~mdw / tripe / blob
? search:


a31b26875869deca50657049dedfd38eb9aac6a0
[tripe] / svc / conntrack.in
1 #! @PYTHON@
2 ### -*-python-*-
3 ###
4 ### Service for automatically tracking network connection status
5 ###
6 ### (c) 2010 Straylight/Edgeware
7 ###
8
9 ###----- Licensing notice ---------------------------------------------------
10 ###
11 ### This file is part of Trivial IP Encryption (TrIPE).
12 ###
13 ### TrIPE is free software: you can redistribute it and/or modify it under
14 ### the terms of the GNU General Public License as published by the Free
15 ### Software Foundation; either version 3 of the License, or (at your
16 ### option) any later version.
17 ###
18 ### TrIPE is distributed in the hope that it will be useful, but WITHOUT
19 ### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
20 ### FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 ### for more details.
22 ###
23 ### You should have received a copy of the GNU General Public License
24 ### along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
25
26 VERSION = '@VERSION@'
27
28 ###--------------------------------------------------------------------------
29 ### External dependencies.
30
31 from ConfigParser import RawConfigParser
32 from optparse import OptionParser
33 import os as OS
34 import sys as SYS
35 import socket as S
36 import mLib as M
37 import tripe as T
38 import dbus as D
39 import re as RX
40 for i in ['mainloop', 'mainloop.glib']:
41 __import__('dbus.%s' % i)
42 try: from gi.repository import GLib as G
43 except ImportError: import gobject as G
44 from struct import pack, unpack
45
46 SM = T.svcmgr
47 ##__import__('rmcr').__debug = True
48
49 ###--------------------------------------------------------------------------
50 ### Utilities.
51
52 class struct (object):
53 """A simple container object."""
54 def __init__(me, **kw):
55 me.__dict__.update(kw)
56
57 ###--------------------------------------------------------------------------
58 ### Address manipulation.
59
60 class InetAddress (object):
61 def __init__(me, addrstr, maskstr = None):
62 me.addr = me._addrstr_to_int(addrstr)
63 if maskstr is None:
64 me.mask = -1
65 elif maskstr.isdigit():
66 me.mask = (1 << 32) - (1 << 32 - int(maskstr))
67 else:
68 me.mask = me._addrstr_to_int(maskstr)
69 if me.addr&~me.mask:
70 raise ValueError('network contains bits set beyond mask')
71 def _addrstr_to_int(me, addrstr):
72 return unpack('>L', S.inet_aton(addrstr))[0]
73 def _int_to_addrstr(me, n):
74 return S.inet_ntoa(pack('>L', n))
75 def sockaddr(me, port = 0):
76 if me.mask != -1: raise ValueError('not a simple address')
77 return me._int_to_addrstr(me.addr), port
78 def __str__(me):
79 addrstr = me._int_to_addrstr(me.addr)
80 if me.mask == -1:
81 return addrstr
82 else:
83 inv = me.mask ^ ((1 << 32) - 1)
84 if (inv&(inv + 1)) == 0:
85 return '%s/%d' % (addrstr, 32 - inv.bit_length())
86 else:
87 return '%s/%s' % (addrstr, me._int_to_addrstr(me.mask))
88 def withinp(me, net):
89 if (me.mask&net.mask) != net.mask: return False
90 if (me.addr ^ net.addr)&net.mask: return False
91 return True
92 def eq(me, other):
93 if me.mask != other.mask: return False
94 if me.addr != other.addr: return False
95 return True
96 @classmethod
97 def from_sockaddr(cls, sa):
98 addr, port = (lambda a, p: (a, p))(*sa)
99 return cls(addr), port
100
101 def parse_address(addrstr, maskstr = None):
102 return InetAddress(addrstr, maskstr)
103
104 def parse_net(netstr):
105 try: sl = netstr.index('/')
106 except ValueError: raise ValueError('missing mask')
107 return parse_address(netstr[:sl], netstr[sl + 1:])
108
109 def straddr(a): return a is None and '#<none>' or str(a)
110
111 ###--------------------------------------------------------------------------
112 ### Parse the configuration file.
113
114 ## Hmm. Should I try to integrate this with the peers database? It's not a
115 ## good fit; it'd need special hacks in tripe-newpeers. And the use case for
116 ## this service are largely going to be satellite notes, I don't think
117 ## scalability's going to be a problem.
