def _parse_resolv(self):
self.logger = logging.getLogger(__name__)
if get_config().debug:
self.logger.setLevel(logging.DEBUG)
fh = logging.FileHandler('log.txt',
mode='a',
encoding=None,
delay=False)
formater = logging.Formatter(
'%(asctime)s %(filename)s[line:%(lineno)d] %(levelname)s %(message)s'
)
fh.setFormatter(formater)
self.logger.addHandler(fh)
self._servers = []
try:
with open('dns.conf', 'rb') as f:
content = f.readlines()
for line in content:
line = line.strip()
if line:
parts = line.split(b' ', 1)
if len(parts) >= 2:
server = parts[0]
port = int(parts[1])
else:
server = parts[0]
port = 53
if common.is_ip(server) == socket.AF_INET:
if type(server) != str:
server = server.decode('utf8')
self._servers.append((server, port))
except IOError:
pass
if not self._servers:
try:
with open('/etc/resolv.conf', 'rb') as f:
content = f.readlines()
for line in content:
line = line.strip()
if line:
if line.startswith(b'nameserver'):
parts = line.split()
if len(parts) >= 2:
server = parts[1]
if common.is_ip(server) == socket.AF_INET:
if type(server) != str:
server = server.decode('utf8')
self._servers.append((server, 53))
except IOError:
pass
if not self._servers:
self._servers = [('8.8.4.4', 53), ('8.8.8.8', 53)]
self.logger.info('dns server: %s' % (self._servers, ))
def resolve(self, hostname, callback):
if type(hostname) != bytes:
hostname = hostname.encode('utf8')
if not hostname:
callback(None, Exception('empty hostname'))
elif common.is_ip(hostname):
callback((hostname, hostname), None)
elif hostname in self._hosts:
logging.debug('hit hosts: %s', hostname)
ip = self._hosts[hostname]
callback((hostname, ip), None)
elif hostname in self._cache:
logging.debug('hit cache: %s', hostname)
ip = self._cache[hostname]
callback((hostname, ip), None)
else:
if not is_valid_hostname(hostname):
callback(None, Exception('invalid hostname: %s' % hostname))
return
arr = self._hostname_to_cb.get(hostname, None)
if not arr:
self._hostname_status[hostname] = STATUS_IPV4
self._send_req(hostname, QTYPE_A)
self._hostname_to_cb[hostname] = [callback]
self._cb_to_hostname[callback] = hostname
else:
arr.append(callback)
# TODO send again only if waited too long
self._send_req(hostname, QTYPE_A)
def _parse_resolv(self):
"""
该方法主要是解析/etc/resolv.conf文件,得到dns服务器的ip地址,如果没有配置,则默认使用google的dns服务器。
:return: None。
"""
self._servers = []
try:
with open('/etc/resolv.conf', 'rb') as f:
content = f.readlines()
for line in content:
line = line.strip()
if line:
if line.startswith(b'nameserver'):
parts = line.split()
if len(parts) >= 2:
server = parts[1]
if common.is_ip(server) == socket.AF_INET:
if type(server) != str:
server = server.decode('utf8')
self._servers.append(server)
except IOError:
pass
if not self._servers:
self._servers = ['8.8.4.4', '8.8.8.8']
def resolve(self, hostname, callback):
if type(hostname) != bytes:
hostname = hostname.encode('utf8')
if not hostname:
callback(None, Exception('empty hostname'))
elif common.is_ip(hostname):
callback((hostname, hostname), None)
elif hostname in self._hosts:
logging.debug('hit hosts: %s', hostname)
ip = self._hosts[hostname]
callback((hostname, ip), None)
elif hostname in self._cache:
logging.debug('hit cache: %s', hostname)
ip = self._cache[hostname]
callback((hostname, ip), None)
else:
if not is_valid_hostname(hostname):
callback(None, Exception('invalid hostname: %s' % hostname))
return
arr = self._hostname_to_cb.get(hostname, None)
if not arr:
self._hostname_status[hostname] = STATUS_IPV4
self._send_req(hostname, QTYPE_A)
self._hostname_to_cb[hostname] = [callback]
self._cb_to_hostname[callback] = hostname
else:
arr.append(callback)
# TODO send again only if waited too long
self._send_req(hostname, QTYPE_A)
def _parse_resolv(self):
self._servers = []
try:
with open('/etc/resolv.conf', 'rb') as f:
content = f.readlines()
for line in content:
# strip() returns a copy of the string with leading whitespace removed.
line = line.strip()
if not (line and line.startswith(b'nameserver')):
continue
parts = line.split()
if len(parts) < 2:
continue
server = parts[1]
if common.is_ip(server) == socket.AF_INET:
if type(server) != str:
server = server.decode('utf8')
self._servers.append(server)
except IOError:
pass
if not self._servers:
# 系统没有指定dns,就用谷歌的
self._servers = ['8.8.4.4', '8.8.8.8']
def _handle_server(self):
server = self._server_socket
data, r_addr = server.recvfrom(BUF_SIZE)
ogn_data = data
if not data:
logging.debug('UDP handle_server: data is empty')
if self._stat_callback:
self._stat_callback(self._listen_port, len(data))
uid = None
if self._is_local:
frag = common.ord(data[2])
if frag != 0:
logging.warn('drop a message since frag is not 0')
return
else:
data = data[3:]
else:
ref_iv = [0]
data = encrypt.encrypt_all_iv(self._protocol.obfs.server_info.key, self._method, 0, data, ref_iv)
# decrypt data
if not data:
logging.debug('UDP handle_server: data is empty after decrypt')
return
self._protocol.obfs.server_info.recv_iv = ref_iv[0]
data, uid = self._protocol.server_udp_post_decrypt(data)
#logging.info("UDP data %s" % (binascii.hexlify(data),))
if not self._is_local:
data = pre_parse_header(data)
if data is None:
return
try:
header_result = parse_header(data)
except:
self._handel_protocol_error(r_addr, ogn_data)
return
if header_result is None:
self._handel_protocol_error(r_addr, ogn_data)
return
connecttype, addrtype, dest_addr, dest_port, header_length = header_result
if self._is_local:
addrtype = 3
server_addr, server_port = self._get_a_server()
else:
server_addr, server_port = dest_addr, dest_port
if (addrtype & 7) == 3:
af = common.is_ip(server_addr)
if af == False:
handler = common.UDPAsyncDNSHandler((data, r_addr, uid, header_length))
handler.resolve(self._dns_resolver, (server_addr, server_port), self._handle_server_dns_resolved)
else:
self._handle_server_dns_resolved("", (server_addr, server_port), server_addr, (data, r_addr, uid, header_length))
else:
self._handle_server_dns_resolved("", (server_addr, server_port), server_addr, (data, r_addr, uid, header_length))
def _handle_server(self):
server = self._server_socket
data, r_addr = server.recvfrom(BUF_SIZE)
ogn_data = data
if not data:
logging.debug('UDP handle_server: data is empty')
if self._stat_callback:
self._stat_callback(self._listen_port, len(data))
uid = None
if self._is_local:
frag = common.ord(data[2])
if frag != 0:
logging.warn('drop a message since frag is not 0')
return
else:
data = data[3:]
else:
ref_iv = [0]
data = encrypt.encrypt_all_iv(self._protocol.obfs.server_info.key, self._method, 0, data, ref_iv)
# decrypt data
if not data:
logging.debug('UDP handle_server: data is empty after decrypt')
return
self._protocol.obfs.server_info.recv_iv = ref_iv[0]
data, uid = self._protocol.server_udp_post_decrypt(data)
#logging.info("UDP data %s" % (binascii.hexlify(data),))
if not self._is_local:
data = pre_parse_header(data)
if data is None:
return
try:
header_result = parse_header(data)
except:
self._handel_protocol_error(r_addr, ogn_data)
return
if header_result is None:
self._handel_protocol_error(r_addr, ogn_data)
return
connecttype, addrtype, dest_addr, dest_port, header_length = header_result
if self._is_local:
addrtype = 3
server_addr, server_port = self._get_a_server()
else:
server_addr, server_port = dest_addr, dest_port
if (addrtype & 7) == 3:
af = common.is_ip(server_addr)
if af == False:
handler = common.UDPAsyncDNSHandler((data, r_addr, uid, header_length))
handler.resolve(self._dns_resolver, (server_addr, server_port), self._handle_server_dns_resolved)
else:
self._handle_server_dns_resolved("", (server_addr, server_port), server_addr, (data, r_addr, uid, header_length))
else:
self._handle_server_dns_resolved("", (server_addr, server_port), server_addr, (data, r_addr, uid, header_length))
def _parse_resolv(self):
"""
干什么?打开dns.conf文件吗?
