Spaces:

Fred808
/

NNT2

Sleeping

App Files Files Community

Fred808 commited on Aug 2

Commit

47a9eda

verified ·

1 Parent(s): c747e2e

Upload 54 files

Browse files

This view is limited to 50 files because it contains too many changes. See raw diff

Files changed (50) hide show

.gitignore +127 -0
Dockerfile +52 -0
__init__.py +0 -0
__pycache__/__init__.cpython-311.pyc +0 -0
__pycache__/app.cpython-311.pyc +0 -0
__pycache__/main.cpython-311.pyc +0 -0
__pycache__/main_isp.cpython-311.pyc +0 -0
app.py +190 -0
config.json +98 -0
core/__init__.py +2 -0
core/__pycache__/__init__.cpython-311.pyc +0 -0
core/__pycache__/dhcp_server.cpython-311.pyc +0 -0
core/__pycache__/firewall.cpython-311.pyc +0 -0
core/__pycache__/ip_parser.cpython-311.pyc +0 -0
core/__pycache__/logger.cpython-311.pyc +0 -0
core/__pycache__/nat_engine.cpython-311.pyc +0 -0
core/__pycache__/openvpn_manager.cpython-311.pyc +0 -0
core/__pycache__/packet_bridge.cpython-311.pyc +0 -0
core/__pycache__/session_tracker.cpython-311.pyc +0 -0
core/__pycache__/socket_translator.cpython-311.pyc +0 -0
core/__pycache__/tcp_engine.cpython-311.pyc +0 -0
core/__pycache__/traffic_router.cpython-311.pyc +0 -0
core/__pycache__/virtual_router.cpython-311.pyc +0 -0
core/dhcp_server.py +391 -0
core/firewall.py +523 -0
core/ip_parser.py +546 -0
core/logger.py +555 -0
core/nat_engine.py +516 -0
core/openvpn_manager.py +658 -0
core/packet_bridge.py +664 -0
core/session_tracker.py +602 -0
core/socket_translator.py +653 -0
core/tcp_engine.py +716 -0
core/traffic_router.py +455 -0
core/virtual_router.py +565 -0
database/app.db +0 -0
main.py +62 -0
main_isp.py +273 -0
models/__pycache__/user.cpython-311.pyc +0 -0
models/user.py +18 -0
openvpn/ca.crt +20 -0
openvpn/dh.pem +8 -0
openvpn/server.conf +21 -0
openvpn/server.crt +86 -0
openvpn/server.key +28 -0
requirements.txt +33 -0
routes/__pycache__/isp_api.cpython-311.pyc +0 -0
routes/__pycache__/user.cpython-311.pyc +0 -0
routes/isp_api.py +1171 -0
routes/user.py +39 -0

.gitignore ADDED Viewed

	@@ -0,0 +1,127 @@

+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+# Virtual environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+# IDEs
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+# Logs
+*.log
+logs/
+/var/log/
+# Database
+*.db
+*.sqlite
+*.sqlite3
+# VPN configurations (for security)
+*.ovpn
+*.crt
+*.key
+*.pem
+/tmp/vpn_client_configs/
+# OpenVPN
+/etc/openvpn/
+/var/log/openvpn/
+# Temporary files
+/tmp/
+*.tmp
+*.temp
+# Flask
+instance/
+.webassets-cache
+# Environment variables
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+# Coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+# Jupyter Notebook
+.ipynb_checkpoints
+# pyenv
+.python-version
+# Celery
+celerybeat-schedule
+celerybeat.pid
+# SageMath parsed files
+*.sage.py
+# Spyder project settings
+.spyderproject
+.spyproject
+# Rope project settings
+.ropeproject
+# mkdocs documentation
+/site
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json

Dockerfile ADDED Viewed

	@@ -0,0 +1,52 @@

+# Virtual ISP Stack with OpenVPN Integration
+# Dockerfile for containerized deployment
+FROM python:3.11-slim
+# Set working directory
+WORKDIR /app
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    openvpn \
+    iptables \
+    iproute2 \
+    net-tools \
+    procps \
+    build-essential \
+    python3-dev \
+    && rm -rf /var/lib/apt/lists/*
+COPY openvpn/server.conf /etc/openvpn/server/server.conf
+COPY openvpn/ca.crt /etc/openvpn/server/ca.crt
+COPY openvpn/server.crt /etc/openvpn/server/server.crt
+COPY openvpn/server.key /etc/openvpn/server/server.key
+COPY openvpn/dh.pem /etc/openvpn/server/dh.pem
+# Copy requirements and install Python dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+# Copy application files
+COPY . .
+# Create necessary directories
+RUN mkdir -p /tmp/vpn_client_configs \
+    && mkdir -p /var/log/openvpn \
+    && mkdir -p database
+# Set environment variables
+ENV FLASK_APP=app.py
+ENV FLASK_ENV=production
+ENV PORT=7860
+# Expose port
+EXPOSE 7860
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:7860/health || exit 1
+# Run the application
+CMD ["python", "app.py"]

