[ipfire.org.git] / src / backend / geoip.py

#!/usr/bin/python

import ipaddress
import logging
import pycares
import re
import socket
import tornado.gen
import tornado.platform.caresresolver

from . import countries

from .decorators import *
from .misc import Object

# These lists are used to block access to the webapp
BLOCKLISTS = (
	"sbl.spamhaus.org",
	"xbl.spamhaus.org",
)

BLACKLISTS = {
	"access.redhawk.org" : False,
	"all.de.bl.blocklist.de" : False,
	"all.spamblock.unit.liu.se" : False,
	"b.barracudacentral.org" : False,
	"bl.deadbeef.com" : False,
	#"bl.emailbasura.org" : False,
	"bl.spamcannibal.org" : False,
	"bl.spamcop.net" : False,
	"blackholes.five-ten-sg.com" : False,
	#"blackholes.mail-abuse.org" : False,
	"blacklist.sci.kun.nl" : False,
	"blacklist.woody.ch" : False,
	"bogons.cymru.com" : False,
	"bsb.spamlookup.net" : False,
	"cbl.abuseat.org" : False,
	#"cbl.anti-spam.org.cn" : False,
	#"cblless.anti-spam.org.cn" : False,
	#"cblplus.anti-spam.org.cn" : False,
	#"cdl.anti-spam.org.cn" : False,
	#"combined.njabl.org" : False,
	"combined.rbl.msrbl.net" : False,
	"csi.cloudmark.com" : False,
	"db.wpbl.info" : False,
	#"dialups.mail-abuse.org" : False,
	"dnsbl-1.uceprotect.net" : False,
	"dnsbl-2.uceprotect.net" : False,
	"dnsbl-3.uceprotect.net" : False,
	"dnsbl.abuse.ch" : False,
	"dnsbl.cyberlogic.net" : False,
	"dnsbl.dronebl.org" : False,
	"dnsbl.inps.de" : False,
	"dnsbl.kempt.net" : False,
	#"dnsbl.njabl.org" : False,
	"dnsbl.sorbs.net" : False,
	"dob.sibl.support-intelligence.net" : False,
	"drone.abuse.ch" : False,
	"dsn.rfc-ignorant.org" : False,
	"duinv.aupads.org" : False,
	#"dul.blackhole.cantv.net" : False,
	"dul.dnsbl.sorbs.net" : False,
	"vdul.ru" : False,
	"dyna.spamrats.com" : False,
	"dynablock.sorbs.net" : False,
	#"dyndns.rbl.jp" : False,
	"dynip.rothen.com" : False,
	"forbidden.icm.edu.pl" : False,
	"http.dnsbl.sorbs.net" : False,
	"httpbl.abuse.ch" : False,
	"images.rbl.msrbl.net" : False,
	"ips.backscatterer.org" : False,
	"ix.dnsbl.manitu.net" : False,
	"korea.services.net" : False,
	"mail.people.it" : False,
	"misc.dnsbl.sorbs.net" : False,
	"multi.surbl.org" : False,
	"netblock.pedantic.org" : False,
	"noptr.spamrats.com" : False,
	"opm.tornevall.org" : False,
	"orvedb.aupads.org" : False,
	"pbl.spamhaus.org" : False,
	"phishing.rbl.msrbl.net" : False,
	"psbl.surriel.com" : False,
	"query.senderbase.org" : False,
	#"rbl-plus.mail-abuse.org" : False,
	"rbl.efnetrbl.org" : False,
	"rbl.interserver.net" : False,
	"rbl.spamlab.com" : False,
	"rbl.suresupport.com" : False,
	"relays.bl.gweep.ca" : False,
	"relays.bl.kundenserver.de" : False,
	#"relays.mail-abuse.org" : False,
	"relays.nether.net" : False,
	"residential.block.transip.nl" : False,
	#"rot.blackhole.cantv.net" : False,
	"sbl.spamhaus.org" : True,
	#"short.rbl.jp" : False,
	"smtp.dnsbl.sorbs.net" : False,
	"socks.dnsbl.sorbs.net" : False,
	"spam.abuse.ch" : False,
	"spam.dnsbl.sorbs.net" : False,
	"spam.rbl.msrbl.net" : False,
	"spam.spamrats.com" : False,
	"spamguard.leadmon.net" : False,
	"spamlist.or.kr" : False,
	"spamrbl.imp.ch" : False,
	"tor.dan.me.uk" : False,
	"ubl.lashback.com" : False,
	"ubl.unsubscore.com" : False,
	"uribl.swinog.ch" : False,
	#"url.rbl.jp" : False,
	"virbl.bit.nl" : False,
	#"virus.rbl.jp" : False,
	"virus.rbl.msrbl.net" : False,
	"web.dnsbl.sorbs.net" : False,
	"wormrbl.imp.ch" : False,
	"xbl.spamhaus.org" : True,
	"zen.spamhaus.org" : False,
	"zombie.dnsbl.sorbs.net" : False,
}