118
119 TESTADDR = InetAddress('1.2.3.4')
120
121 CONFSYNTAX = [
122 ('COMMENT', RX.compile(r'^\s*($|[;#])')),
123 ('GRPHDR', RX.compile(r'^\s*\[(.*)\]\s*$')),
124 ('ASSGN', RX.compile(r'\s*([\w.-]+)\s*[:=]\s*(|\S|\S.*\S)\s*$'))]
125
126 class ConfigError (Exception):
127 def __init__(me, file, lno, msg):
128 me.file = file
129 me.lno = lno
130 me.msg = msg
131 def __str__(me):
132 return '%s:%d: %s' % (me.file, me.lno, me.msg)
133
134 class Config (object):
135 """
136 Represents a configuration file.
137
138 The most interesting thing is probably the `groups' slot, which stores a
139 list of pairs (NAME, PATTERNS); the NAME is a string, and the PATTERNS a
140 list of (TAG, PEER, NETS) triples. The implication is that there should be
141 precisely one peer from the set, and that it should be named TAG, where
142 (TAG, PEER, NETS) is the first triple such that the host's primary IP
143 address (if PEER is None -- or the IP address it would use for
144 communicating with PEER) is within one of the networks defined by NETS.
145 """
146
147 def __init__(me, file):
148 """
149 Construct a new Config object, reading the given FILE.
150 """
151 me._file = file
152 me._fwatch = M.FWatch(file)
153 me._update()
154
155 def check(me):
156 """
157 See whether the configuration file has been updated.
158 """
159 if me._fwatch.update():
160 me._update()
161
162 def _update(me):
163 """
164 Internal function to update the configuration from the underlying file.
165 """
166
167 if T._debug: print '# reread config'
168
169 ## Initial state.
170 testaddr = None
171 groups = {}
172 grpname = None
173 grplist = []
174
175 ## Open the file and start reading.
176 with open(me._file) as f:
177 lno = 0
178 for line in f:
179 lno += 1
180 for tag, rx in CONFSYNTAX:
181 m = rx.match(line)
182 if m: break
183 else:
184 raise ConfigError(me._file, lno, 'failed to parse line: %r' % line)
185
186 if tag == 'COMMENT':
187 ## A comment. Ignore it and hope it goes away.
188
189 continue
190
191 elif tag == 'GRPHDR':
192 ## A group header. Flush the old group and start a new one.
193 newname = m.group(1)
194
195 if grpname is not None: groups[grpname] = grplist
196 if newname in groups:
197 raise ConfigError(me._file, lno,
198 "duplicate group name `%s'" % newname)
199 grpname = newname
200 grplist = []
201
202 elif tag == 'ASSGN':
203 ## An assignment. Deal with it.
204 name, value = m.group(1), m.group(2)
205
206 if grpname is None:
207 ## We're outside of any group, so this is a global configuration
208 ## tweak.
209
210 if name == 'test-addr':
211 for astr in value.split():
212 try:
213 a = parse_address(astr)
214 except Exception, e:
215 raise ConfigError(me._file, lno,
216 "invalid IP address `%s': %s" %
217 (astr, e))
218 if testaddr is not None:
219 raise ConfigError(me._file, lno, 'duplicate test-address')
220 testaddr = a
221 else:
222 raise ConfigError(me._file, lno,
223 "unknown global option `%s'" % name)
224
225 else:
226 ## Parse a pattern and add it to the group.
227 spec = value.split()
228 i = 0
229
230 ## Check for an explicit target address.
231 if i >= len(spec) or spec[i].find('/') >= 0:
232 peer = None
233 else:
234 try:
235 peer = parse_address(spec[i])
236 except Exception, e:
237 raise ConfigError(me._file, lno,
238 "invalid IP address `%s': %s" %
239 (spec[i], e))
240 i += 1
241
242 ## Parse the list of local networks.
243 nets = []
244 while i < len(spec):
245 try:
246 net = parse_net(spec[i])
247 except Exception, e:
248 raise ConfigError(me._file, lno,
249 "invalid IP network `%s': %s" %
250 (spec[i], e))
251 else:
252 nets.append(net)
253 i += 1
254 if not nets:
255 raise ConfigError(me._file, lno, 'no networks defined')
256
257 ## Add this entry to the list.