__init__.py ADDED Viewed

File without changes

__pycache__/__init__.cpython-311.pyc ADDED Viewed

Binary file (173 Bytes). View file

__pycache__/app.cpython-311.pyc ADDED Viewed

Binary file (7.82 kB). View file

__pycache__/main.cpython-311.pyc ADDED Viewed

Binary file (3.57 kB). View file

__pycache__/main_isp.cpython-311.pyc ADDED Viewed

Binary file (10.8 kB). View file

app.py ADDED Viewed

	@@ -0,0 +1,190 @@

+#!/usr/bin/env python3
+"""
+Virtual ISP Stack with OpenVPN Integration
+HuggingFace Spaces Entry Point
+This application provides a complete Virtual ISP stack with OpenVPN server integration,
+allowing users to manage VPN connections, generate client configurations, and monitor
+network traffic through a RESTful API.
+"""
+import os
+import sys
+import logging
+# Add current directory to Python path
+sys.path.insert(0, os.path.dirname(__file__))
+from flask import Flask, send_from_directory, jsonify
+from flask_cors import CORS
+from models.user import db
+from routes.user import user_bp
+from routes.isp_api import init_engines, isp_api
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s'
+)
+logger = logging.getLogger(__name__)
+# Create Flask application
+app = Flask(__name__, static_folder=os.path.join(os.path.dirname(__file__), 'static'))
+# Enable CORS for all routes
+CORS(app, origins="*")
+# Configuration
+app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY', 'vpn-isp-stack-secret-key-change-in-production')
+# Database configuration
+database_path = os.path.join(os.path.dirname(__file__), 'database', 'app.db')
+app.config['SQLALCHEMY_DATABASE_URI'] = f"sqlite:///{database_path}"
+app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+# Initialize database
+db.init_app(app)
+# Register blueprints
+app.register_blueprint(user_bp, url_prefix='/api')
+app.register_blueprint(isp_api, url_prefix='/api')
+# Engine configuration
+app.config.update({
+    "dhcp": {
+        "network": "10.0.0.0/24",
+        "range_start": "10.0.0.10",
+        "range_end": "10.0.0.100",
+        "lease_time": 3600,
+        "gateway": "10.0.0.1",
+        "dns_servers": ["8.8.8.8", "8.8.4.4"]
+    },
+    "nat": {
+        "port_range_start": 10000,
+        "port_range_end": 65535,
+        "session_timeout": 300
+    },
+    "firewall": {
+        "default_policy": "ACCEPT",
+        "log_blocked": True
+    },
+    "tcp": {
+        "initial_window": 65535,
+        "max_retries": 3,
+        "timeout": 30
+    },
+    "openvpn": {
+        "server_ip": "10.8.0.1",
+        "server_port": 1194,
+        "network": "10.8.0.0/24"
+    },
+    "logger": {
+        "log_level": "INFO",
+        "log_file": "/tmp/virtual_isp.log"
+    }
+})
+# Initialize database tables
+with app.app_context():
+    try:
+        db.create_all()
+        logger.info("Database tables created successfully")
+    except Exception as e:
+        logger.error(f"Error creating database tables: {e}")
+# Initialize engines
+try:
+    init_engines(app.config)
+    logger.info("All engines initialized successfully")
+except Exception as e:
+    logger.error(f"Error initializing engines: {e}")
+@app.route('/')
+def index():
+    """Main index page"""
+    return serve_static('')
+@app.route('/health')
+def health_check():
+    """Health check endpoint for monitoring"""
+    return jsonify({
+        'status': 'healthy',
+        'service': 'Virtual ISP Stack with OpenVPN',
+        'version': '1.0.0'
+    })
+@app.route('/api')
+def api_info():
+    """API information endpoint"""
+    return jsonify({
+        'service': 'Virtual ISP Stack API',
+        'version': '1.0.0',
+        'endpoints': {
+            'openvpn': {
+                'status': '/api/openvpn/status',
+                'start': '/api/openvpn/start',
+                'stop': '/api/openvpn/stop',
+                'clients': '/api/openvpn/clients',
+                'config': '/api/openvpn/config/<client_name>',
+                'stats': '/api/openvpn/stats',
+                'configs': '/api/openvpn/configs'
+            },
+            'dhcp': {
+                'leases': '/api/dhcp/leases'
+            },
+            'nat': {
+                'sessions': '/api/nat/sessions',
+                'stats': '/api/nat/stats'
+            },
+            'firewall': {
+                'rules': '/api/firewall/rules',
+                'logs': '/api/firewall/logs',
+                'stats': '/api/firewall/stats'
+            }
+        }
+    })
+@app.route('/<path:path>')
+def serve_static(path):
+    """Serve static files"""
+    static_folder_path = app.static_folder
+    if static_folder_path is None:
+        return jsonify({'error': 'Static folder not configured'}), 404
+    if path != "" and os.path.exists(os.path.join(static_folder_path, path)):
+        return send_from_directory(static_folder_path, path)
+    else:
+        index_path = os.path.join(static_folder_path, 'index.html')
+        if os.path.exists(index_path):
+            return send_from_directory(static_folder_path, 'index.html')
+        else:
+            return jsonify({
+                'message': 'Virtual ISP Stack with OpenVPN Integration',
+                'status': 'running',
+                'api_docs': '/api'
+            })
+@app.errorhandler(404)
+def not_found(error):
+    """Handle 404 errors"""
+    return jsonify({'error': 'Endpoint not found', 'api_docs': '/api'}), 404
+@app.errorhandler(500)
+def internal_error(error):
+    """Handle 500 errors"""
+    return jsonify({'error': 'Internal server error'}), 500
+if __name__ == '__main__':
+    # Get port from environment variable (HuggingFace Spaces uses PORT)
+    port = int(os.environ.get('PORT', 7860))
+    logger.info(f"Starting Virtual ISP Stack with OpenVPN on port {port}")
+    # Run the application
+    app.run(
+        host='0.0.0.0',
+        port=port,
+        debug=False,
+        threaded=True
+    )

config.json ADDED Viewed

	@@ -0,0 +1,98 @@

+{
+  "dhcp": {
+    "network": "10.0.0.0/24",
+    "range_start": "10.0.0.10",
+    "range_end": "10.0.0.100",
+    "lease_time": 3600,
+    "gateway": "10.0.0.1",
+    "dns_servers": [
+      "8.8.8.8",
+      "8.8.4.4"
+    ]
+  },
+  "nat": {
+    "port_range_start": 10000,
+    "port_range_end": 65535,
+    "session_timeout": 300,
+    "host_ip": "0.0.0.0"
+  },
+  "firewall": {
+    "default_policy": "ACCEPT",
+    "log_blocked": true,
+    "log_accepted": false,
+    "max_log_entries": 10000,
+    "rules": [
+      {
+        "rule_id": "allow_dhcp",
+        "priority": 1,
+        "action": "ACCEPT",
+        "direction": "BOTH",
+        "dest_port": "67,68",
+        "protocol": "UDP",
+        "description": "Allow DHCP traffic",
+        "enabled": true
+      },
+      {
+        "rule_id": "allow_dns",
+        "priority": 2,
+        "action": "ACCEPT",
+        "direction": "BOTH",
+        "dest_port": "53",
+        "protocol": "UDP",
+        "description": "Allow DNS traffic",
+        "enabled": true
+      }
+    ]
+  },
+  "tcp": {
+    "initial_window": 65535,
+    "max_retries": 3,
+    "timeout": 300,
+    "time_wait_timeout": 120,
+    "mss": 1460
+  },
+  "router": {
+    "router_id": "virtual-isp-router",
+    "default_gateway": "10.0.0.1",
+    "interfaces": [
+      {
+        "name": "virtual0",
+        "ip_address": "10.0.0.1",
+        "netmask": "255.255.255.0",
+        "enabled": true,
+        "mtu": 1500
+      }
+    ],
+    "static_routes": []
+  },
+  "socket_translator": {
+    "connect_timeout": 10,
+    "read_timeout": 30,
+    "max_connections": 1000,
+    "buffer_size": 8192
+  },
+  "packet_bridge": {
+    "websocket_host": "0.0.0.0",
+    "websocket_port": 8765,
+    "tcp_host": "0.0.0.0",
+    "tcp_port": 8766,
+    "max_clients": 100,
+    "client_timeout": 300
+  },
+  "session_tracker": {
+    "max_sessions": 10000,
+    "session_timeout": 3600,
+    "cleanup_interval": 300,
+    "metrics_retention": 86400
+  },
+  "logger": {
+    "log_level": "INFO",
+    "log_to_file": true,
+    "log_file_path": "/tmp/virtual_isp.log",
+    "log_file_max_size": 10485760,
+    "log_file_backup_count": 5,
+    "log_to_console": true,
+    "structured_logging": true,
+    "max_memory_logs": 10000
+  }
+}

