1. psiphon
  2. Psiphon Circumvention System

Commits

A Kruger  committed 0d8dd0f

Roll back changes - we don't actually need a server-side component to test routing to the tun device.

  • Participants
  • Parent commits c0a56a8
  • Branches check-tunnel

Comments (0)

Files changed (3)

File Automation/psi_ops_install.py

View file
  • Ignore whitespace
     # tunneled web requests
     ['''
     -A INPUT -i lo -d %s -p tcp -m state --state NEW -m tcp --dport %s -j ACCEPT'''
-            % (str(s.internal_ip_address), str(s.web_server_port)) for s in servers]) + ''.join(
-    ['''
-    -A INPUT -i lo -d %s -p tcp -m state --state NEW -m tcp --dport %s -j ACCEPT'''
-            % (str(s.internal_ip_address), str(psi_config.TUNNEL_CHECK_SERVICE_PORT)) for s in servers]) + '''
+            % (str(s.internal_ip_address), str(s.web_server_port)) for s in servers]) + '''
     -A INPUT -d 127.0.0.0/8 ! -i lo -j DROP
     -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
     -A INPUT -p tcp -m state --state NEW -m tcp --dport %s -j ACCEPT''' % (host.ssh_port,) + ''.join(
     ['''
     -A OUTPUT -d {0} -o lo -p tcp -m tcp --dport {1} -j ACCEPT
     -A OUTPUT -s {0} -o lo -p tcp -m tcp --sport {1} -j ACCEPT'''.format(
-            str(s.internal_ip_address), str(s.web_server_port)) for s in servers]) + ''.join(
-    ['''
-    -A OUTPUT -d {0} -o lo -p tcp -m tcp --dport {1} -j ACCEPT
-    -A OUTPUT -s {0} -o lo -p tcp -m tcp --sport {1} -j ACCEPT'''.format(
-            str(s.internal_ip_address), str(psi_config.TUNNEL_CHECK_SERVICE_PORT)) for s in servers]) + '''            
+            str(s.internal_ip_address), str(s.web_server_port)) for s in servers]) + '''
     -A OUTPUT -o lo -p tcp -m tcp --dport 7300 -j ACCEPT
     -A OUTPUT -o lo -p tcp -m tcp --dport 6379 -m owner --uid-owner root -j ACCEPT
     -A OUTPUT -o lo -p tcp -m tcp --dport 6000 -m owner --uid-owner root -j ACCEPT
     -A OUTPUT -d %s -p tcp -m tcp --dport %s -j ACCEPT'''
             % (str(s.internal_ip_address), str(s.web_server_port)) for s in servers
                 if s.ip_address != s.internal_ip_address]) + ''.join(
-    ['''
-    -A OUTPUT -d %s -p tcp -m tcp --dport %s -j ACCEPT'''
-            % (str(s.internal_ip_address), str(psi_config.TUNNEL_CHECK_SERVICE_PORT)) for s in servers
-                if s.ip_address != s.internal_ip_address]) + ''.join(
-    ['''
-    -A OUTPUT -s %s -p tcp -m tcp --sport %s -j ACCEPT'''
-            % (str(s.internal_ip_address), str(psi_config.TUNNEL_CHECK_SERVICE_PORT)) for s in servers
-                if s.ip_address != s.internal_ip_address]) + ''.join(
     # web servers
     ['''
     -A OUTPUT -s %s -p tcp -m tcp --sport %s -j ACCEPT'''
     ['''
     -A OUTPUT -p tcp -m tcp -d %s --dport %s -j DNAT --to-destination %s'''
             % (str(s.ip_address), str(s.web_server_port), str(s.internal_ip_address)) for s in servers
-                if s.ip_address != s.internal_ip_address]) + ''.join(
-    ['''
-    -A OUTPUT -p tcp -m tcp -d %s --dport %s -j DNAT --to-destination %s'''
-            % (str(s.ip_address), str(psi_config.TUNNEL_CHECK_SERVICE_PORT), str(s.internal_ip_address)) for s in servers
                 if s.ip_address != s.internal_ip_address]) + '''
 COMMIT
 '''

File Server/psi_config.py

View file
  • Ignore whitespace
 ROUTE_FILE_NAME_TEMPLATE = '%s.route.zlib'
 DATA_FILE_NAME = posixpath.join(HOST_SOURCE_ROOT, 'Automation', 'psi_ops.dat')
 GEOIP_SERVICE_PORT = 6000
-TUNNEL_CHECK_SERVICE_PORT = 7999
 
 
 #==== VPN =====================================================================

File Server/psi_web.py

View file
  • Ignore whitespace
             raise
 
 
-# ===== Tunnel Check Service =====
-
-class TunnelCheckServerThread(threading.Thread):
-
-    def __init__(self, ip_address):
-        #super(WebServerThread, self).__init__(self)
-        threading.Thread.__init__(self)
-        self.server_ip_address = ip_address
-        self.server = None
-
-    def check_tunnel(self, environ, start_response):
-        # Just return 200 OK; no logging or action for this request
-        start_response('200 OK', [])
-        return []
-    
-    def stop_server(self):
-        # Retry loop in case self.server.stop throws an exception
-        for i in range(5):
-            try:
-                if self.server:
-                    # blocks until server stops
-                    self.server.stop()
-                    self.server = None
-                break
-            except Exception as e:
-                # Log errors
-                for line in traceback.format_exc().split('\n'):
-                    syslog.syslog(syslog.LOG_ERR, line)
-                time.sleep(i)
-
-    def run(self):
-        try:
-            server_instance = ()
-            self.server = wsgiserver.CherryPyWSGIServer(
-                            (self.server_ip_address, int(psi_config.TUNNEL_CHECK_SERVICE_PORT)),
-                            wsgiserver.WSGIPathInfoDispatcher(
-                                {'/check_tunnel': self.check_tunnel}))
-
-            # Blocks until server stopped
-            syslog.syslog(syslog.LOG_INFO, 'started Tunnel Check service on %s:%d' % (self.server_ip_address, psi_config.TUNNEL_CHECK_SERVICE_PORT))
-            self.server.start()
-        except Exception as e:
-            # Log other errors and abort
-            for line in traceback.format_exc().split('\n'):
-                syslog.syslog(syslog.LOG_ERR, line)
-            raise
-
-            
 # ===== Main Process =====
 
 def main():
     threads.append(geoip_thread)
     print 'GeoIP server running...'
 
-    for server_info in servers:
-        tunnel_check_thread = TunnelCheckServerThread(server_info[0])
-        tunnel_check_thread.start()
-        threads.append(tunnel_check_thread)
-    print 'Tunnel Check server running...'
-
     try:
         while True:
             time.sleep(60)