class Resolver(tornado.platform.caresresolver.CaresResolver):
	def initialize(self, **kwargs):
		super().initialize()

		# Overwrite Channel
		self.channel = pycares.Channel(sock_state_cb=self._sock_state_cb, **kwargs)

	@tornado.gen.coroutine
	def query(self, name, type=pycares.QUERY_TYPE_A):
		# Create a new Future
		fut = tornado.gen.Future()

		# Perform the query
		self.channel.query(name, type, lambda result, error: fut.set_result((result, error)))

		# Wait for the response
		result, error = yield fut

		# Handle any errors
		if error:
			# NXDOMAIN
			if error == pycares.errno.ARES_ENOTFOUND:
				return

			# Ignore responses with no data
			elif error == pycares.errno.ARES_ENODATA:
				return

			raise IOError(
				"C-Ares returned error %s: %s while resolving %s"
				% (error, pycares.errno.strerror(error), name)
			)

		# Return the result
		return result


class GeoIP(Object):
	@lazy_property
	def resolver(self):
		return Resolver(tries=2, timeout=2, domains=[])

	def lookup(self, address):
		return Address(self.backend, address)

	def guess_address_family(self, addr):
		if ":" in addr:
			return 6

		return 4

	def get_country(self, addr):
		ret = self.get_all(addr)

		if ret:
			return ret.country

	def get_location(self, addr):
		query = "SELECT * FROM geoip \
			WHERE %s BETWEEN start_ip AND end_ip LIMIT 1"

		return self.db.get(query, addr)

	def get_asn(self, addr):
		query = "SELECT asn FROM geoip_asn \
			WHERE %s BETWEEN start_ip AND end_ip LIMIT 1"

		ret = self.db.get(query, addr)

		if ret:
			return ret.asn

	def get_all(self, addr):
		location = self.get_location(addr)

		if location:
			location["asn"] = self.get_asn(addr)

		return location

	_countries = {
		"A1" : "Anonymous Proxy",
		"A2" : "Satellite Provider",
		"AP" : "Asia/Pacific Region",
		"EU" : "Europe",
	}

	def get_country_name(self, code):
		return countries.get_name(code)

	@tornado.gen.coroutine
	def test_blacklist(self, address):
		address = self.lookup(address)

		# Determne blacklist status
		status = yield address.is_blacklisted()

		print("Blacklist status for %s: %s" % (address, status))


class Address(Object):
	def init(self, address):
		self.address = ipaddress.ip_address(address)

	def __str__(self):
		return "%s" % self.address

	@property
	def family(self):
		if isinstance(self.address, ipaddress.IPv6Address):
			return socket.AF_INET6
		elif isinstance(self.address, ipaddress.IPv4Address):
			return socket.AF_INET

	# Blacklist

	def _make_blacklist_rr(self, blacklist):
		if self.family == socket.AF_INET6:
			octets = list(self.address.exploded.replace(":", ""))
		elif self.family == socket.AF_INET:
			octets = str(self.address).split(".")
		else:
			raise NotImplementedError("Unknown IP protocol")

