def _request_missing_trcs(self, seg_meta): """ For all missing TRCs which are missing to verify this pcb/path segment, request them. Request is sent to certificate server, if the pcb/path segment was received by zk. Otherwise the sender of this pcb/path segment is asked. """ missing_trcs = set() with seg_meta.miss_trc_lock: missing_trcs = seg_meta.missing_trcs.copy() if not missing_trcs: return for isd, ver in missing_trcs: with self.req_trcs_lock: if (isd, ver) in self.requested_trcs: continue isd_as = ISD_AS.from_values(isd, 0) trc_req = TRCRequest.from_values(isd_as, ver, cache_only=True) meta = seg_meta.meta or self._get_cs() if not meta: logging.error("Couldn't find a CS to request TRC for PCB %s", seg_meta.seg.short_id()) continue logging.info("Requesting %sv%s TRC from %s, for PCB %s", isd, ver, meta, seg_meta.seg.short_id()) with self.req_trcs_lock: self.requested_trcs[(isd, ver)] = (time.time(), meta) self.send_meta(trc_req, meta)
def _get_trc(self, isd_as, trc_ver): """ Get TRC from local storage or memory. :param ISD_AS isd_as: ISD-AS identifier. :param int trc_ver: TRC file version. """ trc = self.trust_store.get_trc(isd_as[0], trc_ver) if not trc: # Requesting TRC file from cert server trc_tuple = isd_as[0], trc_ver now = int(time.time()) if (trc_tuple not in self.trc_requests or (now - self.trc_requests[trc_tuple] > self.REQUESTS_TIMEOUT)): trc_req = TRCRequest.from_values(isd_as, trc_ver) logging.info("Requesting %sv%s TRC", isd_as[0], trc_ver) try: dst_addr = self.dns_query_topo(CERTIFICATE_SERVICE)[0] except SCIONServiceLookupError as e: logging.warning("Sending TRC request failed: %s", e) return None req_pkt = self._build_packet(dst_addr, payload=trc_req) self.send(req_pkt, dst_addr) self.trc_requests[trc_tuple] = now return None return trc
def request_missing_trcs(self, seg_meta): """ For all missing TRCs which are missing to verify this pcb/path segment, request them. Request is sent to certificate server, if the pcb/path segment was received by zk. Otherwise the sender of this pcb/path segment is asked. """ missing_trcs = set() with seg_meta.miss_trc_lock: missing_trcs = seg_meta.missing_trcs.copy() if not missing_trcs: return for isd, ver in missing_trcs: with self.req_trcs_lock: if (isd, ver) in self.requested_trcs: continue self.requested_trcs.add((isd, ver)) isd_as = ISD_AS.from_values(isd, 0) trc_req = TRCRequest.from_values(isd_as, ver) logging.info("Requesting %sv%s TRC", isd, ver) if not seg_meta.meta: meta = self.get_cs() if meta: self.send_meta(trc_req, meta) else: self.send_meta(trc_req, seg_meta.meta)
def _send_trc_request(self, isd, ver, as_): isd_as = ISD_AS.from_values(isd, as_) trc_req = TRCRequest.from_values(isd_as, ver, cache_only=True) path_meta = self._get_path_via_api(isd_as) if path_meta: meta = self._build_meta(isd_as, host=SVCType.CS_A, path=path_meta.fwd_path()) self.send_meta(trc_req, meta) logging.info("TRC request sent to %s via [%s]: %s", meta, path_meta.short_desc(), trc_req.short_desc()) else: logging.warning("TRC request not sent for %s: no path found.", trc_req.short_desc())
def _send_trc_request(self, isd, ver): trc_req = TRCRequest.from_values(isd, ver, cache_only=True) path_meta = self._get_path_via_sciond(trc_req.isd_as()) if path_meta: meta = self._build_meta( path_meta.dst_ia(), host=SVCType.CS_A, path=path_meta.fwd_path()) self.send_meta(CtrlPayload(CertMgmt(trc_req)), meta) logging.info("TRC request sent to %s via [%s]: %s", meta, path_meta.short_desc(), trc_req.short_desc()) else: logging.warning("TRC request not sent for %s: no path found.", trc_req.short_desc())
