From b676e780906aa03a9904f0184eac7d298921d6d4 Mon Sep 17 00:00:00 2001 From: lare Date: Fri, 21 Apr 2023 23:38:41 +0200 Subject: [PATCH 1/4] [node] use ipv4 or ipv6 if no ipv6 ll is specified --- nodes/main.py | 6 ++++-- nodes/templates/bgp-peer.template.conf | 6 +++--- nodes/templates/wireguard.template.conf | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/nodes/main.py b/nodes/main.py index 255b53f..841a247 100644 --- a/nodes/main.py +++ b/nodes/main.py @@ -239,8 +239,10 @@ class PeeringManager: for pNr in range(len(self.peerings[asn])): if self.peerings[asn][pNr]["node"] == node: old_peering = self.peerings[asn][pNr] - new_peering = self.peerings[asn][pNr] = {"MNT": MNT if MNT!=NotSpecified else old_peering["MNT"], "ASN": asn, "node": config["nodename"], "wg_key": wg_key, - "endpoint": endpoint if endpoint!=NotSpecified else old_peering["endpoint"], "ipv6ll": ipv6ll if ipv6ll != NotSpecified else old_peering["ipv6ll"], "ipv4": ipv4 if ipv4 != NotSpecified else old_peering["ipv4"], "ipv6": ipv6 if ipv6 != NotSpecified else old_peering["ipv6"], "bgp_mp": bgp_mp if bgp_mp != NotSpecified else old_peering["bgp_mp"], "bgp_enh": bgp_enh if bgp_enh != NotSpecified else old_peering["bgp_enh"]} + new_peering = self.peerings[asn][pNr] = {"MNT": MNT if MNT!=NotSpecified else old_peering["MNT"], "ASN": asn, "node": config["nodename"], + "wg_key": wg_key,"endpoint": endpoint if endpoint!=NotSpecified else old_peering["endpoint"], + "ipv6ll": ipv6ll if ipv6ll != NotSpecified else old_peering["ipv6ll"], "ipv4": ipv4 if ipv4 != NotSpecified else old_peering["ipv4"], "ipv6": ipv6 if ipv6 != NotSpecified else old_peering["ipv6"], + "bgp_mp": bgp_mp if bgp_mp != NotSpecified else old_peering["bgp_mp"], "bgp_enh": bgp_enh if bgp_enh != NotSpecified else old_peering["bgp_enh"]} success = True if not success: return False, 404 diff --git a/nodes/templates/bgp-peer.template.conf b/nodes/templates/bgp-peer.template.conf index eb0c77a..f4ae344 100644 --- a/nodes/templates/bgp-peer.template.conf +++ b/nodes/templates/bgp-peer.template.conf @@ -1,6 +1,6 @@ -{% if peering["bgp_mp"] %} +{% if peering["bgp_mp"] == True %} protocol bgp dn42_{{peering["MNT"][:-4].lower()}}_{{peering["ASN"][-4:]}} from dnpeers { - neighbor {{peering["ipv6ll"]}} as {{peering["ASN"]}}; + neighbor {{peering["ipv6ll"] or peering["ipv4"] or peering["ipv6"]}} as {{peering["ASN"]}}; interface {% if peering['ASN'].__len__() >=6 %}"dn42_{{peering['ASN'][-6:]}}"{% else %}"dn42_{{peering['asn']}}"{% endif %}; passive off; @@ -19,7 +19,7 @@ protocol bgp dn42_{{peering["MNT"][:-4].lower()}}_{{peering["ASN"][-4:]}} from d extended next hop {% if peering["bgp_enh"] %}on{%else%}off{%endif%}; }; }; -{%else%} +{%else if peering["bgp_mp"] == False %} protocol bgp dn42_{{peering["MNT"][:-4].lower()}}_{{peering['ASN'][-4:]}}_4 from dnpeers { neighbor {{peering["ipv4"]}} as {{peering["ASN"]}}; passive off; diff --git a/nodes/templates/wireguard.template.conf b/nodes/templates/wireguard.template.conf index fae0ed7..ee31072 100644 --- a/nodes/templates/wireguard.template.conf +++ b/nodes/templates/wireguard.template.conf @@ -2,7 +2,7 @@ PostUp = wg set %i private-key /etc/wireguard/dn42.priv ListenPort = 2{{peering["ASN"][-4:]}} {% if peering["ipv4"] %}PostUp = /sbin/ip addr add dev %i 172.22.125.130/32 peer {{peering["ipv4"]}}/32 -{%endif%}{% if peering["ipv6"] %}PostUp = /sbin/ip addr add dev %i fe63:5d40:47e5::130/128 peer {{peering["ipv6"]}}/128 +{%endif%}{% if peering["ipv6"] %}PostUp = /sbin/ip addr add dev %i fd63:5d40:47e5::130/128 peer {{peering["ipv6"]}}/128 {%endif%}{% if peering["ipv6ll"] %}PostUp = /sbin/ip addr add dev %i fe80::3035:130/128 peer {{peering["ipv6ll"]}}/128{%endif%} Table = off From 0a0bfaac669ad93e3396993551d1d8c4e1a51a97 