		# Reverse the list
		octets.reverse()

		# Append suffix
		octets.append(blacklist)

		return ".".join(octets)

	@tornado.gen.coroutine
	def _resolve_blacklist(self, blacklist):
		return_code = None

		# Get resource record name
		rr = self._make_blacklist_rr(blacklist)

		# Get query type from IP protocol version
		if self.family == socket.AF_INET6:
			type = pycares.QUERY_TYPE_AAAA
		elif self.family == socket.AF_INET:
			type = pycares.QUERY_TYPE_A
		else:
			raise NotImplementedError("Unknown IP protocol")

		# Run query
		try:
			res = yield self.backend.geoip.resolver.query(rr, type=type)
		except IOError as e:
			logging.warning(e)

			return return_code, "%s" % e

		# Not found
		if not res:
			logging.debug("%s is not blacklisted on %s" % (self, blacklist))
			return return_code, None

		# Extract return code from DNS response
		for row in res:
			return_code = row.host
			break

		# If the IP address is on a blacklist, we will try to fetch the TXT record
		reason = yield self.backend.geoip.resolver.query(rr, type=pycares.QUERY_TYPE_TXT)

		# Log result
		logging.debug("%s is blacklisted on %s: %s" % (self, blacklist, reason or "N/A"))

		# Take the first reason
		if reason:
			for i in reason:
				return return_code, i.text

		# Blocked, but no reason
		return return_code, None

	@tornado.gen.coroutine
	def get_blacklists(self, important_only=False):
		blacklists = yield { bl : self._resolve_blacklist(bl) for bl in BLACKLISTS if not important_only or BLACKLISTS[bl] }

		return blacklists

	@tornado.gen.coroutine
	def is_blacklisted(self):
		logging.debug("Checking if %s is blacklisted..." % self)

		# Perform checks
		blacklists = yield { bl : self._resolve_blacklist(bl) for bl in BLOCKLISTS }

		# If we are blacklisted on one list, this one is screwed
		for bl in blacklists:
			code, message = blacklists[bl]

			logging.debug("Response from %s is: %s (%s)" % (bl, code, message))

