]>
Commit | Line | Data |
---|---|---|
78ff0cf2 MT |
1 | #!/usr/bin/python3 |
2 | ############################################################################### | |
3 | # # | |
4 | # libloc - A library to determine the location of someone on the Internet # | |
5 | # # | |
2ad36187 | 6 | # Copyright (C) 2020-2022 IPFire Development Team <info@ipfire.org> # |
78ff0cf2 MT |
7 | # # |
8 | # This library is free software; you can redistribute it and/or # | |
9 | # modify it under the terms of the GNU Lesser General Public # | |
10 | # License as published by the Free Software Foundation; either # | |
11 | # version 2.1 of the License, or (at your option) any later version. # | |
12 | # # | |
13 | # This library is distributed in the hope that it will be useful, # | |
14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # | |
16 | # Lesser General Public License for more details. # | |
17 | # # | |
18 | ############################################################################### | |
19 | ||
20 | import argparse | |
0fcdd689 | 21 | import concurrent.futures |
6ffd06b5 | 22 | import ipaddress |
dcef2ba4 | 23 | import json |
78ff0cf2 | 24 | import logging |
6ffd06b5 MT |
25 | import math |
26 | import re | |
22d8d199 | 27 | import socket |
78ff0cf2 | 28 | import sys |
3ce28dea | 29 | import urllib.error |
78ff0cf2 MT |
30 | |
31 | # Load our location module | |
32 | import location | |
29c6fa22 | 33 | import location.database |
3192b66c | 34 | import location.importer |
78ff0cf2 MT |
35 | from location.i18n import _ |
36 | ||
37 | # Initialise logging | |
38 | log = logging.getLogger("location.importer") | |
39 | log.propagate = 1 | |
40 | ||
43fe570c PM |
41 | # Define constants |
42 | VALID_ASN_RANGES = ( | |
43 | (1, 23455), | |
44 | (23457, 64495), | |
45 | (131072, 4199999999), | |
46 | ) | |
47 | ||
48 | ||
78ff0cf2 MT |
49 | class CLI(object): |
50 | def parse_cli(self): | |
51 | parser = argparse.ArgumentParser( | |
52 | description=_("Location Importer Command Line Interface"), | |
53 | ) | |
6ffd06b5 | 54 | subparsers = parser.add_subparsers() |
78ff0cf2 MT |
55 | |
56 | # Global configuration flags | |
57 | parser.add_argument("--debug", action="store_true", | |
58 | help=_("Enable debug output")) | |
bc1f5f53 MT |
59 | parser.add_argument("--quiet", action="store_true", |
60 | help=_("Enable quiet mode")) | |
78ff0cf2 MT |
61 | |
62 | # version | |
63 | parser.add_argument("--version", action="version", | |
64 | version="%(prog)s @VERSION@") | |
65 | ||
29c6fa22 MT |
66 | # Database |
67 | parser.add_argument("--database-host", required=True, | |
68 | help=_("Database Hostname"), metavar=_("HOST")) | |
69 | parser.add_argument("--database-name", required=True, | |
70 | help=_("Database Name"), metavar=_("NAME")) | |
71 | parser.add_argument("--database-username", required=True, | |
72 | help=_("Database Username"), metavar=_("USERNAME")) | |
73 | parser.add_argument("--database-password", required=True, | |
74 | help=_("Database Password"), metavar=_("PASSWORD")) | |
75 | ||
0983f3dd MT |
76 | # Write Database |
77 | write = subparsers.add_parser("write", help=_("Write database to file")) | |
78 | write.set_defaults(func=self.handle_write) | |
79 | write.add_argument("file", nargs=1, help=_("Database File")) | |
80 | write.add_argument("--signing-key", nargs="?", type=open, help=_("Signing Key")) | |
1164d876 | 81 | write.add_argument("--backup-signing-key", nargs="?", type=open, help=_("Backup Signing Key")) |
0983f3dd MT |
82 | write.add_argument("--vendor", nargs="?", help=_("Sets the vendor")) |
83 | write.add_argument("--description", nargs="?", help=_("Sets a description")) | |
84 | write.add_argument("--license", nargs="?", help=_("Sets the license")) | |
b904896a | 85 | write.add_argument("--version", type=int, help=_("Database Format Version")) |
0983f3dd | 86 | |
6ffd06b5 MT |
87 | # Update WHOIS |
88 | update_whois = subparsers.add_parser("update-whois", help=_("Update WHOIS Information")) | |
89 | update_whois.set_defaults(func=self.handle_update_whois) | |
90 | ||
83d61c46 MT |
91 | # Update announcements |
92 | update_announcements = subparsers.add_parser("update-announcements", | |
93 | help=_("Update BGP Annoucements")) | |
94 | update_announcements.set_defaults(func=self.handle_update_announcements) | |
95 | update_announcements.add_argument("server", nargs=1, | |
96 | help=_("Route Server to connect to"), metavar=_("SERVER")) | |
97 | ||
0fcdd689 MT |
98 | # Update geofeeds |
99 | update_geofeeds = subparsers.add_parser("update-geofeeds", | |
100 | help=_("Update Geofeeds")) | |
101 | update_geofeeds.set_defaults(func=self.handle_update_geofeeds) | |
102 | ||
d7fc3057 MT |
103 | # Update overrides |
104 | update_overrides = subparsers.add_parser("update-overrides", | |
105 | help=_("Update overrides"), | |
106 | ) | |
107 | update_overrides.add_argument( | |
108 | "files", nargs="+", help=_("Files to import"), | |
109 | ) | |
110 | update_overrides.set_defaults(func=self.handle_update_overrides) | |
111 | ||
8084b33a MT |
112 | # Import countries |
113 | import_countries = subparsers.add_parser("import-countries", | |
114 | help=_("Import countries"), | |
115 | ) | |
116 | import_countries.add_argument("file", nargs=1, type=argparse.FileType("r"), | |
117 | help=_("File to import")) | |
118 | import_countries.set_defaults(func=self.handle_import_countries) | |
119 | ||
78ff0cf2 MT |
120 | args = parser.parse_args() |
121 | ||
bc1f5f53 | 122 | # Configure logging |
78ff0cf2 | 123 | if args.debug: |
f9de5e61 | 124 | location.logger.set_level(logging.DEBUG) |
bc1f5f53 MT |
125 | elif args.quiet: |
126 | location.logger.set_level(logging.WARNING) | |
78ff0cf2 | 127 | |
6ffd06b5 MT |
128 | # Print usage if no action was given |
129 | if not "func" in args: | |
130 | parser.print_usage() | |
131 | sys.exit(2) | |
132 | ||
78ff0cf2 MT |
133 | return args |
134 | ||
135 | def run(self): | |
136 | # Parse command line arguments | |
137 | args = self.parse_cli() | |
138 | ||
29c6fa22 | 139 | # Initialise database |
6ffd06b5 | 140 | self.db = self._setup_database(args) |
29c6fa22 | 141 | |
78ff0cf2 | 142 | # Call function |
6ffd06b5 | 143 | ret = args.func(args) |
78ff0cf2 MT |
144 | |
145 | # Return with exit code | |
146 | if ret: | |
147 | sys.exit(ret) | |
148 | ||
149 | # Otherwise just exit | |
150 | sys.exit(0) | |
151 | ||
29c6fa22 MT |
152 | def _setup_database(self, ns): |
153 | """ | |
154 | Initialise the database | |
155 | """ | |
156 | # Connect to database | |
157 | db = location.database.Connection( | |
158 | host=ns.database_host, database=ns.database_name, | |
159 | user=ns.database_username, password=ns.database_password, | |
160 | ) | |
161 | ||
162 | with db.transaction(): | |
163 | db.execute(""" | |
83d61c46 MT |
164 | -- announcements |
165 | CREATE TABLE IF NOT EXISTS announcements(network inet, autnum bigint, | |
166 | first_seen_at timestamp without time zone DEFAULT CURRENT_TIMESTAMP, | |
167 | last_seen_at timestamp without time zone DEFAULT CURRENT_TIMESTAMP); | |
168 | CREATE UNIQUE INDEX IF NOT EXISTS announcements_networks ON announcements(network); | |
169 | CREATE INDEX IF NOT EXISTS announcements_family ON announcements(family(network)); | |
a1707d89 | 170 | CREATE INDEX IF NOT EXISTS announcements_search ON announcements USING GIST(network inet_ops); |
83d61c46 | 171 | |
6ffd06b5 | 172 | -- autnums |
0983f3dd | 173 | CREATE TABLE IF NOT EXISTS autnums(number bigint, name text NOT NULL); |
26f06e70 | 174 | ALTER TABLE autnums ADD COLUMN IF NOT EXISTS source text; |
6ffd06b5 MT |
175 | CREATE UNIQUE INDEX IF NOT EXISTS autnums_number ON autnums(number); |
176 | ||
8084b33a MT |
177 | -- countries |
178 | CREATE TABLE IF NOT EXISTS countries( | |
179 | country_code text NOT NULL, name text NOT NULL, continent_code text NOT NULL); | |
180 | CREATE UNIQUE INDEX IF NOT EXISTS countries_country_code ON countries(country_code); | |
181 | ||
429a43d1 | 182 | -- networks |
83d61c46 | 183 | CREATE TABLE IF NOT EXISTS networks(network inet, country text); |
b6b2b331 | 184 | ALTER TABLE networks ADD COLUMN IF NOT EXISTS original_countries text[]; |
26f06e70 | 185 | ALTER TABLE networks ADD COLUMN IF NOT EXISTS source text; |
429a43d1 | 186 | CREATE UNIQUE INDEX IF NOT EXISTS networks_network ON networks(network); |
002deb6b | 187 | CREATE INDEX IF NOT EXISTS networks_family ON networks USING BTREE(family(network)); |
83d61c46 | 188 | CREATE INDEX IF NOT EXISTS networks_search ON networks USING GIST(network inet_ops); |
d7fc3057 | 189 | |
183b2f74 | 190 | -- geofeeds |
0fcdd689 MT |
191 | CREATE TABLE IF NOT EXISTS geofeeds( |
192 | id serial primary key, | |
193 | url text, | |
194 | status integer default null, | |
195 | updated_at timestamp without time zone default null | |
196 | ); | |
ce308393 | 197 | ALTER TABLE geofeeds ADD COLUMN IF NOT EXISTS error text; |
0fcdd689 MT |
