Gitiles
Code Review Sign In
gerrit.named-data.net / mini-ndn / f5f304b9cd269a9ea62343460704e9ecf1e6c2d4 / . / ndn / nlsr.py
blob: 3a4b522568fb010b36b5306973ca84b4c5042714 [file] [log] [blame]
Vince Lehmanb8b18062015-07-14 13:07:22 -0500[diff] [blame]1# -*- Mode:python; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2#
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]3# Copyright (C) 2015-2017, The University of Memphis,
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]4# Arizona Board of Regents,
5# Regents of the University of California.
Vince Lehmanb8b18062015-07-14 13:07:22 -0500[diff] [blame]6#
7# This file is part of Mini-NDN.
8# See AUTHORS.md for a complete list of Mini-NDN authors and contributors.
9#
10# Mini-NDN is free software: you can redistribute it and/or modify
11# it under the terms of the GNU General Public License as published by
12# the Free Software Foundation, either version 3 of the License, or
13# (at your option) any later version.
14#
15# Mini-NDN is distributed in the hope that it will be useful,
16# but WITHOUT ANY WARRANTY; without even the implied warranty of
17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18# GNU General Public License for more details.
19#
20# You should have received a copy of the GNU General Public License
21# along with Mini-NDN, e.g., in COPYING.md file.
22# If not, see <http://www.gnu.org/licenses/>.
23
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]24from mininet.clean import sh
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]25from mininet.examples.cluster import RemoteMixin
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]26
Ashlesh Gawande792c6aa2015-07-10 12:18:36 -0500[diff] [blame]27from ndn.ndn_application import NdnApplication
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]28from ndn.util import ssh, scp
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]29
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]30import shutil
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]31import os
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]32import textwrap
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]33from subprocess import call
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]34
Ashlesh Gawande792c6aa2015-07-10 12:18:36 -0500[diff] [blame]35class Nlsr(NdnApplication):
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]36 def __init__(self, node):
Ashlesh Gawande792c6aa2015-07-10 12:18:36 -0500[diff] [blame]37 NdnApplication.__init__(self, node)
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]38 self.routerName = "/%sC1.Router/cs/%s" % ('%', node.name)
Ashlesh Gawande1b663692015-10-14 16:38:10 -0500[diff] [blame]39 self.confFile = "%s/nlsr.conf" % node.homeFolder
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]40
41 # Make directory for log file
Ashlesh Gawande1b663692015-10-14 16:38:10 -0500[diff] [blame]42 self.logDir = "%s/log" % node.homeFolder
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]43 node.cmd("mkdir %s" % self.logDir)
44
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]45 def start(self):
Ashlesh Gawandee144ceb2016-11-14 13:56:24 -0600[diff] [blame]46 # Removed & at the end, was giving key not found error
47 # This way NLSR is daemonized fully before continuing
Ashlesh Gawande5518f712016-11-28 13:06:38 -0600[diff] [blame]48 NdnApplication.start(self, "nlsr -d -f {}".format(self.confFile))
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]49
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]50 @staticmethod
51 def createKey(host, name, outputFile):
52 host.cmd("ndnsec-keygen {} > {}".format(name, outputFile))
53
54 @staticmethod
55 def createCertificate(host, name, prefix, keyFile, outputFile, signer=None):
56 if signer is None:
57 host.cmd("ndnsec-certgen -N {} -p {} {} > {}".format(name, prefix, keyFile, outputFile))
58 else:
59 host.cmd("ndnsec-certgen -N {} -p {} -s {} {} > {}".format(name, prefix, signer, keyFile, outputFile))
60
61 @staticmethod
62 def createKeysAndCertificates(net, workDir):