258 grplist.append((name, peer, nets))
259
260 ## Fill in the default test address if necessary.
261 if testaddr is None: testaddr = TESTADDR
262
263 ## Done.
264 if grpname is not None: groups[grpname] = grplist
265 me.testaddr = testaddr
266 me.groups = groups
267
268 ### This will be a configuration file.
269 CF = None
270
271 def cmd_showconfig():
272 T.svcinfo('test-addr=%s' % CF.testaddr)
273 def cmd_showgroups():
274 for g in sorted(CF.groups.iterkeys()):
275 T.svcinfo(g)
276 def cmd_showgroup(g):
277 try: pats = CF.groups[g]
278 except KeyError: raise T.TripeJobError('unknown-group', g)
279 for t, p, nn in pats:
280 T.svcinfo('peer', t,
281 'target', p and str(p) or '(default)',
282 'net', ' '.join(map(str, nn)))
283
284 ###--------------------------------------------------------------------------
285 ### Responding to a network up/down event.
286
287 def localaddr(peer):
288 """
289 Return the local IP address used for talking to PEER.
290 """
291 sk = S.socket(S.AF_INET, S.SOCK_DGRAM)
292 try:
293 try:
294 sk.connect(peer.sockaddr(1))
295 addr = sk.getsockname()
296 return InetAddress.from_sockaddr(addr)[0]
297 except S.error:
298 return None
299 finally:
300 sk.close()
301
302 _kick = T.Queue()
303 _delay = None
304
305 def cancel_delay():
306 global _delay
307 if _delay is not None:
308 if T._debug: print '# cancel delayed kick'
309 G.source_remove(_delay)
310 _delay = None
311
312 def netupdown(upness, reason):
313 """
314 Add or kill peers according to whether the network is up or down.
315
316 UPNESS is true if the network is up, or false if it's down.
317 """
318
319 _kick.put((upness, reason))
320
321 def delay_netupdown(upness, reason):
322 global _delay
323 cancel_delay()
324 def _func():
325 global _delay
326 if T._debug: print '# delayed %s: %s' % (upness, reason)
327 _delay = None
328 netupdown(upness, reason)
329 return False
330 if T._debug: print '# delaying %s: %s' % (upness, reason)
331 _delay = G.timeout_add(2000, _func)
332
333 def kickpeers():
334 while True:
335 upness, reason = _kick.get()
336 if T._debug: print '# kickpeers %s: %s' % (upness, reason)
337 select = []
338 cancel_delay()
339
340 ## Make sure the configuration file is up-to-date. Don't worry if we
341 ## can't do anything useful.
342 try:
343 CF.check()
344 except Exception, exc:
345 SM.warn('conntrack', 'config-file-error',
346 exc.__class__.__name__, str(exc))
347
348 ## Find the current list of peers.
349 peers = SM.list()
350
351 ## Work out the primary IP address.
352 if upness:
353 addr = localaddr(CF.testaddr)
354 if addr is None:
355 upness = False
356 else:
357 addr = None
358 if not T._debug: pass
359 elif addr: print '# local address = %s' % straddr(addr)
360 else: print '# offline'
361
362 ## Now decide what to do.
363 changes = []
364 for g, pp in CF.groups.iteritems():
365 if T._debug: print '# check group %s' % g
366
367 ## Find out which peer in the group ought to be active.
368 statemap = {}
369 want = None
370 matchp = False
371 for t, p, nn in pp:
372 if p is None or not upness: ip = addr
373 else: ip = localaddr(p)
374 if T._debug:
375 info = 'peer = %s; target = %s; nets = %s; local = %s' % (
376 t, p or '(default)', ', '.join(map(str, nn)), straddr(ip))
377 if upness and not matchp and \
378 ip is not None and any(ip.withinp(n) for n in nn):
379 if T._debug: print '# %s: SELECTED' % info
380 statemap[t] = 'up'
381 select.append('%s=%s' % (g, t))
382 if t == 'down' or t.startswith('down/'): want = None
383 else: want = t
384 matchp = True
385 else:
386 statemap[t] = 'down'
387 if T._debug: print '# %s: skipped' % info
388
389 ## Shut down the wrong ones.
