rddr package

Subpackages

• rddr.protocols package
  • Submodules
  • rddr.protocols.protocol module
  • rddr.protocols.protocol_factory module
  • rddr.protocols.protocol_ssh module
  • rddr.protocols.protocol_ssl module
  • rddr.protocols.protocol_tcp module
  • Module contents
• rddr.proxies package
  • Submodules
  • rddr.proxies.incoming_proxy module
  • rddr.proxies.outgoing_proxy module
  • rddr.proxies.proxy module
  • Module contents

Submodules

rddr.config module

rddr.config._resolve_hostname(addr)

Parameters

addr (str) –

rddr.config.proxy_schema(direction)

rddr.config.validate_cfg(config)

Uses the cerberus module to validate the user’s configuration. Ensures config is valid, conforms to schema (given by variable _proxy_schema defined in rddr.config)

Parameters

config (dict) – Dictionary of config parsed from the yaml file.

rddr.diff_interface module

class rddr.diff_interface.AbstractRddrDiff(mp_manager, shared_state, do_filter=False, logger=None, params=None)

Bases: abc.ABC

Defines the interface for all RDDR diff plugins. Users may extend this class to add support for a particular protocol to RDDR. Diff plugins may optionally specify configuration parameters that a user may provide through the config YAML file. The diff-params key of the YAML file is reserved on each proxy for use by the diff plugin applied to that proxy. The schema expected by the plugin should be well-specified. Diff plugins should implement validate_params to validate the schema of the user-provided diff-params.

Parameters

• do_filter (bool) – If True, will use the first two traffic streams as a filter pair to filter out non-deterministic noise.

• logger (Optional[Logger]) – The logger instance to use for printing messages.

• params (Optional[dict]) – Miscellaneous user-provided config for the plugin, from the user’s YAML config file. Subclasses should define clearly what they expect to be passed as parameters.

diff_traffic(traffic)

Diffs the traffic from N instances. Also indicates how many bytes of each traffic stream has been processed and whether or not more bytes of the stream are needed to process it. This default implementation will never detect divergence, always processes the entire stream and never requests more bytes. Subclasses may raise the RddrInsufficientData exception if diff_traffic was called on partial data (i.e. more data is required from the instances to make a decision). The proxy tunnel will handle this exception by reading from the instances once more before calling diff_traffic again.

Parameters

traffic (List[bytes]) – List of bytestrings from N instances.

Return type

List[Tuple[int, bool]]

Returns

A list of 2-tuples, one tuple for each traffic stream provided through the “traffic” argument. Each tuple is of the form (int, bool). The first element of the tuple is the number of bytes of that stream that have been differenced and can safely be sent along to the client. If this value is zero, no bytes have yet been parsed. If this value is less than zero, then the streams differ from one another, and the traffic SHOULD NOT be forward to the client. The second element of the tuple is a flag indicating whether or not more bytes are required from the traffic source in order to parse this stream. This is useful if the plugin tokenizes the streams and has to this point received a partial token and requires more bytes to fully difference everything.

modify_traffic(traffic, n_instances)

This function replicates one incoming stream into N for each of the N application variants. In the process, it may make modifications to the replica for each instance as necessary. This can be necessary if there are unique tokens that need to be substituted for each instance, as in the case of CSRF tokens in HTML forms. This default implementation makes no modifications to the traffic.

Parameters

• traffic (bytes) – Request to modify per recipient in addrlist.

• n_instances (int) – Number of app instances in this deployment

Return type

List[bytes]

Returns

List of the traffic to send to each of the app variants.

render_denial()

The diff interface can implement a custom error message appropriate for the application layer protocol being handled. An error message, for example. Default implementation returns empty byte string.

Return type

bytes

Returns

Bytestring to be sent back to the client if divergent behavior is seen.

validate_params()

Validates the diff-params key in the user config file. By default, does nothing.

rddr.rddr module

class rddr.rddr.Rddr(config)

Bases: object

Top level class for Rddr. Encapsulates one incoming proxy and one or more outgoing proxy.

Parameters

config (dict) – RDDR configuration dictionary

handle_exception(loop, context)

run()

Endless loop. Calls run() on all proxies configured in separate threads.

Module contents