63 securityDir = "{}/security".format(workDir)
64
65 if not os.path.exists(securityDir):
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]66 os.mkdir(securityDir)
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]67
68 # Create root certificate
69 rootName = "/ndn"
70 sh("ndnsec-keygen {} > {}/root.keys".format(rootName, securityDir))
71 sh("ndnsec-certgen -N {} -p {} {}/root.keys > {}/root.cert".format(rootName, rootName, securityDir, securityDir))
72
73 # Create necessary certificates for each site
74 for host in net.hosts:
75 nodeSecurityFolder = "{}/security".format(host.homeFolder)
76
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]77 host.cmd("mkdir -p %s" % nodeSecurityFolder)
78
79 # Create temp folders for remote nodes on this machine (localhost) to store site.key file
80 # from RemoteNodes
81 if not os.path.exists(nodeSecurityFolder) and isinstance(host, RemoteMixin) and host.isRemote:
82 os.makedirs(nodeSecurityFolder)
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]83
84 shutil.copyfile("{}/root.cert".format(securityDir), "{}/root.cert".format(nodeSecurityFolder))
85
86 # Create site certificate
Ashlesh Gawandee144ceb2016-11-14 13:56:24 -0600[diff] [blame]87 siteName = "ndn/{}-site".format(host.name)
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]88 siteKeyFile = "{}/site.keys".format(nodeSecurityFolder)
89 siteCertFile = "{}/site.cert".format(nodeSecurityFolder)
90 Nlsr.createKey(host, siteName, siteKeyFile)
91
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]92 # Copy siteKeyFile from remote for ndnsec-certgen
93 if isinstance(host, RemoteMixin) and host.isRemote:
94 login = "mininet@{}".format(host.server)
95 src = "{}:{}".format(login, siteKeyFile)
96 dst = siteKeyFile
97 scp(src, dst)
98
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]99 # Root key is in root namespace, must sign site key and then install on host
100 sh("ndnsec-certgen -N {} -s {} -p {} {} > {}".format(siteName, rootName, siteName, siteKeyFile, siteCertFile))
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]101
102 # Copy root.cert and site.cert from localhost to remote host
103 if isinstance(host, RemoteMixin) and host.isRemote:
104 login = "mininet@{}".format(host.server)
105 src = "{}/site.cert".format(nodeSecurityFolder)
106 src2 = "{}/root.cert".format(nodeSecurityFolder)
107 dst = "{}:/tmp/".format(login)
108 scp(src, src2, dst)
109 host.cmd("mv /tmp/*.cert {}".format(nodeSecurityFolder))
110
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]111 host.cmd("ndnsec-cert-install -f {}".format(siteCertFile))
112
113 # Create operator certificate
114 opName = "{}/%C1.Operator/op".format(siteName)
115 opKeyFile = "{}/op.keys".format(nodeSecurityFolder)
116 opCertFile = "{}/op.cert".format(nodeSecurityFolder)
117 Nlsr.createKey(host, opName, opKeyFile)
118 Nlsr.createCertificate(host, opName, opName, opKeyFile, opCertFile, signer=siteName)
119
120 # Create router certificate
121 routerName = "{}/%C1.Router/cs/{}".format(siteName, host.name)
122 routerKeyFile = "{}/router.keys".format(nodeSecurityFolder)
123 routerCertFile = "{}/router.cert".format(nodeSecurityFolder)
124 Nlsr.createKey(host, routerName, routerKeyFile)
125 Nlsr.createCertificate(host, routerName, routerName, routerKeyFile, routerCertFile, signer=opName)
126
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]127class NlsrConfigGenerator:
128
129 ROUTING_LINK_STATE = "ls"
130 ROUTING_HYPERBOLIC = "hr"
131
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]132 def __init__(self, node, isSecurityEnabled):
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]133 self.node = node
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]134 self.isSecurityEnabled = isSecurityEnabled
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]135
136 parameters = node.nlsrParameters
137
138 self.nFaces = parameters.get("max-faces-per-prefix", 3)
139 self.hyperbolicState = parameters.get("hyperbolic-state", "off")
140 self.hyperRadius = parameters.get("radius", 0.0)
