summaryrefslogtreecommitdiff
path: root/src/leap/base/checks.py
blob: 8abdf7747b4ca5292b93437bc6b66385cc2e8677 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
# -*- coding: utf-8 -*-
import logging
import platform
import re
import socket

import netifaces
import ping
import requests
import sh

from leap.base import constants
from leap.base import exceptions

logger = logging.getLogger(name=__name__)
_platform = platform.system()

#EVENTS OF NOTE
EVENT_CONNECT_REFUSED = "[ECONNREFUSED]: Connection refused (code=111)"

ICMP_TARGET = "8.8.8.8"


class LeapNetworkChecker(object):
    """
    all network related checks
    """
    def __init__(self, *args, **kwargs):
        provider_gw = kwargs.pop('provider_gw', None)
        self.provider_gateway = provider_gw

    def run_all(self, checker=None):
        if not checker:
            checker = self
        #self.error = None  # ?

        # for MVS
        checker.check_tunnel_default_interface()
        checker.check_internet_connection()
        checker.is_internet_up()

        if self.provider_gateway:
            checker.ping_gateway(self.provider_gateway)

        checker.parse_log_and_react([], ())

    def check_internet_connection(self):
        try:
            # XXX remove this hardcoded random ip
            # ping leap.se or eip provider instead...?
            # XXX could use icmp instead..
            requests.get('http://216.172.161.165')
        except requests.ConnectionError as e:
            error = "Unidentified Connection Error"
            if e.message == "[Errno 113] No route to host":
                if not self.is_internet_up():
                    error = "No valid internet connection found."
                else:
                    error = "Provider server appears to be down."
            logger.error(error)
            raise exceptions.NoInternetConnection(error)
        except (requests.HTTPError, requests.RequestException) as e:
            raise exceptions.NoInternetConnection(e.message)

        # XXX should redirect this to netcheck logger.
        # and don't clutter main log.
        logger.debug('Network appears to be up.')

    def is_internet_up(self):
        iface, gateway = self.get_default_interface_gateway()
        try:
            self.ping_gateway(self.provider_gateway)
        except exceptions.NoConnectionToGateway:
            return False
        return True

    def _get_route_table_linux(self):

        with open("/proc/net/route") as f:
            route_table = f.readlines()
        #toss out header
        route_table.pop(0)
        if not route_table:
            raise exceptions.TunnelNotDefaultRouteError()
        return route_table

    def _get_def_iface_osx(self):
        default_iface = None
        #gateway = None
        routes = list(sh.route('-n', 'get',  ICMP_TARGET, _iter=True))
        iface = filter(lambda l: "interface" in l, routes)
        if not iface:
            return None, None
        def_ifacel = re.findall('\w+\d', iface[0])
        default_iface = def_ifacel[0] if def_ifacel else None
        if not default_iface:
            return None, None
        _gw = filter(lambda l: "gateway" in l, routes)
        gw = re.findall('\d+\.\d+\.\d+\.\d+', _gw[0])[0]
        return default_iface, gw

    def _get_tunnel_iface_linux(self):
        # XXX review.
        # valid also when local router has a default entry?
        route_table = self._get_route_table_linux()
        line = route_table.pop(0)
        iface, destination = line.split('\t')[0:2]
        if not destination == '00000000' or not iface == 'tun0':
            raise exceptions.TunnelNotDefaultRouteError()
        return True

    def check_tunnel_default_interface(self):
        """
        Raises an TunnelNotDefaultRouteError
        if tun0 is not the chosen default route
        (including when no routes are present)
        """
        #logger.debug('checking tunnel default interface...')

        if _platform == "Linux":
            valid = self._get_tunnel_iface_linux()
            return valid
        elif _platform == "Darwin":
            default_iface, gw = self._get_def_iface_osx()
            #logger.debug('iface: %s', default_iface)
            if default_iface != "tun0":
                logger.debug('tunnel not default route! gw: %s', default_iface)
                # XXX should catch this and act accordingly...
                # but rather, this test should only be launched
                # when we have successfully completed a connection
                # ... TRIGGER: Connection stablished (or whatever it is)
                # in the logs
                raise exceptions.TunnelNotDefaultRouteError
        else:
            #logger.debug('PLATFORM !!! %s', _platform)
            raise NotImplementedError

    def _get_def_iface_linux(self):
        default_iface = None
        gateway = None

        route_table = self._get_route_table_linux()
        while route_table:
            line = route_table.pop(0)
            iface, destination, gateway = line.split('\t')[0:3]
            if destination == '00000000':
                default_iface = iface
                break
        return default_iface, gateway

    def get_default_interface_gateway(self):
        """
        gets the interface we are going thru.
        (this should be merged with check tunnel default interface,
        imo...)
        """
        if _platform == "Linux":
            default_iface, gw = self.get_def_iface_linux()
        elif _platform == "Darwin":
            default_iface, gw = self.get_def_iface_osx()
        else:
            raise NotImplementedError

        if not default_iface:
            raise exceptions.NoDefaultInterfaceFoundError

        if default_iface not in netifaces.interfaces():
            raise exceptions.InterfaceNotFoundError
        logger.debug('-- default iface', default_iface)
        return default_iface, gw

    def ping_gateway(self, gateway):
        # TODO: Discuss how much packet loss (%) is acceptable.

        # XXX -- validate gateway
        # -- is it a valid ip? (there's something in util)
        # -- is it a domain?
        # -- can we resolve? -- raise NoDNSError if not.

        # XXX -- needs review!
        # We cannout use this ping implementation; it needs root.
        # We need to look for another, poors-man implementation
        # or wrap around system traceroute (using sh module, fi)
        # -- kali
        packet_loss = ping.quiet_ping(gateway)[0]
        logger.debug('packet loss %s' % packet_loss)
        if packet_loss > constants.MAX_ICMP_PACKET_LOSS:
            raise exceptions.NoConnectionToGateway

    def check_name_resolution(self, domain_name):
        try:
            socket.gethostbyname(domain_name)
            return True
        except socket.gaierror:
            raise exceptions.CannotResolveDomainError

    def parse_log_and_react(self, log, error_matrix=None):
        """
        compares the recent openvpn status log to
        strings passed in and executes the callbacks passed in.
        @param log: openvpn log
        @type log: list of strings
        @param error_matrix: tuples of strings and tuples of callbacks
        @type error_matrix: tuples strings and call backs
        """
        for line in log:
            # we could compile a regex here to save some cycles up -- kali
            for each in error_matrix:
                error, callbacks = each
                if error in line:
                    for cb in callbacks:
                        if callable(cb):
                            cb()