def __init__(self, server_id, conf_dir, prom_export=None):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
:param str prom_export: prometheus export address.
"""
super().__init__(server_id, conf_dir, prom_export=prom_export)
down_labels = {
**self._labels, "type": "down"
} if self._labels else None
core_labels = {
**self._labels, "type": "core"
} if self._labels else None
self.down_segments = PathSegmentDB(max_res_no=self.MAX_SEG_NO,
labels=down_labels)
self.core_segments = PathSegmentDB(max_res_no=self.MAX_SEG_NO,
labels=core_labels)
self.pending_req = defaultdict(list) # Dict of pending requests.
self.pen_req_lock = threading.Lock()
self._request_logger = None
# Used when l/cPS doesn't have up/dw-path.
self.waiting_targets = defaultdict(list)
self.revocations = RevCache(labels=self._labels)
# A mapping from (hash tree root of AS, IFID) to segments
self.htroot_if2seg = ExpiringDict(1000, HASHTREE_TTL)
self.htroot_if2seglock = Lock()
self.CTRL_PLD_CLASS_MAP = {
PayloadClass.PATH: {
PMT.REQUEST: self.path_resolution,
PMT.REPLY: self.handle_path_segment_record,
PMT.REG: self.handle_path_segment_record,
PMT.REVOCATION: self._handle_revocation,
PMT.SYNC: self.handle_path_segment_record,
},
PayloadClass.CERT: {
CertMgmtType.CERT_CHAIN_REQ: self.process_cert_chain_request,
CertMgmtType.CERT_CHAIN_REPLY: self.process_cert_chain_reply,
CertMgmtType.TRC_REPLY: self.process_trc_reply,
CertMgmtType.TRC_REQ: self.process_trc_request,
},
}
self.SCMP_PLD_CLASS_MAP = {
SCMPClass.PATH: {
SCMPPathClass.REVOKED_IF: self._handle_scmp_revocation,
},
}
self._segs_to_zk = ExpiringDict(1000, self.SEGS_TO_ZK_TTL)
self._revs_to_zk = ExpiringDict(1000, HASHTREE_EPOCH_TIME)
self._zkid = ZkID.from_values(self.addr.isd_as, self.id,
[(self.addr.host, self._port)])
self.zk = Zookeeper(self.topology.isd_as, PATH_SERVICE,
self._zkid.copy().pack(), self.topology.zookeepers)
self.zk.retry("Joining party", self.zk.party_setup)
self.path_cache = ZkSharedCache(self.zk, self.ZK_PATH_CACHE_PATH,
self._handle_paths_from_zk)
self.rev_cache = ZkSharedCache(self.zk, self.ZK_REV_CACHE_PATH,
self._rev_entries_handler)
self._init_request_logger()
def __init__(self, api_addr, counter): # pragma: no cover
self._api_addr = api_addr
self._req_id = counter
self._if_infos = ExpiringDict(100, _IF_INFO_TTL)
self._svc_infos = ExpiringDict(100, _SVC_INFO_TTL)
self._as_infos = ExpiringDict(100, _AS_INFO_TTL)
self._if_infos_lock = threading.Lock()
self._svc_infos_lock = threading.Lock()
self._as_infos_lock = threading.Lock()
def __init__(self, server_id, conf_dir):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
"""
super().__init__(server_id, conf_dir)
self.cc_requests = RequestHandler.start(
"CC Requests",
self._check_cc,
self._fetch_cc,
self._reply_cc,
)
self.trc_requests = RequestHandler.start(
"TRC Requests",
self._check_trc,
self._fetch_trc,
self._reply_trc,
)
self.drkey_protocol_requests = RequestHandler.start(
"DRKey Requests",
self._check_drkey,
self._fetch_drkey,
self._reply_proto_drkey,
)
self.CTRL_PLD_CLASS_MAP = {
PayloadClass.CERT: {
CertMgmtType.CERT_CHAIN_REQ: self.process_cert_chain_request,
CertMgmtType.CERT_CHAIN_REPLY: self.process_cert_chain_reply,
CertMgmtType.TRC_REQ: self.process_trc_request,
CertMgmtType.TRC_REPLY: self.process_trc_reply,
},
PayloadClass.DRKEY: {
DRKeyMgmtType.FIRST_ORDER_REQUEST: self.process_drkey_request,
DRKeyMgmtType.FIRST_ORDER_REPLY: self.process_drkey_reply,
},
}
zkid = ZkID.from_values(self.addr.isd_as, self.id,