core/__init__.py ADDED Viewed

	@@ -0,0 +1,2 @@


1	+ # Core networking modules for the virtual ISP stack
2	+

core/__pycache__/__init__.cpython-311.pyc ADDED Viewed

Binary file (156 Bytes). View file

core/__pycache__/dhcp_server.cpython-311.pyc ADDED Viewed

Binary file (21.2 kB). View file

core/__pycache__/firewall.cpython-311.pyc ADDED Viewed

Binary file (27.4 kB). View file

core/__pycache__/ip_parser.cpython-311.pyc ADDED Viewed

Binary file (23.1 kB). View file

core/__pycache__/logger.cpython-311.pyc ADDED Viewed

Binary file (29.4 kB). View file

core/__pycache__/nat_engine.cpython-311.pyc ADDED Viewed

Binary file (29.3 kB). View file

core/__pycache__/openvpn_manager.cpython-311.pyc ADDED Viewed

Binary file (31.8 kB). View file

core/__pycache__/packet_bridge.cpython-311.pyc ADDED Viewed

Binary file (34.3 kB). View file

core/__pycache__/session_tracker.cpython-311.pyc ADDED Viewed

Binary file (33.9 kB). View file

core/__pycache__/socket_translator.cpython-311.pyc ADDED Viewed

Binary file (32.8 kB). View file

core/__pycache__/tcp_engine.cpython-311.pyc ADDED Viewed

Binary file (33.1 kB). View file

core/__pycache__/traffic_router.cpython-311.pyc ADDED Viewed

Binary file (22.6 kB). View file

core/__pycache__/virtual_router.cpython-311.pyc ADDED Viewed

Binary file (30.7 kB). View file

core/dhcp_server.py ADDED Viewed

	@@ -0,0 +1,391 @@

+"""
+DHCP Server Module
+Implements a user-space DHCP server that handles:
+- DHCP DISCOVER → OFFER → REQUEST → ACK sequence
+- IP lease management
+- Lease renewals and expiration
+"""
+import struct
+import time
+import socket
+import threading
+from typing import Dict, Optional, Tuple
+from dataclasses import dataclass
+from enum import Enum
+class DHCPMessageType(Enum):
+    DISCOVER = 1
+    OFFER = 2
+    REQUEST = 3
+    DECLINE = 4
+    ACK = 5
+    NAK = 6
+    RELEASE = 7
+    INFORM = 8
+@dataclass
+class DHCPLease:
+    """Represents a DHCP lease"""
+    mac_address: str
+    ip_address: str
+    lease_time: int
+    lease_start: float
+    state: str = 'BOUND'
+    @property
+    def is_expired(self) -> bool:
+        return time.time() > (self.lease_start + self.lease_time)
+    @property
+    def remaining_time(self) -> int:
+        remaining = int((self.lease_start + self.lease_time) - time.time())
+        return max(0, remaining)
+class DHCPPacket:
+    """DHCP packet parser and builder"""
+    def __init__(self):
+        self.op = 0  # Message op code / message type
+        self.htype = 1  # Hardware address type (Ethernet = 1)
+        self.hlen = 6  # Hardware address length
+        self.hops = 0  # Hops
+        self.xid = 0  # Transaction ID
+        self.secs = 0  # Seconds elapsed
+        self.flags = 0  # Flags
+        self.ciaddr = '0.0.0.0'  # Client IP address
+        self.yiaddr = '0.0.0.0'  # Your IP address
+        self.siaddr = '0.0.0.0'  # Server IP address
+        self.giaddr = '0.0.0.0'  # Gateway IP address
+        self.chaddr = b'\x00' * 16  # Client hardware address
+        self.sname = b'\x00' * 64  # Server name
+        self.file = b'\x00' * 128  # Boot file name
+        self.options = {}  # DHCP options
+    @classmethod
+    def parse(cls, data: bytes) -> 'DHCPPacket':
+        """Parse DHCP packet from raw bytes"""
+        packet = cls()
+        # Parse fixed fields (first 236 bytes)
+        if len(data) < 236:
+            raise ValueError("DHCP packet too short")
+        fields = struct.unpack('!BBBBIHH4s4s4s4s16s64s128s', data[:236])
+        packet.op = fields[0]
+        packet.htype = fields[1]
+        packet.hlen = fields[2]
+        packet.hops = fields[3]
+        packet.xid = fields[4]
+        packet.secs = fields[5]
+        packet.flags = fields[6]
+        packet.ciaddr = socket.inet_ntoa(fields[7])
+        packet.yiaddr = socket.inet_ntoa(fields[8])
+        packet.siaddr = socket.inet_ntoa(fields[9])
+        packet.giaddr = socket.inet_ntoa(fields[10])
+        packet.chaddr = fields[11]
+        packet.sname = fields[12]
+        packet.file = fields[13]
+        # Parse options (after magic cookie)
+        options_data = data[236:]
+        if len(options_data) >= 4:
+            magic = struct.unpack('!I', options_data[:4])[0]
+            if magic == 0x63825363:  # DHCP magic cookie
+                packet.options = packet._parse_options(options_data[4:])
+        return packet
+    def _parse_options(self, data: bytes) -> Dict[int, bytes]:
+        """Parse DHCP options"""
+        options = {}
+        i = 0
+        while i < len(data):
+            if data[i] == 255:  # End option
+                break
+            elif data[i] == 0:  # Pad option
+                i += 1
+                continue
+            option_type = data[i]
+            if i + 1 >= len(data):
+                break
+            option_length = data[i + 1]
+            if i + 2 + option_length > len(data):
+                break
+            option_data = data[i + 2:i + 2 + option_length]
+            options[option_type] = option_data
+            i += 2 + option_length
+        return options
+    def build(self) -> bytes:
+        """Build DHCP packet as bytes"""
+        # Build fixed fields
+        packet_data = struct.pack(
+            '!BBBBIHH4s4s4s4s16s64s128s',
+            self.op, self.htype, self.hlen, self.hops,
+            self.xid, self.secs, self.flags,
+            socket.inet_aton(self.ciaddr),
+            socket.inet_aton(self.yiaddr),
+            socket.inet_aton(self.siaddr),
+            socket.inet_aton(self.giaddr),
+            self.chaddr, self.sname, self.file
+        )
+        # Add magic cookie
+        packet_data += struct.pack('!I', 0x63825363)
+        # Add options
+        for option_type, option_data in self.options.items():
+            packet_data += struct.pack('!BB', option_type, len(option_data))
+            packet_data += option_data
+        # Add end option
+        packet_data += b'\xff'
+        # Pad to minimum size
+        while len(packet_data) < 300:
+            packet_data += b'\x00'
+        return packet_data
+    def get_mac_address(self) -> str:
+        """Get client MAC address as string"""
+        return ':'.join(f'{b:02x}' for b in self.chaddr[:6])
+    def get_message_type(self) -> Optional[DHCPMessageType]:
+        """Get DHCP message type from options"""
+        if 53 in self.options and len(self.options[53]) == 1:
+            msg_type = self.options[53][0]
+            try:
+                return DHCPMessageType(msg_type)
+            except ValueError:
+                return None
+        return None
+class DHCPServer:
+    """User-space DHCP server implementation"""
+    def __init__(self, config: Dict):
+        self.config = config
+        self.leases: Dict[str, DHCPLease] = {}  # MAC -> Lease
+        self.ip_pool = self._build_ip_pool()
+        self.running = False
+        self.server_thread = None
+        self.lock = threading.Lock()
+    def _build_ip_pool(self) -> set:
+        """Build available IP address pool"""
+        network = self.config['network']
+        start_ip = self.config['range_start']
+        end_ip = self.config['range_end']
+        # Convert IP addresses to integers for range calculation
+        start_int = struct.unpack('!I', socket.inet_aton(start_ip))[0]
+        end_int = struct.unpack('!I', socket.inet_aton(end_ip))[0]
+        pool = set()
+        for ip_int in range(start_int, end_int + 1):
