def __init__(self, server_id, conf_dir, prom_export=None): """ :param str server_id: server identifier. :param str conf_dir: configuration directory. :param str prom_export: prometheus export address. """ super().__init__(server_id, conf_dir, prom_export=prom_export) # TODO: add 2 policies self.path_policy = PathPolicy.from_file( os.path.join(conf_dir, PATH_POLICY_FILE)) self.signing_key = get_sig_key(self.conf_dir) self.of_gen_key = kdf(self.config.master_as_key, b"Derive OF Key") self.hashtree_gen_key = kdf(self.config.master_as_key, b"Derive hashtree Key") logging.info(self.config.__dict__) self._hash_tree = None self._hash_tree_lock = Lock() self._next_tree = None self._init_hash_tree() self.ifid_state = {} for ifid in self.ifid2br: self.ifid_state[ifid] = InterfaceState() self.ifid_state_lock = RLock() self.CTRL_PLD_CLASS_MAP = { PayloadClass.PCB: { None: self.handle_pcb }, PayloadClass.IFID: { None: self.handle_ifid_packet }, PayloadClass.CERT: { CertMgmtType.CERT_CHAIN_REQ: self.process_cert_chain_request, CertMgmtType.CERT_CHAIN_REPLY: self.process_cert_chain_reply, CertMgmtType.TRC_REPLY: self.process_trc_reply, CertMgmtType.TRC_REQ: self.process_trc_request, }, PayloadClass.PATH: { PMT.IFSTATE_REQ: self._handle_ifstate_request, PMT.REVOCATION: self._handle_revocation, }, } self.SCMP_PLD_CLASS_MAP = { SCMPClass.PATH: { SCMPPathClass.REVOKED_IF: self._handle_scmp_revocation, }, } zkid = ZkID.from_values(self.addr.isd_as, self.id, [(self.addr.host, self._port)]).pack() self.zk = Zookeeper(self.addr.isd_as, BEACON_SERVICE, zkid, self.topology.zookeepers) self.zk.retry("Joining party", self.zk.party_setup) self.pcb_cache = ZkSharedCache(self.zk, self.ZK_PCB_CACHE_PATH, self._handle_pcbs_from_zk) self.revobjs_cache = ZkSharedCache(self.zk, self.ZK_REVOCATIONS_PATH, self.process_rev_objects) self.local_rev_cache = ExpiringDict( 1000, HASHTREE_EPOCH_TIME + HASHTREE_EPOCH_TOLERANCE) self._rev_seg_lock = RLock()
def __init__( self, server_id, conf_dir, ): """ :param str server_id: server identifier. :param str conf_dir: configuration directory. """ super().__init__( server_id, conf_dir, ) self.interface = None for border_router in self.topology.get_all_border_routers(): if border_router.name == self.id: self.interface = border_router.interface break assert self.interface is not None logging.info("Interface: %s", self.interface.__dict__) self.is_core_router = self.topology.is_core_as self.of_gen_key = kdf(self.config.master_as_key, b"Derive OF Key") self.sibra_key = kdf(self.config.master_as_key, b"Derive SIBRA Key") self.if_states = defaultdict(InterfaceState) self.revocations = ExpiringDict(1000, self.FWD_REVOCATION_TIMEOUT) self.pre_ext_handlers = { SibraExtBase.EXT_TYPE: self.handle_sibra, TracerouteExt.EXT_TYPE: self.handle_traceroute, OneHopPathExt.EXT_TYPE: self.handle_one_hop_path, ExtHopByHopType.SCMP: self.handle_scmp, } self.post_ext_handlers = { SibraExtBase.EXT_TYPE: False, TracerouteExt.EXT_TYPE: False, ExtHopByHopType.SCMP: False, OneHopPathExt.EXT_TYPE: False, } self.sibra_state = SibraState( self.interface.bandwidth, "%s#%s -> %s" % (self.addr.isd_as, self.interface.if_id, self.interface.isd_as)) self.CTRL_PLD_CLASS_MAP = { PayloadClass.IFID: { None: self.process_ifid_request }, PayloadClass.PATH: defaultdict(lambda: self.process_path_mgmt_packet), } self.SCMP_PLD_CLASS_MAP = { SCMPClass.PATH: { SCMPPathClass.REVOKED_IF: self.process_revocation }, } self._remote_sock = UDPSocket( bind=(str(self.interface.addr), self.interface.udp_port), addr_type=self.interface.addr.TYPE, ) self._socks.add(self._remote_sock, self.handle_recv) logging.info("IP %s:%d", self.interface.addr, self.interface.udp_port)
def _get_drkey_secret(self, exp_time): """ Get the drkey secret. A new secret is initialized if no secret is found. :param int exp_time: expiration time of the drkey secret :return: the according drkey secret :rtype: DRKeySecretValue """ sv = self.drkey_secrets.get(exp_time) if not sv: sv = DRKeySecretValue(kdf(self.config.master_as_key, b"Derive DRKey Key"), exp_time) self.drkey_secrets[sv.exp_time] = sv return sv
def __init__(self, server_id, conf_dir, spki_cache_dir=GEN_CACHE_PATH, prom_export=None, sciond_path=None): """ :param str server_id: server identifier. :param str conf_dir: configuration directory. :param str prom_export: prometheus export address. :param str sciond_path: path to sciond socket. """ super().__init__(server_id, conf_dir, spki_cache_dir=spki_cache_dir, prom_export=prom_export, sciond_path=sciond_path) self.config = self._load_as_conf() self.master_key_0 = get_master_key(self.conf_dir, MASTER_KEY_0) self.master_key_1 = get_master_key(self.conf_dir, MASTER_KEY_1) # TODO: add 2 policies self.path_policy = PathPolicy.from_file( os.path.join(conf_dir, PATH_POLICY_FILE)) self.signing_key = get_sig_key(self.conf_dir) self.of_gen_key = kdf(self.master_key_0, b"Derive OF Key") # Amount of time units a HOF is valid (time unit is EXP_TIME_UNIT). self.default_hof_exp_time = int(self.config.segment_ttl / EXP_TIME_UNIT) self.ifid_state = {} for ifid in self.ifid2br: self.ifid_state[ifid] = InterfaceState() self.ifid_state_lock = RLock() self.if_revocations = {} self.CTRL_PLD_CLASS_MAP = { PayloadClass.PCB: { PayloadClass.PCB: self.handle_pcb }, PayloadClass.IFID: { PayloadClass.IFID: self.handle_ifid_packet }, PayloadClass.CERT: { CertMgmtType.CERT_CHAIN_REQ: self.process_cert_chain_request, CertMgmtType.CERT_CHAIN_REPLY: self.process_cert_chain_reply, CertMgmtType.TRC_REPLY: self.process_trc_reply, CertMgmtType.TRC_REQ: self.process_trc_request, }, PayloadClass.PATH: { PMT.IFSTATE_REQ: self._handle_ifstate_request, PMT.REVOCATION: self._handle_revocation, }, } self.SCMP_PLD_CLASS_MAP = { SCMPClass.PATH: { SCMPPathClass.REVOKED_IF: self._handle_scmp_revocation, }, } zkid = ZkID.from_values(self.addr.isd_as, self.id, [(self.addr.host, self._port)]).pack() self.zk = Zookeeper(self.addr.isd_as, self.SERVICE_TYPE, zkid, self.topology.zookeepers) self.zk.retry("Joining party", self.zk.party_setup) self.pcb_cache = ZkSharedCache(self.zk, self.ZK_PCB_CACHE_PATH, self._handle_pcbs_from_zk) self.revobjs_cache = ZkSharedCache(self.zk, self.ZK_REVOCATIONS_PATH, self.process_rev_objects) self.local_rev_cache = RevCache() self._rev_seg_lock = RLock()