[(self.addr.host, self._port)]).pack()
self.zk = Zookeeper(self.topology.isd_as, CERTIFICATE_SERVICE, zkid,
self.topology.zookeepers)
self.zk.retry("Joining party", self.zk.party_setup)
self.trc_cache = ZkSharedCache(self.zk, self.ZK_TRC_CACHE_PATH,
self._cached_trcs_handler)
self.cc_cache = ZkSharedCache(self.zk, self.ZK_CC_CACHE_PATH,
self._cached_certs_handler)
self.drkey_cache = ZkSharedCache(self.zk, self.ZK_DRKEY_PATH,
self._cached_drkeys_handler)
lib_sciond.init(
os.path.join(SCIOND_API_SOCKDIR, "sd%s.sock" % self.addr.isd_as))
self.signing_key = get_sig_key(self.conf_dir)
self.private_key = get_enc_key(self.conf_dir)
self.public_key = self.private_key.public_key
self.drkey_secrets = ExpiringDict(DRKEY_MAX_SV, DRKEY_MAX_TTL)
self.first_order_drkeys = ExpiringDict(DRKEY_MAX_KEYS, DRKEY_MAX_TTL)
def __init__(self, server_id, conf_dir, prom_export=None):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
:param str prom_export: prometheus export address.
"""
super().__init__(server_id, conf_dir, prom_export=prom_export)
cc_labels = {**self._labels, "type": "cc"} if self._labels else None
trc_labels = {**self._labels, "type": "trc"} if self._labels else None
drkey_labels = {**self._labels, "type": "drkey"} if self._labels else None
self.cc_requests = RequestHandler.start(
"CC Requests", self._check_cc, self._fetch_cc, self._reply_cc,
labels=cc_labels,
)
self.trc_requests = RequestHandler.start(
"TRC Requests", self._check_trc, self._fetch_trc, self._reply_trc,
labels=trc_labels,
)
self.drkey_protocol_requests = RequestHandler.start(
"DRKey Requests", self._check_drkey, self._fetch_drkey, self._reply_proto_drkey,
labels=drkey_labels,
)
self.CTRL_PLD_CLASS_MAP = {
PayloadClass.CERT: {
CertMgmtType.CERT_CHAIN_REQ: self.process_cert_chain_request,
CertMgmtType.CERT_CHAIN_REPLY: self.process_cert_chain_reply,
CertMgmtType.TRC_REQ: self.process_trc_request,
CertMgmtType.TRC_REPLY: self.process_trc_reply,
},
PayloadClass.DRKEY: {
DRKeyMgmtType.FIRST_ORDER_REQUEST:
self.process_drkey_request,
DRKeyMgmtType.FIRST_ORDER_REPLY:
self.process_drkey_reply,
},
}
zkid = ZkID.from_values(self.addr.isd_as, self.id,
[(self.addr.host, self._port)]).pack()
self.zk = Zookeeper(self.topology.isd_as, CERTIFICATE_SERVICE,
zkid, self.topology.zookeepers)
self.zk.retry("Joining party", self.zk.party_setup)
self.trc_cache = ZkSharedCache(self.zk, self.ZK_TRC_CACHE_PATH,
self._cached_trcs_handler)
self.cc_cache = ZkSharedCache(self.zk, self.ZK_CC_CACHE_PATH,
self._cached_certs_handler)
self.drkey_cache = ZkSharedCache(self.zk, self.ZK_DRKEY_PATH,
self._cached_drkeys_handler)
self.signing_key = get_sig_key(self.conf_dir)
self.private_key = get_enc_key(self.conf_dir)
self.drkey_secrets = ExpiringDict(DRKEY_MAX_SV, DRKEY_MAX_TTL)
self.first_order_drkeys = ExpiringDict(DRKEY_MAX_KEYS, DRKEY_MAX_TTL)
def __init__(self, server_id, conf_dir):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
"""
super().__init__(server_id, conf_dir)
# Sanity check that we should indeed be a core path server.
assert self.topology.is_core_as, "This shouldn't be a local PS!"
self._master_id = None # Address of master core Path Server.
self._segs_to_master = ExpiringDict(1000, 10)
self._segs_to_prop = ExpiringDict(1000,
2 * self.config.propagation_time)
def __init__(self, server_id, conf_dir, spki_cache_dir=GEN_CACHE_PATH,
prom_export=None, sciond_path=None):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
:param str prom_export: prometheus export address.