+            ip_str = socket.inet_ntoa(struct.pack('!I', ip_int))
+            pool.add(ip_str)
+        return pool
+    def _get_available_ip(self) -> Optional[str]:
+        """Get next available IP address"""
+        with self.lock:
+            # Remove expired leases
+            self._cleanup_expired_leases()
+            # Find available IP
+            used_ips = {lease.ip_address for lease in self.leases.values()}
+            available_ips = self.ip_pool - used_ips
+            if available_ips:
+                return min(available_ips)  # Return lowest available IP
+            return None
+    def _cleanup_expired_leases(self):
+        """Remove expired leases"""
+        expired_macs = [
+            mac for mac, lease in self.leases.items()
+            if lease.is_expired
+        ]
+        for mac in expired_macs:
+            del self.leases[mac]
+    def _create_dhcp_offer(self, discover_packet: DHCPPacket) -> DHCPPacket:
+        """Create DHCP OFFER response"""
+        mac_address = discover_packet.get_mac_address()
+        # Check for existing lease
+        if mac_address in self.leases and not self.leases[mac_address].is_expired:
+            offered_ip = self.leases[mac_address].ip_address
+        else:
+            offered_ip = self._get_available_ip()
+            if not offered_ip:
+                return None  # No available IPs
+        # Create OFFER packet
+        offer = DHCPPacket()
+        offer.op = 2  # BOOTREPLY
+        offer.htype = discover_packet.htype
+        offer.hlen = discover_packet.hlen
+        offer.xid = discover_packet.xid
+        offer.yiaddr = offered_ip
+        offer.siaddr = self.config['gateway']
+        offer.chaddr = discover_packet.chaddr
+        # Add DHCP options
+        offer.options[53] = bytes([DHCPMessageType.OFFER.value])  # Message type
+        offer.options[1] = socket.inet_aton('255.255.255.0')  # Subnet mask
+        offer.options[3] = socket.inet_aton(self.config['gateway'])  # Router
+        offer.options[6] = b''.join(socket.inet_aton(dns) for dns in self.config['dns_servers'])  # DNS
+        offer.options[51] = struct.pack('!I', self.config['lease_time'])  # Lease time
+        offer.options[54] = socket.inet_aton(self.config['gateway'])  # DHCP server identifier
+        return offer
+    def _create_dhcp_ack(self, request_packet: DHCPPacket) -> DHCPPacket:
+        """Create DHCP ACK response"""
+        mac_address = request_packet.get_mac_address()
+        requested_ip = request_packet.ciaddr
+        # If no requested IP in ciaddr, check option 50
+        if requested_ip == '0.0.0.0' and 50 in request_packet.options:
+            requested_ip = socket.inet_ntoa(request_packet.options[50])
+        # Validate request
+        if not self._validate_request(mac_address, requested_ip):
+            return self._create_dhcp_nak(request_packet)
+        # Create or update lease
+        lease = DHCPLease(
+            mac_address=mac_address,
+            ip_address=requested_ip,
+            lease_time=self.config['lease_time'],
+            lease_start=time.time()
+        )
+        with self.lock:
+            self.leases[mac_address] = lease
+        # Create ACK packet
+        ack = DHCPPacket()
+        ack.op = 2  # BOOTREPLY
+        ack.htype = request_packet.htype
+        ack.hlen = request_packet.hlen
+        ack.xid = request_packet.xid
+        ack.yiaddr = requested_ip
+        ack.siaddr = self.config['gateway']
+        ack.chaddr = request_packet.chaddr
+        # Add DHCP options
+        ack.options[53] = bytes([DHCPMessageType.ACK.value])  # Message type
+        ack.options[1] = socket.inet_aton('255.255.255.0')  # Subnet mask
+        ack.options[3] = socket.inet_aton(self.config['gateway'])  # Router
+        ack.options[6] = b''.join(socket.inet_aton(dns) for dns in self.config['dns_servers'])  # DNS
+        ack.options[51] = struct.pack('!I', self.config['lease_time'])  # Lease time
+        ack.options[54] = socket.inet_aton(self.config['gateway'])  # DHCP server identifier
+        return ack
+    def _create_dhcp_nak(self, request_packet: DHCPPacket) -> DHCPPacket:
+        """Create DHCP NAK response"""
+        nak = DHCPPacket()
+        nak.op = 2  # BOOTREPLY
+        nak.htype = request_packet.htype
+        nak.hlen = request_packet.hlen
+        nak.xid = request_packet.xid
+        nak.chaddr = request_packet.chaddr
+        # Add DHCP options
+        nak.options[53] = bytes([DHCPMessageType.NAK.value])  # Message type
+        nak.options[54] = socket.inet_aton(self.config['gateway'])  # DHCP server identifier
+        return nak
+    def _validate_request(self, mac_address: str, requested_ip: str) -> bool:
+        """Validate DHCP request"""
+        # Check if IP is in our pool
+        if requested_ip not in self.ip_pool:
+            return False
+        # Check if IP is available or already assigned to this MAC
+        with self.lock:
+            for mac, lease in self.leases.items():
+                if lease.ip_address == requested_ip:
+                    if mac != mac_address and not lease.is_expired:
+                        return False  # IP already assigned to different MAC
+        return True
+    def process_packet(self, packet_data: bytes, client_addr: Tuple[str, int]) -> Optional[bytes]:
+        """Process incoming DHCP packet and return response"""
+        try:
+            packet = DHCPPacket.parse(packet_data)
+            message_type = packet.get_message_type()
+            if message_type == DHCPMessageType.DISCOVER:
+                response = self._create_dhcp_offer(packet)
+            elif message_type == DHCPMessageType.REQUEST:
+                response = self._create_dhcp_ack(packet)
+            elif message_type == DHCPMessageType.RELEASE:
+                # Handle lease release
+                mac_address = packet.get_mac_address()
+                with self.lock:
+                    if mac_address in self.leases:
+                        del self.leases[mac_address]
+                return None
+            else:
+                return None
+            if response:
+                return response.build()
+        except Exception as e:
+            print(f"Error processing DHCP packet: {e}")
+            return None
+    def get_leases(self) -> Dict[str, Dict]:
+        """Get current lease table"""
+        with self.lock:
+            self._cleanup_expired_leases()
+            return {
+                mac: {
+                    'ip_address': lease.ip_address,
+                    'lease_time': lease.lease_time,
+                    'lease_start': lease.lease_start,
+                    'remaining_time': lease.remaining_time,
+                    'state': lease.state
+                }
+                for mac, lease in self.leases.items()
+            }
+    def release_lease(self, mac_address: str) -> bool:
+        """Manually release a lease"""
+        with self.lock:
+            if mac_address in self.leases:
+                del self.leases[mac_address]
+                return True
+            return False
+    def start(self):
+        """Start DHCP server (placeholder for integration with packet bridge)"""
+        self.running = True
+        print(f"DHCP server started - Pool: {self.config['range_start']} - {self.config['range_end']}")
+    def stop(self):
+        """Stop DHCP server"""
+        self.running = False
+        print("DHCP server stopped")