141 self.hyperAngle = parameters.get("angle", 0.0)
Ashlesh Gawandec3ed2b92015-07-01 12:58:08 -0500[diff] [blame]142 self.logLevel = parameters.get("nlsr-log-level", "DEBUG")
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]143
144 def createConfigFile(self):
145
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]146 tmp_conf = "/tmp/nlsr.conf"
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]147
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]148 configFile = open(tmp_conf, 'w')
149 configFile.write(self.__getConfig())
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]150 configFile.close()
151
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]152 # If this node is a remote node scp the nlsr.conf file to its /tmp/nlsr.conf
153 if isinstance(self.node, RemoteMixin) and self.node.isRemote:
154 login = "mininet@%s" % self.node.server
155 src = tmp_conf
156 dst = "%s:%s" % (login, tmp_conf)
157 scp(src, dst)
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]158
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]159 # Copy nlsr.conf to home folder
160 self.node.cmd("mv %s nlsr.conf" % tmp_conf)
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]161
162 def __getConfig(self):
163
Ashlesh Gawandef5f304b2016-06-16 16:42:41 -0500[diff] [blame^]164 config = self.__getGeneralSection() + "\n"
165 config += self.__getNeighborsSection() + "\n"
166 config += self.__getHyperbolicSection() + "\n"
167 config += self.__getFibSection() + "\n"
168 config += self.__getAdvertisingSection() + "\n"
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]169 config += self.__getSecuritySection()
170
171 return config
172
173 def __getGeneralSection(self):
174
175 general = "general\n"
176 general += "{\n"
177 general += " network /ndn/\n"
Ashlesh Gawandee144ceb2016-11-14 13:56:24 -0600[diff] [blame]178 general += " site /{}-site\n".format(self.node.name)
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]179 general += " router /%C1.Router/cs/" + self.node.name + "\n"
Ashlesh Gawandec3ed2b92015-07-01 12:58:08 -0500[diff] [blame]180 general += " log-level " + self.logLevel + "\n"
Ashlesh Gawande1b663692015-10-14 16:38:10 -0500[diff] [blame]181 general += " log-dir " + self.node.homeFolder + "/log\n"
182 general += " seq-dir " + self.node.homeFolder + "/log\n"
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]183 general += "}\n"
184
185 return general
186
187 def __getNeighborsSection(self):
188
189 neighbors = "neighbors\n"
190 neighbors += "{\n"
191
192 for intf in self.node.intfList():
193 link = intf.link
194 if link:
195 node1, node2 = link.intf1.node, link.intf2.node
196
197 if node1 == self.node:
198 other = node2
199 ip = other.IP(str(link.intf2))
200 else:
201 other = node1
202 ip = other.IP(str(link.intf1))
203
ashu7b6ba182015-04-17 15:02:37 -0500[diff] [blame]204 linkCost = intf.params.get("delay", "10ms").replace("ms", "")
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]205
206 neighbors += "neighbor\n"
207 neighbors += "{\n"
Ashlesh Gawandee144ceb2016-11-14 13:56:24 -0600[diff] [blame]208 neighbors += " name /ndn/" + other.name + "-site/%C1.Router/cs/" + other.name + "\n"
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]209 neighbors += " face-uri udp://" + str(ip) + "\n"
210 neighbors += " link-cost " + linkCost + "\n"
211 neighbors += "}\n"
212
213 neighbors += "}\n"
214
215 return neighbors
216
217 def __getHyperbolicSection(self):
218
219 hyper = "hyperbolic\n"
220 hyper += "{\n"
221 hyper += "state %s\n" % self.hyperbolicState
222 hyper += "radius " + str(self.hyperRadius) + "\n"
223 hyper += "angle " + str(self.hyperAngle) + "\n"
224 hyper += "}\n"
225
226 return hyper
227
228 def __getFibSection(self):
229
230 fib = "fib\n"
231 fib += "{\n"
232 fib += " max-faces-per-prefix " + str(self.nFaces) + "\n"
233 fib += "}\n"
234
235 return fib
236
237 def __getAdvertisingSection(self):
238
239 advertising = "advertising\n"
240 advertising += "{\n"