			# Exclude matches on SBLCSS
			if bl == "sbl.spamhaus.org" and code == "127.0.0.3":
				continue

			# Consider the host blocked for any non-zero return code
			if code:
				return True
Commit	Line	Data
940227cb MT	1	#!/usr/bin/python
940227cb MT	2
d8f64b59 MT	3	import ipaddress
	4	import logging
	5	import pycares
638e9782	6	import re
d8f64b59 MT	7	import socket
	8	import tornado.gen
	9	import tornado.platform.caresresolver
638e9782	10
11347e46	11	from . import countries
940227cb	12
d8f64b59	13	from .decorators import *
11347e46	14	from .misc import Object
940227cb	15
8f94e19f MT	16	# These lists are used to block access to the webapp
	17	BLOCKLISTS = (
	18	"sbl.spamhaus.org",
	19	"xbl.spamhaus.org",
	20	)
	21
2517822e MT	22	BLACKLISTS = {
2517822e MT	23	"access.redhawk.org" : False,
7673c279	24	"all.de.bl.blocklist.de" : False,
2517822e MT	25	"all.spamblock.unit.liu.se" : False,
	26	"b.barracudacentral.org" : False,
	27	"bl.deadbeef.com" : False,
	28	#"bl.emailbasura.org" : False,
	29	"bl.spamcannibal.org" : False,
	30	"bl.spamcop.net" : False,
	31	"blackholes.five-ten-sg.com" : False,
	32	#"blackholes.mail-abuse.org" : False,
	33	"blacklist.sci.kun.nl" : False,
	34	"blacklist.woody.ch" : False,
	35	"bogons.cymru.com" : False,
	36	"bsb.spamlookup.net" : False,
	37	"cbl.abuseat.org" : False,
	38	#"cbl.anti-spam.org.cn" : False,
	39	#"cblless.anti-spam.org.cn" : False,
	40	#"cblplus.anti-spam.org.cn" : False,
	41	#"cdl.anti-spam.org.cn" : False,
	42	#"combined.njabl.org" : False,
	43	"combined.rbl.msrbl.net" : False,
	44	"csi.cloudmark.com" : False,
	45	"db.wpbl.info" : False,
	46	#"dialups.mail-abuse.org" : False,
	47	"dnsbl-1.uceprotect.net" : False,
	48	"dnsbl-2.uceprotect.net" : False,
	49	"dnsbl-3.uceprotect.net" : False,
	50	"dnsbl.abuse.ch" : False,
	51	"dnsbl.cyberlogic.net" : False,
	52	"dnsbl.dronebl.org" : False,
	53	"dnsbl.inps.de" : False,
	54	"dnsbl.kempt.net" : False,
	55	#"dnsbl.njabl.org" : False,
	56	"dnsbl.sorbs.net" : False,
	57	"dob.sibl.support-intelligence.net" : False,
	58	"drone.abuse.ch" : False,
	59	"dsn.rfc-ignorant.org" : False,
	60	"duinv.aupads.org" : False,
	61	#"dul.blackhole.cantv.net" : False,
	62	"dul.dnsbl.sorbs.net" : False,
	63	"vdul.ru" : False,
	64	"dyna.spamrats.com" : False,
	65	"dynablock.sorbs.net" : False,
	66	#"dyndns.rbl.jp" : False,
	67	"dynip.rothen.com" : False,
	68	"forbidden.icm.edu.pl" : False,
	69	"http.dnsbl.sorbs.net" : False,
	70	"httpbl.abuse.ch" : False,
	71	"images.rbl.msrbl.net" : False,
	72	"ips.backscatterer.org" : False,
	73	"ix.dnsbl.manitu.net" : False,
	74	"korea.services.net" : False,
	75	"mail.people.it" : False,
	76	"misc.dnsbl.sorbs.net" : False,
	77	"multi.surbl.org" : False,
	78	"netblock.pedantic.org" : False,
	79	"noptr.spamrats.com" : False,
	80	"opm.tornevall.org" : False,
	81	"orvedb.aupads.org" : False,
	82	"pbl.spamhaus.org" : False,
	83	"phishing.rbl.msrbl.net" : False,
	84	"psbl.surriel.com" : False,
	85	"query.senderbase.org" : False,
	86	#"rbl-plus.mail-abuse.org" : False,
	87	"rbl.efnetrbl.org" : False,
	88	"rbl.interserver.net" : False,
89	"rbl.spamlab.com" : False,
90	"rbl.suresupport.com" : False,
91	"relays.bl.gweep.ca" : False,
92	"relays.bl.kundenserver.de" : False,
93	#"relays.mail-abuse.org" : False,
94	"relays.nether.net" : False,
95	"residential.block.transip.nl" : False,
96	#"rot.blackhole.cantv.net" : False,
97	"sbl.spamhaus.org" : True,
98	#"short.rbl.jp" : False,
99	"smtp.dnsbl.sorbs.net" : False,
100	"socks.dnsbl.sorbs.net" : False,
101	"spam.abuse.ch" : False,