198 | CREATE UNIQUE INDEX IF NOT EXISTS geofeeds_unique |
199 | ON geofeeds(url); | |
200 | CREATE TABLE IF NOT EXISTS geofeed_networks( | |
201 | geofeed_id integer references geofeeds(id) on delete cascade, | |
202 | network inet, | |
203 | country text, | |
204 | region text, | |
205 | city text | |
206 | ); | |
207 | CREATE INDEX IF NOT EXISTS geofeed_networks_geofeed_id | |
208 | ON geofeed_networks(geofeed_id); | |
209 | CREATE INDEX IF NOT EXISTS geofeed_networks_search | |
47fc42fb | 210 | ON geofeed_networks USING GIST(network inet_ops); |
183b2f74 MT |
211 | CREATE TABLE IF NOT EXISTS network_geofeeds(network inet, url text); |
212 | CREATE UNIQUE INDEX IF NOT EXISTS network_geofeeds_unique | |
213 | ON network_geofeeds(network); | |
7f0a6add MT |
214 | CREATE INDEX IF NOT EXISTS network_geofeeds_search |
215 | ON network_geofeeds USING GIST(network inet_ops); | |
216 | CREATE INDEX IF NOT EXISTS network_geofeeds_url | |
217 | ON network_geofeeds(url); | |
183b2f74 | 218 | |
d7fc3057 MT |
219 | -- overrides |
220 | CREATE TABLE IF NOT EXISTS autnum_overrides( | |
221 | number bigint NOT NULL, | |
222 | name text, | |
bd1aa6a1 | 223 | country text, |
b8e25b71 MT |
224 | is_anonymous_proxy boolean, |
225 | is_satellite_provider boolean, | |
226 | is_anycast boolean | |
d7fc3057 MT |
227 | ); |
228 | CREATE UNIQUE INDEX IF NOT EXISTS autnum_overrides_number | |
229 | ON autnum_overrides(number); | |
39ee3120 | 230 | ALTER TABLE autnum_overrides ADD COLUMN IF NOT EXISTS source text; |
e17e804e | 231 | ALTER TABLE autnum_overrides ADD COLUMN IF NOT EXISTS is_drop boolean; |
d7fc3057 MT |
232 | |
233 | CREATE TABLE IF NOT EXISTS network_overrides( | |
234 | network inet NOT NULL, | |
235 | country text, | |
b8e25b71 MT |
236 | is_anonymous_proxy boolean, |
237 | is_satellite_provider boolean, | |
238 | is_anycast boolean | |
d7fc3057 MT |
239 | ); |
240 | CREATE UNIQUE INDEX IF NOT EXISTS network_overrides_network | |
241 | ON network_overrides(network); | |
991baf53 MT |
242 | CREATE INDEX IF NOT EXISTS network_overrides_search |
243 | ON network_overrides USING GIST(network inet_ops); | |
39ee3120 | 244 | ALTER TABLE network_overrides ADD COLUMN IF NOT EXISTS source text; |
e17e804e | 245 | ALTER TABLE network_overrides ADD COLUMN IF NOT EXISTS is_drop boolean; |
29c6fa22 MT |
246 | """) |
247 | ||
248 | return db | |
249 | ||
0983f3dd MT |
250 | def handle_write(self, ns): |
251 | """ | |
252 | Compiles a database in libloc format out of what is in the database | |
253 | """ | |
0983f3dd | 254 | # Allocate a writer |
1164d876 | 255 | writer = location.Writer(ns.signing_key, ns.backup_signing_key) |
0983f3dd MT |
256 | |
257 | # Set all metadata | |
258 | if ns.vendor: | |
259 | writer.vendor = ns.vendor | |
260 | ||
261 | if ns.description: | |
262 | writer.description = ns.description | |
263 | ||
264 | if ns.license: | |
265 | writer.license = ns.license | |
266 | ||
267 | # Add all Autonomous Systems | |
268 | log.info("Writing Autonomous Systems...") | |
269 | ||
270 | # Select all ASes with a name | |
6e97c44b MT |
271 | rows = self.db.query(""" |
272 | SELECT | |
273 | autnums.number AS number, | |
274 | COALESCE( | |
275 | (SELECT overrides.name FROM autnum_overrides overrides | |
276 | WHERE overrides.number = autnums.number), | |
277 | autnums.name | |
278 | ) AS name | |
279 | FROM autnums | |
280 | WHERE name <> %s ORDER BY number | |
281 | """, "") | |
0983f3dd MT |
282 | |
283 | for row in rows: | |
284 | a = writer.add_as(row.number) | |
285 | a.name = row.name | |
286 | ||
287 | # Add all networks | |
288 | log.info("Writing networks...") | |
289 | ||
290 | # Select all known networks | |
291 | rows = self.db.query(""" | |
295a7774 MT |
292 | WITH known_networks AS ( |
293 | SELECT network FROM announcements | |
294 | UNION | |
295 | SELECT network FROM networks | |
296 | UNION | |
297 | SELECT network FROM network_overrides | |
e87dbd44 MT |
298 | UNION |
299 | SELECT network FROM geofeed_networks | |
295a7774 MT |
300 | ), |
301 | ||
302 | ordered_networks AS ( | |
303 | SELECT | |
304 | known_networks.network AS network, | |
305 | announcements.autnum AS autnum, | |
306 | networks.country AS country, | |
307 | ||
308 | -- Must be part of returned values for ORDER BY clause | |
309 | masklen(announcements.network) AS sort_a, | |
310 | masklen(networks.network) AS sort_b | |
311 | FROM | |
312 | known_networks | |
313 | LEFT JOIN | |
314 | announcements ON known_networks.network <<= announcements.network | |
315 | LEFT JOIN | |
316 | networks ON known_networks.network <<= networks.network | |
317 | ORDER BY | |
318 | known_networks.network, | |
319 | sort_a DESC, | |
320 | sort_b DESC | |
321 | ) | |
322 | ||
5372d9c7 MT |
323 | -- Return a list of those networks enriched with all |
324 | -- other information that we store in the database | |
0983f3dd | 325 | SELECT |
bbea93a7 MT |
326 | DISTINCT ON (network) |
327 | network, | |
328 | autnum, | |
bd1aa6a1 MT |
329 | |
330 | -- Country | |
331 | COALESCE( | |
332 | ( | |
333 | SELECT country FROM network_overrides overrides | |
bbea93a7 | 334 | WHERE networks.network <<= overrides.network |
bd1aa6a1 MT |
335 | ORDER BY masklen(overrides.network) DESC |
336 | LIMIT 1 | |
337 | ), | |
338 | ( | |
339 | SELECT country FROM autnum_overrides overrides | |
bbea93a7 | 340 | WHERE networks.autnum = overrides.number |
bd1aa6a1 | 341 | ), |
e87dbd44 MT |
342 | ( |
343 | SELECT | |
344 | geofeed_networks.country AS country | |
345 | FROM | |
346 | network_geofeeds | |
347 | ||
348 | -- Join the data from the geofeeds | |
349 | LEFT JOIN | |
350 | geofeeds ON network_geofeeds.url = geofeeds.url | |
351 | LEFT JOIN | |
352 | geofeed_networks ON geofeeds.id = geofeed_networks.geofeed_id | |
353 | ||
354 | -- Check whether we have a geofeed for this network | |
355 | WHERE | |
356 | networks.network <<= network_geofeeds.network | |
357 | AND | |
358 | networks.network <<= geofeed_networks.network | |
359 | ||
360 | -- Filter for the best result | |
361 | ORDER BY | |
362 | masklen(geofeed_networks.network) DESC | |
363 | LIMIT 1 | |
364 | ), | |
bd1aa6a1 MT |
365 | networks.country |
366 | ) AS country, | |
8e8555bb | 367 | |
0983f3dd | 368 | -- Flags |
1422b5d4 MT |
369 | COALESCE( |
370 | ( | |
371 | SELECT is_anonymous_proxy FROM network_overrides overrides | |
bbea93a7 | 372 | WHERE networks.network <<= overrides.network |
1422b5d4 MT |
373 | ORDER BY masklen(overrides.network) DESC |
374 | LIMIT 1 | |
375 | ), | |
376 | ( | |
377 | SELECT is_anonymous_proxy FROM autnum_overrides overrides | |
bbea93a7 | 378 | WHERE networks.autnum = overrides.number |
b8e25b71 MT |
379 | ), |
380 | FALSE | |
1422b5d4 MT |
381 | ) AS is_anonymous_proxy, |
382 | COALESCE( | |
383 | ( | |
384 | SELECT is_satellite_provider FROM network_overrides overrides | |
bbea93a7 | 385 | WHERE networks.network <<= overrides.network |
1422b5d4 MT |
386 | ORDER BY masklen(overrides.network) DESC |
387 | LIMIT 1 | |
388 | ), | |
389 | ( | |
390 | SELECT is_satellite_provider FROM autnum_overrides overrides | |
bbea93a7 | 391 | WHERE networks.autnum = overrides.number |
b8e25b71 MT |
392 | ), |
393 | FALSE | |
1422b5d4 MT |
394 | ) AS is_satellite_provider, |
395 | COALESCE( | |
396 | ( | |
397 | SELECT is_anycast FROM network_overrides overrides | |
bbea93a7 | 398 | WHERE networks.network <<= overrides.network |
1422b5d4 MT |
399 | ORDER BY masklen(overrides.network) DESC |
400 | LIMIT 1 | |
401 | ), | |
402 | ( | |
403 | SELECT is_anycast FROM autnum_overrides overrides | |
bbea93a7 | 404 | WHERE networks.autnum = overrides.number |
b8e25b71 MT |
405 | ), |
406 | FALSE | |
e17e804e PM |
407 | ) AS is_anycast, |
408 | COALESCE( | |
409 | ( | |
410 | SELECT is_drop FROM network_overrides overrides | |
411 | WHERE networks.network <<= overrides.network | |
412 | ORDER BY masklen(overrides.network) DESC | |
413 | LIMIT 1 | |
414 | ), | |
415 | ( | |
416 | SELECT is_drop FROM autnum_overrides overrides | |
417 | WHERE networks.autnum = overrides.number | |
418 | ), | |
419 | FALSE | |
420 | ) AS is_drop | |
295a7774 MT |
421 | FROM |
422 | ordered_networks networks | |
0983f3dd MT |
423 | """) |
424 | ||
425 | for row in rows: | |
426 | network = writer.add_network(row.network) | |
427 | ||
5372d9c7 MT |
428 | # Save country |
429 | if row.country: | |
430 | network.country_code = row.country | |
431 | ||
432 | # Save ASN | |
433 | if row.autnum: | |
434 | network.asn = row.autnum | |
0983f3dd MT |
435 | |
436 | # Set flags | |
437 | if row.is_anonymous_proxy: | |
438 | network.set_flag(location.NETWORK_FLAG_ANONYMOUS_PROXY) | |
439 | ||
440 | if row.is_satellite_provider: | |
441 | network.set_flag(location.NETWORK_FLAG_SATELLITE_PROVIDER) | |
442 | ||
443 | if row.is_anycast: | |
444 | network.set_flag(location.NETWORK_FLAG_ANYCAST) | |
445 | ||
e17e804e PM |
446 | if row.is_drop: |