390 found = False
391 if T._debug: print '# peer-map = %r' % statemap
392 for p in peers:
393 what = statemap.get(p, 'leave')
394 if what == 'up':
395 found = True
396 if T._debug: print '# peer %s: already up' % p
397 elif what == 'down':
398 def _(p = p):
399 try:
400 SM.kill(p)
401 except T.TripeError, exc:
402 if exc.args[0] == 'unknown-peer':
403 ## Inherently racy; don't worry about this.
404 pass
405 else:
406 raise
407 if T._debug: print '# peer %s: bring down' % p
408 changes.append(_)
409
410 ## Start the right one if necessary.
411 if want is not None and not found:
412 def _(want = want):
413 try:
414 list(SM.svcsubmit('connect', 'active', want))
415 except T.TripeError, exc:
416 SM.warn('conntrack', 'connect-failed', want, *exc.args)
417 if T._debug: print '# peer %s: bring up' % want
418 changes.append(_)
419
420 ## Commit the changes.
421 if changes:
422 SM.notify('conntrack', upness and 'up' or 'down', *select + reason)
423 for c in changes: c()
424
425 ###--------------------------------------------------------------------------
426 ### NetworkManager monitor.
427
428 DBPROPS_IFACE = 'org.freedesktop.DBus.Properties'
429
430 NM_NAME = 'org.freedesktop.NetworkManager'
431 NM_PATH = '/org/freedesktop/NetworkManager'
432 NM_IFACE = NM_NAME
433 NMCA_IFACE = NM_NAME + '.Connection.Active'
434
435 NM_STATE_CONNECTED = 3 #obsolete
436 NM_STATE_CONNECTED_LOCAL = 50
437 NM_STATE_CONNECTED_SITE = 60
438 NM_STATE_CONNECTED_GLOBAL = 70
439 NM_CONNSTATES = set([NM_STATE_CONNECTED,
440 NM_STATE_CONNECTED_LOCAL,
441 NM_STATE_CONNECTED_SITE,
442 NM_STATE_CONNECTED_GLOBAL])
443
444 class NetworkManagerMonitor (object):
445 """
446 Watch NetworkManager signals for changes in network state.
447 """
448
449 ## Strategy. There are two kinds of interesting state transitions for us.
450 ## The first one is the global are-we-connected state, which we'll use to
451 ## toggle network upness on a global level. The second is which connection
452 ## has the default route, which we'll use to tweak which peer in the peer
453 ## group is active. The former is most easily tracked using the signal
454 ## org.freedesktop.NetworkManager.StateChanged; for the latter, we track
455 ## org.freedesktop.NetworkManager.Connection.Active.PropertiesChanged and
456 ## look for when a new connection gains the default route.
457
458 def attach(me, bus):
459 try:
460 nm = bus.get_object(NM_NAME, NM_PATH)
461 state = nm.Get(NM_IFACE, 'State', dbus_interface = DBPROPS_IFACE)
462 if state in NM_CONNSTATES:
463 netupdown(True, ['nm', 'initially-connected'])
464 else:
465 netupdown(False, ['nm', 'initially-disconnected'])
466 except D.DBusException, e:
467 if T._debug: print '# exception attaching to network-manager: %s' % e
468 bus.add_signal_receiver(me._nm_state, 'StateChanged',
469 NM_IFACE, NM_NAME, NM_PATH)
470 bus.add_signal_receiver(me._nm_connchange, 'PropertiesChanged',
471 NMCA_IFACE, NM_NAME, None)
472
473 def _nm_state(me, state):
474 if state in NM_CONNSTATES:
475 delay_netupdown(True, ['nm', 'connected'])
476 else:
477 delay_netupdown(False, ['nm', 'disconnected'])
478
479 def _nm_connchange(me, props):
480 if props.get('Default', False) or props.get('Default6', False):
481 delay_netupdown(True, ['nm', 'default-connection-change'])
482
483 ##--------------------------------------------------------------------------
484 ### Connman monitor.
485
486 CM_NAME = 'net.connman'
487 CM_PATH = '/'
488 CM_IFACE = 'net.connman.Manager'
489
490 class ConnManMonitor (object):
491 """
492 Watch ConnMan signls for changes in network state.
493 """
494
495 ## Strategy. Everything seems to be usefully encoded in the `State'
496 ## property. If it's `offline', `idle' or `ready' then we don't expect a
497 ## network connection. During handover from one network to another, the
498 ## property passes through `ready' to `online'.