core/firewall.py ADDED Viewed

	@@ -0,0 +1,523 @@

+"""
+Firewall Module
+Implements packet filtering and access control:
+- Rule-based packet filtering (allow/block by IP, port, protocol)
+- Ordered rule processing
+- Logging and statistics
+- Dynamic rule management via API
+"""
+import time
+import threading
+import ipaddress
+import re
+from typing import Dict, List, Optional, Tuple, Any
+from dataclasses import dataclass
+from enum import Enum
+from .ip_parser import ParsedPacket, TCPHeader, UDPHeader
+class FirewallAction(Enum):
+    ACCEPT = "ACCEPT"
+    DROP = "DROP"
+    REJECT = "REJECT"
+class FirewallDirection(Enum):
+    INBOUND = "INBOUND"
+    OUTBOUND = "OUTBOUND"
+    BOTH = "BOTH"
+@dataclass
+class FirewallRule:
+    """Represents a firewall rule"""
+    rule_id: str
+    priority: int  # Lower number = higher priority
+    action: FirewallAction
+    direction: FirewallDirection
+    # Match criteria
+    source_ip: Optional[str] = None  # IP or CIDR
+    dest_ip: Optional[str] = None    # IP or CIDR
+    source_port: Optional[str] = None  # Port or range (e.g., "80", "80-90", "80,443")
+    dest_port: Optional[str] = None    # Port or range
+    protocol: Optional[str] = None     # TCP, UDP, ICMP, or None for any
+    # Metadata
+    description: str = ""
+    enabled: bool = True
+    created_time: float = 0
+    hit_count: int = 0
+    last_hit: Optional[float] = None
+    def __post_init__(self):
+        if self.created_time == 0:
+            self.created_time = time.time()
+    def record_hit(self):
+        """Record a rule hit"""
+        self.hit_count += 1
+        self.last_hit = time.time()
+    def to_dict(self) -> Dict:
+        """Convert rule to dictionary"""
+        return {
+            'rule_id': self.rule_id,
+            'priority': self.priority,
+            'action': self.action.value,
+            'direction': self.direction.value,
+            'source_ip': self.source_ip,
+            'dest_ip': self.dest_ip,
+            'source_port': self.source_port,
+            'dest_port': self.dest_port,
+            'protocol': self.protocol,
+            'description': self.description,
+            'enabled': self.enabled,
+            'created_time': self.created_time,
+            'hit_count': self.hit_count,
+            'last_hit': self.last_hit
+        }
+@dataclass
+class FirewallLogEntry:
+    """Represents a firewall log entry"""
+    timestamp: float
+    action: str
+    rule_id: Optional[str]
+    source_ip: str
+    dest_ip: str
+    source_port: int
+    dest_port: int
+    protocol: str
+    packet_size: int
+    reason: str = ""
+    def to_dict(self) -> Dict:
+        """Convert log entry to dictionary"""
+        return {
+            'timestamp': self.timestamp,
+            'action': self.action,
+            'rule_id': self.rule_id,
+            'source_ip': self.source_ip,
+            'dest_ip': self.dest_ip,
+            'source_port': self.source_port,
+            'dest_port': self.dest_port,
+            'protocol': self.protocol,
+            'packet_size': self.packet_size,
+            'reason': self.reason
+        }
+class FirewallEngine:
+    """Firewall engine implementation"""
+    def __init__(self, config: Dict):
+        self.config = config
+        self.rules: Dict[str, FirewallRule] = {}
+        self.logs: List[FirewallLogEntry] = []
+        self.lock = threading.Lock()
+        # Configuration
+        self.default_policy = FirewallAction(config.get('default_policy', 'ACCEPT'))
+        self.log_blocked = config.get('log_blocked', True)
+        self.log_accepted = config.get('log_accepted', False)
+        self.max_log_entries = config.get('max_log_entries', 10000)
+        # Statistics
+        self.stats = {
+            'packets_processed': 0,
+            'packets_accepted': 0,
+            'packets_dropped': 0,
+            'packets_rejected': 0,
+            'rules_hit': 0,
+            'default_policy_hits': 0
+        }
+        # Load initial rules
+        initial_rules = config.get('rules', [])
+        for rule_config in initial_rules:
+            self._add_rule_from_config(rule_config)
+    def _add_rule_from_config(self, rule_config: Dict):
+        """Add rule from configuration"""
+        rule = FirewallRule(
+            rule_id=rule_config['rule_id'],
+            priority=rule_config.get('priority', 100),
+            action=FirewallAction(rule_config['action']),
+            direction=FirewallDirection(rule_config.get('direction', 'BOTH')),
+            source_ip=rule_config.get('source_ip'),
+            dest_ip=rule_config.get('dest_ip'),
+            source_port=rule_config.get('source_port'),
+            dest_port=rule_config.get('dest_port'),
+            protocol=rule_config.get('protocol'),
+            description=rule_config.get('description', ''),
+            enabled=rule_config.get('enabled', True)
+        )
+        with self.lock:
+            self.rules[rule.rule_id] = rule
+    def _match_ip(self, ip: str, pattern: str) -> bool:
+        """Match IP address against pattern (IP or CIDR)"""
+        try:
+            if '/' in pattern:
+                # CIDR notation
+                network = ipaddress.ip_network(pattern, strict=False)
+                return ipaddress.ip_address(ip) in network
+            else:
+                # Exact IP match
+                return ip == pattern
+        except (ipaddress.AddressValueError, ValueError):
+            return False
+    def _match_port(self, port: int, pattern: str) -> bool:
+        """Match port against pattern (port, range, or list)"""
+        try:
+            if ',' in pattern:
+                # List of ports: "80,443,8080"
+                ports = [int(p.strip()) for p in pattern.split(',')]
+                return port in ports
+            elif '-' in pattern:
+                # Port range: "80-90"
+                start, end = map(int, pattern.split('-', 1))