def _check_trc_reqs(self): """ Checks if TRC requests timeout and resends requests if so. """ with self.req_trcs_lock: now = time.time() for (isd, ver), (req_time, meta) in self.requested_trcs.items(): if now - req_time >= self.TRC_CC_REQ_TIMEOUT: trc_req = TRCRequest.from_values(isd, ver, cache_only=True) logging.info("Re-Requesting TRC from %s: %s", meta, trc_req.short_desc()) self.send_meta(trc_req, meta) self.requested_trcs[(isd, ver)] = (time.time(), meta)
def _fetch_trc(self, key, info): isd, ver = key isd_as = ISD_AS.from_values(isd, info[2]) trc_req = TRCRequest.from_values(isd_as, ver) req_pkt = self._build_packet(SVCType.CS_A, payload=trc_req) next_hop, port = self._get_next_hop(isd_as, True, False, True) if next_hop: self.send(req_pkt, next_hop, port) logging.info("TRC request sent for %sv%s.", *key) else: logging.warning("TRC request not sent for %sv%s: " "no destination found.", *key)
def _check_trc_reqs(self): """ Checks if TRC requests timeout and resends requests if so. """ with self.req_trcs_lock: now = time.time() for (isd, ver), (req_time, meta) in self.requested_trcs.items(): if now - req_time >= self.TRC_CC_REQ_TIMEOUT: trc_req = TRCRequest.from_values(isd, ver, cache_only=True) meta = meta or self._get_cs() req_id = mk_ctrl_req_id() logging.info("Re-Requesting TRC from %s: %s [id: %016x]", meta, trc_req.short_desc(), req_id) self.send_meta(CtrlPayload(CertMgmt(trc_req), req_id=req_id), meta) self.requested_trcs[(isd, ver)] = (time.time(), meta) if self._labels: PENDING_TRC_REQS_TOTAL.labels(**self._labels).set(len(self.requested_trcs))
def _request_missing_trcs(self, seg_meta): """ For all missing TRCs which are missing to verify this pcb/path segment, request them. Request is sent to certificate server, if the pcb/path segment was received by zk. Otherwise the sender of this pcb/path segment is asked. """ missing_trcs = set() with seg_meta.miss_trc_lock: missing_trcs = seg_meta.missing_trcs.copy() if not missing_trcs: return for isd, ver in missing_trcs: with self.req_trcs_lock: req_time, meta = self.requested_trcs.get((isd, ver), (None, None)) if meta: # There is already an outstanding request for the missing TRC # from somewhere else than than the local CS if seg_meta.meta: # Update the stored meta with the latest known server that has the TRC. self.requested_trcs[(isd, ver)] = (req_time, seg_meta.meta) continue if req_time and not seg_meta.meta: # There is already an outstanding request for the missing TRC # to the local CS and we don't have a new meta. continue trc_req = TRCRequest.from_values(isd, ver, cache_only=True) meta = seg_meta.meta or self._get_cs() if not meta: logging.error("Couldn't find a CS to request TRC for PCB %s", seg_meta.seg.short_id()) continue req_id = mk_ctrl_req_id() logging.info("Requesting %sv%s TRC from %s, for PCB %s [id: %016x]", isd, ver, meta, seg_meta.seg.short_id(), req_id) with self.req_trcs_lock: self.requested_trcs[(isd, ver)] = (time.time(), seg_meta.meta) if self._labels: PENDING_TRC_REQS_TOTAL.labels(**self._labels).set(len(self.requested_trcs)) self.send_meta(CtrlPayload(CertMgmt(trc_req), req_id=req_id), meta)
def _create_payload(self, _): if not self.cert_done: return CertChainRequest.from_values(self.addr.isd_as, 0) return TRCRequest.from_values(self.addr.isd_as, 0)
def _create_payload(self, _): if not self.cert: return CtrlPayload(CertMgmt(CertChainRequest.from_values( self.dst_ia, CertChainRequest.NEWEST_VERSION))) return CtrlPayload( CertMgmt(TRCRequest.from_values(self.dst_ia[0], TRCRequest.NEWEST_VERSION)))