499
500 def attach(me, bus):
501 try:
502 cm = bus.get_object(CM_NAME, CM_PATH)
503 props = cm.GetProperties(dbus_interface = CM_IFACE)
504 state = props['State']
505 netupdown(state == 'online', ['connman', 'initially-%s' % state])
506 except D.DBusException, e:
507 if T._debug: print '# exception attaching to connman: %s' % e
508 bus.add_signal_receiver(me._cm_state, 'PropertyChanged',
509 CM_IFACE, CM_NAME, CM_PATH)
510
511 def _cm_state(me, prop, value):
512 if prop != 'State': return
513 delay_netupdown(value == 'online', ['connman', value])
514
515 ###--------------------------------------------------------------------------
516 ### Maemo monitor.
517
518 ICD_NAME = 'com.nokia.icd'
519 ICD_PATH = '/com/nokia/icd'
520 ICD_IFACE = ICD_NAME
521
522 class MaemoICdMonitor (object):
523 """
524 Watch ICd signals for changes in network state.
525 """
526
527 ## Strategy. ICd only handles one connection at a time in steady state,
528 ## though when switching between connections, it tries to bring the new one
529 ## up before shutting down the old one. This makes life a bit easier than
530 ## it is with NetworkManager. On the other hand, the notifications are
531 ## relative to particular connections only, and the indicator that the old
532 ## connection is down (`IDLE') comes /after/ the new one comes up
533 ## (`CONNECTED'), so we have to remember which one is active.
534
535 def attach(me, bus):
536 try:
537 icd = bus.get_object(ICD_NAME, ICD_PATH)
538 try:
539 iap = icd.get_ipinfo(dbus_interface = ICD_IFACE)[0]
540 me._iap = iap
541 netupdown(True, ['icd', 'initially-connected', iap])
542 except D.DBusException:
543 me._iap = None
544 netupdown(False, ['icd', 'initially-disconnected'])
545 except D.DBusException, e:
546 if T._debug: print '# exception attaching to icd: %s' % e
547 me._iap = None
548 bus.add_signal_receiver(me._icd_state, 'status_changed', ICD_IFACE,
549 ICD_NAME, ICD_PATH)
550
551 def _icd_state(me, iap, ty, state, hunoz):
552 if state == 'CONNECTED':
553 me._iap = iap
554 delay_netupdown(True, ['icd', 'connected', iap])
555 elif state == 'IDLE' and iap == me._iap:
556 me._iap = None
557 delay_netupdown(False, ['icd', 'idle'])
558
559 ###--------------------------------------------------------------------------
560 ### D-Bus connection tracking.
561
562 class DBusMonitor (object):
563 """
564 Maintains a connection to the system D-Bus, and watches for signals.
565
566 If the connection is initially down, or drops for some reason, we retry
567 periodically (every five seconds at the moment). If the connection
568 resurfaces, we reattach the monitors.
569 """
570
571 def __init__(me):
572 """
573 Initialise the object and try to establish a connection to the bus.
574 """
575 me._mons = []
576 me._loop = D.mainloop.glib.DBusGMainLoop()
577 me._state = 'startup'
578 me._reconnect()
579
580 def addmon(me, mon):
581 """
582 Add a monitor object to watch for signals.
583
584 MON.attach(BUS) is called, with BUS being the connection to the system
585 bus. MON should query its service's current status and watch for
586 relevant signals.
587 """
588 me._mons.append(mon)
589 if me._bus is not None:
590 mon.attach(me._bus)
591
592 def _reconnect(me, hunoz = None):
593 """
594 Start connecting to the bus.
595
596 If we fail the first time, retry periodically.
597 """
598 if me._state == 'startup':
599 T.aside(SM.notify, 'conntrack', 'dbus-connection', 'startup')
600 elif me._state == 'connected':
601 T.aside(SM.notify, 'conntrack', 'dbus-connection', 'lost')
602 else:
603 T.aside(SM.notify, 'conntrack', 'dbus-connection',
604 'state=%s' % me._state)
605 me._state == 'reconnecting'
606 me._bus = None
607 if me._try_connect():
608 G.timeout_add_seconds(5, me._try_connect)
609
610 def _try_connect(me):
611 """