:param str sciond_path: path to sciond socket.
"""
super().__init__(server_id, conf_dir, spki_cache_dir=spki_cache_dir,
prom_export=prom_export, sciond_path=sciond_path)
# Sanity check that we should indeed be a core path server.
assert self.topology.is_core_as, "This shouldn't be a local PS!"
self._master_id = None # Address of master core Path Server.
self._segs_to_master = ExpiringDict(1000, 10)
self._segs_to_prop = ExpiringDict(1000, 2 * self.config.propagation_time)
def __init__(self,
conf_dir,
addr,
api_addr,
run_local_api=False,
port=None,
prom_export=None):
"""
Initialize an instance of the class SCIONDaemon.
"""
super().__init__("sciond",
conf_dir,
prom_export=prom_export,
public=[(addr, port)])
up_labels = {**self._labels, "type": "up"} if self._labels else None
down_labels = {
**self._labels, "type": "down"
} if self._labels else None
core_labels = {
**self._labels, "type": "core"
} if self._labels else None
self.up_segments = PathSegmentDB(segment_ttl=self.SEGMENT_TTL,
labels=up_labels)
self.down_segments = PathSegmentDB(segment_ttl=self.SEGMENT_TTL,
labels=down_labels)
self.core_segments = PathSegmentDB(segment_ttl=self.SEGMENT_TTL,
labels=core_labels)
self.peer_revs = RevCache()
# Keep track of requested paths.
self.requested_paths = ExpiringDict(self.MAX_REQS, self.PATH_REQ_TOUT)
self.req_path_lock = threading.Lock()
self._api_sock = None
self.daemon_thread = None
os.makedirs(SCIOND_API_SOCKDIR, exist_ok=True)
self.api_addr = (api_addr or os.path.join(
SCIOND_API_SOCKDIR, "%s.sock" % self.addr.isd_as))
self.CTRL_PLD_CLASS_MAP = {
PayloadClass.PATH: {
PMT.REPLY: self.handle_path_reply,
PMT.REVOCATION: self.handle_revocation,
},
PayloadClass.CERT: {
CertMgmtType.CERT_CHAIN_REQ: self.process_cert_chain_request,
CertMgmtType.CERT_CHAIN_REPLY: self.process_cert_chain_reply,
CertMgmtType.TRC_REPLY: self.process_trc_reply,
CertMgmtType.TRC_REQ: self.process_trc_request,
},
}
self.SCMP_PLD_CLASS_MAP = {
SCMPClass.PATH: {
SCMPPathClass.REVOKED_IF: self.handle_scmp_revocation
},
}
if run_local_api:
self._api_sock = ReliableSocket(bind_unix=(self.api_addr,
"sciond"))
self._socks.add(self._api_sock, self.handle_accept)
def __init__(self, server_id, conf_dir):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
"""
super().__init__(server_id, conf_dir)
self.down_segments = PathSegmentDB(max_res_no=self.MAX_SEG_NO)
self.core_segments = PathSegmentDB(max_res_no=self.MAX_SEG_NO)
self.pending_req = defaultdict(list) # Dict of pending requests.
# Used when l/cPS doesn't have up/dw-path.
self.waiting_targets = defaultdict(list)
self.revocations = ExpiringDict(1000, 300)
self.iftoken2seg = defaultdict(set)
self.CTRL_PLD_CLASS_MAP = {
PayloadClass.PATH: {
PMT.REQUEST: self.path_resolution,
PMT.REPLY: self.handle_path_segment_record,
PMT.REG: self.handle_path_segment_record,
PMT.REVOCATION: self._handle_revocation,
PMT.SYNC: self.handle_path_segment_record,
},
}
self._segs_to_zk = deque()
# Add more IPs here if we support dual-stack
name_addrs = "\0".join(
[self.id, str(SCION_UDP_PORT),
str(self.addr.host)])
self.zk = Zookeeper(self.topology.isd_as, PATH_SERVICE, name_addrs,
self.topology.zookeepers)
self.zk.retry("Joining party", self.zk.party_setup)
self.path_cache = ZkSharedCache(self.zk, self.ZK_PATH_CACHE_PATH,
self._cached_entries_handler)
def __init__(self, server_id, conf_dir, prom_export=None):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
:param str prom_export: prometheus export address.
