def getConfig():
parser = utils.ArgParser(fromfile_prefix_chars='@',
description="Resilient virtual private network application.")
_ = parser.add_argument
_('-V', '--version', action='version', version=version.version)
_('--ip', action='append', default=[],
help="IP address advertised to other nodes. Special values:\n"
"- upnp: redirect ports when UPnP device is found\n"
"- any: ask peers our IP\n"
" (default: like 'upnp' if miniupnpc is installed,\n"
" otherwise like 'any')")
_('--registry', metavar='URL', required=True,
help="Public HTTP URL of the registry, for bootstrapping.")
_('-l', '--log', default='/var/log/re6stnet',
help="Path to the directory used for log files:\n"
"- re6stnet.log: log file of re6stnet itself\n"
"- babeld.log: log file of router\n"
"- <iface>.log: 1 file per spawned OpenVPN\n")
_('-r', '--run', default='/var/run/re6stnet',
help="Path to re6stnet runtime directory:\n"
"- babeld.pid (option -I of babeld)\n"
"- babeld.sock (option -R of babeld)\n")
_('-s', '--state', default='/var/lib/re6stnet',
help="Path to re6stnet state directory:\n"
"- cache.db: cache of network parameters and peer addresses\n"
"- babeld.state: see option -S of babeld\n")
_('-v', '--verbose', default=2, type=int, metavar='LEVEL',
help="Log level of re6stnet itself. 0 disables logging. 1=WARNING,"
" 2=INFO, 3=DEBUG, 4=TRACE. Use SIGUSR1 to reopen log."
" See also --babel-verb and --verb for logs of spawned processes.")
_('-i', '--interface', action='append', dest='iface_list', default=[],
help="Extra interface for LAN discovery. Highly recommanded if there"
" are other re6st node on the same network segment.")
_('-I', '--main-interface', metavar='IFACE', default='lo',
help="Set re6stnet IP on given interface. Any interface not used for"
" tunnelling can be chosen.")
_('--up', metavar='CMD',
help="Shell command to run after successful initialization.")
_('--daemon', action='append', metavar='CMD',
help="Same as --up, but run in background: the command will be killed"
" at exit (with a TERM signal, followed by KILL 5 seconds later"
" if process is still alive).")
_('--test', metavar='EXPR',
help="Exit after configuration parsing. Status code is the"
" result of the given Python expression. For example:\n"
" main_interface != 'eth0'")
_('--console', metavar='SOCK',
help="Socket path to Python console that can be used to inspect or"
" patch this process. Use:\n"
" socat - UNIX:<SOCK>\n"
"to access it.")
_ = parser.add_argument_group('routing').add_argument
_('-B', dest='babel_args', metavar='ARG', action='append', default=[],
help="Extra arguments to forward to Babel.")
_('-D', '--default', action='store_true',
help="Access internet via this network (in this case, make sure you"
" don't already have a default route), or if your kernel was"
" compiled without support for source address based routing"
" (CONFIG_IPV6_SUBTREES). Meaningless with --gateway.")
_('--table', type=int, choices=(0,),
help="DEPRECATED: Use --default instead of --table=0")
_('--gateway', action='store_true',
help="Act as a gateway for this network (the default route will be"
" exported). Do never use it if you don't know what it means.")
_ = parser.add_argument_group('tunnelling').add_argument
_('-O', dest='openvpn_args', metavar='ARG', action='append', default=[],
help="Extra arguments to forward to both server and client OpenVPN"
" subprocesses. Often used to configure verbosity.")
_('--ovpnlog', action='store_true',
help="Tell each OpenVPN subprocess to log to a dedicated file.")
_('--pp', nargs=2, action='append', metavar=('PORT', 'PROTO'),
help="Port and protocol to be announced to other peers, ordered by"
" preference. For each protocol (udp, tcp, udp6, tcp6), start one"
" openvpn server on the first given port."
" (default: --pp 1194 udp --pp 1194 tcp)")
_('--dh',
help="File containing Diffie-Hellman parameters in .pem format"
" (default: DH from registry)")
_('--ca', required=True, help=parser._ca_help)
_('--cert', required=True,
help="Local peer's signed certificate in .pem format."
" Common name defines the allocated prefix in the network.")
_('--key', required=True,
help="Local peer's private key in .pem format.")
_('--client-count', type=int,
help="Number of client tunnels to set up."
" (default: value from registry)")
_('--max-clients', type=int,
help="Maximum number of accepted clients per OpenVPN server."
" (default: value from registry)")
_('--remote-gateway', action='append', dest='gw_list',
help="Force each tunnel to be created through one the given gateways,"
" in a round-robin fashion.")
_('--disable-proto', action='append',
choices=('none', 'udp', 'tcp', 'udp6', 'tcp6'),
help="Do never try to create tunnels using given protocols."
" 'none' has precedence over other options."
