From 5e4d32c4c0c97ebb5eecf241a427abc29dbd820d Mon Sep 17 00:00:00 2001 From: Mark Qvist Date: Thu, 1 Jan 2026 20:13:00 +0100 Subject: [PATCH] Added ability to view published blackhole list --- RNS/Transport.py | 40 +++++++++++- RNS/Utilities/rnpath.py | 136 +++++++++++++++++++++++++++------------- 2 files changed, 131 insertions(+), 45 deletions(-) diff --git a/RNS/Transport.py b/RNS/Transport.py index 050c69a..870bfec 100755 --- a/RNS/Transport.py +++ b/RNS/Transport.py @@ -123,6 +123,8 @@ class Transport: # for control purposes like path requests control_destinations = [] control_hashes = [] + mgmt_destinations = [] + mgmt_hashes = [] remote_management_allowed = [] # Interfaces for communicating with @@ -156,6 +158,8 @@ class Transport: tables_cull_interval = 5.0 interface_last_jobs = 0.0 interface_jobs_interval = 5.0 + last_mgmt_announce = 0 + mgmt_announce_interval = 2*60*60 inbound_announce_lock = Lock() interface_announcer = None discovery_handler = None @@ -213,12 +217,22 @@ class Transport: Transport.remote_management_destination = RNS.Destination(Transport.identity, RNS.Destination.IN, RNS.Destination.SINGLE, Transport.APP_NAME, "remote", "management") Transport.remote_management_destination.register_request_handler("/status", response_generator = Transport.remote_status_handler, allow = RNS.Destination.ALLOW_LIST, allowed_list=Transport.remote_management_allowed) Transport.remote_management_destination.register_request_handler("/path", response_generator = Transport.remote_path_handler, allow = RNS.Destination.ALLOW_LIST, allowed_list=Transport.remote_management_allowed) - Transport.control_destinations.append(Transport.remote_management_destination) - Transport.control_hashes.append(Transport.remote_management_destination.hash) + Transport.mgmt_destinations.append(Transport.remote_management_destination) + Transport.mgmt_hashes.append(Transport.remote_management_destination.hash) RNS.log("Enabled remote management on "+str(Transport.remote_management_destination), RNS.LOG_NOTICE) + if RNS.Reticulum.publish_blackhole_enabled() and not Transport.owner.is_connected_to_shared_instance: + Transport.blackhole_destination = RNS.Destination(Transport.identity, RNS.Destination.IN, RNS.Destination.SINGLE, Transport.APP_NAME, "info", "blackhole") + Transport.blackhole_destination.register_request_handler("/list", response_generator = Transport.blackhole_list_handler, allow=RNS.Destination.ALLOW_ALL) + Transport.mgmt_destinations.append(Transport.blackhole_destination) + Transport.mgmt_hashes.append(Transport.blackhole_destination.hash) + RNS.log(f"Enabled blackhole list publishing for transport identity {RNS.prettyhexrep(Transport.identity.hash)}", RNS.LOG_NOTICE) + # Defer cleaning packet cache for 60 seconds Transport.cache_last_cleaned = time.time() + 60 + + # Defer sending management announces for 15 seconds + Transport.last_mgmt_announce = time.time() - Transport.mgmt_announce_interval + 15 # Start job loops Transport.jobs_running = False @@ -338,7 +352,7 @@ class Transport: Transport.probe_destination = RNS.Destination(Transport.identity, RNS.Destination.IN, RNS.Destination.SINGLE, Transport.APP_NAME, "probe") Transport.probe_destination.accepts_links(False) Transport.probe_destination.set_proof_strategy(RNS.Destination.PROVE_ALL) - Transport.probe_destination.announce() + Transport.mgmt_destinations.append(Transport.probe_destination) RNS.log("Transport Instance will respond to probe requests on "+str(Transport.probe_destination), RNS.LOG_NOTICE) else: Transport.probe_destination = None @@ -789,6 +803,17 @@ class Transport: if time.time() > Transport.cache_last_cleaned+Transport.cache_clean_interval: Transport.clean_cache() + # Send announces for management destinations + if time.time() > Transport.last_mgmt_announce+Transport.mgmt_announce_interval: + try: + Transport.last_mgmt_announce = time.time() + def job(): + for destination in Transport.mgmt_destinations: destination.announce() + threading.Thread(target=job, daemon=True).start() + + except Exception as e: + RNS.log(f"Error while sending management announces: {e}", RNS.LOG_ERROR) + if should_collect: gc.collect() else: @@ -3140,6 +3165,15 @@ class Transport: ms = "" if len(drop_destinations) == 1 else "s" RNS.log(f"Removed {len(drop_destinations)} destination{ms} associated with blackholed identities from path table", RNS.LOG_INFO) + @staticmethod + def blackhole_list_handler(path, data, request_id, link_id, remote_identity, requested_at): + try: return Transport.blackholed_identities + except Exception as e: + RNS.log("An error occurred while processing blackhole list request from "+str(remote_identity), RNS.LOG_ERROR) + RNS.log("The contained exception was: "+str(e), RNS.LOG_ERROR) + + return None + @staticmethod def persist_blackhole(): try: diff --git a/RNS/Utilities/rnpath.py b/RNS/Utilities/rnpath.py index b4d42e1..c82c632 100644 --- a/RNS/Utilities/rnpath.py +++ b/RNS/Utilities/rnpath.py @@ -39,7 +39,8 @@ import argparse from RNS._version import __version__ remote_link = None -def connect_remote(destination_hash, auth_identity, timeout, no_output = False): +output_rst_str = "\r \r" +def connect_remote(destination_hash, auth_identity, timeout, no_output = False, purpose="management"): global remote_link, reticulum if not RNS.Transport.has_path(destination_hash): if not no_output: @@ -51,7 +52,7 @@ def connect_remote(destination_hash, auth_identity, timeout, no_output = False): time.sleep(0.1) if time.time() - pr_time > timeout: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("Path request timed out") exit(12) @@ -60,29 +61,30 @@ def connect_remote(destination_hash, auth_identity, timeout, no_output = False): def remote_link_closed(link): if link.teardown_reason == RNS.Link.TIMEOUT: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("The link timed out, exiting now") elif link.teardown_reason == RNS.Link.DESTINATION_CLOSED: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("The link was closed by the server, exiting now") else: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("Link closed unexpectedly, exiting now") exit(10) def remote_link_established(link): global remote_link - link.identify(auth_identity) + if purpose == "management": link.identify(auth_identity) remote_link = link if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("Establishing link with remote transport instance...", end=" ") sys.stdout.flush() - remote_destination = RNS.Destination(remote_identity, RNS.Destination.OUT, RNS.Destination.SINGLE, "rnstransport", "remote", "management") + if purpose == "management": remote_destination = RNS.Destination(remote_identity, RNS.Destination.OUT, RNS.Destination.SINGLE, "rnstransport", "remote", "management") + elif purpose == "blackhole": remote_destination = RNS.Destination(remote_identity, RNS.Destination.OUT, RNS.Destination.SINGLE, "rnstransport", "info", "blackhole") link = RNS.Link(remote_destination) link.set_link_established_callback(remote_link_established) link.set_link_closed_callback(remote_link_closed) @@ -98,7 +100,7 @@ def parse_hash(input_str): def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity, timeout, drop_queues, drop_via, max_hops, remote=None, management_identity=None, remote_timeout=RNS.Transport.PATH_REQUEST_TIMEOUT, blackholed=False, blackhole=False, unblackhole=False, blackhole_duration=None, blackhole_reason=None, - no_output=False, json=False): + remote_blackhole_list=False, remote_blackhole_list_filter=None, no_output=False, json=False): global remote_link, reticulum reticulum = RNS.Reticulum(configdir = configdir, loglevel = 3+verbosity) @@ -123,39 +125,86 @@ def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity, while remote_link == None: time.sleep(0.1) - if blackholed: - if remote_link: + if blackholed or remote_blackhole_list: + blackholed_list = None + if blackholed: + if remote_link: + if not no_output: + print(output_rst_str, end="") + print("Listing blackholed identities on remote instances not yet implemented") + exit(255) + + try: blackholed_list = reticulum.get_blackholed_identities() + except Exception as e: + print(f"Could not get blackholed identities from RNS instance: {e}") + exit(20) + + elif remote_blackhole_list: + try: identity_hash = parse_hash(destination_hexhash) + except Exception as e: + print(f"{e}") + exit(20) + + remote_hash = RNS.Destination.hash_from_name_and_identity("rnstransport.info.blackhole", identity_hash) + connect_remote(remote_hash, None, remote_timeout, no_output, purpose="blackhole") + while remote_link == None: time.sleep(0.1) + if not no_output: - print("\r \r", end="") - print("Listing blackholed identities on remote instances not yet implemented") + print(output_rst_str, end="") + print("Sending request...", end=" ") + sys.stdout.flush() + receipt = remote_link.request("/list") + while not receipt.concluded(): time.sleep(0.1) + response = receipt.get_response() + if type(response) == dict: + blackholed_list = response + print(output_rst_str, end="") + else: + if not no_output: + print(output_rst_str, end="") + print("The remote request failed.") + exit(10) + + else: + print(f"Nowhere to fetch blackhole list from") exit(255) - try: + if not blackholed_list: + print("No blackholed identity data available") + exit(20) + + else: rmlen = 64 def trunc(input_str): if len(input_str) <= rmlen: return input_str else: return f"{input_str[:rmlen-1]}…" - blackholed = reticulum.get_blackholed_identities() - now = time.time() - for identity_hash in blackholed: - if destination_hexhash and not destination_hexhash in RNS.prettyhexrep(identity_hash): continue - until = blackholed[identity_hash]["until"] - reason = blackholed[identity_hash]["reason"] - source = blackholed[identity_hash]["source"] - until_str = f"for {RNS.prettytime(until-now)}" if until else "indefinitely" - reason_str = f" ({trunc(reason)})" if reason else "" - by_str = f" by {RNS.prettyhexrep(source)}" if source != RNS.Transport.identity.hash else "" - print(f"{RNS.prettyhexrep(identity_hash)} blackholed {until_str}{reason_str}{by_str}") - - except Exception as e: - print(f"Could not get blackholed identities from RNS instance: {e}") - exit(20) + try: + now = time.time() + for identity_hash in blackholed_list: + until = blackholed_list[identity_hash]["until"] + reason = blackholed_list[identity_hash]["reason"] + source = blackholed_list[identity_hash]["source"] + until_str = f"for {RNS.prettytime(until-now)}" if until else "indefinitely" + reason_str = f" ({trunc(reason)})" if reason else "" + by_str = f" by {RNS.prettyhexrep(source)}" if source != RNS.Transport.identity.hash else "" + filter_str = f"{RNS.prettyhexrep(identity_hash)} {until_str} {reason_str} {by_str}" + + if not remote_blackhole_list: + if destination_hexhash and not destination_hexhash in filter_str: continue + else: + if remote_blackhole_list_filter and not remote_blackhole_list_filter in filter_str: continue + + print(f"{RNS.prettyhexrep(identity_hash)} blackholed {until_str}{reason_str}{by_str}") + + except Exception as e: + print(f"Error while displaying collected blackhole data: {e}") + exit(20) elif blackhole: if remote_link: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("Blackholing identity on remote instances not yet implemented") exit(255) @@ -174,7 +223,7 @@ def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity, elif unblackhole: if remote_link: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("Blackholing identity on remote instances not yet implemented") exit(255) @@ -204,7 +253,7 @@ def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity, if not remote_link: table = sorted(reticulum.get_path_table(max_hops=max_hops), key=lambda e: (e["interface"], e["hops"]) ) else: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("Sending request...", end=" ") sys.stdout.flush() receipt = remote_link.request("/path", data = ["table", destination_hash, max_hops]) @@ -212,10 +261,10 @@ def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity, response = receipt.get_response() if response: table = response - print("\r \r", end="") + print(output_rst_str, end="") else: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("The remote request failed. Likely authentication failure.") exit(10) @@ -257,7 +306,7 @@ def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity, if not remote_link: table = reticulum.get_rate_table() else: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("Sending request...", end=" ") sys.stdout.flush() receipt = remote_link.request("/path", data = ["rates", destination_hash]) @@ -266,10 +315,10 @@ def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity, response = receipt.get_response() if response: table = response - print("\r \r", end="") + print(output_rst_str, end="") else: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("The remote request failed. Likely authentication failure.") exit(10) @@ -329,7 +378,7 @@ def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity, elif drop_queues: if remote_link: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("Dropping announce queues on remote instances not yet implemented") exit(255) @@ -339,7 +388,7 @@ def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity, elif drop: if remote_link: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("Dropping path on remote instances not yet implemented") exit(255) @@ -360,7 +409,7 @@ def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity, elif drop_via: if remote_link: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("Dropping all paths via specific transport instance on remote instances yet not implemented") exit(255) @@ -381,7 +430,7 @@ def program_setup(configdir, table, rates, drop, destination_hexhash, verbosity, else: if remote_link: if not no_output: - print("\r \r", end="") + print(output_rst_str, end="") print("Requesting paths on remote instances not implemented") exit(255) @@ -447,8 +496,10 @@ def main(): parser.add_argument("-U", "--unblackhole", action="store_true", help="unblackhole identity", default=False) parser.add_argument( "--duration", action="store", type=int, help="duration of blackhole enforcement in hours", default=None) parser.add_argument( "--reason", action="store", type=str, help="reason for blackholing identity", default=None) + parser.add_argument("-p", "--blackholed-list", action="store_true", help="view published blackhole list for remote transport instance", default=False) parser.add_argument("-j", "--json", action="store_true", help="output in JSON format", default=False) parser.add_argument("destination", nargs="?", default=None, help="hexadecimal hash of the destination", type=str) + parser.add_argument("list_filter", nargs="?", default=None, help="filter for remote blackhole list view", type=str) parser.add_argument('-v', '--verbose', action='count', default=0) args = parser.parse_args() @@ -464,7 +515,8 @@ def main(): program_setup(configdir = configarg, table = args.table, rates = args.rates, drop = args.drop, destination_hexhash = args.destination, verbosity = args.verbose, timeout = args.w, drop_queues = args.drop_announces, drop_via = args.drop_via, max_hops = args.max, remote=args.R, management_identity=args.i, remote_timeout=args.W, blackholed=args.blackholed, blackhole=args.blackhole, - unblackhole=args.unblackhole, blackhole_duration=args.duration, blackhole_reason=args.reason, json=args.json) + unblackhole=args.unblackhole, blackhole_duration=args.duration, blackhole_reason=args.reason, remote_blackhole_list=args.blackholed_list, + remote_blackhole_list_filter=args.list_filter, json=args.json) sys.exit(0)