"""
super().__init__(server_id, conf_dir, prom_export=prom_export)
# TODO: add 2 policies
self.path_policy = PathPolicy.from_file(
os.path.join(conf_dir, PATH_POLICY_FILE))
self.signing_key = get_sig_key(self.conf_dir)
self.of_gen_key = kdf(self.config.master_as_key, b"Derive OF Key")
self.hashtree_gen_key = kdf(self.config.master_as_key,
b"Derive hashtree Key")
logging.info(self.config.__dict__)
self._hash_tree = None
self._hash_tree_lock = Lock()
self._next_tree = None
self._init_hash_tree()
self.ifid_state = {}
for ifid in self.ifid2br:
self.ifid_state[ifid] = InterfaceState()
self.ifid_state_lock = RLock()
self.CTRL_PLD_CLASS_MAP = {
PayloadClass.PCB: {
None: self.handle_pcb
},
PayloadClass.IFID: {
None: self.handle_ifid_packet
},
PayloadClass.CERT: {
CertMgmtType.CERT_CHAIN_REQ: self.process_cert_chain_request,
CertMgmtType.CERT_CHAIN_REPLY: self.process_cert_chain_reply,
CertMgmtType.TRC_REPLY: self.process_trc_reply,
CertMgmtType.TRC_REQ: self.process_trc_request,
},
PayloadClass.PATH: {
PMT.IFSTATE_REQ: self._handle_ifstate_request,
PMT.REVOCATION: self._handle_revocation,
},
}
self.SCMP_PLD_CLASS_MAP = {
SCMPClass.PATH: {
SCMPPathClass.REVOKED_IF: self._handle_scmp_revocation,
},
}
zkid = ZkID.from_values(self.addr.isd_as, self.id,
[(self.addr.host, self._port)]).pack()
self.zk = Zookeeper(self.addr.isd_as, BEACON_SERVICE, zkid,
self.topology.zookeepers)
self.zk.retry("Joining party", self.zk.party_setup)
self.pcb_cache = ZkSharedCache(self.zk, self.ZK_PCB_CACHE_PATH,
self._handle_pcbs_from_zk)
self.revobjs_cache = ZkSharedCache(self.zk, self.ZK_REVOCATIONS_PATH,
self.process_rev_objects)
self.local_rev_cache = ExpiringDict(
1000, HASHTREE_EPOCH_TIME + HASHTREE_EPOCH_TOLERANCE)
self._rev_seg_lock = RLock()
def __init__(
self,
server_id,
conf_dir,
):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
"""
super().__init__(
server_id,
conf_dir,
)
self.interface = None
for border_router in self.topology.get_all_border_routers():
if border_router.name == self.id:
self.interface = border_router.interface
break
assert self.interface is not None
logging.info("Interface: %s", self.interface.__dict__)
self.is_core_router = self.topology.is_core_as
self.of_gen_key = kdf(self.config.master_as_key, b"Derive OF Key")
self.sibra_key = kdf(self.config.master_as_key, b"Derive SIBRA Key")
self.if_states = defaultdict(InterfaceState)
self.revocations = ExpiringDict(1000, self.FWD_REVOCATION_TIMEOUT)
self.pre_ext_handlers = {
SibraExtBase.EXT_TYPE: self.handle_sibra,
TracerouteExt.EXT_TYPE: self.handle_traceroute,
OneHopPathExt.EXT_TYPE: self.handle_one_hop_path,
ExtHopByHopType.SCMP: self.handle_scmp,
}
self.post_ext_handlers = {
SibraExtBase.EXT_TYPE: False,
TracerouteExt.EXT_TYPE: False,
ExtHopByHopType.SCMP: False,
OneHopPathExt.EXT_TYPE: False,
}
self.sibra_state = SibraState(
self.interface.bandwidth, "%s#%s -> %s" %
(self.addr.isd_as, self.interface.if_id, self.interface.isd_as))
self.CTRL_PLD_CLASS_MAP = {
PayloadClass.IFID: {
None: self.process_ifid_request
},
PayloadClass.PATH:
defaultdict(lambda: self.process_path_mgmt_packet),
}
self.SCMP_PLD_CLASS_MAP = {
SCMPClass.PATH: {
SCMPPathClass.REVOKED_IF: self.process_revocation
},
}
self._remote_sock = UDPSocket(
bind=(str(self.interface.addr), self.interface.udp_port),
addr_type=self.interface.addr.TYPE,
)
self._socks.add(self._remote_sock, self.handle_recv)
logging.info("IP %s:%d", self.interface.addr, self.interface.udp_port)
def __init__(self, server_id, conf_dir):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
"""
super().__init__(server_id, conf_dir)
self.down_segments = PathSegmentDB(max_res_no=self.MAX_SEG_NO)
self.core_segments = PathSegmentDB(max_res_no=self.MAX_SEG_NO)
self.pending_req = defaultdict(list) # Dict of pending requests.
