Skip to content

Commit 89c63d4

Browse files
authored
Merge pull request #282 from 0x90-n/support-for-experimental-reg-overrides
Support for experimental reg overrides
2 parents 41f96e2 + 2619e18 commit 89c63d4

File tree

4 files changed

+389
-39
lines changed

4 files changed

+389
-39
lines changed

cmd/registration-server/main.go

Lines changed: 21 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -33,20 +33,25 @@ type regServer interface {
3333

3434
// config defines the variables and options from the toml config file
3535
type config struct {
36-
DNSListenAddr string `toml:"dns_listen_addr"`
37-
Domain string `toml:"domain"`
38-
DNSPrivkeyPath string `toml:"dns_private_key_path"`
39-
APIPort uint16 `toml:"api_port"`
40-
ZMQAuthVerbose bool `toml:"zmq_auth_verbose"`
41-
ZMQAuthType string `toml:"zmq_auth_type"`
42-
ZMQPort uint16 `toml:"zmq_port"`
43-
ZMQBindAddr string `toml:"zmq_bind_addr"`
44-
ZMQPrivateKeyPath string `toml:"zmq_privkey_path"`
45-
StationPublicKeys []string `toml:"station_pubkeys"`
46-
ClientConfPath string `toml:"clientconf_path"`
47-
latestClientConf *pb.ClientConf
48-
LogLevel string `toml:"log_level"`
49-
LogMetricsInterval uint16 `toml:"log_metrics_interval"`
36+
DNSListenAddr string `toml:"dns_listen_addr"`
37+
Domain string `toml:"domain"`
38+
DNSPrivkeyPath string `toml:"dns_private_key_path"`
39+
APIPort uint16 `toml:"api_port"`
40+
ZMQAuthVerbose bool `toml:"zmq_auth_verbose"`
41+
ZMQAuthType string `toml:"zmq_auth_type"`
42+
ZMQPort uint16 `toml:"zmq_port"`
43+
ZMQBindAddr string `toml:"zmq_bind_addr"`
44+
ZMQPrivateKeyPath string `toml:"zmq_privkey_path"`
45+
StationPublicKeys []string `toml:"station_pubkeys"`
46+
ClientConfPath string `toml:"clientconf_path"`
47+
latestClientConf *pb.ClientConf
48+
LogLevel string `toml:"log_level"`
49+
LogMetricsInterval uint16 `toml:"log_metrics_interval"`
50+
EnforceSubnetOverrides bool `toml:"enforce_subnet_overrides"`
51+
PrcntMinRegsToOverride float64 `toml:"prcnt_min_regs_to_override"`
52+
PrcntPrefixRegsToOverride float64 `toml:"prcnt_prefix_regs_to_override"`
53+
OverrideSubnets []regprocessor.Subnet `toml:"override_subnet"`
54+
ExclusionsFromOverride []regprocessor.Subnet `toml:"excluded_subnet_from_overrides"`
5055
}
5156

5257
var defaultTransports = map[pb.TransportType]lib.Transport{
@@ -192,9 +197,9 @@ func main() {
192197

193198
switch conf.ZMQAuthType {
194199
case "CURVE":
195-
processor, err = regprocessor.NewRegProcessor(conf.ZMQBindAddr, conf.ZMQPort, zmqPrivkey, conf.ZMQAuthVerbose, conf.StationPublicKeys, metrics)
200+
processor, err = regprocessor.NewRegProcessor(conf.ZMQBindAddr, conf.ZMQPort, zmqPrivkey, conf.ZMQAuthVerbose, conf.StationPublicKeys, metrics, conf.EnforceSubnetOverrides, conf.OverrideSubnets, conf.ExclusionsFromOverride, conf.PrcntMinRegsToOverride, conf.PrcntPrefixRegsToOverride)
196201
case "NULL":
197-
processor, err = regprocessor.NewRegProcessorNoAuth(conf.ZMQBindAddr, conf.ZMQPort, metrics)
202+
processor, err = regprocessor.NewRegProcessorNoAuth(conf.ZMQBindAddr, conf.ZMQPort, metrics, conf.EnforceSubnetOverrides, conf.OverrideSubnets, conf.ExclusionsFromOverride, conf.PrcntMinRegsToOverride, conf.PrcntPrefixRegsToOverride)
198203
default:
199204
log.Fatalf("Unknown ZMQ auth type: %s", conf.ZMQAuthType)
200205
}

cmd/registration-server/reg_config.toml

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,3 +45,32 @@ bidirectional_api_generation = 957
4545

4646
# Path on disk to the latest ClientConfig file that the station should use
4747
clientconf_path = "/var/lib/conjure/ClientConf"
48+
49+
# Whether to apply the below subnet overrides to clients bidirectional api registrations
50+
enforce_subnet_overrides = true
51+
52+
# Percentage of bidirectional api registrations to override per transport
53+
prcnt_min_regs_to_override = 100
54+
prcnt_prefix_regs_to_override = 100
55+
56+
# Subnets to use when overriding clients bidirectional api registrations
57+
[[override_subnet]]
58+
cidr = "X.X.X.X/32"
59+
weight = 10.7
60+
port = 443
61+
transport = "Min_Transport"
62+
63+
[[override_subnet]]
64+
cidr = "X.X.X.X/24"
65+
weight = 10
66+
port = 80
67+
transport = "Prefix_Transport"
68+
prefix_id = 1
69+
70+
# Subnets to refrain from overriding when clients bidirectional api registrations pick a v4 phantom inside them
71+
[[excluded_subnet_from_overrides]]
72+
cidr = "X.X.X.X/25"
73+
# For future features that can exclude subnets according to weight, port, or transport
74+
weight = 28.7
75+
port = 80
76+
transport = "Min_Transport"

pkg/regserver/regprocessor/auth_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,7 @@ func TestZMQAuth(t *testing.T) {
134134
// messages that we expect the station to hear. in production this will be new registrations,
135135
// here we don't care about the message contents.
136136
go func() {
137-
regProcessor, err := newRegProcessor(zmqBindAddr, zmqPort, []byte(zmq.Z85decode(serverPrivkeyZ85)), true, stationPublicKeys)
137+
regProcessor, err := newRegProcessor(zmqBindAddr, zmqPort, []byte(zmq.Z85decode(serverPrivkeyZ85)), true, stationPublicKeys, false, nil, nil, 0.0, 0.0)
138138
require.Nil(t, err)
139139
defer regProcessor.Close()
140140
errStation := regProcessor.AddTransport(pb.TransportType_Min, min.Transport{})

0 commit comments

Comments
 (0)