447 | network.set_flag(location.NETWORK_FLAG_DROP) | |
448 | ||
8084b33a MT |
449 | # Add all countries |
450 | log.info("Writing countries...") | |
451 | rows = self.db.query("SELECT * FROM countries ORDER BY country_code") | |
452 | ||
453 | for row in rows: | |
454 | c = writer.add_country(row.country_code) | |
455 | c.continent_code = row.continent_code | |
456 | c.name = row.name | |
457 | ||
0983f3dd MT |
458 | # Write everything to file |
459 | log.info("Writing database to file...") | |
460 | for file in ns.file: | |
461 | writer.write(file) | |
462 | ||
6ffd06b5 MT |
463 | def handle_update_whois(self, ns): |
464 | downloader = location.importer.Downloader() | |
465 | ||
3ce28dea MT |
466 | # Did we run successfully? |
467 | error = False | |
84b175e2 | 468 | |
3ce28dea MT |
469 | # Fetch all valid country codes to check parsed networks aganist |
470 | validcountries = self.countries | |
6ffd06b5 | 471 | |
3ce28dea | 472 | # Iterate over all potential sources |
f3edaa9c | 473 | for source in sorted(location.importer.SOURCES): |
3ce28dea MT |
474 | with self.db.transaction(): |
475 | # Create some temporary tables to store parsed data | |
476 | self.db.execute(""" | |
477 | CREATE TEMPORARY TABLE _autnums(number integer NOT NULL, | |
478 | organization text NOT NULL, source text NOT NULL) ON COMMIT DROP; | |
479 | CREATE UNIQUE INDEX _autnums_number ON _autnums(number); | |
480 | ||
481 | CREATE TEMPORARY TABLE _organizations(handle text NOT NULL, | |
482 | name text NOT NULL, source text NOT NULL) ON COMMIT DROP; | |
483 | CREATE UNIQUE INDEX _organizations_handle ON _organizations(handle); | |
484 | ||
485 | CREATE TEMPORARY TABLE _rirdata(network inet NOT NULL, country text NOT NULL, | |
486 | original_countries text[] NOT NULL, source text NOT NULL) | |
487 | ON COMMIT DROP; | |
488 | CREATE INDEX _rirdata_search ON _rirdata | |
489 | USING BTREE(family(network), masklen(network)); | |
490 | CREATE UNIQUE INDEX _rirdata_network ON _rirdata(network); | |
491 | """) | |
002deb6b | 492 | |
3ce28dea MT |
493 | # Remove all previously imported content |
494 | self.db.execute("DELETE FROM networks WHERE source = %s", source) | |
002deb6b | 495 | |
3ce28dea MT |
496 | try: |
497 | # Fetch WHOIS sources | |
498 | for url in location.importer.WHOIS_SOURCES.get(source, []): | |
499 | for block in downloader.request_blocks(url): | |
500 | self._parse_block(block, source, validcountries) | |
501 | ||
502 | # Fetch extended sources | |
503 | for url in location.importer.EXTENDED_SOURCES.get(source, []): | |
504 | for line in downloader.request_lines(url): | |
505 | self._parse_line(line, source, validcountries) | |
506 | except urllib.error.URLError as e: | |
e76b8204 | 507 | log.error("Could not retrieve data from %s: %s" % (source, e)) |
3ce28dea MT |
508 | error = True |
509 | ||
510 | # Continue with the next source | |
511 | continue | |
002deb6b | 512 | |
3ce28dea MT |
513 | # Process all parsed networks from every RIR we happen to have access to, |
514 | # insert the largest network chunks into the networks table immediately... | |
515 | families = self.db.query("SELECT DISTINCT family(network) AS family FROM _rirdata \ | |
516 | ORDER BY family(network)") | |
517 | ||
518 | for family in (row.family for row in families): | |
5bfa1bb4 MT |
519 | # Fetch the smallest mask length in our data set |
520 | smallest = self.db.get(""" | |
521 | SELECT | |
522 | MIN( | |
523 | masklen(network) | |
524 | ) AS prefix | |
525 | FROM | |
526 | _rirdata | |
527 | WHERE | |
528 | family(network) = %s""", | |
529 | family, | |
530 | ) | |
531 | ||
532 | # Copy all networks | |
533 | self.db.execute(""" | |
534 | INSERT INTO | |
535 | networks | |
536 | ( | |
537 | network, | |
538 | country, | |
539 | original_countries, | |
540 | source | |
541 | ) | |
542 | SELECT | |
543 | network, | |
544 | country, | |
545 | original_countries, | |
546 | source | |
547 | FROM | |
548 | _rirdata | |
549 | WHERE | |
550 | masklen(network) = %s | |
551 | AND | |
552 | family(network) = %s | |
553 | ON CONFLICT DO | |
554 | NOTHING""", | |
555 | smallest.prefix, | |
556 | family, | |
557 | ) | |
3ce28dea MT |
558 | |
559 | # ... determine any other prefixes for this network family, ... | |
5bfa1bb4 MT |
560 | prefixes = self.db.query(""" |
561 | SELECT | |
562 | DISTINCT masklen(network) AS prefix | |
563 | FROM | |
564 | _rirdata | |
565 | WHERE | |
566 | family(network) = %s | |
567 | ORDER BY | |
568 | masklen(network) ASC | |
569 | OFFSET 1""", | |
570 | family, | |
571 | ) | |
3ce28dea MT |
572 | |
573 | # ... and insert networks with this prefix in case they provide additional | |
574 | # information (i. e. subnet of a larger chunk with a different country) | |
575 | for prefix in (row.prefix for row in prefixes): | |
576 | self.db.execute(""" | |
577 | WITH candidates AS ( | |
578 | SELECT | |
579 | _rirdata.network, | |
580 | _rirdata.country, | |
581 | _rirdata.original_countries, | |
582 | _rirdata.source | |
583 | FROM | |
584 | _rirdata | |
585 | WHERE | |
586 | family(_rirdata.network) = %s | |
587 | AND | |
588 | masklen(_rirdata.network) = %s | |
589 | ), | |
590 | filtered AS ( | |
591 | SELECT | |
592 | DISTINCT ON (c.network) | |
593 | c.network, | |
594 | c.country, | |
595 | c.original_countries, | |
596 | c.source, | |
597 | masklen(networks.network), | |
598 | networks.country AS parent_country | |
599 | FROM | |
600 | candidates c | |
601 | LEFT JOIN | |
602 | networks | |
603 | ON | |
604 | c.network << networks.network | |
605 | ORDER BY | |
606 | c.network, | |
607 | masklen(networks.network) DESC NULLS LAST | |
608 | ) | |
609 | INSERT INTO | |
610 | networks(network, country, original_countries, source) | |
002deb6b | 611 | SELECT |
3ce28dea MT |
612 | network, |
613 | country, | |
614 | original_countries, | |
615 | source | |
002deb6b | 616 | FROM |
3ce28dea | 617 | filtered |
002deb6b | 618 | WHERE |
3ce28dea MT |
619 | parent_country IS NULL |
620 | OR | |
621 | country <> parent_country | |
622 | ON CONFLICT DO NOTHING""", | |
623 | family, prefix, | |
002deb6b | 624 | ) |
0365119d | 625 | |
3ce28dea MT |
626 | self.db.execute(""" |
627 | INSERT INTO autnums(number, name, source) | |
628 | SELECT _autnums.number, _organizations.name, _organizations.source FROM _autnums | |
629 | JOIN _organizations ON _autnums.organization = _organizations.handle | |
630 | ON CONFLICT (number) DO UPDATE SET name = excluded.name; | |
631 | """) | |
429a43d1 | 632 | |
3ce28dea MT |
633 | # Download and import (technical) AS names from ARIN |
634 | with self.db.transaction(): | |
671e149e | 635 | self._import_as_names_from_arin() |
92403f39 | 636 | |
3ce28dea MT |
637 | # Return a non-zero exit code for errors |
638 | return 1 if error else 0 | |
639 | ||
bd341642 PM |
640 | def _check_parsed_network(self, network): |
641 | """ | |
642 | Assistive function to detect and subsequently sort out parsed | |
643 | networks from RIR data (both Whois and so-called "extended sources"), | |
644 | which are or have... | |
645 | ||
646 | (a) not globally routable (RFC 1918 space, et al.) | |
647 | (b) covering a too large chunk of the IP address space (prefix length | |
648 | is < 7 for IPv4 networks, and < 10 for IPv6) | |
649 | (c) "0.0.0.0" or "::" as a network address | |
650 | (d) are too small for being publicly announced (we have decided not to | |
651 | process them at the moment, as they significantly enlarge our | |
652 | database without providing very helpful additional information) | |
653 | ||
654 | This unfortunately is necessary due to brain-dead clutter across | |
655 | various RIR databases, causing mismatches and eventually disruptions. | |
656 | ||
657 | We will return False in case a network is not suitable for adding | |
658 | it to our database, and True otherwise. | |
659 | """ | |
660 | ||
661 | if not network or not (isinstance(network, ipaddress.IPv4Network) or isinstance(network, ipaddress.IPv6Network)): | |
662 | return False | |
663 | ||
664 | if not network.is_global: | |
2ba6ed07 | 665 | log.debug("Skipping non-globally routable network: %s" % network) |
bd341642 PM |
666 | return False |
667 | ||
668 | if network.version == 4: | |
669 | if network.prefixlen < 7: | |
2ba6ed07 | 670 | log.debug("Skipping too big IP chunk: %s" % network) |
bd341642 PM |
671 | return False |
672 | ||
673 | if network.prefixlen > 24: | |
ebb087cf | 674 | log.debug("Skipping network too small to be publicly announced: %s" % network) |
bd341642 PM |
675 | return False |
676 | ||
677 | if str(network.network_address) == "0.0.0.0": | |
2ba6ed07 | 678 | log.debug("Skipping network based on 0.0.0.0: %s" % network) |
bd341642 PM |
679 | return False |
680 | ||
681 | elif network.version == 6: | |
682 | if network.prefixlen < 10: | |
2ba6ed07 | 683 | log.debug("Skipping too big IP chunk: %s" % network) |
bd341642 PM |
684 | return False |