# Used when l/cPS doesn't have up/dw-path.
self.waiting_targets = defaultdict(list)
self.revocations = ExpiringDict(1000, HASHTREE_EPOCH_TIME)
# Contains PCBs that include revocations.
self.pcb_cache = ExpiringDict(100, HASHTREE_EPOCH_TIME)
self.pcb_cache_lock = Lock()
# A mapping from (hash tree root of AS, IFID) to segments
self.htroot_if2seg = ExpiringDict(1000, HASHTREE_TTL)
self.htroot_if2seglock = Lock()
self.CTRL_PLD_CLASS_MAP = {
PayloadClass.PATH: {
PMT.REQUEST: self.path_resolution,
PMT.REPLY: self.handle_path_segment_record,
PMT.REG: self.handle_path_segment_record,
PMT.REVOCATION: self._handle_revocation,
PMT.SYNC: self.handle_path_segment_record,
},
}
self.SCMP_PLD_CLASS_MAP = {
SCMPClass.PATH: {
SCMPPathClass.REVOKED_IF: self._handle_scmp_revocation,
},
}
self._segs_to_zk = deque()
self._revs_to_zk = deque()
self._zkid = ZkID.from_values(self.addr.isd_as, self.id,
[(self.addr.host, self._port)])
self.zk = Zookeeper(self.topology.isd_as, PATH_SERVICE,
self._zkid.copy().pack(), self.topology.zookeepers)
self.zk.retry("Joining party", self.zk.party_setup)
self.path_cache = ZkSharedCache(self.zk, self.ZK_PATH_CACHE_PATH,
self._cached_entries_handler)
self.rev_cache = ZkSharedCache(self.zk, self.ZK_REV_CACHE_PATH,
self._rev_entries_handler)
def __init__(self, server_id, conf_dir):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
"""
super().__init__(server_id, conf_dir)
# TODO: add 2 policies
self.path_policy = PathPolicy.from_file(
os.path.join(conf_dir, PATH_POLICY_FILE))
self.unverified_beacons = deque()
self.trc_requests = {}
self.trcs = {}
sig_key_file = get_sig_key_file_path(self.conf_dir)
self.signing_key = base64.b64decode(read_file(sig_key_file))
self.of_gen_key = PBKDF2(self.config.master_as_key, b"Derive OF Key")
logging.info(self.config.__dict__)
self.if2rev_tokens = {}
self._if_rev_token_lock = threading.Lock()
self.revs_to_downstream = ExpiringDict(max_len=1000,
max_age_seconds=60)
self.ifid_state = {}
for ifid in self.ifid2er:
self.ifid_state[ifid] = InterfaceState()
self.CTRL_PLD_CLASS_MAP = {
PayloadClass.PCB: {
PCBType.SEGMENT: self.handle_pcb
},
PayloadClass.IFID: {
IFIDType.PAYLOAD: self.handle_ifid_packet
},
PayloadClass.CERT: {
CertMgmtType.CERT_CHAIN_REPLY: self.process_cert_chain_rep,
CertMgmtType.TRC_REPLY: self.process_trc_rep,
},
PayloadClass.PATH: {
PMT.IFSTATE_REQ: self._handle_ifstate_request
},
}
# Add more IPs here if we support dual-stack
name_addrs = "\0".join(
[self.id, str(SCION_UDP_PORT),
str(self.addr.host)])
self.zk = Zookeeper(self.addr.isd_as, BEACON_SERVICE, name_addrs,
self.topology.zookeepers)
self.zk.retry("Joining party", self.zk.party_setup)
self.incoming_pcbs = deque()
self.pcb_cache = ZkSharedCache(self.zk, self.ZK_PCB_CACHE_PATH,
self.process_pcbs)
self.revobjs_cache = ZkSharedCache(self.zk, self.ZK_REVOCATIONS_PATH,
self.process_rev_objects)
def __init__(self, dns_servers, domain, lifetime=5.0): # pragma: no cover
"""
:param list dns_servers:
DNS server IP addresses as strings. E.g. ``["127.0.0.1",
"8.8.8.8"]``
:param string domain: The DNS domain to query.