102	"spam.dnsbl.sorbs.net" : False,
103	"spam.rbl.msrbl.net" : False,
104	"spam.spamrats.com" : False,
105	"spamguard.leadmon.net" : False,
106	"spamlist.or.kr" : False,
107	"spamrbl.imp.ch" : False,
108	"tor.dan.me.uk" : False,
109	"ubl.lashback.com" : False,
110	"ubl.unsubscore.com" : False,
111	"uribl.swinog.ch" : False,
112	#"url.rbl.jp" : False,
113	"virbl.bit.nl" : False,
114	#"virus.rbl.jp" : False,
115	"virus.rbl.msrbl.net" : False,
116	"web.dnsbl.sorbs.net" : False,
117	"wormrbl.imp.ch" : False,
4f25f29a	118	"xbl.spamhaus.org" : True,
2517822e MT	119	"zen.spamhaus.org" : False,
	120	"zombie.dnsbl.sorbs.net" : False,
	121	}
d8f64b59 MT	122
	123	class Resolver(tornado.platform.caresresolver.CaresResolver):
	124	def initialize(self, **kwargs):
	125	super().initialize()
	126
	127	# Overwrite Channel
	128	self.channel = pycares.Channel(sock_state_cb=self._sock_state_cb, **kwargs)
	129
	130	@tornado.gen.coroutine
	131	def query(self, name, type=pycares.QUERY_TYPE_A):
	132	# Create a new Future
	133	fut = tornado.gen.Future()
	134
	135	# Perform the query
	136	self.channel.query(name, type, lambda result, error: fut.set_result((result, error)))
	137
	138	# Wait for the response
	139	result, error = yield fut
	140
	141	# Handle any errors
	142	if error:
	143	# NXDOMAIN
	144	if error == pycares.errno.ARES_ENOTFOUND:
	145	return
	146
	147	# Ignore responses with no data
	148	elif error == pycares.errno.ARES_ENODATA:
	149	return
	150
	151	raise IOError(
	152	"C-Ares returned error %s: %s while resolving %s"
	153	% (error, pycares.errno.strerror(error), name)
	154	)
	155
	156	# Return the result
	157	return result
	158
	159
9068dba1	160	class GeoIP(Object):
d8f64b59 MT	161	@lazy_property
d8f64b59 MT	162	def resolver(self):
c75e27d3	163	return Resolver(tries=2, timeout=2, domains=[])
d8f64b59 MT	164
	165	def lookup(self, address):
	166	return Address(self.backend, address)
	167
9068dba1 MT	168	def guess_address_family(self, addr):
	169	if ":" in addr:
	170	return 6
940227cb	171
9068dba1	172	return 4
65afea2f	173
9068dba1 MT	174	def get_country(self, addr):
9068dba1 MT	175	ret = self.get_all(addr)
940227cb	176
9068dba1 MT	177	if ret:
9068dba1 MT	178	return ret.country
119f55d7	179
9068dba1	180	def get_location(self, addr):
5488a9f4 MT	181	query = "SELECT * FROM geoip \
5488a9f4 MT	182	WHERE %s BETWEEN start_ip AND end_ip LIMIT 1"
0673d1b0	183
c89084ce	184	return self.db.get(query, addr)
0673d1b0	185
9068dba1	186	def get_asn(self, addr):
5488a9f4 MT	187	query = "SELECT asn FROM geoip_asn \
5488a9f4 MT	188	WHERE %s BETWEEN start_ip AND end_ip LIMIT 1"
0673d1b0	189
9068dba1	190	ret = self.db.get(query, addr)
0673d1b0	191
9068dba1 MT	192	if ret:
9068dba1 MT	193	return ret.asn
0673d1b0	194
9068dba1 MT	195	def get_all(self, addr):
9068dba1 MT	196	location = self.get_location(addr)
0673d1b0	197
9068dba1 MT	198	if location:
9068dba1 MT	199	location["asn"] = self.get_asn(addr)
940227cb	200
9068dba1	201	return location
119f55d7	202
9068dba1 MT	203	_countries = {
	204	"A1" : "Anonymous Proxy",
	205	"A2" : "Satellite Provider",
	206	"AP" : "Asia/Pacific Region",
	207	"EU" : "Europe",
	208	}
119f55d7	209
9068dba1	210	def get_country_name(self, code):
df731215	211	return countries.get_name(code)
d8f64b59	212
8f94e19f MT	213	@tornado.gen.coroutine
	214	def test_blacklist(self, address):
	215	address = self.lookup(address)
	216
	217	# Determne blacklist status
	218	status = yield address.is_blacklisted()
	219
	220	print("Blacklist status for %s: %s" % (address, status))