Mon Sep 17 00:00:00 2001 From: lare Date: Sat, 22 Apr 2023 00:57:53 +0200 Subject: [PATCH 2/4] [web] allow owner (specified in config) to use debug login even if debug login isn't enabled --- web/backend/main.py | 18 +++++++++--------- web/frontend/login.html | 2 +- web/frontend/peerings.html | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/web/backend/main.py b/web/backend/main.py index e2f2bf9..2919824 100644 --- a/web/backend/main.py +++ b/web/backend/main.py @@ -265,7 +265,7 @@ def login(): session["return_url"] = request.args["return"] if "return" in request.args else "" return render_template("login.html", session=session, config=config, return_addr=session["return_url"]) - elif request.method == "POST" and config["debug-mode"]: + elif request.method == "POST" and (config["debug-mode"] or session["login"] == config["MNT"]): try: print(request.form) if request.form["theanswer"] != "42": @@ -293,10 +293,10 @@ def login(): allowed6 = None session["user-data"] = {'asn': asn, 'allowed4': allowed4, 'allowed6': allowed6, 'mnt': mnt, 'authtype': "debug"} - session["login"] = mnt + session["login"] = mnt if not "login" in session else session["login"] return redirect(session["return_url"]) except ValueError: - msg = "at least one of the values provided is wrong/invalid" + msg = "at least one of the values provided is wrong/invalid
" + str(e) return render_template("login.html", session=session, config=config, return_addr=session["return_url"], msg=msg) except KeyError: msg = "not all required field were specified" @@ -316,10 +316,10 @@ def peerings_delete(): elif request.method in ["POST", "DELETE"]: if not request.form["confirm"] == "on": return render_template("peerings-delete.html", session=session, config=config, request_args=request.args, msg="you have to confirm the deletion first") - if not peerings.exists(request.args["asn"], request.args["node"], mnt=session["login"]): + if not peerings.exists(request.args["asn"], request.args["node"], mnt=session["user-data"]["mnt"]): return render_template("peerings-delete.html", session=session, config=config, request_args=request.args, msg="the peering you requested to delete doesn't exist (anymore) or you are not authorized to delete it") print(str(request)) - if not peerings.delete_peering(request.args["asn"], request.args["node"], mnt=session["login"]): + if not peerings.delete_peering(request.args["asn"], request.args["node"], mnt=session["user-data"]["mnt"]): return render_template("peerings-delete.html", session=session, config=config, request_args=request.args, msg="deletion of the peering requested failed, maybe you are not authorized or that peering doesn't exist") session["msg"] = {"msg": "peer-del", "node": request.args["node"], "asn": request.args["asn"]} @@ -334,7 +334,7 @@ def peerings_edit(): if request.method == "GET": if not "node" in request.args or not request.args["node"]: return render_template("peerings-edit.html", session=session, config=config, peerings=peerings, msg="no peering selected, please click one of the buttons above") - mnt_peerings = peerings.get_peerings_by_mnt(session["login"]) + mnt_peerings = peerings.get_peerings_by_mnt(session["user-data"]["mnt"]) # print(mnt_peerings) if "node" in request.args and request.args["node"] in config["nodes"]: selected_peering = None @@ -357,7 +357,7 @@ def peerings_edit(): print(peering_valid) print(peering_or_msg) selected_peering = None - mnt_peerings = peerings.get_peerings_by_mnt(session["login"]) + mnt_peerings = peerings.get_peerings_by_mnt(session["user-data"]["mnt"]) for p in mnt_peerings: if p["node"] == request.args["node"] and p["ASN"] == request.args["asn"]: selected_peering = p @@ -365,7 +365,7 @@ def peerings_edit(): break if not peering_valid: return