612 Actually make a connection attempt.
613
614 If we succeed, attach the monitors.
615 """
616 try:
617 addr = OS.getenv('TRIPE_CONNTRACK_BUS')
618 if addr == 'SESSION':
619 bus = D.SessionBus(mainloop = me._loop, private = True)
620 elif addr is not None:
621 bus = D.bus.BusConnection(addr, mainloop = me._loop)
622 else:
623 bus = D.SystemBus(mainloop = me._loop, private = True)
624 for m in me._mons:
625 m.attach(bus)
626 except D.DBusException, e:
627 return True
628 me._bus = bus
629 me._state = 'connected'
630 bus.call_on_disconnection(me._reconnect)
631 T.aside(SM.notify, 'conntrack', 'dbus-connection', 'connected')
632 return False
633
634 ###--------------------------------------------------------------------------
635 ### TrIPE service.
636
637 class GIOWatcher (object):
638 """
639 Monitor I/O events using glib.
640 """
641 def __init__(me, conn, mc = G.main_context_default()):
642 me._conn = conn
643 me._watch = None
644 me._mc = mc
645 def connected(me, sock):
646 me._watch = G.io_add_watch(sock, G.IO_IN,
647 lambda *hunoz: me._conn.receive())
648 def disconnected(me):
649 G.source_remove(me._watch)
650 me._watch = None
651 def iterate(me):
652 me._mc.iteration(True)
653
654 SM.iowatch = GIOWatcher(SM)
655
656 def init():
657 """
658 Service initialization.
659
660 Add the D-Bus monitor here, because we might send commands off immediately,
661 and we want to make sure the server connection is up.
662 """
663 global DBM
664 T.Coroutine(kickpeers, name = 'kickpeers').switch()
665 DBM = DBusMonitor()
666 DBM.addmon(NetworkManagerMonitor())
667 DBM.addmon(ConnManMonitor())
668 DBM.addmon(MaemoICdMonitor())
669 G.timeout_add_seconds(30, lambda: (_delay is not None or
670 netupdown(True, ['interval-timer']) or
671 True))
672
673 def parse_options():
674 """
675 Parse the command-line options.
676
677 Automatically changes directory to the requested configdir, and turns on
678 debugging. Returns the options object.
679 """
680 op = OptionParser(usage = '%prog [-a FILE] [-d DIR]',
681 version = '%%prog %s' % VERSION)
682
683 op.add_option('-a', '--admin-socket',
684 metavar = 'FILE', dest = 'tripesock', default = T.tripesock,
685 help = 'Select socket to connect to [default %default]')
686 op.add_option('-d', '--directory',
687 metavar = 'DIR', dest = 'dir', default = T.configdir,
688 help = 'Select current diretory [default %default]')
689 op.add_option('-c', '--config',
690 metavar = 'FILE', dest = 'conf', default = 'conntrack.conf',
691 help = 'Select configuration [default %default]')
692 op.add_option('--daemon', dest = 'daemon',
693 default = False, action = 'store_true',
694 help = 'Become a daemon after successful initialization')
695 op.add_option('--debug', dest = 'debug',
696 default = False, action = 'store_true',
697 help = 'Emit debugging trace information')
698 op.add_option('--startup', dest = 'startup',
699 default = False, action = 'store_true',
700 help = 'Being called as part of the server startup')
701
702 opts, args = op.parse_args()
703 if args: op.error('no arguments permitted')
704 OS.chdir(opts.dir)
705 T._debug = opts.debug
706 return opts
707
708 ## Service table, for running manually.
709 def cmd_updown(upness):
710 return lambda *args: T.defer(netupdown, upness, ['manual'] + list(args))
711 service_info = [('conntrack', VERSION, {
712 'up': (0, None, '', cmd_updown(True)),
713 'down': (0, None, '', cmd_updown(False)),
714 'show-config': (0, 0, '', cmd_showconfig),
715 'show-groups': (0, 0, '', cmd_showgroups),
716 'show-group': (1, 1, 'GROUP', cmd_showgroup)
717 })]
718
719 if __name__ == '__main__':
720 opts = parse_options()
721 CF = Config(opts.conf)
722 T.runservices(opts.tripesock, service_info,
723 init = init, daemon = opts.daemon)
724
725 ###----- That's all, folks --------------------------------------------------
Trivial IP Encryption: a simple VPN