+                return start <= port <= end
+            else:
+                # Single port: "80"
+                return port == int(pattern)
+        except (ValueError, TypeError):
+            return False
+    def _match_protocol(self, protocol: str, pattern: str) -> bool:
+        """Match protocol against pattern"""
+        if pattern is None:
+            return True  # Match any protocol
+        return protocol.upper() == pattern.upper()
+    def _evaluate_rule(self, rule: FirewallRule, packet: ParsedPacket, direction: FirewallDirection) -> bool:
+        """Evaluate if a rule matches a packet"""
+        if not rule.enabled:
+            return False
+        # Check direction
+        if rule.direction != FirewallDirection.BOTH and rule.direction != direction:
+            return False
+        # Check source IP
+        if rule.source_ip and not self._match_ip(packet.ip_header.source_ip, rule.source_ip):
+            return False
+        # Check destination IP
+        if rule.dest_ip and not self._match_ip(packet.ip_header.dest_ip, rule.dest_ip):
+            return False
+        # Check protocol
+        if packet.transport_header:
+            if isinstance(packet.transport_header, TCPHeader):
+                protocol = 'TCP'
+                source_port = packet.transport_header.source_port
+                dest_port = packet.transport_header.dest_port
+            elif isinstance(packet.transport_header, UDPHeader):
+                protocol = 'UDP'
+                source_port = packet.transport_header.source_port
+                dest_port = packet.transport_header.dest_port
+            else:
+                protocol = 'OTHER'
+                source_port = 0
+                dest_port = 0
+        else:
+            protocol = 'OTHER'
+            source_port = 0
+            dest_port = 0
+        if not self._match_protocol(protocol, rule.protocol):
+            return False
+        # Check source port
+        if rule.source_port and not self._match_port(source_port, rule.source_port):
+            return False
+        # Check destination port
+        if rule.dest_port and not self._match_port(dest_port, rule.dest_port):
+            return False
+        return True
+    def _log_packet(self, action: str, packet: ParsedPacket, rule_id: Optional[str] = None, reason: str = ""):
+        """Log packet processing"""
+        if not (self.log_blocked or self.log_accepted):
+            return
+        # Only log if configured
+        if action == 'ACCEPT' and not self.log_accepted:
+            return
+        if action in ['DROP', 'REJECT'] and not self.log_blocked:
+            return
+        # Extract packet information
+        if packet.transport_header:
+            if isinstance(packet.transport_header, (TCPHeader, UDPHeader)):
+                source_port = packet.transport_header.source_port
+                dest_port = packet.transport_header.dest_port
+                protocol = 'TCP' if isinstance(packet.transport_header, TCPHeader) else 'UDP'
+            else:
+                source_port = 0
+                dest_port = 0
+                protocol = 'OTHER'
+        else:
+            source_port = 0
+            dest_port = 0
+            protocol = 'OTHER'
+        log_entry = FirewallLogEntry(
+            timestamp=time.time(),
+            action=action,
+            rule_id=rule_id,
+            source_ip=packet.ip_header.source_ip,
+            dest_ip=packet.ip_header.dest_ip,
+            source_port=source_port,
+            dest_port=dest_port,
+            protocol=protocol,
+            packet_size=len(packet.raw_packet),
+            reason=reason
+        )
+        with self.lock:
+            self.logs.append(log_entry)
+            # Trim logs if too many
+            if len(self.logs) > self.max_log_entries:
+                self.logs = self.logs[-self.max_log_entries:]
+    def process_packet(self, packet: ParsedPacket, direction: FirewallDirection) -> FirewallAction:
+        """Process packet through firewall rules"""
+        self.stats['packets_processed'] += 1
+        # Get sorted rules by priority
+        with self.lock:
+            sorted_rules = sorted(self.rules.values(), key=lambda r: r.priority)
+        # Evaluate rules in order
+        for rule in sorted_rules:
+            if self._evaluate_rule(rule, packet, direction):
+                rule.record_hit()
+                self.stats['rules_hit'] += 1
+                # Log the action
+                self._log_packet(rule.action.value, packet, rule.rule_id, f"Matched rule: {rule.description}")
+                # Update statistics
+                if rule.action == FirewallAction.ACCEPT:
+                    self.stats['packets_accepted'] += 1
+                elif rule.action == FirewallAction.DROP:
+                    self.stats['packets_dropped'] += 1
+                elif rule.action == FirewallAction.REJECT:
+                    self.stats['packets_rejected'] += 1
+                return rule.action
+        # No rule matched, apply default policy
+        self.stats['default_policy_hits'] += 1
+        self._log_packet(self.default_policy.value, packet, None, "Default policy")
+        if self.default_policy == FirewallAction.ACCEPT:
+            self.stats['packets_accepted'] += 1
+        elif self.default_policy == FirewallAction.DROP:
+            self.stats['packets_dropped'] += 1
+        elif self.default_policy == FirewallAction.REJECT:
+            self.stats['packets_rejected'] += 1
+        return self.default_policy
+    def add_rule(self, rule: FirewallRule) -> bool:
+        """Add firewall rule"""
+        with self.lock:
+            if rule.rule_id in self.rules:
+                return False
+            self.rules[rule.rule_id] = rule
+            return True
+    def remove_rule(self, rule_id: str) -> bool:
+        """Remove firewall rule"""