685 | ||
686 | if network.prefixlen > 48: | |
ebb087cf | 687 | log.debug("Skipping network too small to be publicly announced: %s" % network) |
bd341642 PM |
688 | return False |
689 | ||
690 | if str(network.network_address) == "::": | |
2ba6ed07 | 691 | log.debug("Skipping network based on '::': %s" % network) |
bd341642 PM |
692 | return False |
693 | ||
694 | else: | |
695 | # This should not happen... | |
84187ab5 | 696 | log.warning("Skipping network of unknown family, this should not happen: %s" % network) |
bd341642 PM |
697 | return False |
698 | ||
699 | # In case we have made it here, the network is considered to | |
700 | # be suitable for libloc consumption... | |
701 | return True | |
702 | ||
43fe570c PM |
703 | def _check_parsed_asn(self, asn): |
704 | """ | |
705 | Assistive function to filter Autonomous System Numbers not being suitable | |
706 | for adding to our database. Returns False in such cases, and True otherwise. | |
707 | """ | |
708 | ||
709 | for start, end in VALID_ASN_RANGES: | |
710 | if start <= asn and end >= asn: | |
711 | return True | |
712 | ||
713 | log.info("Supplied ASN %s out of publicly routable ASN ranges" % asn) | |
714 | return False | |
715 | ||
28b08385 | 716 | def _parse_block(self, block, source_key, validcountries = None): |
6ffd06b5 MT |
717 | # Get first line to find out what type of block this is |
718 | line = block[0] | |
719 | ||
6ffd06b5 | 720 | # aut-num |
429a43d1 | 721 | if line.startswith("aut-num:"): |
28b08385 | 722 | return self._parse_autnum_block(block, source_key) |
6ffd06b5 | 723 | |
aadac4c5 PM |
724 | # inetnum |
725 | if line.startswith("inet6num:") or line.startswith("inetnum:"): | |
28b08385 | 726 | return self._parse_inetnum_block(block, source_key, validcountries) |
aadac4c5 | 727 | |
6ffd06b5 MT |
728 | # organisation |
729 | elif line.startswith("organisation:"): | |
28b08385 | 730 | return self._parse_org_block(block, source_key) |
6ffd06b5 | 731 | |
28b08385 | 732 | def _parse_autnum_block(self, block, source_key): |
6ffd06b5 MT |
733 | autnum = {} |
734 | for line in block: | |
735 | # Split line | |
736 | key, val = split_line(line) | |
737 | ||
738 | if key == "aut-num": | |
739 | m = re.match(r"^(AS|as)(\d+)", val) | |
740 | if m: | |
741 | autnum["asn"] = m.group(2) | |
742 | ||
0365119d | 743 | elif key == "org": |
e7d612e5 | 744 | autnum[key] = val.upper() |
6ffd06b5 | 745 | |
426e0bee PM |
746 | elif key == "descr": |
747 | # Save the first description line as well... | |
748 | if not key in autnum: | |
749 | autnum[key] = val | |
750 | ||
6ffd06b5 | 751 | # Skip empty objects |
426e0bee | 752 | if not autnum or not "asn" in autnum: |
6ffd06b5 MT |
753 | return |
754 | ||
426e0bee PM |
755 | # Insert a dummy organisation handle into our temporary organisations |
756 | # table in case the AS does not have an organisation handle set, but | |
757 | # has a description (a quirk often observed in APNIC area), so we can | |
758 | # later display at least some string for this AS. | |
759 | if not "org" in autnum: | |
760 | if "descr" in autnum: | |
761 | autnum["org"] = "LIBLOC-%s-ORGHANDLE" % autnum.get("asn") | |
762 | ||
763 | self.db.execute("INSERT INTO _organizations(handle, name, source) \ | |
764 | VALUES(%s, %s, %s) ON CONFLICT (handle) DO NOTHING", | |
765 | autnum.get("org"), autnum.get("descr"), source_key, | |
766 | ) | |
767 | else: | |
768 | log.warning("ASN %s neither has an organisation handle nor a description line set, omitting" % \ | |
769 | autnum.get("asn")) | |
770 | return | |
771 | ||
6ffd06b5 | 772 | # Insert into database |
28b08385 PM |
773 | self.db.execute("INSERT INTO _autnums(number, organization, source) \ |
774 | VALUES(%s, %s, %s) ON CONFLICT (number) DO UPDATE SET \ | |
0365119d | 775 | organization = excluded.organization", |
28b08385 | 776 | autnum.get("asn"), autnum.get("org"), source_key, |
6ffd06b5 MT |
777 | ) |
778 | ||
28b08385 | 779 | def _parse_inetnum_block(self, block, source_key, validcountries = None): |
84187ab5 | 780 | log.debug("Parsing inetnum block:") |
aadac4c5 PM |
781 | |
782 | inetnum = {} | |
783 | for line in block: | |
84187ab5 | 784 | log.debug(line) |
aadac4c5 PM |
785 | |
786 | # Split line | |
787 | key, val = split_line(line) | |
788 | ||
84187ab5 PM |
789 | # Filter any inetnum records which are only referring to IP space |
790 | # not managed by that specific RIR... | |
791 | if key == "netname": | |
5254e5fc | 792 | if re.match(r"^(ERX-NETBLOCK|(AFRINIC|ARIN|LACNIC|RIPE)-CIDR-BLOCK|IANA-NETBLOCK-\d{1,3}|NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK|STUB-[\d-]{3,}SLASH\d{1,2})", val.strip()): |
2ba6ed07 | 793 | log.debug("Skipping record indicating historic/orphaned data: %s" % val.strip()) |
84187ab5 PM |
794 | return |
795 | ||
aadac4c5 PM |
796 | if key == "inetnum": |
797 | start_address, delim, end_address = val.partition("-") | |
798 | ||
799 | # Strip any excess space | |
800 | start_address, end_address = start_address.rstrip(), end_address.strip() | |
801 | ||
845da577 PM |
802 | # Handle "inetnum" formatting in LACNIC DB (e.g. "24.152.8/22" instead of "24.152.8.0/22") |
803 | if start_address and not (delim or end_address): | |
804 | try: | |
805 | start_address = ipaddress.ip_network(start_address, strict=False) | |
806 | except ValueError: | |
807 | start_address = start_address.split("/") | |
38d0faea | 808 | ldigits = start_address[0].count(".") |
845da577 PM |
809 | |
810 | # How many octets do we need to add? | |
811 | # (LACNIC does not seem to have a /8 or greater assigned, so the following should suffice.) | |
2ad36187 | 812 | if ldigits == 1: |
845da577 | 813 | start_address = start_address[0] + ".0.0/" + start_address[1] |
2ad36187 | 814 | elif ldigits == 2: |
845da577 PM |
815 | start_address = start_address[0] + ".0/" + start_address[1] |
816 | else: | |
817 | log.warning("Could not recover IPv4 address from line in LACNIC DB format: %s" % line) | |
818 | return | |
819 | ||
820 | try: | |
821 | start_address = ipaddress.ip_network(start_address, strict=False) | |
822 | except ValueError: | |
823 | log.warning("Could not parse line in LACNIC DB format: %s" % line) | |
824 | return | |
825 | ||
826 | # Enumerate first and last IP address of this network | |
827 | end_address = start_address[-1] | |
828 | start_address = start_address[0] | |
829 | ||
830 | else: | |
831 | # Convert to IP address | |
832 | try: | |
833 | start_address = ipaddress.ip_address(start_address) | |
834 | end_address = ipaddress.ip_address(end_address) | |
835 | except ValueError: | |
836 | log.warning("Could not parse line: %s" % line) | |
837 | return | |
aadac4c5 | 838 | |
1814283b | 839 | inetnum["inetnum"] = list(ipaddress.summarize_address_range(start_address, end_address)) |
aadac4c5 PM |
840 | |
841 | elif key == "inet6num": | |
1814283b | 842 | inetnum[key] = [ipaddress.ip_network(val, strict=False)] |
aadac4c5 PM |
843 | |
844 | elif key == "country": | |
7434e5e0 PM |
845 | val = val.upper() |
846 | ||
b6b2b331 | 847 | # Catch RIR data objects with more than one country code... |
7434e5e0 | 848 | if not key in inetnum: |
b6b2b331 PM |
849 | inetnum[key] = [] |
850 | else: | |
7434e5e0 | 851 | if val in inetnum.get("country"): |
b6b2b331 PM |
852 | # ... but keep this list distinct... |
853 | continue | |
854 | ||
01e5f0ff PM |
855 | # When people set country codes to "UK", they actually mean "GB" |
856 | if val == "UK": | |
857 | val = "GB" | |
858 | ||
7434e5e0 | 859 | inetnum[key].append(val) |
aadac4c5 | 860 | |
183b2f74 MT |
861 | # Parse the geofeed attribute |
862 | elif key == "geofeed": | |
863 | inetnum["geofeed"] = val | |
864 | ||
865 | # Parse geofeed when used as a remark | |
45c0536c MT |
866 | elif key == "remarks": |
867 | m = re.match(r"^(?:Geofeed)\s+(https://.*)", val) | |
183b2f74 MT |
868 | if m: |
869 | inetnum["geofeed"] = m.group(1) | |
870 | ||
aadac4c5 | 871 | # Skip empty objects |
002deb6b | 872 | if not inetnum or not "country" in inetnum: |
aadac4c5 PM |
873 | return |
874 | ||
b6b2b331 PM |
875 | # Prepare skipping objects with unknown country codes... |
876 | invalidcountries = [singlecountry for singlecountry in inetnum.get("country") if singlecountry not in validcountries] | |
877 | ||
1814283b PM |
878 | # Iterate through all networks enumerated from above, check them for plausibility and insert |
879 | # them into the database, if _check_parsed_network() succeeded | |
880 | for single_network in inetnum.get("inet6num") or inetnum.get("inetnum"): | |
881 | if self._check_parsed_network(single_network): | |
b6b2b331 PM |
882 | # Skip objects with unknown country codes if they are valid to avoid log spam... |
883 | if validcountries and invalidcountries: | |
884 | log.warning("Skipping network with bogus countr(y|ies) %s (original countries: %s): %s" % \ | |
885 | (invalidcountries, inetnum.get("country"), inetnum.get("inet6num") or inetnum.get("inetnum"))) | |