	221
d8f64b59 MT	222
	223	class Address(Object):
	224	def init(self, address):
	225	self.address = ipaddress.ip_address(address)
	226
	227	def __str__(self):
	228	return "%s" % self.address
	229
d8f64b59 MT	230	@property
	231	def family(self):
	232	if isinstance(self.address, ipaddress.IPv6Address):
	233	return socket.AF_INET6
	234	elif isinstance(self.address, ipaddress.IPv4Address):
	235	return socket.AF_INET
	236
	237	# Blacklist
	238
	239	def _make_blacklist_rr(self, blacklist):
f1364f23	240	if self.family == socket.AF_INET6:
66ac234b	241	octets = list(self.address.exploded.replace(":", ""))
f1364f23 MT	242	elif self.family == socket.AF_INET:
	243	octets = str(self.address).split(".")
	244	else:
	245	raise NotImplementedError("Unknown IP protocol")
d8f64b59	246
f1364f23 MT	247	# Reverse the list
f1364f23 MT	248	octets.reverse()
d8f64b59	249
f1364f23 MT	250	# Append suffix
f1364f23 MT	251	octets.append(blacklist)
d8f64b59	252
f1364f23	253	return ".".join(octets)
d8f64b59 MT	254
	255	@tornado.gen.coroutine
	256	def _resolve_blacklist(self, blacklist):
8f94e19f MT	257	return_code = None
8f94e19f MT	258
d8f64b59 MT	259	# Get resource record name
	260	rr = self._make_blacklist_rr(blacklist)
	261
	262	# Get query type from IP protocol version
	263	if self.family == socket.AF_INET6:
	264	type = pycares.QUERY_TYPE_AAAA
	265	elif self.family == socket.AF_INET:
	266	type = pycares.QUERY_TYPE_A
	267	else:
	268	raise NotImplementedError("Unknown IP protocol")
	269
	270	# Run query
	271	try:
	272	res = yield self.backend.geoip.resolver.query(rr, type=type)
	273	except IOError as e:
	274	logging.warning(e)
	275
8f94e19f	276	return return_code, "%s" % e
d8f64b59 MT	277
	278	# Not found
	279	if not res:
cfe7d74c	280	logging.debug("%s is not blacklisted on %s" % (self, blacklist))
8f94e19f MT	281	return return_code, None
	282
	283	# Extract return code from DNS response
	284	for row in res:
	285	return_code = row.host
	286	break
d8f64b59 MT	287
	288	# If the IP address is on a blacklist, we will try to fetch the TXT record
	289	reason = yield self.backend.geoip.resolver.query(rr, type=pycares.QUERY_TYPE_TXT)
	290
cfe7d74c MT	291	# Log result
	292	logging.debug("%s is blacklisted on %s: %s" % (self, blacklist, reason or "N/A"))
	293
d8f64b59 MT	294	# Take the first reason
	295	if reason:
	296	for i in reason:
8f94e19f	297	return return_code, i.text
d8f64b59 MT	298
d8f64b59 MT	299	# Blocked, but no reason
8f94e19f	300	return return_code, None
d8f64b59 MT	301
d8f64b59 MT	302	@tornado.gen.coroutine
2517822e MT	303	def get_blacklists(self, important_only=False):
2517822e MT	304	blacklists = yield { bl : self._resolve_blacklist(bl) for bl in BLACKLISTS if not important_only or BLACKLISTS[bl] }
d8f64b59 MT	305
d8f64b59 MT	306	return blacklists
2517822e MT	307
	308	@tornado.gen.coroutine
	309	def is_blacklisted(self):
cfe7d74c MT	310	logging.debug("Checking if %s is blacklisted..." % self)
	311
	312	# Perform checks
8f94e19f	313	blacklists = yield { bl : self._resolve_blacklist(bl) for bl in BLOCKLISTS }
2517822e MT	314
2517822e MT	315	# If we are blacklisted on one list, this one is screwed
8f94e19f MT	316	for bl in blacklists:
	317	code, message = blacklists[bl]
	318
	319	logging.debug("Response from %s is: %s (%s)" % (bl, code, message))
	320
	321	# Exclude matches on SBLCSS
	322	if bl == "sbl.spamhaus.org" and code == "127.0.0.3":
	323	continue
	324
	325	# Consider the host blocked for any non-zero return code
2517822e MT	326	if code:
2517822e MT	327	return True