+        with self.lock:
+            if rule_id in self.rules:
+                del self.rules[rule_id]
+                return True
+            return False
+    def update_rule(self, rule_id: str, **kwargs) -> bool:
+        """Update firewall rule"""
+        with self.lock:
+            if rule_id not in self.rules:
+                return False
+            rule = self.rules[rule_id]
+            for key, value in kwargs.items():
+                if hasattr(rule, key):
+                    if key in ['action', 'direction']:
+                        # Handle enum values
+                        if key == 'action':
+                            value = FirewallAction(value)
+                        elif key == 'direction':
+                            value = FirewallDirection(value)
+                    setattr(rule, key, value)
+            return True
+    def enable_rule(self, rule_id: str) -> bool:
+        """Enable firewall rule"""
+        return self.update_rule(rule_id, enabled=True)
+    def disable_rule(self, rule_id: str) -> bool:
+        """Disable firewall rule"""
+        return self.update_rule(rule_id, enabled=False)
+    def get_rules(self) -> List[Dict]:
+        """Get all firewall rules"""
+        with self.lock:
+            return [rule.to_dict() for rule in sorted(self.rules.values(), key=lambda r: r.priority)]
+    def get_rule(self, rule_id: str) -> Optional[Dict]:
+        """Get specific firewall rule"""
+        with self.lock:
+            rule = self.rules.get(rule_id)
+            return rule.to_dict() if rule else None
+    def get_logs(self, limit: int = 100, filter_action: Optional[str] = None) -> List[Dict]:
+        """Get firewall logs"""
+        with self.lock:
+            logs = self.logs.copy()
+        # Filter by action if specified
+        if filter_action:
+            logs = [log for log in logs if log.action == filter_action.upper()]
+        # Return most recent logs
+        return [log.to_dict() for log in logs[-limit:]]
+    def clear_logs(self):
+        """Clear firewall logs"""
+        with self.lock:
+            self.logs.clear()
+    def get_stats(self) -> Dict:
+        """Get firewall statistics"""
+        with self.lock:
+            stats = self.stats.copy()
+            stats['total_rules'] = len(self.rules)
+            stats['enabled_rules'] = sum(1 for rule in self.rules.values() if rule.enabled)
+            stats['log_entries'] = len(self.logs)
+            stats['default_policy'] = self.default_policy.value
+        return stats
+    def reset_stats(self):
+        """Reset firewall statistics"""
+        self.stats = {
+            'packets_processed': 0,
+            'packets_accepted': 0,
+            'packets_dropped': 0,
+            'packets_rejected': 0,
+            'rules_hit': 0,
+            'default_policy_hits': 0
+        }
+        # Reset rule hit counts
+        with self.lock:
+            for rule in self.rules.values():
+                rule.hit_count = 0
+                rule.last_hit = None
+    def set_default_policy(self, policy: str):
+        """Set default firewall policy"""
+        self.default_policy = FirewallAction(policy.upper())
+    def export_rules(self) -> List[Dict]:
+        """Export rules for backup/configuration"""
+        return self.get_rules()
+    def import_rules(self, rules_config: List[Dict], replace: bool = False):
+        """Import rules from configuration"""
+        if replace:
+            with self.lock:
+                self.rules.clear()
+        for rule_config in rules_config:
+            self._add_rule_from_config(rule_config)
+class FirewallRuleBuilder:
+    """Helper class to build firewall rules"""
+    def __init__(self, rule_id: str):
+        self.rule_id = rule_id
+        self.priority = 100
+        self.action = FirewallAction.ACCEPT
+        self.direction = FirewallDirection.BOTH
+        self.source_ip = None
+        self.dest_ip = None
+        self.source_port = None
+        self.dest_port = None
+        self.protocol = None
+        self.description = ""
+        self.enabled = True
+    def set_priority(self, priority: int) -> 'FirewallRuleBuilder':
+        self.priority = priority
+        return self
+    def set_action(self, action: str) -> 'FirewallRuleBuilder':
+        self.action = FirewallAction(action.upper())
+        return self
+    def set_direction(self, direction: str) -> 'FirewallRuleBuilder':
+        self.direction = FirewallDirection(direction.upper())
+        return self
+    def set_source_ip(self, ip: str) -> 'FirewallRuleBuilder':
+        self.source_ip = ip
+        return self
+    def set_dest_ip(self, ip: str) -> 'FirewallRuleBuilder':
+        self.dest_ip = ip
+        return self
+    def set_source_port(self, port: str) -> 'FirewallRuleBuilder':
+        self.source_port = port
+        return self
+    def set_dest_port(self, port: str) -> 'FirewallRuleBuilder':
+        self.dest_port = port
+        return self
+    def set_protocol(self, protocol: str) -> 'FirewallRuleBuilder':
+        self.protocol = protocol.upper()
+        return self
+    def set_description(self, description: str) -> 'FirewallRuleBuilder':
+        self.description = description
+        return self
+    def set_enabled(self, enabled: bool) -> 'FirewallRuleBuilder':
+        self.enabled = enabled
+        return self
+    def build(self) -> FirewallRule:
+        """Build the firewall rule"""
+        return FirewallRule(
+            rule_id=self.rule_id,
+            priority=self.priority,
+            action=self.action,
+            direction=self.direction,
+            source_ip=self.source_ip,
+            dest_ip=self.dest_ip,
+            source_port=self.source_port,
+            dest_port=self.dest_port,
+            protocol=self.protocol,
+            description=self.description,
+            enabled=self.enabled
+        )