render_template("peerings-edit.html", session=session, config=config, peerings=peerings, msg=peering_or_msg, selected_peering=selected_peering), 400 - if not peerings.update_peering(session["user-data"]["asn"], request.args["node"], session["login"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]): + if not peerings.update_peering(session["user-data"]["asn"], request.args["node"], session["user-data"]["mnt"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]): return render_template("peerings-edit.html", session=session, config=config, peerings=peerings, msg="such a peering doesn't exist(yet)", selected_peering=selected_peering), 400 return redirect(f"{config['base-dir']}peerings") @@ -391,7 +391,7 @@ def peerings_new(): if not peering_valid: return render_template("peerings-new.html", session=session, config=config, peerings=peerings, msg=peering_or_msg), 400 - if not peerings.add_peering(session["user-data"]["asn"], request.args["node"], session["login"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]): + if not peerings.add_peering(session["user-data"]["asn"], request.args["node"], session["user-data"]["mnt"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]): return render_template("peerings-new.html", session=session, config=config, peerings=peerings, msg="this ASN already has a peering with the requested node"), 400 return redirect(f"{config['base-dir']}peerings") diff --git a/web/frontend/login.html b/web/frontend/login.html index d3addca..25c8302 100644 --- a/web/frontend/login.html +++ b/web/frontend/login.html @@ -21,7 +21,7 @@ -{% if config["debug-mode"] %} +{% if config["debug-mode"] or ("login" in session and session["login"] == config["MNT"])%}
- {% for peering in peerings.get_peerings_by_mnt(session["login"]) %} + {% for peering in peerings.get_peerings_by_mnt(session["user-data"]["mnt"]) %}
Node: {{peering["node"]}}
From cb03ba5556ea4992d2f20e95c4aee949efb515c2 Mon Sep 17 00:00:00 2001 From: lare Date: Sat, 22 Apr 2023 15:59:08 +0200 Subject: [PATCH 3/4] [node] use ipv4 or ipv6 if no ipv6 ll is specified --- nodes/main.py | 6 ++++-- nodes/templates/bgp-peer.template.conf | 6 +++--- nodes/templates/wireguard.template.conf | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/nodes/main.py b/nodes/main.py index 255b53f..841a247 100644 --- a/nodes/main.py +++ b/nodes/main.py @@ -239,8 +239,10 @@ class PeeringManager: for pNr in range(len(self.peerings[asn])): if self.peerings[asn][pNr]["node"] == node: old_peering = self.peerings[asn][pNr] - new_peering = self.peerings[asn][pNr] = {"MNT": MNT if MNT!=NotSpecified else old_peering["MNT"], "ASN": asn, "node": config["nodename"], "wg_key": wg_key, - "endpoint": endpoint if endpoint!=NotSpecified else old_peering["endpoint"], "ipv6ll": ipv6ll if ipv6ll != NotSpecified else old_peering["ipv6ll"], "ipv4": ipv4 if ipv4 != NotSpecified else old_peering["ipv4"], "ipv6": ipv6 if ipv6 != NotSpecified else old_peering["ipv6"], "bgp_mp": bgp_mp if bgp_mp != NotSpecified else old_peering["bgp_mp"], "bgp_enh": bgp_enh if bgp_enh != NotSpecified else old_peering["bgp_enh"]} + new_peering = self.peerings[asn][pNr] = {"MNT": MNT if MNT!=NotSpecified else old_peering["MNT"], "ASN": asn, "node": config["nodename"], + "wg_key": wg_key,"endpoint": endpoint if endpoint!