=" + encodeURIComponent(request_args); loc = loc + "?q=" + encodeURIComponent(request_args);
change_url(loc) change_url(loc)
@ -22,7 +22,7 @@ function reload(){
} }
} }
function update_view(){ function update_view(){
if (request_type == "summary") if (noArgReqs.includes(request_type))
$(".navbar-search").hide(); $(".navbar-search").hide();
else else
$(".navbar-search").show(); $(".navbar-search").show();
@ -58,7 +58,7 @@ $(function(){
link = $(this).attr('href'); link = $(this).attr('href');
$.getJSON(link, function(data) { $.getJSON(link, function(data) {
$(".modal h3").html(data.title); $(".modal h3").html(data.title);
$(".modal .modal-body > p").html(data.output); $(".modal .modal-body > p").css("white-space", "pre-line").text(data.output);
$(".modal").modal('show'); $(".modal").modal('show');
}); });
}); });

View File

@ -1,7 +1,7 @@
<!doctype html> <!doctype html>
<html lang="en"> <html lang="en">
<title>{{config.DOMAIN|capitalize}} looking glass</title>
<head> <head>
<title>{{config.WEBSITE_TITLE|default("Bird-LG / Looking Glass") }}</title>
<meta charset="UTF-8"> <meta charset="UTF-8">
<link rel=stylesheet type=text/css href="{{ url_for('static', filename='css/bootstrap.min.css') }}"> <link rel=stylesheet type=text/css href="{{ url_for('static', filename='css/bootstrap.min.css') }}">
<link rel=stylesheet type=text/css href="{{ url_for('static', filename='css/bootstrap-responsive.min.css') }}"> <link rel=stylesheet type=text/css href="{{ url_for('static', filename='css/bootstrap-responsive.min.css') }}">
@ -18,7 +18,7 @@
<span class="icon-bar"></span> <span class="icon-bar"></span>
<span class="icon-bar"></span> <span class="icon-bar"></span>
</a> </a>
<a class="brand" href="/">{{config.DOMAIN|capitalize}} / Looking Glass</a> <a class="brand" href="/">{{config.WEBSITE_TITLE|default("Bird-LG / Looking Glass") }}</a>
<div class="navbar nav-collapse"> <div class="navbar nav-collapse">
<ul class="nav nav-pills"> <ul class="nav nav-pills">
<li class="navbar-text">Nodes:&nbsp;&nbsp;</li> <li class="navbar-text">Nodes:&nbsp;&nbsp;</li>
@ -120,7 +120,7 @@
<script type="text/javascript" src="{{url_for('static', filename='js/DT_bootstrap.js') }}"></script> <script type="text/javascript" src="{{url_for('static', filename='js/DT_bootstrap.js') }}"></script>
<script type="text/javascript"> <script type="text/javascript">
request_type = "{{session.request_type}}"; request_type = "{{session.request_type}}";
request_args = "{{session.request_args|safe}}"; request_args = "{{session.request_args}}";
hosts = "{{session.hosts}}"; hosts = "{{session.hosts}}";
proto = "{{session.proto}}"; proto = "{{session.proto}}";
history_query = {{session.history|tojson|safe}}; history_query = {{session.history|tojson|safe}};

View File

@ -24,21 +24,23 @@ import socket
import pickle import pickle
import xml.parsers.expat import xml.parsers.expat
dns_cache = resolver.LRUCache(max_size=10000)
resolv = resolver.Resolver() resolv = resolver.Resolver()
resolv.timeout = 0.5 resolv.timeout = 0.5
resolv.lifetime = 1 resolv.lifetime = 1
resolv.cache = dns_cache
def resolve(n, q): def resolve(n, q):
return str(resolv.query(n,q)[0]) return str(resolv.query(n,q)[0])
def mask_is_valid(n): def mask_is_valid(n):
if not n: if not n:
return True return True
try: try:
mask = int(n) mask = int(n)
return ( mask >= 1 and mask <= 128) return ( mask >= 1 and mask <= 128)
except: except:
return False return False
def ipv4_is_valid(n): def ipv4_is_valid(n):
try: try:
@ -55,21 +57,21 @@ def ipv6_is_valid(n):
return False return False
def save_cache_pickle(filename, data): def save_cache_pickle(filename, data):
output = open(filename, 'wb') output = open(filename, 'wb')
pickle.dump(data, output) pickle.dump(data, output)
output.close() output.close()
def load_cache_pickle(filename, default = None): def load_cache_pickle(filename, default = None):
try: try:
pkl_file = open(filename, 'rb') pkl_file = open(filename, 'rb')
except IOError: except IOError:
return default return default
try: try:
data = pickle.load(pkl_file) data = pickle.load(pkl_file)
except: except:
data = default data = default
pkl_file.close() pkl_file.close()
return data return data
def unescape(s): def unescape(s):
want_unicode = False want_unicode = False