:return: None
"""
self._servers = []
try:
with open('dns.conf', 'rb') as f:
content = f.readlines()
for line in content:
line = line.strip()
if line:
parts = line.split(b' ', 1)
if len(parts) >= 2:
server = parts[0]
port = int(parts[1])
else:
server = parts[0]
port = 53
if common.is_ip(server) == socket.AF_INET:
if type(server) != str:
server = server.decode('utf8')
self._servers.append((server, port))
except IOError:
pass
if not self._servers:
try:
with open('/etc/resolv.conf', 'rb') as f:
content = f.readlines()
for line in content:
line = line.strip()
if line:
if line.startswith(b'nameserver'):
parts = line.split()
if len(parts) >= 2:
server = parts[1]
if common.is_ip(server) == socket.AF_INET:
if type(server) != str:
server = server.decode('utf8')
self._servers.append((server, 53))
except IOError:
pass
if not self._servers:
self._servers = [('8.8.4.4', 53), ('8.8.8.8', 53)]
logging.info('dns server: %s' % (self._servers,))
def _parse_resolv(self):
self._servers = []
try:
with open('dns.conf', 'rb') as f:
content = f.readlines()
for line in content:
line = line.strip()
if line:
parts = line.split(b' ', 1)
if len(parts) >= 2:
server = parts[0]
port = int(parts[1])
else:
server = parts[0]
port = 53
if common.is_ip(server) == socket.AF_INET:
if type(server) != str:
server = server.decode('utf8')
self._servers.append((server, port))
except IOError:
pass
if not self._servers:
try:
with open('/etc/resolv.conf', 'rb') as f:
content = f.readlines()
for line in content:
line = line.strip()
if line:
if line.startswith(b'nameserver'):
parts = line.split()
if len(parts) >= 2:
server = parts[1]
if common.is_ip(server) == socket.AF_INET:
if type(server) != str:
server = server.decode('utf8')
self._servers.append((server, 53))
except IOError:
pass
if not self._servers:
self._servers = [('8.8.4.4', 53), ('8.8.8.8', 53)]
logging.info('dns server: %s' % (self._servers,))
def resolve(self, hostname, callback):
if type(hostname) != bytes:
hostname = hostname.encode('utf8')
if not hostname:
callback(None, Exception('empty hostname'))
elif common.is_ip(hostname):
callback((hostname, hostname), None)
elif hostname in self._hosts:
logging.debug('hit hosts: %s', hostname)
ip = self._hosts[hostname]
callback((hostname, ip), None)
elif hostname in self._cache:
logging.debug('hit cache: %s ==>> %s', hostname,
self._cache[hostname])
ip = self._cache[hostname]
callback((hostname, ip), None)
elif any(hostname.endswith(t) for t in self._black_hostname_list):
callback(
None,
Exception('hostname <%s> is block by the black hostname list' %
hostname))
return
else:
if not is_valid_hostname(hostname):
callback(None, Exception('invalid hostname: %s' % hostname))
return
if False:
addrs = socket.getaddrinfo(hostname, 0, 0, socket.SOCK_DGRAM,
socket.SOL_UDP)
if addrs:
af, socktype, proto, canonname, sa = addrs[0]
logging.debug('DNS resolve %s %s' % (hostname, sa[0]))
self._cache[hostname] = sa[0]
callback((hostname, sa[0]), None)
return
arr = self._hostname_to_cb.get(hostname, None)
if not arr:
if IPV6_CONNECTION_SUPPORT:
self._hostname_status[hostname] = STATUS_IPV6
self._send_req(hostname, QTYPE_AAAA)
else:
self._hostname_status[hostname] = STATUS_IPV4
self._send_req(hostname, QTYPE_A)
self._hostname_to_cb[hostname] = [callback]
self._cb_to_hostname[callback] = hostname
else:
arr.append(callback)
# TODO send again only if waited too long
if IPV6_CONNECTION_SUPPORT:
self._send_req(hostname, QTYPE_AAAA)
else:
self._send_req(hostname, QTYPE_A)
def resolve(self, hostname, callback):
"""
域名解析函数
:param hostname: 待解析的hostname
:param callback: 解析完成之后执行的回调函数,参数为(result, error)
result: (hostname, ip)
error: exception
:return:
"""
# 不是以字符串形式则转化成字符串
if type(hostname) != bytes:
hostname = hostname.encode('utf8')
# 若hostname为空,抛出异常
if not hostname:
callback(None, Exception('empty hostname'))
# 若hostname为ip,直接使用
elif common.is_ip(hostname):
callback((hostname, hostname), None)
# 若hostname在host文件中,直接调用回调函数
elif hostname in self._hosts:
logging.debug('hit hosts: %s', hostname)
ip = self._hosts[hostname]
callback((hostname, ip), None)
# 若hostname在缓存中,直接调用回调函数
elif hostname in self._cache:
logging.debug('hit cache: %s', hostname)
ip = self._cache[hostname]
callback((hostname, ip), None)
# 都不满足,需要解析
else:
# 域名不合法
if not is_valid_hostname(hostname):
callback(None, Exception('invalid hostname: %s' % hostname))
return
# 获得解析该hostname对应的回调函数列表
arr = self._hostname_to_cb.get(hostname, None)
if not arr:
# 发出请求报文,同时记录该域名的一些相关信息
self._hostname_status[hostname] = STATUS_IPV4
self._send_req(hostname, QTYPE_A)
# 同时在_hostname_to_cb注册一个{hostname:[callback]}的一对
# 要hostname因为这个socket可以发出去很多不同hostname的解析请求
self._hostname_to_cb[hostname] = [callback]
self._cb_to_hostname[callback] = hostname
else:
arr.append(callback)
# TODO send again only if waited too long
self._send_req(hostname, QTYPE_A)
def resolve(self, hostname, callback):
if type(hostname) != bytes:
hostname = hostname.encode('utf8')
if not hostname:
callback(None, Exception('empty hostname'))
elif common.is_ip(hostname):
callback((hostname, hostname), None)
elif hostname in self._hosts:
logging.debug('hit hosts: %s', hostname)
ip = self._hosts[hostname]
callback((hostname, ip), None)
elif hostname in self._cache:
logging.debug('hit cache: %s ==>> %s', hostname, self._cache[hostname])
ip = self._cache[hostname]
callback((hostname, ip), None)
elif any(hostname.endswith(t) for t in self._black_hostname_list):
callback(None, Exception('hostname <%s> is block by the black hostname list' % hostname))
return
else:
if not is_valid_hostname(hostname):
callback(None, Exception('invalid hostname: %s' % hostname))
return
if False:
addrs = socket.getaddrinfo(hostname, 0, 0,
socket.SOCK_DGRAM, socket.SOL_UDP)
if addrs:
af, socktype, proto, canonname, sa = addrs[0]
logging.debug('DNS resolve %s %s' % (hostname, sa[0]))
self._cache[hostname] = sa[0]
callback((hostname, sa[0]), None)
return
arr = self._hostname_to_cb.get(hostname, None)
if not arr:
if IPV6_CONNECTION_SUPPORT:
self._hostname_status[hostname] = STATUS_IPV6
self._send_req(hostname, QTYPE_AAAA)
else:
self._hostname_status[hostname] = STATUS_IPV4
self._send_req(hostname, QTYPE_A)
self._hostname_to_cb[hostname] = [callback]
self._cb_to_hostname[callback] = hostname
else:
arr.append(callback)
# TODO send again only if waited too long
if IPV6_CONNECTION_SUPPORT:
self._send_req(hostname, QTYPE_AAAA)
else:
self._send_req(hostname, QTYPE_A)
def resolve(self, hostname, callback):
if type(hostname) != bytes:
hostname = hostname.encode('utf8')
# if hostname is None
if not hostname:
callback(None, Exception('empty hostname'))
# or hostname is already a ip
elif common.is_ip(hostname):
callback((hostname, hostname), None)
# or hostname is in hosts file
elif hostname in self._hosts:
logging.debug('hit hosts: %s', hostname)
ip = self._hosts[hostname]
callback((hostname, ip), None)
# or hostname is in cache
elif hostname in self._cache:
logging.debug('hit cache: %s', hostname)
ip = self._cache[hostname]
callback((hostname, ip), None)
# otherwise, resolve hostname
else:
# if hostname is invalid
if not is_valid_hostname(hostname):
callback(None, Exception('invalid hostname: %s' % hostname))
return
# arr is a list of callbacks
arr = self._hostname_to_cb.get(hostname, None)
# if hostname is not linked with any callbacks
# set default status, send request and link hostname with callback
if not arr:
self._hostname_status[hostname] = STATUS_IPV4
self._send_req(hostname, QTYPE_A)
self._hostname_to_cb[hostname] = [callback]
self._cb_to_hostname[callback] = hostname
# or just end request
else:
arr.append(callback) # meaningless
# TODO send again only if waited too long
self._send_req(hostname, QTYPE_A)
def _parse_hosts(self):
etc_path = "/etc/hosts"
if "WINDIR" in os.environ:
etc_path = os.environ["WINDIR"] + "/system32/drivers/etc/hosts"
try:
with open(etc_path, "rb") as f:
for line in f.readlines():
line = line.strip()
parts = line.split()
if len(parts) >= 2:
ip = parts[0]
if common.is_ip(ip):
for i in range(1, len(parts)):
hostname = parts[i]
if hostname:
self._hosts[hostname] = ip
except IOError:
self._hosts["localhost"] = "127.0.0.1"
def _parse_hosts(self):
etc_path = '/etc/hosts'
if 'WINDIR' in os.environ:
etc_path = os.environ['WINDIR'] + '/system32/drivers/etc/hosts'
try:
with open(etc_path, 'rb') as f:
for line in f.readlines():
line = line.strip()
parts = line.split()
if len(parts) >= 2:
ip = parts[0]
if common.is_ip(ip):
for i in range(1, len(parts)):
hostname = parts[i]
if hostname:
self._hosts[hostname] = ip
except IOError:
self._hosts['localhost'] = '127.0.0.1'
def _parse_hosts(self): etc_path = '/etc/hosts' if 'WINDIR' in os.environ: etc_path = os.environ['WINDIR'] + '/system32/drivers/etc/hosts' try: with open(etc_path, 'rb') as f: for line in f.readlines(): line = line.strip() parts = line.split() if len(parts) >= 2: ip = parts[0] if common.is_ip(ip): for i in range(1, len(parts)): hostname = parts[i] if hostname: self._hosts[hostname] = ip except IOError: self._hosts['localhost'] = '127.0.0.1'
def _parse_domains(self): etc_path = '/etc/domains' try: with open(etc_path, 'rb') as f: for line in f.readlines(): line = line.strip() if b"#" in line: line = line[:line.find(b'#')] parts = line.split() if len(parts) >= 2: ip = parts[0] if common.is_ip(ip): for i in range(1, len(parts)): hostname = parts[i] if hostname: self._domains[hostname] = ip except IOError: self._domains['localhost'] = '127.0.0.1'
def _parse_resolv(self):
self._servers = []
try:
with open('/etc/resolv.conf', 'rb') as f:
content = f.readlines()
for line in content:
line = line.strip()
if line:
if line.startswith(b'nameserver'):
parts = line.split()
if len(parts) >= 2:
server = parts[1]
if common.is_ip(server) == socket.AF_INET:
if type(server) != str:
server = server.decode('utf8')
self._servers.append(server)
except IOError:
pass
if not self._servers:
self._servers = ['8.8.4.4', '8.8.8.8']
def _parse_resolv(self):
self._servers = []
try:
with open('/etc/resolv.conf', 'rb') as f:
content = f.readlines()
for line in content:
line = line.strip()
if line:
if line.startswith(b'nameserver'):
parts = line.split()
if len(parts) >= 2:
server = parts[1]
if common.is_ip(server) == socket.AF_INET:
if type(server) != str:
server = server.decode('utf8')
self._servers.append(server)
except IOError:
pass
if not self._servers:
self._servers = ['8.8.4.4', '8.8.8.8']
def _parse_resolv(self):
self._servers = []
try:
with open("/etc/resolv.conf", "rb") as f:
content = f.readlines()
for line in content:
line = line.strip()
if line:
if line.startswith(b"nameserver"):
parts = line.split()
if len(parts) >= 2:
server = parts[1]
if common.is_ip(server) == socket.AF_INET:
if type(server) != str:
server = server.decode("utf8")
self._servers.append(server)
except IOError:
pass
if not self._servers:
self._servers = ["8.8.4.4", "8.8.8.8"]
def resolve(self, hostname, callback):
"""
解析域名并执行相应的回调函数。
:param hostname: 一个域名字符串。
:param callback: 该域名对应的回调函数。回调函数格式为callback((hostname, ip), error=None)。
:return: None。
"""
if type(hostname) != bytes: # string转bytes
hostname = hostname.encode('utf8')
if not hostname: # 域名为空
callback(None, Exception('empty hostname'))
elif common.is_ip(hostname): # 若本身已经是ip地址了
callback((hostname, hostname), None)
elif hostname in self._hosts: # 若系统的hosts文件里面已经存在了映射
logging.debug('hit hosts: %s', hostname)
ip = self._hosts[hostname]
callback((hostname, ip), None)
elif hostname in self._cache: # 若缓存里面存有域名解析的结果
logging.debug('hit cache: %s', hostname)
ip = self._cache[hostname]
callback((hostname, ip), None)
else:
if not is_valid_hostname(hostname): # 若域名格式不合法。
callback(None, Exception('invalid hostname: %s' % hostname))
return
arr = self._hostname_to_cb.get(hostname, None)
if not arr:
self._hostname_status[hostname] = STATUS_IPV4
self._send_req(hostname, QTYPE_A)
self._hostname_to_cb[hostname] = [callback]
self._cb_to_hostname[callback] = hostname
else:
arr.append(callback)
# TODO send again only if waited too long
self._send_req(hostname, QTYPE_A)
def resolve(self, hostname, callback): # 在tcprelay模块中,callback函数指向tcp类的_handle_dns_resolved()
# hostname是否是字节码
if type(hostname) != bytes:
hostname = hostname.encode('utf8')
if not hostname:
callback(None, Exception('empty hostname'))
elif common.is_ip(hostname):
# 先看是不是一个ip,是就不用解析了,直接调用callback
callback((hostname, hostname), None)
elif hostname in self._hosts:
# 看是不是在host文件里面,是就直接callback
logging.debug('hit hosts: %s', hostname)
ip = self._hosts[hostname]
callback((hostname, ip), None)
elif hostname in self._cache:
# 看是不是在cache里面,是就直接callback
logging.debug('hit cache: %s', hostname)
ip = self._cache[hostname]
callback((hostname, ip), None)
# 以上条件都不满足,开始进行解析dns
else:
if not is_valid_hostname(hostname):
callback(None, Exception('invalid hostname: %s' % hostname))
return
arr = self._hostname_to_cb.get(hostname, None)
# 在host_to_callback中检查是否有记录
if not arr:
self._hostname_status[hostname] = STATUS_FIRST
self._send_req(hostname, self._QTYPES[0])
# 同时在_hostname_to_cb注册一个{hostname:callback}的一对
# 要hostname因为这个socket可以发出去很多不同hostname的解析请求
self._hostname_to_cb[hostname] = [callback]
self._cb_to_hostname[callback] = hostname
else:
arr.append(callback)
# TODO send again only if waited too long
self._send_req(hostname, self._QTYPES[0])
def _handle_server(self):
server = self._server_socket
data, r_addr = server.recvfrom(BUF_SIZE)
ogn_data = data
if not data:
logging.debug('UDP handle_server: data is empty')
if self._stat_callback:
self._stat_callback(self._listen_port, len(data))
uid = None
if self._is_local:
frag = common.ord(data[2])
if frag != 0:
logging.warn('drop a message since frag is not 0')
return
else:
data = data[3:]
else:
try:
data, key, ref_iv = encrypt.decrypt_all(self._password,
self._method,
data)
except Exception:
logging.debug('UDP handle_server: decrypt data failed')
return
# decrypt data
if not data:
logging.debug('UDP handle_server: data is empty after decrypt')
return
ref_iv = [0]
self._protocol.obfs.server_info.recv_iv = ref_iv[0]
data, uid = self._protocol.server_udp_post_decrypt(data)
if self._config['is_multi_user'] != 0 and data:
if uid:
if uid not in self.mu_server_transfer_ul:
self.mu_server_transfer_ul[uid] = 0
if uid not in self.mu_server_transfer_dl:
self.mu_server_transfer_dl[uid] = 0
if uid not in self.mu_connected_iplist:
self.mu_connected_iplist[uid] = []
if uid not in self.mu_detect_log_list:
self.mu_detect_log_list[uid] = []
if common.getRealIp(r_addr[0]) not in self.mu_connected_iplist[uid]:
self.mu_connected_iplist[uid].append(common.getRealIp(r_addr[0]))
else:
raise Exception(
'This port is multi user in single port only,so The connection has been rejected, when connect from %s:%d via port %d' %
(r_addr[0], r_addr[1], self._listen_port))
is_relay = False
#logging.info("UDP data %s" % (binascii.hexlify(data),))
if not self._is_local:
if not self._is_relay(r_addr, ogn_data, uid):
data = pre_parse_header(data)
data = self._pre_parse_udp_header(data)
if data is None:
return
if isinstance(data, tuple):
return
# return self._handle_tcp_over_udp(data, r_addr)
else:
if self._config["is_multi_user"] == 0:
data, is_relay = self._handel_normal_relay(r_addr, ogn_data)
else:
data, is_relay = self._handel_mu_relay(r_addr, ogn_data, uid)
try:
header_result = parse_header(data)
except:
self._handel_protocol_error(r_addr, ogn_data)
return
if header_result is None:
self._handel_protocol_error(r_addr, ogn_data)
return
connecttype, addrtype, dest_addr, dest_port, header_length = header_result
if self._is_local:
addrtype = 3
server_addr, server_port = self._get_a_server()
else:
server_addr, server_port = dest_addr, dest_port
if (addrtype & 7) == 3:
af = common.is_ip(server_addr)
if af == False:
handler = common.UDPAsyncDNSHandler((data, r_addr, uid, header_length, is_relay))
handler.resolve(self._dns_resolver, (server_addr, server_port), self._handle_server_dns_resolved)
else:
self._handle_server_dns_resolved("", (server_addr, server_port), server_addr, (data, r_addr, uid, header_length, is_relay))
else:
self._handle_server_dns_resolved("", (server_addr, server_port), server_addr, (data, r_addr, uid, header_length, is_relay))
def update_all_user(self, dt_transfer):
global webapi
update_transfer = {}
alive_user_count = 0
bandwidth_thistime = 0
data = []
for id in dt_transfer.keys():
if dt_transfer[id][0] == 0 and dt_transfer[id][1] == 0:
continue
data.append({
'u': dt_transfer[id][0],
'd': dt_transfer[id][1],
'user_id': self.port_uid_table[id]
})
update_transfer[id] = dt_transfer[id]
webapi.postApi('users/traffic', {'node_id': get_config().NODE_ID},
{'data': data})
webapi.postApi('nodes/%d/info' % (get_config().NODE_ID),
{'node_id': get_config().NODE_ID}, {
'uptime': str(self.uptime()),
'load': str(self.load())
})
online_iplist = ServerPool.get_instance().get_servers_iplist()
data = []
for port in online_iplist.keys():
for ip in online_iplist[port]:
data.append({'ip': ip, 'user_id': self.port_uid_table[port]})
webapi.postApi('users/aliveip', {'node_id': get_config().NODE_ID},
{'data': data})
detect_log_list = ServerPool.get_instance().get_servers_detect_log()
data = []
for port in detect_log_list.keys():
for rule_id in detect_log_list[port]:
data.append({
'list_id': rule_id,
'user_id': self.port_uid_table[port]
})
webapi.postApi('users/detectlog', {'node_id': get_config().NODE_ID},
{'data': data})
deny_str = ""
data = []
if platform.system() == 'Linux' and get_config().ANTISSATTACK == 1:
wrong_iplist = ServerPool.get_instance().get_servers_wrong()
server_ip = socket.gethostbyname(get_config().MYSQL_HOST)
for id in wrong_iplist.keys():
for ip in wrong_iplist[id]:
realip = ""
is_ipv6 = False
if common.is_ip(ip):
if (common.is_ip(ip) == socket.AF_INET):
realip = ip
else:
if common.match_ipv4_address(ip) is not None:
realip = common.match_ipv4_address(ip)
else:
is_ipv6 = True
realip = ip
else:
continue
if str(realip).find(str(server_ip)) != -1:
continue
has_match_node = False
for node_ip in self.node_ip_list:
if str(realip).find(node_ip) != -1:
has_match_node = True
continue
if has_match_node:
continue
if get_config().CLOUDSAFE == 1:
data.append({'ip': realip})
else:
if not is_ipv6:
os.system('route add -host %s gw 127.0.0.1' %
str(realip))
deny_str = deny_str + "\nALL: " + str(realip)
else:
os.system('ip -6 route add ::1/128 via %s/128' %
str(realip))
deny_str = deny_str + \
"\nALL: [" + str(realip) + "]/128"
logging.info("Local Block ip:" + str(realip))
if get_config().CLOUDSAFE == 0:
deny_file = open('/etc/hosts.deny', 'a')
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_file.write(deny_str)
deny_file.close()
webapi.postApi('func/block_ip', {'node_id': get_config().NODE_ID},
{'data': data})
return update_transfer
def auto_block_thread():
if configloader.get_config().CLOUDSAFE == 0 or platform.system() != 'Linux':
return
start_line = file_len("/etc/hosts.deny")
while True:
time.sleep(60)
try:
server_ip = socket.gethostbyname(configloader.get_config().MYSQL_HOST)
if configloader.get_config().MYSQL_SSL_ENABLE == 1:
conn = cymysql.connect(host=configloader.get_config().MYSQL_HOST, port=configloader.get_config().MYSQL_PORT, user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS, db=configloader.get_config().MYSQL_DB, charset='utf8',ssl={'ca':configloader.get_config().MYSQL_SSL_CA,'cert':configloader.get_config().MYSQL_SSL_CERT,'key':configloader.get_config().MYSQL_SSL_KEY})
else:
conn = cymysql.connect(host=configloader.get_config().MYSQL_HOST, port=configloader.get_config().MYSQL_PORT, user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS, db=configloader.get_config().MYSQL_DB, charset='utf8')
conn.autocommit(True)
deny_file = open('/etc/hosts.deny')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_lines = deny_file.readlines()
deny_file.close()
logging.info("Read hosts.deny from line " + str(start_line))
real_deny_list = deny_lines[start_line:]
denyed_ip_list = []
for line in real_deny_list:
if get_ip(line) and line.find('#') != 0:
ip = get_ip(line)
if ip == server_ip:
i = 0
for line in deny_lines:
if line.find(ip) != -1:
del deny_lines[i]
i = i + 1
deny_file = file("/etc/hosts.deny", "w+")
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.write("\n")
deny_file.close()
continue
cur = conn.cursor()
cur.execute("SELECT * FROM `blockip` where `ip` = '" + str(ip) + "'")
rows = cur.fetchone()
cur.close()
if rows != None:
continue
cur = conn.cursor()
cur.execute("INSERT INTO `blockip` (`id`, `nodeid`, `ip`, `datetime`) VALUES (NULL, '" + str(configloader.get_config().NODE_ID) + "', '" + str(ip) + "', unix_timestamp())")
cur.close()
logging.info("Block ip:" + str(ip))
denyed_ip_list.append(ip)
cur = conn.cursor()
cur.execute("SELECT * FROM `blockip` where `datetime`>unix_timestamp()-60")
rows = cur.fetchall()
cur.close()
deny_str = "";