" (default: %r)" % DEFAULT_DISABLED_PROTO)
_('--client', metavar='HOST,PORT,PROTO[;...]',
help="Do not run any OpenVPN server, but only 1 OpenVPN client,"
" with specified remotes. Any other option not required in this"
" mode is ignored (e.g. client-count, max-clients, etc.)")
_('--neighbour', metavar='CN', action='append', default=[],
help="List of peers that should be reachable directly, by creating"
" tunnels if necesssary.")
return parser.parse_args()
def main():
parser = utils.ArgParser(
fromfile_prefix_chars='@',
description="re6stnet registry used to bootstrap nodes"
" and deliver certificates.")
_ = parser.add_argument
_('--port',
type=int,
default=80,
help="Port on which the server will listen.")
_('-4', dest='bind4', default='0.0.0.0', help="Bind server to this IPv4.")
_('-6', dest='bind6', default='::', help="Bind server to this IPv6.")
_('--db',
default='/var/lib/re6stnet/registry.db',
help="Path to SQLite database file. It is automatically initialized"
" if the file does not exist.")
_('--dh',
required=True,
help="File containing Diffie-Hellman parameters in .pem format."
" To generate them, you can use something like:\n"
"openssl dhparam -out dh2048.pem 2048")
_('--ca', required=True, help=parser._ca_help)
_('--key',
required=True,
help="CA private key in .pem format. For example:\nopenssl"
" genpkey -out ca.key -algorithm rsa -pkeyopt rsa_keygen_bits:2048")
_('--mailhost',
required=True,
help="SMTP host to send confirmation emails. For debugging"
" purpose, it can also be an absolute or existing path to"
" a mailbox file")
_('--prefix-length',
default=16,
type=int,
help="Default length of allocated prefixes."
" If 0, registration by email is disabled.")
_('--anonymous-prefix-length',
type=int,
help="Length of allocated anonymous prefixes."
" If 0 or unset, anonymous registration is disabled.")
_('--ipv4',
nargs=2,
metavar=("IP/N", "PLEN"),
help="Enable ipv4. Each node is assigned a subnet of length PLEN"
" inside network IP/N.")
_('-l',
'--logfile',
default='/var/log/re6stnet/registry.log',
help="Path to logging file.")
_('-r',
'--run',
default='/var/run/re6stnet',
help="Path to re6stnet runtime directory:\n"
"- babeld.sock (option -R of babeld)\n")
_('-v',
'--verbose',
default=1,
type=int,
help="Log level. 0 disables logging. 1=WARNING, 2=INFO,"
" 3=DEBUG, 4=TRACE. Use SIGUSR1 to reopen log.")
_('--min-protocol',
default=version.min_protocol,
type=int,
help="Reject nodes that are too old. Current is %s." % version.protocol)
_ = parser.add_argument_group('routing').add_argument
_('--hello',
type=int,
default=15,
help="Hello interval in seconds, for both wired and wireless"
" connections. OpenVPN ping-exit option is set to 4 times the"
" hello interval. It takes between 3 and 4 times the"
" hello interval for Babel to re-establish connection with a"
" node for which the direct connection has been cut.")
_ = parser.add_argument_group('tunnelling').add_argument
_('--encrypt',
action='store_true',
help='Specify that tunnels should be encrypted.')
_('--client-count',
default=10,
type=int,
help="Number of client tunnels to set up.")
_('--max-clients',
type=int,
help="Maximum number of accepted clients per OpenVPN server. (default:"
" client-count * 2, which actually represents the average number"
" of tunnels to other peers)")
_('--tunnel-refresh',
default=300,
type=int,
help="Interval in seconds between two tunnel refresh: the worst"
" tunnel is closed if the number of client tunnels has reached"
" its maximum number (client-count).")
config = parser.parse_args()
if not version.min_protocol <= config.min_protocol <= version.protocol:
parser.error(
"--min-protocol: value must between %s and %s (included)" %
(version.min_protocol, version.protocol))
if config.ipv4:
ipv4, plen = config.ipv4
try:
ip, n = ipv4.split('/')
config.ipv4 = "%s/%s" % (socket.inet_ntoa(
socket.inet_aton(ip)), int(n)), int(plen)
except (socket.error, ValueError):
parser.error("invalid argument --ipv4")
utils.setupLog(config.verbose, config.logfile)
if config.max_clients is None:
config.max_clients = config.client_count * 2
server = registry.RegistryServer(config)
def requestHandler(request, client_address, _):
RequestHandler(request, client_address, server)
server_dict = {}
if config.bind4:
r = HTTPServer4((config.bind4, config.port), requestHandler)
server_dict[r.fileno()] = r._handle_request_noblock
if config.bind6:
r = HTTPServer6((config.bind6, config.port), requestHandler)
server_dict[r.fileno()] = r._handle_request_noblock
if server_dict:
while True:
args = server_dict.copy(), {}, []
server.select(*args)
utils.select(*args)