This module defines an abstract interface (class AbstractChainer) used by proxies to connect to their server endpoint, and some derived classes which fill the abstract class with some real function, most notably TransparentChainer and DirectedChainer.
from Connector import Connect
Implements classes to establish a connection.
from SockAddr import SockAddrInet
Module implementing SockAddr handling functions.
from Stream import Stream
Module exporting an interface to the Zorp.Stream component.
from Zorp import *
Module defining global constants, and interface entry points to the Zorp core.
import socket
Proxies are organized hierarchically, where the top level proxy is directly connected to server, and the low level proxy is connected to the upper level proxy. The term chaining means establishing the connection between a proxy and its parent. A chainer is a class responsible for chaining.
A chainer is only required for top level proxies, but may present in stacked ones too. The default chaining behaviour when there's no chainer defined (ie. self.session.chainer is None) is to pick up self.session.server_fd, which in turn gets set when the stacked proxy is started.
The task of chainers used for top level proxies is to connect to the target server.
none
Function to perform chaining to the parent proxy or remote server.
connectServer ( self, session, host, port, ) |
This is an interface function to be called to chain up to the parent proxy (or to the remote server)
The parameters host and port are hints given by the proxy, they may be ignored (like in TransparentChainer) or taken into account (like in InbandChainer).
Table 4-3. Arguments for AbstractChainer.connectServer()
self | this instance |
session | Session object |
host | host to connect to (sockaddr). |
port | port to connect to |
NotImplementedError
Function to actually establish a connection.
establishConnection ( self, session, local, remote, ) |
Internal function to establish a connection with the given local and remote addresses. It is used by derived chainer classes after finding out the destination address to connect to. This function performs access control checks.
Table 4-4. Arguments for AbstractChainer.establishConnection()
self | this instance |
session | Session object |
local | bind address |
remote | host to connect to |
DACException
The fd of the connection to the server
This chainer connects to a predefined server determined at instance creation time, independently of the original destination of the connection request. It can be used to address a nonrouteable host from the firewall.
Table 4-5. Attributes for class DirectedChainer
local | The local data of the connection |
remote | The data of the server |
forge_addr | forge client address when connecting to the server |
Example 4-1. Sample for DirectedChainer usage
Service("inter_HTTP_dmz",
DirectedChainer(SockAddr(192.168.0.2, 80)),
HttpProxy)
Constructor to initialize a DirectedChainer instance.
__init__ ( self, remote, local=None, forge_addr=0, ) |
Sets instance attributes based on parameters.
Table 4-6. Arguments for DirectedChainer.__init__()
self | this instance |
local | Local address of the connection |
remote | Address of the server |
forge_addr | forge client address when connecting to the server |
Function to connect to the predefined remote server.
connectServer ( self, session, host, port, ) |
This function establishes connection to the remote server forging the client address if necessary.
Table 4-7. Arguments for DirectedChainer.connectServer()
self | this instance |
session | The data of the current session |
host | not used |
port | not used |
The fd given by establishConnection
Failover chainer tries to connect several hosts in round robin fashion until one of them succeeds, forming a simple failover and load balance solution.
Table 4-8. Attributes for class FailoverChainer
hosts | The list of addresses to try |
local | the address of the local end of the connection |
forge_addr | forge client address |
current_host | The index of the actual host in the list |
Constructor to initializes an instance of FailoverChainer
__init__ ( self, hosts, local=None, forge_addr=0, ) |
Sets attributes based on parameters.
Table 4-9. Arguments for FailoverChainer.__init__()
self | this instance |
hosts | The list of addresses to try |
local | address to bind to (Optional) |
forge_addr | forge client address (Optional) |
Called by the proxy to connect to the remote server.
connectServer ( self, session, host, port, ) |
Tries to connect to each host round-robin until one of them succeeds.
Table 4-10. Arguments for FailoverChainer.connectServer()
self | this instance |
session | The data of the current session |
host | not used |
port | not used |
The fd given by establishConnection
Function to returns the actual host to attempt connection to.
getHostAddress ( self ) |
Returns the actual current_host element of the host list hosts.
Table 4-11. Arguments for FailoverChainer.getHostAddress()
self | this instance |
address to connect to
Function to skip to the next host to try.
nextHost ( self ) |
This function is called to skip to the next host to try in the hosts array. Increments current_host, zeroes it if overflowed.
Table 4-12. Arguments for FailoverChainer.nextHost()
self | this instance |
This chainer can be used for protocols where the target address is determined during the communication with the client. An example would be non-transparent HTTP where the target address is sent in the request.
Table 4-13. Attributes for class InbandChainer
local | the address of the local end of the connection |
forge_addr | use the client address for outgoing local address |
Constructor to initialize an InbandChainer instance.
__init__ ( self, local=None, forge_addr=0, ) |
Creates an instance, sets its attributes based on constructor arguments.
Table 4-14. Arguments for InbandChainer.__init__()
self | this instance |
local | local address (optional) |
forge_addr | forge client address (optional) |
Function called by the proxy to connect to the remote end.
connectServer ( self, session, host, port, ) |
This function looks up the host given as parameter in the DNS and starts connecting there.
Table 4-15. Arguments for InbandChainer.connectServer()
self | this instance |
session | Session object |
host | Remote hostname as determined by the protocol |
port | Remote port as determinted by the protocol |
The fd given by establishConnection
This chainer connects to the destination originally addressed by the client and is used for connections intercepted by the firewall.
You have to add a REDIRECT rule to your packet filter configuration to force connections going through your firewall to be serviced locally.
Make sure that the Listener port is protected by a DENY rule so that clients cannot connect to it directly, otherwise TransparentProxy may cause an infinite loop.
Table 4-16. Attributes for class TransparentChainer
local | bind address |
forge_addr | use client address as outgoing local address |
forced_port | if not 0 force it as destination port |
Example 4-2. Sample for TransparentChainer usage
Service("http", TransparentChainer(), HttpProxy)
Constructor to initialize a TransparentChainer instance.
__init__ ( self, local=None, forge_addr=0, forced_port=0, ) |
Sets various attributes as passed in as parameters.
Table 4-17. Arguments for TransparentChainer.__init__()
self | this instance |
local | local address, may be none (optional) |
forge_addr | if the client address shall be forged (optional) |
forced_port | use this port on the remote server (optional) |
Function to connect to the remote server.
connectServer ( self, session, host, port, ) |
Finds out the original destination of the given connection and connects there.
Table 4-18. Arguments for TransparentChainer.connectServer()
self | this instance |
session | The data of the current session |
host | not used |
port | not used |
The fd given by establishConnection