deny_str_at = "";
for row in rows:
node = row[1]
ip = get_ip(row[2])
if ip != None:
if str(node) == str(configloader.get_config().NODE_ID):
if configloader.get_config().ANTISSATTACK == 1 and configloader.get_config().CLOUDSAFE == 1 and ip not in denyed_ip_list:
if common.is_ip(ip) != False:
if common.is_ip(ip) == socket.AF_INET:
os.system('route add -host %s gw 127.0.0.1' % str(ip))
deny_str = deny_str + "\nALL: " + str(ip)
else:
os.system('ip -6 route add ::1/128 via %s/128' % str(ip))
deny_str = deny_str + "\nALL: [" + str(ip) +"]/128"
logging.info("Remote Block ip:" + str(ip))
else:
if common.is_ip(ip) != False:
if common.is_ip(ip) == socket.AF_INET:
os.system('route add -host %s gw 127.0.0.1' % str(ip))
deny_str = deny_str + "\nALL: " + str(ip)
else:
os.system('ip -6 route add ::1/128 via %s/128' % str(ip))
deny_str = deny_str + "\nALL: [" + str(ip) +"]/128"
logging.info("Remote Block ip:" + str(ip))
deny_file=open('/etc/hosts.deny','a')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_file.write(deny_str + "\n")
deny_file.close()
if configloader.get_config().ANTISSATTACK == 1 and configloader.get_config().CLOUDSAFE == 1:
deny_file=open('/etc/hosts.deny','a')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_file.write(deny_str_at + "\n")
deny_file.close()
cur = conn.cursor()
cur.execute("SELECT * FROM `unblockip` where `datetime`>unix_timestamp()-60")
rows = cur.fetchall()
cur.close()
conn.close()
deny_file = open('/etc/hosts.deny')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_lines = deny_file.readlines()
deny_file.close()
i = 0
for line in deny_lines:
for row in rows:
ip = str(row[1])
if line.find(ip) != -1:
del deny_lines[i]
if common.is_ip(ip) != False:
if common.is_ip(ip) == socket.AF_INET:
os.system('route del -host %s gw 127.0.0.1' % str(ip))
else:
os.system('ip -6 route del ::1/128 via %s/128' % str(ip))
logging.info("Unblock ip:" + str(ip))
i = i + 1
deny_file = file("/etc/hosts.deny", "w+")
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.write("\n")
deny_file.close()
except BaseException:
logging.error("Auto block thread error")
start_line = file_len("/etc/hosts.deny")
def update_all_user(self, dt_transfer):
import cymysql
update_transfer = {}
query_head = 'UPDATE user'
query_sub_when = ''
query_sub_when2 = ''
query_sub_in = None
alive_user_count = 0
bandwidth_thistime = 0
if get_config().MYSQL_SSL_ENABLE == 1:
conn = cymysql.connect(host=get_config().MYSQL_HOST, port=get_config().MYSQL_PORT, user=get_config().MYSQL_USER,
passwd=get_config().MYSQL_PASS, db=get_config().MYSQL_DB, charset='utf8',ssl={'ca':get_config().MYSQL_SSL_CA,'cert':get_config().MYSQL_SSL_CERT,'key':get_config().MYSQL_SSL_KEY})
else:
conn = cymysql.connect(host=get_config().MYSQL_HOST, port=get_config().MYSQL_PORT, user=get_config().MYSQL_USER,
passwd=get_config().MYSQL_PASS, db=get_config().MYSQL_DB, charset='utf8')
conn.autocommit(True)
for id in dt_transfer.keys():
if dt_transfer[id][0] == 0 and dt_transfer[id][1] == 0:
continue
query_sub_when += ' WHEN %s THEN u+%s' % (id, dt_transfer[id][0] * self.traffic_rate)
query_sub_when2 += ' WHEN %s THEN d+%s' % (id, dt_transfer[id][1] * self.traffic_rate)
update_transfer[id] = dt_transfer[id]
alive_user_count = alive_user_count + 1
cur = conn.cursor()
cur.execute("INSERT INTO `user_traffic_log` (`id`, `user_id`, `u`, `d`, `Node_ID`, `rate`, `traffic`, `log_time`) VALUES (NULL, '" + str(self.port_uid_table[id]) + "', '" + str(dt_transfer[id][0]) +"', '" + str(dt_transfer[id][1]) + "', '" + str(get_config().NODE_ID) + "', '" + str(self.traffic_rate) + "', '" + self.trafficShow((dt_transfer[id][0]+dt_transfer[id][1]) * self.traffic_rate) + "', unix_timestamp()); ")
cur.close()
bandwidth_thistime = bandwidth_thistime + ((dt_transfer[id][0] + dt_transfer[id][1]) * self.traffic_rate)
if query_sub_in is not None:
query_sub_in += ',%s' % id
else:
query_sub_in = '%s' % id
if query_sub_when != '':
query_sql = query_head + ' SET u = CASE port' + query_sub_when + \
' END, d = CASE port' + query_sub_when2 + \
' END, t = unix_timestamp() ' + \
' WHERE port IN (%s)' % query_sub_in
cur = conn.cursor()
cur.execute(query_sql)
cur.close()
cur = conn.cursor()
cur.execute("UPDATE `ss_node` SET `node_heartbeat`=unix_timestamp(),`node_bandwidth`=`node_bandwidth`+'" + str(bandwidth_thistime) + "' WHERE `id` = " + str(get_config().NODE_ID) + " ; ")
cur.close()
cur = conn.cursor()
cur.execute("INSERT INTO `ss_node_online_log` (`id`, `node_id`, `online_user`, `log_time`) VALUES (NULL, '" + str(get_config().NODE_ID) + "', '" + str(alive_user_count) + "', unix_timestamp()); ")
cur.close()
cur = conn.cursor()
cur.execute("INSERT INTO `ss_node_info` (`id`, `node_id`, `uptime`, `load`, `log_time`) VALUES (NULL, '" + str(get_config().NODE_ID) + "', '" + str(self.uptime()) + "', '" + str(self.load()) + "', unix_timestamp()); ")
cur.close()
online_iplist = ServerPool.get_instance().get_servers_iplist()
for id in online_iplist.keys():
for ip in online_iplist[id]:
cur = conn.cursor()
cur.execute("INSERT INTO `alive_ip` (`id`, `nodeid`,`userid`, `ip`, `datetime`) VALUES (NULL, '" + str(get_config().NODE_ID) + "','" + str(self.port_uid_table[id]) + "', '" + str(ip) + "', unix_timestamp())")
cur.close()
detect_log_list = ServerPool.get_instance().get_servers_detect_log()
for port in detect_log_list.keys():
for rule_id in detect_log_list[port]:
cur = conn.cursor()
cur.execute("INSERT INTO `detect_log` (`id`, `user_id`, `list_id`, `datetime`, `node_id`) VALUES (NULL, '" + str(self.port_uid_table[port]) + "', '" + str(rule_id) + "', UNIX_TIMESTAMP(), '" + str(get_config().NODE_ID) + "')")
cur.close()
deny_str = ""
if platform.system() == 'Linux' and get_config().ANTISSATTACK == 1 :
wrong_iplist = ServerPool.get_instance().get_servers_wrong()
server_ip = socket.gethostbyname(get_config().MYSQL_HOST)
for id in wrong_iplist.keys():
for ip in wrong_iplist[id]:
realip = ""
is_ipv6 = False
if common.is_ip(ip) != False:
if(common.is_ip(ip) == socket.AF_INET):
realip = ip
else:
if common.match_ipv4_address(ip) != None:
realip = common.match_ipv4_address(ip)
else:
is_ipv6 = True
realip = ip
else:
continue
if str(realip) == str(server_ip):
continue
cur = conn.cursor()
cur.execute("SELECT * FROM `blockip` where `ip` = '" + str(realip) + "'")
rows = cur.fetchone()
cur.close()
if rows != None:
continue
if get_config().CLOUDSAFE == 1:
cur = conn.cursor()
cur.execute("INSERT INTO `blockip` (`id`, `nodeid`, `ip`, `datetime`) VALUES (NULL, '" + str(get_config().NODE_ID) + "', '" + str(realip) + "', unix_timestamp())")
cur.close()
else:
if is_ipv6 == False:
os.system('route add -host %s gw 127.0.0.1' % str(realip))
deny_str = deny_str + "\nALL: " + str(realip)
else:
os.system('ip -6 route add ::1/128 via %s/128' % str(realip))
deny_str = deny_str + "\nALL: [" + str(realip) +"]/128"
logging.info("Local Block ip:" + str(realip))
if get_config().CLOUDSAFE == 0:
deny_file=open('/etc/hosts.deny','a')
fcntl.flock(deny_file.fileno(),fcntl.LOCK_EX)
deny_file.write(deny_str + "\n")
deny_file.close()
conn.close()
return update_transfer
def auto_block_thread(self):
global webapi
server_ip = socket.gethostbyname(configloader.get_config().MYSQL_HOST)
if configloader.get_config().API_INTERFACE == "modwebapi":
# 读取节点IP
# SELECT * FROM `ss_node` where `node_ip` != ''
node_ip_list = []
data = webapi.getApi("nodes")
for node in data:
temp_list = node["node_ip"].split(",")
node_ip_list.append(temp_list[0])
else:
import cymysql
if configloader.get_config().MYSQL_SSL_ENABLE == 1:
conn = cymysql.connect(
host=configloader.get_config().MYSQL_HOST,
port=configloader.get_config().MYSQL_PORT,
user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS,
db=configloader.get_config().MYSQL_DB,
charset="utf8",
ssl={
"ca": configloader.get_config().MYSQL_SSL_CA,
"cert": configloader.get_config().MYSQL_SSL_CERT,
"key": configloader.get_config().MYSQL_SSL_KEY,
},
)
else:
conn = cymysql.connect(
host=configloader.get_config().MYSQL_HOST,
port=configloader.get_config().MYSQL_PORT,
user=configloader.get_config().MYSQL_USER,
passwd=configloader.get_config().MYSQL_PASS,
db=configloader.get_config().MYSQL_DB,
charset="utf8",
)
conn.autocommit(True)
# 读取节点IP
# SELECT * FROM `ss_node` where `node_ip` != ''
node_ip_list = []
cur = conn.cursor()
cur.execute(
"SELECT `node_ip` FROM `ss_node` where `node_ip` != ''")
for r in cur.fetchall():
temp_list = str(r[0]).split(",")
node_ip_list.append(temp_list[0])
cur.close()
deny_file = open("/etc/hosts.deny")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_lines = deny_file.readlines()
deny_file.close()
logging.info("Read hosts.deny from line " + str(self.start_line))
real_deny_list = deny_lines[self.start_line:]
denyed_ip_list = []
data = []
for line in real_deny_list:
if self.get_ip(line) and line.find("#") != 0:
ip = self.get_ip(line)
if str(ip).find(str(server_ip)) != -1:
i = 0
for line in deny_lines:
if line.find(ip) != -1:
del deny_lines[i]
i = i + 1
deny_file = open("/etc/hosts.deny", "w+")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.close()
continue
has_match_node = False
for node_ip in node_ip_list:
if str(ip).find(node_ip) != -1:
i = 0
for line in deny_lines:
if line.find(ip) != -1:
del deny_lines[i]
i = i + 1
deny_file = open("/etc/hosts.deny", "w+")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.close()
has_match_node = True
continue
if has_match_node:
continue
if configloader.get_config().API_INTERFACE == "modwebapi":
data.append({"ip": ip})
logging.info("Block ip:" + str(ip))
else:
cur = conn.cursor()
cur.execute("SELECT * FROM `blockip` where `ip` = '" +
str(ip) + "'")
rows = cur.fetchone()
cur.close()
if rows is not None:
continue
cur = conn.cursor()
cur.execute(
"INSERT INTO `blockip` (`id`, `nodeid`, `ip`, `datetime`) VALUES (NULL, '"
+ str(configloader.get_config().NODE_ID) + "', '" +
str(ip) + "', unix_timestamp())")
cur.close()
logging.info("Block ip:" + str(ip))
denyed_ip_list.append(ip)
if configloader.get_config().API_INTERFACE == "modwebapi":
webapi.postApi(
"func/block_ip",
{"node_id": configloader.get_config().NODE_ID},
{"data": data},
)
if configloader.get_config().API_INTERFACE == "modwebapi":
rows = webapi.getApi("func/block_ip")
else:
cur = conn.cursor()
cur.execute(
"SELECT * FROM `blockip` where `datetime`>unix_timestamp()-60")
rows = cur.fetchall()
cur.close()
deny_str = ""
deny_str_at = ""
for row in rows:
if configloader.get_config().API_INTERFACE == "modwebapi":
node = row["nodeid"]
ip = self.get_ip(row["ip"])
else:
node = row[1]
ip = self.get_ip(row[2])
if ip is not None:
if str(node) == str(configloader.get_config().NODE_ID):
if (configloader.get_config().ANTISSATTACK == 1
and configloader.get_config().CLOUDSAFE == 1
and ip not in denyed_ip_list):
if common.is_ip(ip):
if common.is_ip(ip) == socket.AF_INET:
os.system("route add -host %s gw 127.0.0.1" %
str(ip))
deny_str = deny_str + "\nALL: " + str(ip)
else:
os.system(
"ip -6 route add ::1/128 via %s/128" %
str(ip))
deny_str = (deny_str + "\nALL: [" + str(ip) +
"]/128")
logging.info("Remote Block ip:" + str(ip))
else:
if common.is_ip(ip):
if common.is_ip(ip) == socket.AF_INET:
os.system("route add -host %s gw 127.0.0.1" %
str(ip))
deny_str = deny_str + "\nALL: " + str(ip)
else:
os.system("ip -6 route add ::1/128 via %s/128" %
str(ip))
deny_str = (deny_str + "\nALL: [" + str(ip) +
"]/128")
logging.info("Remote Block ip:" + str(ip))
deny_file = open("/etc/hosts.deny", "a")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_file.write(deny_str)
deny_file.close()
if (configloader.get_config().ANTISSATTACK == 1
and configloader.get_config().CLOUDSAFE == 1):
deny_file = open("/etc/hosts.deny", "a")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_file.write(deny_str_at)
deny_file.close()
if configloader.get_config().API_INTERFACE == "modwebapi":
rows = webapi.getApi("func/unblock_ip")
else:
cur = conn.cursor()
cur.execute(
"SELECT * FROM `unblockip` where `datetime`>unix_timestamp()-60"
)
rows = cur.fetchall()
cur.close()
conn.close()
deny_file = open("/etc/hosts.deny")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_lines = deny_file.readlines()
deny_file.close()
i = 0
for line in deny_lines:
for row in rows:
if configloader.get_config().API_INTERFACE == "modwebapi":
ip = str(row["ip"])
else:
ip = str(row[1])
if line.find(ip) != -1:
del deny_lines[i]
if common.is_ip(ip):
if common.is_ip(ip) == socket.AF_INET:
os.system("route del -host %s gw 127.0.0.1" %
str(ip))
else:
os.system("ip -6 route del ::1/128 via %s/128" %
str(ip))
logging.info("Unblock ip:" + str(ip))
i = i + 1
deny_file = open("/etc/hosts.deny", "w+")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.close()
self.start_line = self.file_len("/etc/hosts.deny")
def update_all_user(self, dt_transfer):
import cymysql
update_transfer = {}
query_head = 'UPDATE user'
query_sub_when = ''
query_sub_when2 = ''
query_sub_in = None
alive_user_count = 0
bandwidth_thistime = 0
for id in dt_transfer.keys():
if dt_transfer[id][0] == 0 and dt_transfer[id][1] == 0:
continue
query_sub_when += ' WHEN %s THEN u+%s' % (id, dt_transfer[id][0] *
self.traffic_rate)
query_sub_when2 += ' WHEN %s THEN d+%s' % (id, dt_transfer[id][1] *
self.traffic_rate)
update_transfer[id] = dt_transfer[id]
alive_user_count = alive_user_count + 1
self.append_traffic_log(id, dt_transfer)
bandwidth_thistime = bandwidth_thistime + \
(dt_transfer[id][0] + dt_transfer[id][1])
if query_sub_in is not None:
query_sub_in += ',%s' % id
else:
query_sub_in = '%s' % id
self.mass_insert_traffic()
if query_sub_when != '':
query_sql = query_head + ' SET u = CASE port' + query_sub_when + \
' END, d = CASE port' + query_sub_when2 + \
' END, t = unix_timestamp() ' + \
' WHERE port IN (%s)' % query_sub_in
self.getMysqlCur(query_sql, no_result=True)
query_sql = "UPDATE `ss_node` SET `node_heartbeat`=unix_timestamp(),`node_bandwidth`=`node_bandwidth`+'" + \
