[tor-commits] [oonib/master] Implement policy aware bouncing support in the backend

art at torproject.org art at torproject.org
Thu Aug 28 23:35:31 UTC 2014


commit cd5992e9bc2877b1105a1584a168136de83148b3
Author: kudrom <kudrom at riseup.net>
Date:   Mon Aug 25 17:19:38 2014 +0200

    Implement policy aware bouncing support in the backend
---
 data/bouncer.yaml         |   17 +++++++-
 oonib/bouncer/handlers.py |  102 +++++++++++++++++++++++++++++++++++----------
 oonib/errors.py           |   10 +++++
 oonib/handlers.py         |    3 +-
 4 files changed, 108 insertions(+), 24 deletions(-)

diff --git a/data/bouncer.yaml b/data/bouncer.yaml
index 9ab2dc0..acf2a9a 100644
--- a/data/bouncer.yaml
+++ b/data/bouncer.yaml
@@ -1,3 +1,18 @@
 collector:
   httpo://ihiderha53f36lsd.onion:
-      test-helper: {dns: '93.95.227.200:57004', http-return-json-headers: 'http://93.95.227.200', ssl: 'https://93.95.227.20', tcp-echo: '213.138.109.232', traceroute: '93.95.227.200'}
+    policy:
+      input:
+      - {id: 37e60e13536f6afe47a830bfb6b371b5cf65da66d7ad65137344679b24fdccd1}
+      - {id: e0611ecd28bead38a7afeb4dda8ae3449d0fc2e1ba53fa7355f2799dce9af290}
+      nettest:
+      - {name: dns_consistency, version: '0.5'}
+      - {name: http_requests_test, version: 0.2.3}
+      - {name: tcp_connect, version: '0.1'}
+      - {name: captivep, version: '0.2'}
+      - {name: daphn3, version: '0.1'}
+      - {name: dns_spoof, version: '0.2'}
+      - {name: http_header_field_manipulation, version: 0.1.3}
+      - {name: http_invalid_request_line, version: 0.1.4}
+      - {name: multiprotocol_traceroute_test, version: 0.1.1}
+    test-helper: {dns: '93.95.227.200:57004', http-return-json-headers: 'http://93.95.227.200',
+      ssl: 'https://93.95.227.20', tcp-echo: 213.138.109.232, traceroute: 93.95.227.200}
diff --git a/oonib/bouncer/handlers.py b/oonib/bouncer/handlers.py
index 81d13f3..c49338e 100644
--- a/oonib/bouncer/handlers.py
+++ b/oonib/bouncer/handlers.py
@@ -7,24 +7,30 @@ from oonib.config import config
 
 
 class Bouncer(object):
-    def __init__(self):
-        with open(config.main.bouncer_file) as f:
-            bouncerFile = yaml.safe_load(f)
-        self.updateKnownHelpers(bouncerFile)
-        self.updateKnownCollectors(bouncerFile)
 
-    def updateKnownCollectors(self, bouncerFile):
+    def __init__(self, bouncer_file):
+        with open(bouncer_file) as f:
+            self.bouncerFile = yaml.safe_load(f)
+        self.updateKnownHelpers()
+        self.updateKnownCollectors()
+
+    def updateKnownCollectors(self):
         """
         Initialize the list of all known collectors
         """
-        self.knownCollectors = []
-        for collectorName, helpers in bouncerFile['collector'].items():
-            if collectorName not in self.knownCollectors:
-                self.knownCollectors.append(collectorName)
-
-    def updateKnownHelpers(self, bouncerFile):
+        self.knownCollectorsWithPolicy = []
+        self.knownCollectorsWithoutPolicy = []
+        for collectorName, content in self.bouncerFile['collector'].items():
+            if content.get('policy') is not None and \
+                    collectorName not in self.knownCollectorsWithPolicy:
+                self.knownCollectorsWithPolicy.append(collectorName)
+            elif content.get('policy') is None and \
+                    collectorName not in self.knownCollectorsWithoutPolicy:
+                self.knownCollectorsWithoutPolicy.append(collectorName)
+
+    def updateKnownHelpers(self):
         self.knownHelpers = {}
-        for collectorName, helpers in bouncerFile['collector'].items():
+        for collectorName, helpers in self.bouncerFile['collector'].items():
             for helperName, helperAddress in helpers['test-helper'].items():
                 if helperName not in self.knownHelpers.keys():
                     self.knownHelpers[helperName] = []
@@ -106,14 +112,63 @@ class Bouncer(object):
                 response = {'error': 'test-helper-not-found'}
                 return response
 
-        response['default'] = {'collector':
-                               random.choice(self.knownCollectors)}
+        if len(self.knownCollectorsWithoutPolicy) > 0:
+            default_collector = random.choice(
+                self.knownCollectorsWithoutPolicy)
+        else:
+            default_collector = None
+        response['default'] = {'collector': default_collector}
         return response
 