48770ca8 | 886 | break |
7138b4ac PM |
887 | |
888 | # Everything is fine here, run INSERT statement... | |
b6b2b331 PM |
889 | self.db.execute("INSERT INTO _rirdata(network, country, original_countries, source) \ |
890 | VALUES(%s, %s, %s, %s) ON CONFLICT (network) DO UPDATE SET country = excluded.country", | |
891 | "%s" % single_network, inetnum.get("country")[0], inetnum.get("country"), source_key, | |
1814283b | 892 | ) |
aadac4c5 | 893 | |
183b2f74 MT |
894 | # Update any geofeed information |
895 | geofeed = inetnum.get("geofeed", None) | |
896 | ||
d96702a2 MT |
897 | # Make sure that this is a HTTPS URL |
898 | if geofeed and not geofeed.startswith("https://"): | |
899 | log.warning("Geofeed URL is not using HTTPS: %s" % geofeed) | |
900 | geofeed = None | |
901 | ||
183b2f74 MT |
902 | # Store/update any geofeeds |
903 | if geofeed: | |
904 | self.db.execute(""" | |
905 | INSERT INTO | |
906 | network_geofeeds( | |
907 | network, | |
908 | url | |
909 | ) | |
910 | VALUES( | |
911 | %s, %s | |
912 | ) | |
913 | ON CONFLICT (network) DO | |
914 | UPDATE SET url = excluded.url""", | |
915 | "%s" % single_network, geofeed, | |
916 | ) | |
917 | ||
918 | # Delete any previous geofeeds | |
919 | else: | |
920 | self.db.execute("DELETE FROM network_geofeeds WHERE network = %s", | |
921 | "%s" % single_network) | |
922 | ||
28b08385 | 923 | def _parse_org_block(self, block, source_key): |
6ffd06b5 MT |
924 | org = {} |
925 | for line in block: | |
926 | # Split line | |
927 | key, val = split_line(line) | |
928 | ||
e7d612e5 PM |
929 | if key == "organisation": |
930 | org[key] = val.upper() | |
931 | elif key == "org-name": | |
6ffd06b5 MT |
932 | org[key] = val |
933 | ||
934 | # Skip empty objects | |
935 | if not org: | |
936 | return | |
937 | ||
28b08385 PM |
938 | self.db.execute("INSERT INTO _organizations(handle, name, source) \ |
939 | VALUES(%s, %s, %s) ON CONFLICT (handle) DO \ | |
0365119d | 940 | UPDATE SET name = excluded.name", |
28b08385 | 941 | org.get("organisation"), org.get("org-name"), source_key, |
6ffd06b5 MT |
942 | ) |
943 | ||
28b08385 | 944 | def _parse_line(self, line, source_key, validcountries = None): |
429a43d1 MT |
945 | # Skip version line |
946 | if line.startswith("2"): | |
947 | return | |
6ffd06b5 | 948 | |
429a43d1 MT |
949 | # Skip comments |
950 | if line.startswith("#"): | |
951 | return | |
6ffd06b5 | 952 | |
429a43d1 MT |
953 | try: |
954 | registry, country_code, type, line = line.split("|", 3) | |
955 | except: | |
956 | log.warning("Could not parse line: %s" % line) | |
957 | return | |
6ffd06b5 | 958 | |
84b175e2 PM |
959 | # Skip any lines that are for stats only or do not have a country |
960 | # code at all (avoids log spam below) | |
961 | if not country_code or country_code == '*': | |
962 | return | |
963 | ||
964 | # Skip objects with unknown country codes | |
965 | if validcountries and country_code not in validcountries: | |
966 | log.warning("Skipping line with bogus country '%s': %s" % \ | |
967 | (country_code, line)) | |
6ffd06b5 MT |
968 | return |
969 | ||
429a43d1 | 970 | if type in ("ipv6", "ipv4"): |
28b08385 | 971 | return self._parse_ip_line(country_code, type, line, source_key) |
429a43d1 | 972 | |
28b08385 | 973 | def _parse_ip_line(self, country, type, line, source_key): |
429a43d1 MT |
974 | try: |
975 | address, prefix, date, status, organization = line.split("|") | |
976 | except ValueError: | |
977 | organization = None | |
978 | ||
979 | # Try parsing the line without organization | |
980 | try: | |
981 | address, prefix, date, status = line.split("|") | |
982 | except ValueError: | |
983 | log.warning("Unhandled line format: %s" % line) | |
984 | return | |
985 | ||
986 | # Skip anything that isn't properly assigned | |
987 | if not status in ("assigned", "allocated"): | |
988 | return | |
989 | ||
990 | # Cast prefix into an integer | |
991 | try: | |
992 | prefix = int(prefix) | |
993 | except: | |
994 | log.warning("Invalid prefix: %s" % prefix) | |
7177031f | 995 | return |
429a43d1 MT |
996 | |
997 | # Fix prefix length for IPv4 | |
998 | if type == "ipv4": | |
999 | prefix = 32 - int(math.log(prefix, 2)) | |
1000 | ||
1001 | # Try to parse the address | |
1002 | try: | |
1003 | network = ipaddress.ip_network("%s/%s" % (address, prefix), strict=False) | |
1004 | except ValueError: | |
1005 | log.warning("Invalid IP address: %s" % address) | |
1006 | return | |
1007 | ||
bd341642 PM |
1008 | if not self._check_parsed_network(network): |
1009 | return | |
1010 | ||
b6b2b331 PM |
1011 | self.db.execute("INSERT INTO networks(network, country, original_countries, source) \ |
1012 | VALUES(%s, %s, %s, %s) ON CONFLICT (network) DO \ | |
87b3e102 | 1013 | UPDATE SET country = excluded.country", |
b6b2b331 | 1014 | "%s" % network, country, [country], source_key, |
6ffd06b5 MT |
1015 | ) |
1016 | ||
92403f39 PM |
1017 | def _import_as_names_from_arin(self): |
1018 | downloader = location.importer.Downloader() | |
1019 | ||
1020 | # XXX: Download AS names file from ARIN (note that these names appear to be quite | |
1021 | # technical, not intended for human consumption, as description fields in | |
1022 | # organisation handles for other RIRs are - however, this is what we have got, | |
1023 | # and in some cases, it might be still better than nothing) | |
85e44d9a MT |
1024 | for line in downloader.request_lines("https://ftp.arin.net/info/asn.txt"): |
1025 | # Valid lines start with a space, followed by the number of the Autonomous System ... | |
1026 | if not line.startswith(" "): | |
1027 | continue | |
92403f39 | 1028 | |
85e44d9a MT |
1029 | # Split line and check if there is a valid ASN in it... |
1030 | asn, name = line.split()[0:2] | |
92403f39 | 1031 | |
85e44d9a MT |
1032 | try: |
1033 | asn = int(asn) | |
1034 | except ValueError: | |
1035 | log.debug("Skipping ARIN AS names line not containing an integer for ASN") | |
1036 | continue | |
92403f39 | 1037 | |
85e44d9a MT |
1038 | # Filter invalid ASNs... |
1039 | if not self._check_parsed_asn(asn): | |
1040 | continue | |
92403f39 | 1041 | |
85e44d9a MT |
1042 | # Skip any AS name that appears to be a placeholder for a different RIR or entity... |
1043 | if re.match(r"^(ASN-BLK|)(AFCONC|AFRINIC|APNIC|ASNBLK|LACNIC|RIPE|IANA)(?:\d?$|\-)", name): | |
1044 | continue | |
92403f39 | 1045 | |
85e44d9a MT |
1046 | # Bail out in case the AS name contains anything we do not expect here... |
1047 | if re.search(r"[^a-zA-Z0-9-_]", name): | |
1048 | log.debug("Skipping ARIN AS name for %s containing invalid characters: %s" % \ | |
1049 | (asn, name)) | |
92403f39 | 1050 | |
85e44d9a MT |
1051 | # Things look good here, run INSERT statement and skip this one if we already have |
1052 | # a (better?) name for this Autonomous System... | |
1053 | self.db.execute(""" | |
1054 | INSERT INTO autnums( | |
1055 | number, | |
92403f39 | 1056 | name, |
85e44d9a MT |
1057 | source |
1058 | ) VALUES (%s, %s, %s) | |
1059 | ON CONFLICT (number) DO NOTHING""", | |
1060 | asn, | |
1061 | name, | |
1062 | "ARIN", | |
1063 | ) | |
92403f39 | 1064 | |
83d61c46 MT |
1065 | def handle_update_announcements(self, ns): |
1066 | server = ns.server[0] | |
1067 | ||
22d8d199 MT |
1068 | with self.db.transaction(): |
1069 | if server.startswith("/"): | |
1070 | self._handle_update_announcements_from_bird(server) | |
22d8d199 MT |
1071 | |
1072 | # Purge anything we never want here | |
1073 | self.db.execute(""" | |
1074 | -- Delete default routes | |
1075 | DELETE FROM announcements WHERE network = '::/0' OR network = '0.0.0.0/0'; | |
1076 | ||
1077 | -- Delete anything that is not global unicast address space | |
1078 | DELETE FROM announcements WHERE family(network) = 6 AND NOT network <<= '2000::/3'; | |
1079 | ||
1080 | -- DELETE "current network" address space | |
1081 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '0.0.0.0/8'; | |
1082 | ||
1083 | -- DELETE local loopback address space | |
1084 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '127.0.0.0/8'; | |
1085 | ||
1086 | -- DELETE RFC 1918 address space | |
1087 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '10.0.0.0/8'; | |
1088 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '172.16.0.0/12'; | |
1089 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '192.168.0.0/16'; | |
1090 | ||
1091 | -- DELETE test, benchmark and documentation address space | |
1092 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '192.0.0.0/24'; | |
1093 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '192.0.2.0/24'; | |
1094 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '198.18.0.0/15'; | |
1095 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '198.51.100.0/24'; | |
1096 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '203.0.113.0/24'; | |
1097 | ||
1098 | -- DELETE CGNAT address space (RFC 6598) | |