:param float lifetime:
Number of seconds in total to try resolving before failing.
"""
super().__init__(dns_servers, domain, lifetime=lifetime)
self.cache = ExpiringDict(max_len=DNS_CACHE_MAX_SIZE,
max_age_seconds=DNS_CACHE_MAX_AGE)
def __init__(self, conf_dir, addr, api_addr, run_local_api=False,
port=None, spki_cache_dir=GEN_CACHE_PATH, prom_export=None, delete_sock=False):
"""
Initialize an instance of the class SCIONDaemon.
"""
super().__init__("sciond", conf_dir, spki_cache_dir=spki_cache_dir,
prom_export=prom_export, public=[(addr, port)])
up_labels = {**self._labels, "type": "up"} if self._labels else None
down_labels = {**self._labels, "type": "down"} if self._labels else None
core_labels = {**self._labels, "type": "core"} if self._labels else None
self.up_segments = PathSegmentDB(segment_ttl=self.SEGMENT_TTL, labels=up_labels)
self.down_segments = PathSegmentDB(segment_ttl=self.SEGMENT_TTL, labels=down_labels)
self.core_segments = PathSegmentDB(segment_ttl=self.SEGMENT_TTL, labels=core_labels)
self.rev_cache = RevCache()
# Keep track of requested paths.
self.requested_paths = ExpiringDict(self.MAX_REQS, PATH_REQ_TOUT)
self.req_path_lock = threading.Lock()
self._api_sock = None
self.daemon_thread = None
os.makedirs(SCIOND_API_SOCKDIR, exist_ok=True)
self.api_addr = (api_addr or get_default_sciond_path())
if delete_sock:
try:
os.remove(self.api_addr)
except OSError as e:
if e.errno != errno.ENOENT:
logging.error("Could not delete socket %s: %s" % (self.api_addr, e))
self.CTRL_PLD_CLASS_MAP = {
PayloadClass.PATH: {
PMT.REPLY: self.handle_path_reply,
PMT.REVOCATION: self.handle_revocation,
},
PayloadClass.CERT: {
CertMgmtType.CERT_CHAIN_REQ: self.process_cert_chain_request,
CertMgmtType.CERT_CHAIN_REPLY: self.process_cert_chain_reply,
CertMgmtType.TRC_REPLY: self.process_trc_reply,
CertMgmtType.TRC_REQ: self.process_trc_request,
},
}
self.SCMP_PLD_CLASS_MAP = {
SCMPClass.PATH:
{SCMPPathClass.REVOKED_IF: self.handle_scmp_revocation},
}
if run_local_api:
self._api_sock = ReliableSocket(bind_unix=(self.api_addr, "sciond"))
self._socks.add(self._api_sock, self.handle_accept)
def __init__(
self,
server_id,
conf_dir,
):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
"""
super().__init__(
server_id,
conf_dir,
)
self.interface = None
for edge_router in self.topology.get_all_edge_routers():
if edge_router.addr == self.addr.host:
self.interface = edge_router.interface
break
assert self.interface is not None
logging.info("Interface: %s", self.interface.__dict__)
self.of_gen_key = PBKDF2(self.config.master_as_key, b"Derive OF Key")
self.sibra_key = PBKDF2(self.config.master_as_key, b"Derive SIBRA Key")
self.if_states = defaultdict(InterfaceState)
self.revocations = ExpiringDict(1000, self.FWD_REVOCATION_TIMEOUT)
self.pre_ext_handlers = {
SibraExtBase.EXT_TYPE:
self.handle_sibra,
TracerouteExt.EXT_TYPE:
self.handle_traceroute,
ExtHopByHopType.SCMP:
self.handle_scmp,
HORNETPlugin.EXT_TYPE:
HORNETPlugin(self.id, conf_dir, self.config.master_as_key,
self.addr, self.interface).pre_routing
}
self.post_ext_handlers = {
SibraExtBase.EXT_TYPE: False,
TracerouteExt.EXT_TYPE: False,
ExtHopByHopType.SCMP: False,
HORNETPlugin.EXT_TYPE: False
}
self.sibra_state = SibraState(
