Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for experimental reg overrides #281

37 changes: 21 additions & 16 deletions cmd/registration-server/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,20 +33,25 @@ type regServer interface {

// config defines the variables and options from the toml config file
type config struct {
DNSListenAddr string `toml:"dns_listen_addr"`
Domain string `toml:"domain"`
DNSPrivkeyPath string `toml:"dns_private_key_path"`
APIPort uint16 `toml:"api_port"`
ZMQAuthVerbose bool `toml:"zmq_auth_verbose"`
ZMQAuthType string `toml:"zmq_auth_type"`
ZMQPort uint16 `toml:"zmq_port"`
ZMQBindAddr string `toml:"zmq_bind_addr"`
ZMQPrivateKeyPath string `toml:"zmq_privkey_path"`
StationPublicKeys []string `toml:"station_pubkeys"`
ClientConfPath string `toml:"clientconf_path"`
latestClientConf *pb.ClientConf
LogLevel string `toml:"log_level"`
LogMetricsInterval uint16 `toml:"log_metrics_interval"`
DNSListenAddr string `toml:"dns_listen_addr"`
Domain string `toml:"domain"`
DNSPrivkeyPath string `toml:"dns_private_key_path"`
APIPort uint16 `toml:"api_port"`
ZMQAuthVerbose bool `toml:"zmq_auth_verbose"`
ZMQAuthType string `toml:"zmq_auth_type"`
ZMQPort uint16 `toml:"zmq_port"`
ZMQBindAddr string `toml:"zmq_bind_addr"`
ZMQPrivateKeyPath string `toml:"zmq_privkey_path"`
StationPublicKeys []string `toml:"station_pubkeys"`
ClientConfPath string `toml:"clientconf_path"`
latestClientConf *pb.ClientConf
LogLevel string `toml:"log_level"`
LogMetricsInterval uint16 `toml:"log_metrics_interval"`
EnforceSubnetOverrides bool `toml:"enforce_subnet_overrides"`
PrcntMinRegsToOverride float64 `toml:"prcnt_min_regs_to_override"`
PrcntPrefixRegsToOverride float64 `toml:"prcnt_prefix_regs_to_override"`
OverrideSubnets []regprocessor.Subnet `toml:"override_subnet"`
ExclusionsFromOverride []regprocessor.Subnet `toml:"excluded_subnet_from_overrides"`
}

var defaultTransports = map[pb.TransportType]lib.Transport{
Expand Down Expand Up @@ -192,9 +197,9 @@ func main() {

switch conf.ZMQAuthType {
case "CURVE":
processor, err = regprocessor.NewRegProcessor(conf.ZMQBindAddr, conf.ZMQPort, zmqPrivkey, conf.ZMQAuthVerbose, conf.StationPublicKeys, metrics)
processor, err = regprocessor.NewRegProcessor(conf.ZMQBindAddr, conf.ZMQPort, zmqPrivkey, conf.ZMQAuthVerbose, conf.StationPublicKeys, metrics, conf.EnforceSubnetOverrides, conf.OverrideSubnets, conf.ExclusionsFromOverride, conf.PrcntMinRegsToOverride, conf.PrcntPrefixRegsToOverride)
case "NULL":
processor, err = regprocessor.NewRegProcessorNoAuth(conf.ZMQBindAddr, conf.ZMQPort, metrics)
processor, err = regprocessor.NewRegProcessorNoAuth(conf.ZMQBindAddr, conf.ZMQPort, metrics, conf.EnforceSubnetOverrides, conf.OverrideSubnets, conf.ExclusionsFromOverride, conf.PrcntMinRegsToOverride, conf.PrcntPrefixRegsToOverride)
default:
log.Fatalf("Unknown ZMQ auth type: %s", conf.ZMQAuthType)
}
Expand Down
29 changes: 29 additions & 0 deletions cmd/registration-server/reg_config.toml
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,32 @@ bidirectional_api_generation = 957

# Path on disk to the latest ClientConfig file that the station should use
clientconf_path = "/var/lib/conjure/ClientConf"

# Whether to apply the below subnet overrides to clients bidirectional api registrations
enforce_subnet_overrides = true

# Percentage of bidirectional api registrations to override per transport
prcnt_min_regs_to_override = 100
prcnt_prefix_regs_to_override = 100

# Subnets to use when overriding clients bidirectional api registrations
[[override_subnet]]
cidr = "X.X.X.X/32"
weight = 10.7
port = 443
transport = "Min_Transport"

[[override_subnet]]
cidr = "X.X.X.X/24"
weight = 10
port = 80
transport = "Prefix_Transport"
prefix_id = 1

# Subnets to refrain from overriding when clients bidirectional api registrations pick a v4 phantom inside them
[[excluded_subnet_from_overrides]]
cidr = "X.X.X.X/25"
# For future features that can exclude subnets according to weight, port, or transport
weight = 28.7
port = 80
transport = "Min_Transport"
2 changes: 1 addition & 1 deletion pkg/regserver/regprocessor/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ func TestZMQAuth(t *testing.T) {
// messages that we expect the station to hear. in production this will be new registrations,
// here we don't care about the message contents.
go func() {
regProcessor, err := newRegProcessor(zmqBindAddr, zmqPort, []byte(zmq.Z85decode(serverPrivkeyZ85)), true, stationPublicKeys)
regProcessor, err := newRegProcessor(zmqBindAddr, zmqPort, []byte(zmq.Z85decode(serverPrivkeyZ85)), true, stationPublicKeys, false, nil, nil, 0.0, 0.0)
require.Nil(t, err)
defer regProcessor.Close()
errStation := regProcessor.AddTransport(pb.TransportType_Min, min.Transport{})
Expand Down
Loading
Loading