str(bandwidth_thistime) + \
"' WHERE `id` = " + str(self.NODE_ID) + " ; "
self.getMysqlCur(query_sql, no_result=True)
query_sql = "INSERT INTO `ss_node_online_log` (`id`, `node_id`, `online_user`, `log_time`) VALUES (NULL, '" + \
str(self.NODE_ID) + "', '" + str(alive_user_count) + "', unix_timestamp()); "
self.getMysqlCur(query_sql, no_result=True)
query_sql = "INSERT INTO `ss_node_info` (`id`, `node_id`, `uptime`, `load`, `log_time`) VALUES (NULL, '" + \
str(get_config().NODE_ID) + "', '" + str(self.uptime()) + "', '" + str(self.load()) + "', unix_timestamp()); "
self.getMysqlCur(query_sql, no_result=True)
online_iplist = ServerPool.get_instance().get_servers_iplist()
for id in online_iplist.keys():
for ip in online_iplist[id]:
self.append_alive_ip(id, ip)
self.mass_insert_alive_ip()
detect_log_list = ServerPool.get_instance().get_servers_detect_log()
for port in detect_log_list.keys():
for rule_id in detect_log_list[port]:
query_sql = "INSERT INTO `detect_log` (`id`, `user_id`, `list_id`, `datetime`, `node_id`) VALUES (NULL, '" + \
str(self.port_uid_table[port]) + "', '" + str(rule_id) + "', UNIX_TIMESTAMP(), '" + str(self.NODE_ID) + "')"
self.getMysqlCur(query_sql, no_result=True)
deny_str = ""
if platform.system() == 'Linux' and get_config().ANTISSATTACK == 1:
wrong_iplist = ServerPool.get_instance().get_servers_wrong()
server_ip = socket.gethostbyname(get_config().MYSQL_HOST)
for id in wrong_iplist.keys():
for ip in wrong_iplist[id]:
realip = ""
is_ipv6 = False
if common.is_ip(ip):
if (common.is_ip(ip) == socket.AF_INET):
realip = ip
else:
if common.match_ipv4_address(ip) is not None:
realip = common.match_ipv4_address(ip)
else:
is_ipv6 = True
realip = ip
else:
continue
if str(realip).find(str(server_ip)) != -1:
continue
has_match_node = False
for node_ip in self.node_ip_list:
if str(realip).find(node_ip) != -1:
has_match_node = True
continue
if has_match_node:
continue
query_sql = "SELECT * FROM `blockip` where `ip` = '" + str(
realip) + "'"
rows = self.getMysqlCur(query_sql, fetchone=True)
if rows is not None:
continue
if get_config().CLOUDSAFE == 1:
query_sql = "INSERT INTO `blockip` (`id`, `nodeid`, `ip`, `datetime`) VALUES (NULL, '" + \
str(self.NODE_ID) + "', '" + str(realip) + "', unix_timestamp())"
self.getMysqlCur(query_sql, no_result=True)
else:
if not is_ipv6:
os.system('route add -host %s gw 127.0.0.1' %
str(realip))
deny_str = deny_str + "\nALL: " + str(realip)
else:
os.system('ip -6 route add ::1/128 via %s/128' %
str(realip))
deny_str = deny_str + \
"\nALL: [" + str(realip) + "]/128"
logging.info("Local Block ip:" + str(realip))
if get_config().CLOUDSAFE == 0:
deny_file = open('/etc/hosts.deny', 'a')
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_file.write(deny_str)
deny_file.close()
return update_transfer
def update_all_user(self, dt_transfer):
update_transfer = {}
query_head = "UPDATE user"
query_sub_when = ""
query_sub_when2 = ""
query_sub_in = None
alive_user_count = 0
bandwidth_thistime = 0
for offset_port in dt_transfer.keys():
port = self.get_real_port(offset_port)
if dt_transfer[offset_port][0] == 0 and dt_transfer[offset_port][1] == 0:
continue
query_sub_when += " WHEN %s THEN u+%s" % (port, dt_transfer[offset_port][0] * self.traffic_rate)
query_sub_when2 += " WHEN %s THEN d+%s" % (port, dt_transfer[offset_port][1] * self.traffic_rate)
update_transfer[offset_port] = dt_transfer[offset_port]
alive_user_count = alive_user_count + 1
self.append_traffic_log(offset_port, dt_transfer)
bandwidth_thistime = bandwidth_thistime + (dt_transfer[offset_port][0] + dt_transfer[offset_port][1])
if query_sub_in is not None:
query_sub_in += ",%s" % port
else:
query_sub_in = "%s" % port
self.mass_insert_traffic()
if query_sub_when != "":
query_sql = (
query_head
+ " SET u = CASE port"
+ query_sub_when
+ " END, d = CASE port"
+ query_sub_when2
+ " END, t = unix_timestamp() "
+ " WHERE port IN (%s)" % query_sub_in
)
self.get_mysql_cur(query_sql, fetch_type=FETCH_NONE)
query_sql = (
"UPDATE `ss_node` SET `node_heartbeat`=unix_timestamp(),`node_bandwidth`=`node_bandwidth`+'"
+ str(bandwidth_thistime)
+ "' WHERE `id` = "
+ str(self.api_config.NODE_ID)
+ " ; "
)
self.get_mysql_cur(query_sql, fetch_type=FETCH_NONE)
query_sql = (
"INSERT INTO `ss_node_online_log` (`id`, `node_id`, `online_user`, `log_time`) VALUES (NULL, '"
+ str(self.api_config.NODE_ID)
+ "', '"
+ str(alive_user_count)
+ "', unix_timestamp()); "
)
self.get_mysql_cur(query_sql, fetch_type=FETCH_NONE)
query_sql = (
"INSERT INTO `ss_node_info` (`id`, `node_id`, `uptime`, `load`, `log_time`) VALUES (NULL, '"
+ str(self.api_config.NODE_ID)
+ "', '"
+ str(self.uptime())
+ "', '"
+ str(self.load())
+ "', unix_timestamp()); "
)
self.get_mysql_cur(query_sql, fetch_type=FETCH_NONE)
online_iplist = sp_instance().get_servers_iplist()
for port in online_iplist.keys():
for ip in online_iplist[port]:
self.append_alive_ip(port, ip)
self.mass_insert_alive_ip()
detect_log_list = sp_instance().get_servers_detect_log()
for port in detect_log_list.keys():
for rule_id in detect_log_list[port]:
query_sql = (
"INSERT INTO `detect_log` (`id`, `user_id`, `list_id`, `datetime`, `node_id`) VALUES (NULL, '"
+ str(self.port_uid_table[port])
+ "', '"
+ str(rule_id)
+ "', UNIX_TIMESTAMP(), '"
+ str(self.api_config.NODE_ID)
+ "')"
)
self.get_mysql_cur(query_sql, fetch_type=FETCH_NONE)
deny_str = ""
if platform.system() == "Linux" and self.api_config.ANTISSATTACK == 1:
wrong_iplist = sp_instance().get_servers_wrong()
server_ip = socket.gethostbyname(self.api_config.MYSQL_HOST)
for id in wrong_iplist.keys():
for ip in wrong_iplist[id]:
is_ipv6 = False
if common.is_ip(ip):
if common.is_ip(ip) == socket.AF_INET:
realip = ip
else:
if common.match_ipv4_address(ip) is not None:
realip = common.match_ipv4_address(ip)
else:
is_ipv6 = True
realip = ip
else:
continue
if str(realip).find(str(server_ip)) != -1:
continue
has_match_node = False
for node_ip in self.node_ip_list:
if str(realip).find(node_ip) != -1:
has_match_node = True
continue
if has_match_node:
continue
query_sql = "SELECT * FROM `blockip` where `ip` = '" + str(realip) + "'"
rows = self.get_mysql_cur(query_sql, fetch_type=FETCH_ONE)
if rows is not None:
continue
if self.api_config.CLOUDSAFE == 1:
query_sql = (
"INSERT INTO `blockip` (`id`, `nodeid`, `ip`, `datetime`) VALUES (NULL, '"
+ str(self.api_config.NODE_ID)
+ "', '"
+ str(realip)
+ "', unix_timestamp())"
)
self.get_mysql_cur(query_sql, fetch_type=FETCH_NONE)
else:
if not is_ipv6:
os.system("route add -host %s gw 127.0.0.1" % str(realip))
deny_str = deny_str + "\nALL: " + str(realip)
else:
os.system("ip -6 route add ::1/128 via %s/128" % str(realip))
deny_str = deny_str + "\nALL: [" + str(realip) + "]/128"
logging.info("Local Block ip: %s", str(realip))
if self.api_config.CLOUDSAFE == 0:
deny_file = open("/etc/hosts.deny", "a")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_file.write(deny_str)