self.interface.bandwidth, "%s#%s -> %s" %
(self.addr.isd_as, self.interface.if_id, self.interface.isd_as))
self.CTRL_PLD_CLASS_MAP = {
PayloadClass.PCB: {
PCBType.SEGMENT: self.process_pcb
},
PayloadClass.IFID: {
IFIDType.PAYLOAD: self.process_ifid_request
},
PayloadClass.CERT:
defaultdict(lambda: self.relay_cert_server_packet),
PayloadClass.PATH:
defaultdict(lambda: self.process_path_mgmt_packet),
PayloadClass.SIBRA: {
SIBRAPayloadType.EMPTY: self.fwd_sibra_service_pkt
},
}
self.SCMP_PLD_CLASS_MAP = {
SCMPClass.PATH: {
SCMPPathClass.REVOKED_IF: self.process_revocation
},
}
self._remote_sock = UDPSocket(
bind=(str(self.interface.addr), self.interface.udp_port),
addr_type=AddrType.IPV4,
)
self._socks.add(self._remote_sock, self.handle_recv)
logging.info("IP %s:%d", self.interface.addr, self.interface.udp_port)
def __init__(self, server_id, conf_dir, public=None, bind=None, spki_cache_dir=GEN_CACHE_PATH,
prom_export=None):
"""
:param str server_id: server identifier.
:param str conf_dir: configuration directory.
:param list public:
(host_addr, port) of the element's public address
(i.e. the address visible to other network elements).
:param list bind:
(host_addr, port) of the element's bind address, if any
(i.e. the address the element uses to identify itself to the local
operating system, if it differs from the public address due to NAT).
:param str spki_cache_dir:
Path for caching TRCs and certificate chains.
:param str prom_export:
String of the form 'addr:port' specifying the prometheus endpoint.
If no string is provided, no metrics are exported.
"""
self.id = server_id
self.conf_dir = conf_dir
self.ifid2br = {}
self.topology = Topology.from_file(
os.path.join(self.conf_dir, TOPO_FILE))
# Labels attached to every exported metric.
self._labels = {"server_id": self.id, "isd_as": str(self.topology.isd_as)}
# Must be over-ridden by child classes:
self.CTRL_PLD_CLASS_MAP = {}
self.SCMP_PLD_CLASS_MAP = {}
self.public = public
self.bind = bind
if self.SERVICE_TYPE:
own_config = self.topology.get_own_config(self.SERVICE_TYPE,
server_id)
if public is None:
self.public = own_config.public
if bind is None:
self.bind = own_config.bind
self.init_ifid2br()
self.trust_store = TrustStore(self.conf_dir, spki_cache_dir, self.id, self._labels)
self.total_dropped = 0
self._core_ases = defaultdict(list) # Mapping ISD_ID->list of core ASes
self.init_core_ases()
self.run_flag = threading.Event()
self.run_flag.set()
self.stopped_flag = threading.Event()
self.stopped_flag.clear()
self._in_buf = queue.Queue(MAX_QUEUE)
self._socks = SocketMgr()
self._startup = time.time()
if self.USE_TCP:
self._DefaultMeta = TCPMetadata
else:
self._DefaultMeta = UDPMetadata
self.unverified_segs = ExpiringDict(500, 60 * 60)
self.unv_segs_lock = threading.RLock()
self.requested_trcs = {}
self.req_trcs_lock = threading.Lock()
self.requested_certs = {}
self.req_certs_lock = threading.Lock()
# TODO(jonghoonkwon): Fix me to setup sockets for multiple public addresses
host_addr, self._port = self.public[0]
self.addr = SCIONAddr.from_values(self.topology.isd_as, host_addr)
if prom_export:
self._export_metrics(prom_export)
self._init_metrics()
self._setup_sockets(True)
lib_sciond.init(os.path.join(SCIOND_API_SOCKDIR, "sd%s.sock" % self.addr.isd_as))