1099 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '100.64.0.0/10'; | |
1100 | ||
1101 | -- DELETE link local address space | |
1102 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '169.254.0.0/16'; | |
1103 | ||
b4d5b2a6 | 1104 | -- DELETE IPv6 to IPv4 (6to4) address space (RFC 3068) |
22d8d199 | 1105 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '192.88.99.0/24'; |
b4d5b2a6 | 1106 | DELETE FROM announcements WHERE family(network) = 6 AND network <<= '2002::/16'; |
22d8d199 MT |
1107 | |
1108 | -- DELETE multicast and reserved address space | |
1109 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '224.0.0.0/4'; | |
1110 | DELETE FROM announcements WHERE family(network) = 4 AND network <<= '240.0.0.0/4'; | |
1111 | ||
1112 | -- Delete networks that are too small to be in the global routing table | |
1113 | DELETE FROM announcements WHERE family(network) = 6 AND masklen(network) > 48; | |
1114 | DELETE FROM announcements WHERE family(network) = 4 AND masklen(network) > 24; | |
1115 | ||
1116 | -- Delete any non-public or reserved ASNs | |
1117 | DELETE FROM announcements WHERE NOT ( | |
1118 | (autnum >= 1 AND autnum <= 23455) | |
1119 | OR | |
1120 | (autnum >= 23457 AND autnum <= 64495) | |
1121 | OR | |
1122 | (autnum >= 131072 AND autnum <= 4199999999) | |
1123 | ); | |
1124 | ||
1125 | -- Delete everything that we have not seen for 14 days | |
1126 | DELETE FROM announcements WHERE last_seen_at <= CURRENT_TIMESTAMP - INTERVAL '14 days'; | |
1127 | """) | |
1128 | ||
1129 | def _handle_update_announcements_from_bird(self, server): | |
1130 | # Pre-compile the regular expression for faster searching | |
35e5f041 | 1131 | route = re.compile(b"^\s(.+?)\s+.+?\[(?:AS(.*?))?.\]$") |
22d8d199 MT |
1132 | |
1133 | log.info("Requesting routing table from Bird (%s)" % server) | |
1134 | ||
35e5f041 MT |
1135 | aggregated_networks = [] |
1136 | ||
22d8d199 MT |
1137 | # Send command to list all routes |
1138 | for line in self._bird_cmd(server, "show route"): | |
1139 | m = route.match(line) | |
1140 | if not m: | |
b767db8d MT |
1141 | # Skip empty lines |
1142 | if not line: | |
1143 | pass | |
1144 | ||
45fa97cd | 1145 | # Ignore any header lines with the name of the routing table |
b767db8d MT |
1146 | elif line.startswith(b"Table"): |
1147 | pass | |
45fa97cd MT |
1148 | |
1149 | # Log anything else | |
b767db8d MT |
1150 | else: |
1151 | log.debug("Could not parse line: %s" % line.decode()) | |
1152 | ||
22d8d199 MT |
1153 | continue |
1154 | ||
1155 | # Fetch the extracted network and ASN | |
1156 | network, autnum = m.groups() | |
1157 | ||
35e5f041 MT |
1158 | # Decode into strings |
1159 | if network: | |
1160 | network = network.decode() | |
1161 | if autnum: | |
1162 | autnum = autnum.decode() | |
1163 | ||
1164 | # Collect all aggregated networks | |
1165 | if not autnum: | |
1166 | log.debug("%s is an aggregated network" % network) | |
1167 | aggregated_networks.append(network) | |
1168 | continue | |
1169 | ||
22d8d199 MT |
1170 | # Insert it into the database |
1171 | self.db.execute("INSERT INTO announcements(network, autnum) \ | |
1172 | VALUES(%s, %s) ON CONFLICT (network) DO \ | |
1173 | UPDATE SET autnum = excluded.autnum, last_seen_at = CURRENT_TIMESTAMP", | |
35e5f041 | 1174 | network, autnum, |
22d8d199 MT |
1175 | ) |
1176 | ||
35e5f041 MT |
1177 | # Process any aggregated networks |
1178 | for network in aggregated_networks: | |
1179 | log.debug("Processing aggregated network %s" % network) | |
1180 | ||
1181 | # Run "show route all" for each network | |
1182 | for line in self._bird_cmd(server, "show route %s all" % network): | |
1183 | # Try finding the path | |
1184 | m = re.match(b"\s+BGP\.as_path:.* (\d+) {\d+}$", line) | |
1185 | if m: | |
1186 | # Select the last AS number in the path | |
1187 | autnum = m.group(1).decode() | |
1188 | ||
1189 | # Insert it into the database | |
1190 | self.db.execute("INSERT INTO announcements(network, autnum) \ | |
1191 | VALUES(%s, %s) ON CONFLICT (network) DO \ | |
1192 | UPDATE SET autnum = excluded.autnum, last_seen_at = CURRENT_TIMESTAMP", | |
1193 | network, autnum, | |
1194 | ) | |
1195 | ||
1196 | # We don't need to process any more | |
1197 | break | |
1198 | ||
22d8d199 MT |
1199 | def _bird_cmd(self, socket_path, command): |
1200 | # Connect to the socket | |
1201 | s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) | |
1202 | s.connect(socket_path) | |
cedee656 | 1203 | |
22d8d199 MT |
1204 | # Allocate some buffer |
1205 | buffer = b"" | |
83d61c46 | 1206 | |
bbcefb38 MT |
1207 | log.debug("Sending Bird command: %s" % command) |
1208 | ||
22d8d199 MT |
1209 | # Send the command |
1210 | s.send(b"%s\n" % command.encode()) | |
209c04b6 | 1211 | |
22d8d199 MT |
1212 | while True: |
1213 | # Fill up the buffer | |
1214 | buffer += s.recv(4096) | |
209c04b6 | 1215 | |
22d8d199 MT |
1216 | while True: |
1217 | # Search for the next newline | |
1218 | pos = buffer.find(b"\n") | |
209c04b6 | 1219 | |
22d8d199 MT |
1220 | # If we cannot find one, we go back and read more data |
1221 | if pos <= 0: | |
1222 | break | |
209c04b6 | 1223 | |
22d8d199 MT |
1224 | # Cut after the newline character |
1225 | pos += 1 | |
b89cee80 | 1226 | |
22d8d199 MT |
1227 | # Split the line we want and keep the rest in buffer |
1228 | line, buffer = buffer[:pos], buffer[pos:] | |
83d61c46 | 1229 | |
bbcefb38 MT |
1230 | # Try parsing any status lines |
1231 | if len(line) > 4 and line[:4].isdigit() and line[4] in (32, 45): | |
1232 | code, delim, line = int(line[:4]), line[4], line[5:] | |
1233 | ||
1234 | log.debug("Received response code %s from bird" % code) | |
1235 | ||
1236 | # End of output | |
1237 | if code == 0: | |
1238 | return | |
1239 | ||
1240 | # Ignore hello line | |
1241 | elif code == 1: | |
1242 | continue | |
83d61c46 | 1243 | |
22d8d199 MT |
1244 | # Otherwise return the line |
1245 | yield line | |
83d61c46 | 1246 | |
0fcdd689 | 1247 | def handle_update_geofeeds(self, ns): |
ef8d1f67 MT |
1248 | # Sync geofeeds |
1249 | with self.db.transaction(): | |
1250 | # Delete all geofeeds which are no longer linked | |
1251 | self.db.execute(""" | |
1252 | DELETE FROM | |
1253 | geofeeds | |
1254 | WHERE | |
1255 | NOT EXISTS ( | |
1256 | SELECT | |
1257 | 1 | |
1258 | FROM | |
1259 | network_geofeeds | |
1260 | WHERE | |
1261 | geofeeds.url = network_geofeeds.url | |
1262 | )""", | |
1263 | ) | |
1264 | ||
1265 | # Copy all geofeeds | |
1266 | self.db.execute(""" | |
1267 | INSERT INTO | |
1268 | geofeeds( | |
1269 | url | |
1270 | ) | |
1271 | SELECT | |
1272 | url | |
1273 | FROM | |
1274 | network_geofeeds | |
1275 | ON CONFLICT (url) | |
1276 | DO NOTHING | |
1277 | """, | |
1278 | ) | |
1279 | ||
0fcdd689 MT |
1280 | # Fetch all Geofeeds that require an update |
1281 | geofeeds = self.db.query(""" | |
1282 | SELECT | |
1283 | id, | |
1284 | url | |
1285 | FROM | |
1286 | geofeeds | |
1287 | WHERE | |
1288 | updated_at IS NULL | |
1289 | OR | |
1290 | updated_at <= CURRENT_TIMESTAMP - INTERVAL '1 week' | |
1291 | ORDER BY | |
1292 | id | |
1293 | """) | |
1294 | ||
1295 | with concurrent.futures.ThreadPoolExecutor(max_workers=10) as executor: | |
1296 | results = executor.map(self._fetch_geofeed, geofeeds) | |
1297 | ||
fa33b321 | 1298 | # Fetch all results to raise any exceptions |
0fcdd689 | 1299 | for result in results: |
fa33b321 | 1300 | pass |
0fcdd689 MT |
1301 | |
1302 | def _fetch_geofeed(self, geofeed): | |
1303 | log.debug("Fetching Geofeed %s" % geofeed.url) | |
1304 | ||
1305 | with self.db.transaction(): | |
1306 | # Open the URL | |
1307 | try: | |
1308 | req = urllib.request.Request(geofeed.url, headers={ | |
1309 | "User-Agent" : "location/%s" % location.__version__, | |
1310 | ||
1311 | # We expect some plain text file in CSV format | |
1312 | "Accept" : "text/csv, text/plain", | |
1313 | }) | |
1314 | ||
1315 | # XXX set proxy | |
1316 | ||
1317 | # Send the request | |
1318 | with urllib.request.urlopen(req, timeout=10) as f: | |
1319 | # Remove any previous data | |
1320 | self.db.execute("DELETE FROM geofeed_networks \ | |
1321 | WHERE geofeed_id = %s", geofeed.id) | |
1322 | ||
5e632485 MT |
1323 | lineno = 0 |
1324 | ||
0fcdd689 MT |
1325 | # Read the output line by line |
1326 | for line in f: | |
5e632485 MT |
1327 | lineno += 1 |
1328 | ||
56f147ce MT |
1329 | try: |
1330 | line = line.decode() | |
1331 | ||
1332 | # Ignore any lines we cannot decode | |
1333 | except UnicodeDecodeError: | |
1334 | log.debug("Could not decode line %s in %s" \ | |
1335 | % (lineno, geofeed.url)) | |
1336 | continue | |
0fcdd689 MT |
1337 | |
1338 | # Strip any newline | |
1339 | line = line.rstrip() | |
1340 | ||
1341 | # Skip empty lines | |
1342 | if not line: | |
1343 | continue | |
1344 | ||
1345 | # Try to parse the line | |
1346 | try: | |
1347 | fields = line.split(",", 5) | |
1348 | except ValueError: | |