+    def collectorAccepting(self, net_test_name, input_hashes, test_helpers):
+        for collector_address in self.knownCollectorsWithPolicy:
+            collector = self.bouncerFile['collector'][collector_address]
+            supported_net_tests = [x['name'] for x in collector['policy']['nettest']]
+            supported_input_hashes = [x['id'] for x in collector['policy']['input']]
+            if net_test_name not in supported_net_tests:
+                continue
+            if any([input_hash not in supported_input_hashes for input_hash in input_hashes]):
+                continue
+            if all([x in collector['test-helper'].keys() for x in test_helpers]):
+                return collector_address
+        if len(self.knownCollectorsWithoutPolicy) > 0:
+            return random.choice(self.knownCollectorsWithoutPolicy)
+        else:
+            raise e.CollectorNotFound
+
+    def filterByNetTests(self, requested_nettests):
+        """
+        Here we will return a list containing test helpers and collectors for
+        the required nettests.
+        We give favour to the collectors that have a stricter policy and if
+        those fail we will resort to using the collectors with a more lax
+        policy.
+        """
+        nettests = []
+        for requested_nettest in requested_nettests:
+            collector = self.collectorAccepting(
+                requested_nettest['name'],
+                requested_nettest['input-hashes'],
+                requested_nettest['test-helpers'])
+            test_helpers = {}
+            for test_helper in requested_nettest['test-helpers']:
+                test_helpers[test_helper] = self.bouncerFile['collector'][collector]['test-helper'][test_helper]
+
+            nettest = {
+                'name': requested_nettest['name'],
+                'version': requested_nettest['version'],
+                'input-hashes': requested_nettest['input-hashes'],
+                'test-helpers': test_helpers,
+                'collector': collector,
+            }
+            nettests.append(nettest)
+        return {'net-tests': nettests}
+
 
 class BouncerQueryHandler(OONIBHandler):
+
     def initialize(self):
-        self.bouncer = Bouncer()
+        self.bouncer = Bouncer(config.main.bouncer_file)
 
     def post(self):
         try:
@@ -121,13 +176,16 @@ class BouncerQueryHandler(OONIBHandler):
         except ValueError:
             raise e.InvalidRequest
 
-        try:
+        if 'test-helpers' in query:
             requested_helpers = query['test-helpers']
-        except KeyError:
-            raise e.TestHelpersKeyMissing
+            if not isinstance(requested_helpers, list):
+                raise e.InvalidRequest
+            response = self.bouncer.filterHelperAddresses(requested_helpers)
 
-        if not isinstance(requested_helpers, list):
-            raise e.InvalidRequest
+        elif 'net-tests' in query:
+            response = self.bouncer.filterByNetTests(query['net-tests'])
+
+        else:
+            raise e.TestHelpersOrNetTestsKeyMissing
 
-        response = self.bouncer.filterHelperAddresses(requested_helpers)
         self.write(response)
diff --git a/oonib/errors.py b/oonib/errors.py
index 3f1167a..e20d471 100644
--- a/oonib/errors.py
+++ b/oonib/errors.py
@@ -83,6 +83,11 @@ class ReportNotFound(OONIBError):
     log_message = "report-not-found"
 
 
+class CollectorNotFound(OONIBError):
+    status_code = 404
+    log_message = "collector-not-found"
+
+
 class NoValidCollector(OONIBError):
     pass
 
@@ -92,6 +97,11 @@ class TestHelpersKeyMissing(OONIBError):
     log_message = "test-helpers-key-missing"
 
 
+class TestHelpersOrNetTestsKeyMissing(OONIBError):
+    status_code = 400
+    log_message = "test-helpers-or-net-test-key-missing"
+
+
 class TestHelperNotFound(OONIBError):
     status_code = 404
     log_message = "test-helper-not-found"
diff --git a/oonib/handlers.py b/oonib/handlers.py
index bbf8ade..1417cc5 100644
--- a/oonib/handlers.py
+++ b/oonib/handlers.py
@@ -7,6 +7,7 @@ from oonib import log
 
 
 class OONIBHandler(web.RequestHandler):
+
     def write_error(self, status_code, exception=None, **kw):
         self.set_status(status_code)
         if hasattr(exception, 'log_message') and exception.log_message is not None:
@@ -14,7 +15,7 @@ class OONIBHandler(web.RequestHandler):
         elif 400 <= status_code < 600:
             self.write({'error': status_code})
         else:
-            log.error(exception)
+            log.exception(exception)
             self.write({'error': 'error'})
 
     def write(self, chunk):





More information about the tor-commits mailing list