=NotSpecified else old_peering["endpoint"], + "ipv6ll": ipv6ll if ipv6ll != NotSpecified else old_peering["ipv6ll"], "ipv4": ipv4 if ipv4 != NotSpecified else old_peering["ipv4"], "ipv6": ipv6 if ipv6 != NotSpecified else old_peering["ipv6"], + "bgp_mp": bgp_mp if bgp_mp != NotSpecified else old_peering["bgp_mp"], "bgp_enh": bgp_enh if bgp_enh != NotSpecified else old_peering["bgp_enh"]} success = True if not success: return False, 404 diff --git a/nodes/templates/bgp-peer.template.conf b/nodes/templates/bgp-peer.template.conf index eb0c77a..f8c6df4 100644 --- a/nodes/templates/bgp-peer.template.conf +++ b/nodes/templates/bgp-peer.template.conf @@ -1,6 +1,6 @@ -{% if peering["bgp_mp"] %} +{% if peering["bgp_mp"] == True %} protocol bgp dn42_{{peering["MNT"][:-4].lower()}}_{{peering["ASN"][-4:]}} from dnpeers { - neighbor {{peering["ipv6ll"]}} as {{peering["ASN"]}}; + neighbor {{peering["ipv6ll"] or peering["ipv4"] or peering["ipv6"]}} as {{peering["ASN"]}}; interface {% if peering['ASN'].__len__() >=6 %}"dn42_{{peering['ASN'][-6:]}}"{% else %}"dn42_{{peering['asn']}}"{% endif %}; passive off; @@ -19,7 +19,7 @@ protocol bgp dn42_{{peering["MNT"][:-4].lower()}}_{{peering["ASN"][-4:]}} from d extended next hop {% if peering["bgp_enh"] %}on{%else%}off{%endif%}; }; }; -{%else%} +{% elif peering["bgp_mp"] == False %} protocol bgp dn42_{{peering["MNT"][:-4].lower()}}_{{peering['ASN'][-4:]}}_4 from dnpeers { neighbor {{peering["ipv4"]}} as {{peering["ASN"]}}; passive off; diff --git a/nodes/templates/wireguard.template.conf b/nodes/templates/wireguard.template.conf index fae0ed7..ee31072 100644 --- a/nodes/templates/wireguard.template.conf +++ b/nodes/templates/wireguard.template.conf @@ -2,7 +2,7 @@ PostUp = wg set %i private-key /etc/wireguard/dn42.priv ListenPort = 2{{peering["ASN"][-4:]}} {% if peering["ipv4"] %}PostUp = /sbin/ip addr add dev %i 172.22.125.130/32 peer {{peering["ipv4"]}}/32 -{%endif%}{% if peering["ipv6"] %}PostUp = /sbin/ip addr add dev %i fe63:5d40:47e5::130/128 peer {{peering["ipv6"]}}/128 +{%endif%}{% if peering["ipv6"] %}PostUp = /sbin/ip addr add dev %i fd63:5d40:47e5::130/128 peer {{peering["ipv6"]}}/128 {%endif%}{% if peering["ipv6ll"] %}PostUp = /sbin/ip addr add dev %i fe80::3035:130/128 peer {{peering["ipv6ll"]}}/128{%endif%} Table = off From 707040de59991e0e5bc164400ad71374cd6d6c5a Mon Sep 17 00:00:00 2001 From: lare Date: Sat, 22 Apr 2023 00:57:53 +0200 Subject: [PATCH 4/4] [web] allow owner (specified in config) to use debug login even if debug login isn't enabled --- web/backend/main.py | 18 +++++++++--------- web/frontend/login.html | 2 +- web/frontend/peerings.html | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/web/backend/main.py b/web/backend/main.py index e2f2bf9..2919824 100644 --- a/web/backend/main.py +++ b/web/backend/main.py @@ -265,7 +265,7 @@ def login(): session["return_url"] = request.args["return"] if "return" in request.args else "" return render_template("login.html", session=session, config=config, return_addr=session["return_url"]) - elif request.method == "POST" and config["debug-mode"]: + elif request.method == "POST" and (config["debug-mode"] or session["login"] == config["MNT"]): try: print(request.form) if request.form["theanswer"] != "42": @@ -293,10 +293,10 @@ def login(): allowed6 = None session["user-data"] = {'asn': asn, 'allowed4': allowed4, 'allowed6': allowed6, 'mnt': mnt, 'authtype': "debug"} - session["login"] = mnt + session["login"] = mnt if not "login" in session else session["login"] return redirect(session["return_url"]) except ValueError: - msg = "at least one of the values provided is wrong/invalid" + msg = "at least one of the values provided is wrong/invalid