1349 | log.debug("Could not parse line: %s" % line) | |
1350 | continue | |
1351 | ||
1352 | # Check if we have enough fields | |
1353 | if len(fields) < 4: | |
1354 | log.debug("Not enough fields in line: %s" % line) | |
1355 | continue | |
1356 | ||
1357 | # Fetch all fields | |
1358 | network, country, region, city, = fields[:4] | |
1359 | ||
1360 | # Try to parse the network | |
1361 | try: | |
1362 | network = ipaddress.ip_network(network, strict=False) | |
1363 | except ValueError: | |
1364 | log.debug("Could not parse network: %s" % network) | |
1365 | continue | |
1366 | ||
72908243 | 1367 | # Strip any excess whitespace from country codes |
4ed16a14 MT |
1368 | country = country.strip() |
1369 | ||
1370 | # Make the country code uppercase | |
1371 | country = country.upper() | |
72908243 MT |
1372 | |
1373 | # Check the country code | |
5e632485 MT |
1374 | if not country: |
1375 | log.debug("Empty country code in Geofeed %s line %s" \ | |
1376 | % (geofeed.url, lineno)) | |
1377 | continue | |
1378 | ||
1379 | elif not location.country_code_is_valid(country): | |
8228a917 MT |
1380 | log.debug("Invalid country code in Geofeed %s:%s: %s" \ |
1381 | % (geofeed.url, lineno, country)) | |
72908243 | 1382 | continue |
0fcdd689 MT |
1383 | |
1384 | # Write this into the database | |
1385 | self.db.execute(""" | |
1386 | INSERT INTO | |
1387 | geofeed_networks ( | |
1388 | geofeed_id, | |
1389 | network, | |
1390 | country, | |
1391 | region, | |
1392 | city | |
1393 | ) | |
1394 | VALUES (%s, %s, %s, %s, %s)""", | |
1395 | geofeed.id, | |
1396 | "%s" % network, | |
1397 | country, | |
1398 | region, | |
1399 | city, | |
1400 | ) | |
1401 | ||
1402 | # Catch any HTTP errors | |
1403 | except urllib.request.HTTPError as e: | |
ce308393 MT |
1404 | self.db.execute("UPDATE geofeeds SET status = %s, error = %s \ |
1405 | WHERE id = %s", e.code, "%s" % e, geofeed.id) | |
0fcdd689 | 1406 | |
ce308393 MT |
1407 | # Catch any other errors and connection timeouts |
1408 | except (urllib.request.URLError, TimeoutError) as e: | |
1409 | log.debug("Could not fetch URL %s: %s" % (geofeed.url, e)) | |
0fcdd689 | 1410 | |
ce308393 MT |
1411 | self.db.execute("UPDATE geofeeds SET status = %s, error = %s \ |
1412 | WHERE id = %s", 599, "%s" % e, geofeed.id) | |
15437681 | 1413 | |
0fcdd689 MT |
1414 | # Mark the geofeed as updated |
1415 | else: | |
1416 | self.db.execute(""" | |
1417 | UPDATE | |
1418 | geofeeds | |
1419 | SET | |
1420 | updated_at = CURRENT_TIMESTAMP, | |
ce308393 MT |
1421 | status = NULL, |
1422 | error = NULL | |
0fcdd689 MT |
1423 | WHERE |
1424 | id = %s""", | |
1425 | geofeed.id, | |
1426 | ) | |
1427 | ||
d7fc3057 MT |
1428 | def handle_update_overrides(self, ns): |
1429 | with self.db.transaction(): | |
68fdeb3b PM |
1430 | # Only drop manually created overrides, as we can be reasonably sure to have them, |
1431 | # and preserve the rest. If appropriate, it is deleted by correspondent functions. | |
d7fc3057 | 1432 | self.db.execute(""" |
68fdeb3b PM |
1433 | DELETE FROM autnum_overrides WHERE source = 'manual'; |
1434 | DELETE FROM network_overrides WHERE source = 'manual'; | |
d7fc3057 MT |
1435 | """) |
1436 | ||
dcef2ba4 PM |
1437 | # Update overrides for various cloud providers big enough to publish their own IP |
1438 | # network allocation lists in a machine-readable format... | |
1439 | self._update_overrides_for_aws() | |
1440 | ||
69b3d894 PM |
1441 | # Update overrides for Spamhaus DROP feeds... |
1442 | self._update_overrides_for_spamhaus_drop() | |
1443 | ||
d7fc3057 MT |
1444 | for file in ns.files: |
1445 | log.info("Reading %s..." % file) | |
1446 | ||
1447 | with open(file, "rb") as f: | |
1448 | for type, block in location.importer.read_blocks(f): | |
1449 | if type == "net": | |
1450 | network = block.get("net") | |
1451 | # Try to parse and normalise the network | |
1452 | try: | |
1453 | network = ipaddress.ip_network(network, strict=False) | |
1454 | except ValueError as e: | |
1455 | log.warning("Invalid IP network: %s: %s" % (network, e)) | |
1456 | continue | |
1457 | ||
94dfab8c MT |
1458 | # Prevent that we overwrite all networks |
1459 | if network.prefixlen == 0: | |
1460 | log.warning("Skipping %s: You cannot overwrite default" % network) | |
1461 | continue | |
1462 | ||
d7fc3057 MT |
1463 | self.db.execute(""" |
1464 | INSERT INTO network_overrides( | |
1465 | network, | |
1466 | country, | |
39ee3120 | 1467 | source, |
d7fc3057 MT |
1468 | is_anonymous_proxy, |
1469 | is_satellite_provider, | |
e17e804e PM |
1470 | is_anycast, |
1471 | is_drop | |
39ee3120 | 1472 | ) VALUES (%s, %s, %s, %s, %s, %s, %s) |
d7fc3057 MT |
1473 | ON CONFLICT (network) DO NOTHING""", |
1474 | "%s" % network, | |
1475 | block.get("country"), | |
39ee3120 | 1476 | "manual", |
28d29b7c MT |
1477 | self._parse_bool(block, "is-anonymous-proxy"), |
1478 | self._parse_bool(block, "is-satellite-provider"), | |
1479 | self._parse_bool(block, "is-anycast"), | |
e17e804e | 1480 | self._parse_bool(block, "drop"), |
d7fc3057 MT |
1481 | ) |
1482 | ||
f476cdfd MT |
1483 | elif type == "aut-num": |
1484 | autnum = block.get("aut-num") | |
d7fc3057 MT |
1485 | |
1486 | # Check if AS number begins with "AS" | |
1487 | if not autnum.startswith("AS"): | |
1488 | log.warning("Invalid AS number: %s" % autnum) | |
1489 | continue | |
1490 | ||
1491 | # Strip "AS" | |
1492 | autnum = autnum[2:] | |
1493 | ||
1494 | self.db.execute(""" | |
1495 | INSERT INTO autnum_overrides( | |
1496 | number, | |
1497 | name, | |
bd1aa6a1 | 1498 | country, |
39ee3120 | 1499 | source, |
d7fc3057 MT |
1500 | is_anonymous_proxy, |
1501 | is_satellite_provider, | |
e17e804e PM |
1502 | is_anycast, |
1503 | is_drop | |
39ee3120 | 1504 | ) VALUES(%s, %s, %s, %s, %s, %s, %s, %s) |
d7fc3057 | 1505 | ON CONFLICT DO NOTHING""", |
bd1aa6a1 MT |
1506 | autnum, |
1507 | block.get("name"), | |
1508 | block.get("country"), | |
39ee3120 | 1509 | "manual", |
28d29b7c MT |
1510 | self._parse_bool(block, "is-anonymous-proxy"), |
1511 | self._parse_bool(block, "is-satellite-provider"), | |
1512 | self._parse_bool(block, "is-anycast"), | |
e17e804e | 1513 | self._parse_bool(block, "drop"), |
d7fc3057 MT |
1514 | ) |
1515 | ||
1516 | else: | |
03d24a9b | 1517 | log.warning("Unsupported type: %s" % type) |
d7fc3057 | 1518 | |
dcef2ba4 PM |
1519 | def _update_overrides_for_aws(self): |
1520 | # Download Amazon AWS IP allocation file to create overrides... | |
1521 | downloader = location.importer.Downloader() | |
1522 | ||
1523 | try: | |
85e44d9a MT |
1524 | # Fetch IP ranges |
1525 | f = downloader.retrieve("https://ip-ranges.amazonaws.com/ip-ranges.json") | |
1526 | ||
1527 | # Parse downloaded file | |
1528 | aws_ip_dump = json.load(f) | |
dcef2ba4 PM |
1529 | except Exception as e: |
1530 | log.error("unable to preprocess Amazon AWS IP ranges: %s" % e) | |
1531 | return | |
1532 | ||
68fdeb3b PM |
1533 | # At this point, we can assume the downloaded file to be valid |
1534 | self.db.execute(""" | |
1535 | DELETE FROM network_overrides WHERE source = 'Amazon AWS IP feed'; | |
1536 | """) | |
1537 | ||
dcef2ba4 PM |
1538 | # XXX: Set up a dictionary for mapping a region name to a country. Unfortunately, |
1539 | # there seems to be no machine-readable version available of this other than | |
1540 | # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html | |
1541 | # (worse, it seems to be incomplete :-/ ); https://www.cloudping.cloud/endpoints | |
1542 | # was helpful here as well. | |
1543 | aws_region_country_map = { | |
1544 | "af-south-1": "ZA", | |
1545 | "ap-east-1": "HK", | |
1546 | "ap-south-1": "IN", | |
1547 | "ap-south-2": "IN", | |
1548 | "ap-northeast-3": "JP", | |
1549 | "ap-northeast-2": "KR", | |
1550 | "ap-southeast-1": "SG", | |
1551 | "ap-southeast-2": "AU", | |
1552 | "ap-southeast-3": "MY", | |
1553 | "ap-southeast-4": "AU", | |
c9486b13 | 1554 | "ap-southeast-6": "AP", # XXX: Precise location not documented anywhere |
dcef2ba4 PM |
1555 | "ap-northeast-1": "JP", |
1556 | "ca-central-1": "CA", | |
c9486b13 | 1557 | "ca-west-1": "CA", |
dcef2ba4 PM |
1558 | "eu-central-1": "DE", |
1559 | "eu-central-2": "CH", | |
1560 | "eu-west-1": "IE", | |
1561 | "eu-west-2": "GB", | |
1562 | "eu-south-1": "IT", | |
1563 | "eu-south-2": "ES", | |
1564 | "eu-west-3": "FR", | |
1565 | "eu-north-1": "SE", | |
ad017947 | 1566 | "il-central-1": "IL", # XXX: This one is not documented anywhere except for ip-ranges.json itself |
dcef2ba4 PM |
1567 | "me-central-1": "AE", |
1568 | "me-south-1": "BH", | |
1569 | "sa-east-1": "BR" | |
1570 | } | |
1571 | ||
1572 | # Fetch all valid country codes to check parsed networks aganist... | |
1573 | rows = self.db.query("SELECT * FROM countries ORDER BY country_code") | |
1574 | validcountries = [] | |
1575 | ||
1576 | for row in rows: | |
1577 | validcountries.append(row.country_code) | |
1578 | ||