Ashlesh Gawandee144ceb2016-11-14 13:56:24 -0600[diff] [blame]241 advertising += " prefix /ndn/" + self.node.name + "-site/" + self.node.name + "\n"
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]242 advertising += "}\n"
243
244 return advertising
245
246 def __getSecuritySection(self):
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]247 if self.isSecurityEnabled is False:
248 security = textwrap.dedent("""\
249 security
250 {
251 validator
252 {
253 trust-anchor
254 {
255 type any
256 }
257 }
258 prefix-update-validator
259 {
260 trust-anchor
261 {
262 type any
263 }
264 }
265 }""")
266 else:
267 security = textwrap.dedent("""\
268 security
269 {
270 validator
271 {
272 rule
273 {
274 id "NSLR Hello Rule"
275 for data
276 filter
277 {
278 type name
279 regex ^[^<NLSR><INFO>]*<NLSR><INFO><><>$
280 }
281 checker
282 {
283 type customized
284 sig-type rsa-sha256
285 key-locator
286 {
287 type name
288 hyper-relation
289 {
290 k-regex ^([^<KEY><NLSR>]*)<NLSR><KEY><ksk-.*><ID-CERT>$
291 k-expand \\\\1
292 h-relation equal
293 p-regex ^([^<NLSR><INFO>]*)<NLSR><INFO><><>$
294 p-expand \\\\1
295 }
296 }
297 }
298 }
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]299
Vince Lehman5d5a5662015-12-02 12:33:12 -0600[diff] [blame]300 rule
301 {
302 id "NSLR LSA Rule"
303 for data
304 filter
305 {
306 type name
307 regex ^[^<NLSR><LSA>]*<NLSR><LSA>
308 }
309 checker
310 {
311 type customized
312 sig-type rsa-sha256
313 key-locator
314 {
315 type name
316 hyper-relation
317 {
318 k-regex ^([^<KEY><NLSR>]*)<NLSR><KEY><ksk-.*><ID-CERT>$
319 k-expand \\\\1
320 h-relation equal
321 p-regex ^([^<NLSR><LSA>]*)<NLSR><LSA>(<>*)<><><><>$
322 p-expand \\\\1\\\\2
323 }
324 }
325 }
326 }
327
328 rule
329 {
330 id "NSLR Hierarchy Exception Rule"
331 for data
332 filter
333 {
334 type name
335 regex ^[^<KEY><%C1.Router>]*<%C1.Router>[^<KEY><NLSR>]*<KEY><ksk-.*><ID-CERT><>$
336 }
337 checker
338 {
339 type customized
340 sig-type rsa-sha256
341 key-locator
342 {
343 type name
344 hyper-relation
345 {
346 k-regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><ksk-.*><ID-CERT>$
347 k-expand \\\\1
348 h-relation equal
349 p-regex ^([^<KEY><%C1.Router>]*)<%C1.Router>[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
350 p-expand \\\\1
351 }
352 }
353 }
354 }
355
356 rule
357 {
358 id "NSLR Hierarchical Rule"
359 for data
360 filter
361 {
362 type name
363 regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
364 }
365 checker
366 {
367 type hierarchical
368 sig-type rsa-sha256
369 }
370 }
371
372 trust-anchor
373 {
374 type file
375 file-name "security/root.cert"
376 }
377 }
378
379 prefix-update-validator
380 {
381 rule
382 {
383 id "NLSR ControlCommand Rule"
384 for interest
385 filter
386 {
387 type name
388 regex ^<localhost><nlsr><prefix-update>[<advertise><withdraw>]<>$
389 }
390 checker
391 {
392 type customized
393 sig-type rsa-sha256
394 key-locator
395 {
396 type name
397 regex ^([^<KEY><%C1.Operator>]*)<%C1.Operator>[^<KEY>]*<KEY><ksk-.*><ID-CERT>$
398 }
399 }
400 }
401
402 rule
403 {
404 id "NLSR Hierarchy Rule"
405 for data
406 filter
407 {
408 type name
409 regex ^[^<KEY>]*<KEY><ksk-.*><ID-CERT><>$
410 }
411 checker
412 {
413 type hierarchical
414 sig-type rsa-sha256
415 }
416 }
417
418 trust-anchor
419 {
420 type file
421 file-name "security/site.cert"
422 }
423 }
424 ; cert-to-publish "security/root.cert" ; optional, a file containing the root certificate
425 ; Only the router that is designated to publish the root cert
426 ; needs to specify this
427
428 cert-to-publish "security/site.cert" ; optional, a file containing the site certificate
429 ; Only the router that is designated to publish the site cert
430 ; needs to specify this
431
432 cert-to-publish "security/op.cert" ; optional, a file containing the operator certificate
433 ; Only the router that is designated to publish the operator
434 ; cert needs to specify this
435
436 cert-to-publish "security/router.cert" ; required, a file containing the router certificate.
437 }""")
ashuef3490b2015-02-17 11:01:04 -0600[diff] [blame]438
439 return security