" + str(e) return render_template("login.html", session=session, config=config, return_addr=session["return_url"], msg=msg) except KeyError: msg = "not all required field were specified" @@ -316,10 +316,10 @@ def peerings_delete(): elif request.method in ["POST", "DELETE"]: if not request.form["confirm"] == "on": return render_template("peerings-delete.html", session=session, config=config, request_args=request.args, msg="you have to confirm the deletion first") - if not peerings.exists(request.args["asn"], request.args["node"], mnt=session["login"]): + if not peerings.exists(request.args["asn"], request.args["node"], mnt=session["user-data"]["mnt"]): return render_template("peerings-delete.html", session=session, config=config, request_args=request.args, msg="the peering you requested to delete doesn't exist (anymore) or you are not authorized to delete it") print(str(request)) - if not peerings.delete_peering(request.args["asn"], request.args["node"], mnt=session["login"]): + if not peerings.delete_peering(request.args["asn"], request.args["node"], mnt=session["user-data"]["mnt"]): return render_template("peerings-delete.html", session=session, config=config, request_args=request.args, msg="deletion of the peering requested failed, maybe you are not authorized or that peering doesn't exist") session["msg"] = {"msg": "peer-del", "node": request.args["node"], "asn": request.args["asn"]} @@ -334,7 +334,7 @@ def peerings_edit(): if request.method == "GET": if not "node" in request.args or not request.args["node"]: return render_template("peerings-edit.html", session=session, config=config, peerings=peerings, msg="no peering selected, please click one of the buttons above") - mnt_peerings = peerings.get_peerings_by_mnt(session["login"]) + mnt_peerings = peerings.get_peerings_by_mnt(session["user-data"]["mnt"]) # print(mnt_peerings) if "node" in request.args and request.args["node"] in config["nodes"]: selected_peering = None @@ -357,7 +357,7 @@ def peerings_edit(): print(peering_valid) print(peering_or_msg) selected_peering = None - mnt_peerings = peerings.get_peerings_by_mnt(session["login"]) + mnt_peerings = peerings.get_peerings_by_mnt(session["user-data"]["mnt"]) for p in mnt_peerings: if p["node"] == request.args["node"] and p["ASN"] == request.args["asn"]: selected_peering = p @@ -365,7 +365,7 @@ def peerings_edit(): break if not peering_valid: return render_template("peerings-edit.html", session=session, config=config, peerings=peerings, msg=peering_or_msg, selected_peering=selected_peering), 400 - if not peerings.update_peering(session["user-data"]["asn"], request.args["node"], session["login"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]): + if not peerings.update_peering(session["user-data"]["asn"], request.args["node"], session["user-data"]["mnt"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]): return render_template("peerings-edit.html", session=session, config=config, peerings=peerings, msg="such a peering doesn't exist(yet)", selected_peering=selected_peering), 400 return redirect(f"{config['base-dir']}peerings") @@ -391,7 +391,7 @@ def peerings_new(): if not peering_valid: return render_template("peerings-new.html", session=session, config=config, peerings=peerings, msg=peering_or_msg), 400 - if not peerings.add_peering(session["user-data"]["asn"], request.args["node"], session["login"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]): + if not peerings.add_peering(session["user-data"]["asn"], request.args["node"], session["user-data"]["mnt"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]): return render_template("peerings-new.html", session=session, config=config, peerings=peerings, msg="this ASN already has a peering with the requested node"), 400 return redirect(f"{config['base-dir']}peerings") diff --git a/web/frontend/login.html b/web/frontend/login.html index d3addca..25c8302 100644 --- a/web/frontend/login.html +++ b/web/frontend/login.html @@ -21,7 +21,7 @@ -{% if config["debug-mode"] %} +{% if config["debug-mode"] or ("login" in session and session["login"] == config["MNT"])%}
- {% for peering in peerings.get_peerings_by_mnt(session["login"]) %} + {% for peering in peerings.get_peerings_by_mnt(session["user-data"]["mnt"]) %}
Node: {{peering["node"]}}