1579 | with self.db.transaction(): | |
1580 | for snetwork in aws_ip_dump["prefixes"] + aws_ip_dump["ipv6_prefixes"]: | |
1581 | try: | |
1582 | network = ipaddress.ip_network(snetwork.get("ip_prefix") or snetwork.get("ipv6_prefix"), strict=False) | |
1583 | except ValueError: | |
1584 | log.warning("Unable to parse line: %s" % snetwork) | |
1585 | continue | |
1586 | ||
1587 | # Sanitize parsed networks... | |
1588 | if not self._check_parsed_network(network): | |
1589 | continue | |
1590 | ||
1591 | # Determine region of this network... | |
1592 | region = snetwork["region"] | |
1593 | cc = None | |
1594 | is_anycast = False | |
1595 | ||
1596 | # Any region name starting with "us-" will get "US" country code assigned straight away... | |
1597 | if region.startswith("us-"): | |
1598 | cc = "US" | |
1599 | elif region.startswith("cn-"): | |
1600 | # ... same goes for China ... | |
1601 | cc = "CN" | |
1602 | elif region == "GLOBAL": | |
1603 | # ... funny region name for anycast-like networks ... | |
1604 | is_anycast = True | |
1605 | elif region in aws_region_country_map: | |
1606 | # ... assign looked up country code otherwise ... | |
1607 | cc = aws_region_country_map[region] | |
1608 | else: | |
1609 | # ... and bail out if we are missing something here | |
1610 | log.warning("Unable to determine country code for line: %s" % snetwork) | |
1611 | continue | |
1612 | ||
1613 | # Skip networks with unknown country codes | |
1614 | if not is_anycast and validcountries and cc not in validcountries: | |
1615 | log.warning("Skipping Amazon AWS network with bogus country '%s': %s" % \ | |
1616 | (cc, network)) | |
1617 | return | |
1618 | ||
1619 | # Conduct SQL statement... | |
1620 | self.db.execute(""" | |
1621 | INSERT INTO network_overrides( | |
1622 | network, | |
1623 | country, | |
1624 | source, | |
1625 | is_anonymous_proxy, | |
1626 | is_satellite_provider, | |
1627 | is_anycast | |
1628 | ) VALUES (%s, %s, %s, %s, %s, %s) | |
1629 | ON CONFLICT (network) DO NOTHING""", | |
1630 | "%s" % network, | |
1631 | cc, | |
1632 | "Amazon AWS IP feed", | |
1633 | None, | |
1634 | None, | |
1635 | is_anycast, | |
1636 | ) | |
1637 | ||
1638 | ||
69b3d894 PM |
1639 | def _update_overrides_for_spamhaus_drop(self): |
1640 | downloader = location.importer.Downloader() | |
1641 | ||
5acac2a4 PM |
1642 | ip_lists = [ |
1643 | ("SPAMHAUS-DROP", "https://www.spamhaus.org/drop/drop.txt"), | |
1644 | ("SPAMHAUS-EDROP", "https://www.spamhaus.org/drop/edrop.txt"), | |
1645 | ("SPAMHAUS-DROPV6", "https://www.spamhaus.org/drop/dropv6.txt") | |
69b3d894 PM |
1646 | ] |
1647 | ||
5acac2a4 PM |
1648 | asn_lists = [ |
1649 | ("SPAMHAUS-ASNDROP", "https://www.spamhaus.org/drop/asndrop.txt") | |
69b3d894 PM |
1650 | ] |
1651 | ||
5acac2a4 PM |
1652 | for name, url in ip_lists: |
1653 | # Fetch IP list from given URL | |
85e44d9a MT |
1654 | f = downloader.retrieve(url) |
1655 | ||
1656 | # Split into lines | |
1657 | fcontent = f.readlines() | |
69b3d894 | 1658 | |
69b3d894 | 1659 | with self.db.transaction(): |
5acac2a4 PM |
1660 | # Conduct a very basic sanity check to rule out CDN issues causing bogus DROP |
1661 | # downloads. | |
1662 | if len(fcontent) > 10: | |
b56bf4bf | 1663 | self.db.execute("DELETE FROM network_overrides WHERE source = %s", name) |
5acac2a4 PM |
1664 | else: |
1665 | log.error("%s (%s) returned likely bogus file, ignored" % (name, url)) | |
1666 | continue | |
1667 | ||
1668 | # Iterate through every line, filter comments and add remaining networks to | |
1669 | # the override table in case they are valid... | |
69b3d894 | 1670 | for sline in fcontent: |
69b3d894 PM |
1671 | # The response is assumed to be encoded in UTF-8... |
1672 | sline = sline.decode("utf-8") | |
1673 | ||
1674 | # Comments start with a semicolon... | |
1675 | if sline.startswith(";"): | |
1676 | continue | |
1677 | ||
1678 | # Extract network and ignore anything afterwards... | |
1679 | try: | |
1680 | network = ipaddress.ip_network(sline.split()[0], strict=False) | |
1681 | except ValueError: | |
1682 | log.error("Unable to parse line: %s" % sline) | |
1683 | continue | |
1684 | ||
1685 | # Sanitize parsed networks... | |
1686 | if not self._check_parsed_network(network): | |
5acac2a4 PM |
1687 | log.warning("Skipping bogus network found in %s (%s): %s" % \ |
1688 | (name, url, network)) | |
69b3d894 PM |
1689 | continue |
1690 | ||
1691 | # Conduct SQL statement... | |
1692 | self.db.execute(""" | |
1693 | INSERT INTO network_overrides( | |
1694 | network, | |
1695 | source, | |
1696 | is_drop | |
1697 | ) VALUES (%s, %s, %s) | |
148f68bf | 1698 | ON CONFLICT (network) DO UPDATE SET is_drop = True""", |
69b3d894 | 1699 | "%s" % network, |
5acac2a4 | 1700 | name, |
69b3d894 PM |
1701 | True |
1702 | ) | |
1703 | ||
5acac2a4 | 1704 | for name, url in asn_lists: |
85e44d9a MT |
1705 | # Fetch URL |
1706 | f = downloader.retrieve(url) | |
69b3d894 | 1707 | |
5acac2a4 PM |
1708 | # Split into lines |
1709 | fcontent = f.readlines() | |
1710 | ||
69b3d894 | 1711 | with self.db.transaction(): |
5acac2a4 PM |
1712 | # Conduct a very basic sanity check to rule out CDN issues causing bogus DROP |
1713 | # downloads. | |
1714 | if len(fcontent) > 10: | |
b56bf4bf | 1715 | self.db.execute("DELETE FROM autnum_overrides WHERE source = %s", name) |
5acac2a4 PM |
1716 | else: |
1717 | log.error("%s (%s) returned likely bogus file, ignored" % (name, url)) | |
1718 | continue | |
1719 | ||
1720 | # Iterate through every line, filter comments and add remaining ASNs to | |
1721 | # the override table in case they are valid... | |
00beb796 | 1722 | for sline in f.readlines(): |
69b3d894 PM |
1723 | # The response is assumed to be encoded in UTF-8... |
1724 | sline = sline.decode("utf-8") | |
1725 | ||
1726 | # Comments start with a semicolon... | |
1727 | if sline.startswith(";"): | |
1728 | continue | |
1729 | ||
1730 | # Throw away anything after the first space... | |
1731 | sline = sline.split()[0] | |
1732 | ||
1733 | # ... strip the "AS" prefix from it ... | |
1734 | sline = sline.strip("AS") | |
1735 | ||
1736 | # ... and convert it into an integer. Voila. | |
1737 | asn = int(sline) | |
1738 | ||
1739 | # Filter invalid ASNs... | |
1740 | if not self._check_parsed_asn(asn): | |
5acac2a4 PM |
1741 | log.warning("Skipping bogus ASN found in %s (%s): %s" % \ |
1742 | (name, url, asn)) | |
69b3d894 PM |
1743 | continue |
1744 | ||
1745 | # Conduct SQL statement... | |
1746 | self.db.execute(""" | |
1747 | INSERT INTO autnum_overrides( | |
1748 | number, | |
1749 | source, | |
1750 | is_drop | |
1751 | ) VALUES (%s, %s, %s) | |
148f68bf | 1752 | ON CONFLICT (number) DO UPDATE SET is_drop = True""", |
69b3d894 | 1753 | "%s" % asn, |
5acac2a4 | 1754 | name, |
69b3d894 PM |
1755 | True |
1756 | ) | |
1757 | ||
28d29b7c MT |
1758 | @staticmethod |
1759 | def _parse_bool(block, key): | |
1760 | val = block.get(key) | |
1761 | ||
1762 | # There is no point to proceed when we got None | |
1763 | if val is None: | |
1764 | return | |
1765 | ||
1766 | # Convert to lowercase | |
1767 | val = val.lower() | |
1768 | ||
1769 | # True | |
1770 | if val in ("yes", "1"): | |
1771 | return True | |
1772 | ||
1773 | # False | |
1774 | if val in ("no", "0"): | |
1775 | return False | |
1776 | ||
1777 | # Default to None | |
1778 | return None | |
1779 | ||
3ce28dea MT |
1780 | @property |
1781 | def countries(self): | |
1782 | # Fetch all valid country codes to check parsed networks aganist | |
1783 | rows = self.db.query("SELECT * FROM countries ORDER BY country_code") | |
1784 | ||
1785 | # Return all countries | |
1786 | return [row.country_code for row in rows] | |
1787 | ||
8084b33a MT |
1788 | def handle_import_countries(self, ns): |
1789 | with self.db.transaction(): | |
1790 | # Drop all data that we have | |
1791 | self.db.execute("TRUNCATE TABLE countries") | |
1792 | ||
1793 | for file in ns.file: | |
1794 | for line in file: | |
1795 | line = line.rstrip() | |
1796 | ||
1797 | # Ignore any comments | |
1798 | if line.startswith("#"): | |
1799 | continue | |
1800 | ||
1801 | try: | |
1802 | country_code, continent_code, name = line.split(maxsplit=2) | |
1803 | except: | |
1804 | log.warning("Could not parse line: %s" % line) | |
1805 | continue | |
1806 | ||
1807 | self.db.execute("INSERT INTO countries(country_code, name, continent_code) \ | |
1808 | VALUES(%s, %s, %s) ON CONFLICT DO NOTHING", country_code, name, continent_code) | |
1809 | ||
6ffd06b5 MT |
1810 | |
1811 | def split_line(line): | |
1812 | key, colon, val = line.partition(":") | |
1813 | ||
1814 | # Strip any excess space | |
1815 | key = key.strip() | |
1816 | val = val.strip() | |
78ff0cf2 | 1817 | |
6ffd06b5 | 1818 | return key, val |
78ff0cf2 MT |
1819 | |
1820 | def main(): | |
1821 | # Run the command line interface | |
1822 | c = CLI() | |
1823 | c.run() | |
1824 | ||
1825 | main() |