deny_file.close()
return update_transfer
def update_all_user(self, dt_transfer):
global webapi
update_transfer = {}
alive_user_count = 0
bandwidth_thistime = 0
data = []
for id in dt_transfer.keys():
if dt_transfer[id][0] == 0 and dt_transfer[id][1] == 0:
continue
data.append({
"u": dt_transfer[id][0],
"d": dt_transfer[id][1],
"user_id": self.port_uid_table[id],
})
update_transfer[id] = dt_transfer[id]
webapi.postApi("traffic", {"node_id": get_config().NODE_ID},
{"data": data})
webapi.postApi("uptimeinfo", {"node_id": get_config().NODE_ID},
{"node_id": get_config().NODE_ID})
online_iplist = ServerPool.get_instance().get_servers_iplist()
data = []
for port in online_iplist.keys():
for ip in online_iplist[port]:
data.append({"ip": ip, "user_id": self.port_uid_table[port]})
webapi.postApi("aliveip", {"node_id": get_config().NODE_ID},
{"data": data})
detect_log_list = ServerPool.get_instance().get_servers_detect_log()
data = []
for port in detect_log_list.keys():
for rule_id in detect_log_list[port]:
data.append({
"list_id": rule_id,
"user_id": self.port_uid_table[port]
})
webapi.postApi(
"detectlog",
{"node_id": get_config().NODE_ID},
{"data": data},
)
deny_str = ""
data = []
if platform.system() == "Linux" and get_config().ANTISSATTACK == 1:
wrong_iplist = ServerPool.get_instance().get_servers_wrong()
server_ip = socket.gethostbyname(get_config().MYSQL_HOST)
for id in wrong_iplist.keys():
for ip in wrong_iplist[id]:
realip = ""
is_ipv6 = False
if common.is_ip(ip):
if common.is_ip(ip) == socket.AF_INET:
realip = ip
else:
if common.match_ipv4_address(ip) is not None:
realip = common.match_ipv4_address(ip)
else:
is_ipv6 = True
realip = ip
else:
continue
if str(realip).find(str(server_ip)) != -1:
continue
has_match_node = False
for node_ip in self.node_ip_list:
if str(realip).find(node_ip) != -1:
has_match_node = True
continue
if has_match_node:
continue
if get_config().CLOUDSAFE == 1:
data.append({"ip": realip})
else:
if not is_ipv6:
os.system("route add -host %s gw 127.0.0.1" %
str(realip))
deny_str = deny_str + "\nALL: " + str(realip)
else:
os.system("ip -6 route add ::1/128 via %s/128" %
str(realip))
deny_str = deny_str + "\nALL: [" + str(
realip) + "]/128"
logging.info("Local Block ip:" + str(realip))
if get_config().CLOUDSAFE == 0:
deny_file = open("/etc/hosts.deny", "a")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_file.write(deny_str)
deny_file.close()
webapi.postApi(
"block_ip",
{"node_id": get_config().NODE_ID},
{"data": data},
)
return update_transfer
def auto_block_thread(self):
from db_transfer import MySqlWrapper
global webapi
server_ip = socket.gethostbyname(configloader.get_config().MYSQL_HOST)
if configloader.get_config().API_INTERFACE == "modwebapi":
# 读取节点IP
# SELECT * FROM `ss_node` where `node_ip` != ''
node_ip_list = []
data = webapi.getApi("nodes")
for node in data:
temp_list = node["node_ip"].split(",")
node_ip_list.append(temp_list[0])
else:
mysqlObj = MySqlWrapper()
node_ip_list = mysqlObj.get_all_node_ip()
deny_file = open(hosts_deny_file_path())
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_lines = deny_file.readlines()
deny_file.close()
logging.info("Read hosts.deny from line " + str(self.start_line))
real_deny_list = deny_lines[self.start_line:]
denyed_ip_list = []
data = []
for line in real_deny_list:
if self.get_ip(line) and line.find("#") != 0:
ip = self.get_ip(line)
if str(ip).find(str(server_ip)) != -1:
i = 0
for line in deny_lines:
if line.find(ip) != -1:
del deny_lines[i]
i = i + 1
deny_file = open(hosts_deny_file_path(), "w+")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.close()
continue
has_match_node = False
for node_ip in node_ip_list:
if str(ip).find(node_ip) != -1:
i = 0
for line in deny_lines:
if line.find(ip) != -1:
del deny_lines[i]
i = i + 1
deny_file = open(hosts_deny_file_path(), "w+")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.close()
has_match_node = True
continue
if has_match_node:
continue
if configloader.get_config().API_INTERFACE == "modwebapi":
data.append({"ip": ip})
logging.info("Block ip:" + str(ip))
else:
if mysqlObj.is_ip_in_blockip(ip):
continue
mysqlObj.write_ip_to_blockip(ip)
logging.info("Block ip:" + str(ip))
denyed_ip_list.append(ip)
if configloader.get_config().API_INTERFACE == "modwebapi":
webapi.postApi(
"func/block_ip",
{"node_id": configloader.get_config().NODE_ID},
{"data": data},
)
if configloader.get_config().API_INTERFACE == "modwebapi":
rows = webapi.getApi("func/block_ip")
else:
rows = mysqlObj.get_all_blockip()
deny_str = ""
deny_str_at = ""
for row in rows:
if configloader.get_config().API_INTERFACE == "modwebapi":
node = row["nodeid"]
ip = self.get_ip(row["ip"])
else:
node = row[1]
ip = self.get_ip(row[2])
if ip is not None:
if str(node) == str(configloader.get_config().NODE_ID):
if (configloader.get_config().ANTISSATTACK == 1
and configloader.get_config().CLOUDSAFE == 1
and ip not in denyed_ip_list):
if common.is_ip(ip):
if common.is_ip(ip) == socket.AF_INET:
os.system("route add -host %s gw 127.0.0.1" %
str(ip))
deny_str = deny_str + "\nALL: " + str(ip)
else:
os.system(
"ip -6 route add ::1/128 via %s/128" %
str(ip))
deny_str = (deny_str + "\nALL: [" + str(ip) +
"]/128")
logging.info("Remote Block ip:" + str(ip))
else:
if common.is_ip(ip):
if common.is_ip(ip) == socket.AF_INET:
os.system("route add -host %s gw 127.0.0.1" %
str(ip))
deny_str = deny_str + "\nALL: " + str(ip)
else:
os.system("ip -6 route add ::1/128 via %s/128" %
str(ip))
deny_str = (deny_str + "\nALL: [" + str(ip) +
"]/128")
logging.info("Remote Block ip:" + str(ip))
deny_file = open(hosts_deny_file_path(), "a")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_file.write(deny_str)
deny_file.close()
if (configloader.get_config().ANTISSATTACK == 1
and configloader.get_config().CLOUDSAFE == 1):
deny_file = open(hosts_deny_file_path(), "a")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_file.write(deny_str_at)
deny_file.close()
if configloader.get_config().API_INTERFACE == "modwebapi":
rows = webapi.getApi("func/unblock_ip")
else:
rows = mysqlObj.get_all_unblockip()
del mysqlObj
deny_file = open(hosts_deny_file_path())
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
deny_lines = deny_file.readlines()
deny_file.close()
i = 0
for line in deny_lines:
for row in rows:
if configloader.get_config().API_INTERFACE == "modwebapi":
ip = str(row["ip"])
else:
ip = str(row[1])
if line.find(ip) != -1:
del deny_lines[i]
if common.is_ip(ip):
if common.is_ip(ip) == socket.AF_INET:
os.system("route del -host %s gw 127.0.0.1" %
str(ip))
else:
os.system("ip -6 route del ::1/128 via %s/128" %
str(ip))
logging.info("Unblock ip:" + str(ip))
i = i + 1
deny_file = open(hosts_deny_file_path(), "w+")
fcntl.flock(deny_file.fileno(), fcntl.LOCK_EX)
for line in deny_lines:
deny_file.write(line)
deny_file.close()
self.start_line = self.file_len(hosts_deny_file_path())