core/ip_parser.py ADDED Viewed

	@@ -0,0 +1,546 @@

+"""
+IP Parser/Assembler Module
+Handles IPv4 packet parsing and construction:
+- Parse IPv4, UDP, and TCP headers
+- Calculate and verify checksums
+- Handle packet fragmentation and reassembly
+- Support various IP options
+"""
+import struct
+import socket
+from typing import Dict, List, Optional, Tuple
+from dataclasses import dataclass
+from enum import Enum
+class IPProtocol(Enum):
+    ICMP = 1
+    TCP = 6
+    UDP = 17
+@dataclass
+class IPv4Header:
+    """IPv4 header structure"""
+    version: int = 4
+    ihl: int = 5  # Internet Header Length (in 32-bit words)
+    tos: int = 0  # Type of Service
+    total_length: int = 0
+    identification: int = 0
+    flags: int = 0  # 3 bits: Reserved, Don't Fragment, More Fragments
+    fragment_offset: int = 0  # 13 bits
+    ttl: int = 64  # Time to Live
+    protocol: int = 0
+    header_checksum: int = 0
+    source_ip: str = '0.0.0.0'
+    dest_ip: str = '0.0.0.0'
+    options: bytes = b''
+    @property
+    def header_length(self) -> int:
+        """Get header length in bytes"""
+        return self.ihl * 4
+    @property
+    def dont_fragment(self) -> bool:
+        """Check if Don't Fragment flag is set"""
+        return bool(self.flags & 0x2)
+    @property
+    def more_fragments(self) -> bool:
+        """Check if More Fragments flag is set"""
+        return bool(self.flags & 0x1)
+    @property
+    def is_fragment(self) -> bool:
+        """Check if this is a fragment"""
+        return self.more_fragments or self.fragment_offset > 0
+@dataclass
+class TCPHeader:
+    """TCP header structure"""
+    source_port: int = 0
+    dest_port: int = 0
+    seq_num: int = 0
+    ack_num: int = 0
+    data_offset: int = 5  # Header length in 32-bit words
+    reserved: int = 0
+    flags: int = 0  # 9 bits: NS, CWR, ECE, URG, ACK, PSH, RST, SYN, FIN
+    window_size: int = 65535
+    checksum: int = 0
+    urgent_pointer: int = 0
+    options: bytes = b''
+    @property
+    def header_length(self) -> int:
+        """Get header length in bytes"""
+        return self.data_offset * 4
+    # TCP Flag properties
+    @property
+    def fin(self) -> bool:
+        return bool(self.flags & 0x01)
+    @property
+    def syn(self) -> bool:
+        return bool(self.flags & 0x02)
+    @property
+    def rst(self) -> bool:
+        return bool(self.flags & 0x04)
+    @property
+    def psh(self) -> bool:
+        return bool(self.flags & 0x08)
+    @property
+    def ack(self) -> bool:
+        return bool(self.flags & 0x10)
+    @property
+    def urg(self) -> bool:
+        return bool(self.flags & 0x20)
+    def set_flag(self, flag_name: str, value: bool = True):
+        """Set TCP flag"""
+        flag_bits = {
+            'fin': 0x01, 'syn': 0x02, 'rst': 0x04, 'psh': 0x08,
+            'ack': 0x10, 'urg': 0x20, 'ece': 0x40, 'cwr': 0x80, 'ns': 0x100
+        }
+        if flag_name.lower() in flag_bits:
+            bit = flag_bits[flag_name.lower()]
+            if value:
+                self.flags |= bit
+            else:
+                self.flags &= ~bit
+@dataclass
+class UDPHeader:
+    """UDP header structure"""
+    source_port: int = 0
+    dest_port: int = 0
+    length: int = 8  # Header + data length
+    checksum: int = 0
+    @property
+    def header_length(self) -> int:
+        """Get header length in bytes (always 8 for UDP)"""
+        return 8
+@dataclass
+class ParsedPacket:
+    """Parsed packet structure"""
+    ip_header: IPv4Header
+    transport_header: Optional[object] = None  # TCPHeader or UDPHeader
+    payload: bytes = b''
+    raw_packet: bytes = b''
+class IPParser:
+    """IPv4 packet parser and assembler"""
+    @staticmethod
+    def calculate_checksum(data: bytes) -> int:
+        """Calculate Internet checksum"""
+        # Pad data to even length
+        if len(data) % 2:
+            data += b'\x00'
+        checksum = 0
+        for i in range(0, len(data), 2):
+            word = (data[i] << 8) + data[i + 1]
+            checksum += word
+        # Add carry bits
+        while checksum >> 16:
+            checksum = (checksum & 0xFFFF) + (checksum >> 16)
+        # One's complement
+        return (~checksum) & 0xFFFF
+    @staticmethod
+    def verify_checksum(data: bytes, checksum: int) -> bool:
+        """Verify Internet checksum"""
+        calculated = IPParser.calculate_checksum(data)
+        return calculated == checksum or (calculated + checksum) == 0xFFFF
+    @classmethod
+    def parse_ipv4_header(cls, data: bytes) -> Tuple[IPv4Header, int]:
+        """Parse IPv4 header from raw bytes"""
+        if len(data) < 20:
+            raise ValueError("IPv4 header too short")
+        # Parse fixed part of header
+        header_data = struct.unpack('!BBHHHBBH4s4s', data[:20])
+        header = IPv4Header()
+        version_ihl = header_data[0]
+        header.version = (version_ihl >> 4) & 0xF
+        header.ihl = version_ihl & 0xF
+        header.tos = header_data[1]
+        header.total_length = header_data[2]
+        header.identification = header_data[3]
+        flags_fragment = header_data[4]
+        header.flags = (flags_fragment >> 13) & 0x7
+        header.fragment_offset = flags_fragment & 0x1FFF
+        header.ttl = header_data[5]
+        header.protocol = header_data[6]
+        header.header_checksum = header_data[7]
+        header.source_ip = socket.inet_ntoa(header_data[8])
+        header.dest_ip = socket.inet_ntoa(header_data[9])
+        # Validate version
+        if header.version != 4:
+            raise ValueError(f"Unsupported IP version: {header.version}")
+        # Parse options if present
+        options_length = header.header_length - 20
+        if options_length > 0:
+            if len(data) < 20 + options_length:
+                raise ValueError("IPv4 options truncated")
+            header.options = data[20:20 + options_length]
+        return header, header.header_length
+    @classmethod
+    def parse_tcp_header(cls, data: bytes) -> Tuple[TCPHeader, int]:
+        """Parse TCP header from raw bytes"""
+        if len(data) < 20:
+            raise ValueError("TCP header too short")
+        # Parse fixed part of header
+        header_data = struct.unpack('!HHIIBBHHH', data[:20])
+        header = TCPHeader()
+        header.source_port = header_data[0]
+        header.dest_port = header_data[1]
+        header.seq_num = header_data[2]
+        header.ack_num = header_data[3]
+        offset_reserved = header_data[4]
+        header.data_offset = (offset_reserved >> 4) & 0xF
+        header.reserved = (offset_reserved >> 1) & 0x7
+        header.flags = ((offset_reserved & 0x1) << 8) | header_data[5]
+        header.window_size = header_data[6]
+        header.checksum = header_data[7]
+        header.urgent_pointer = header_data[8]
+        # Parse options if present
+        options_length = header.header_length - 20
+        if options_length > 0:
+            if len(data) < 20 + options_length:
+                raise ValueError("TCP options truncated")
+            header.options = data[20:20 + options_length]
+        return header, header.header_length
+    @classmethod
+    def parse_udp_header(cls, data: bytes) -> Tuple[UDPHeader, int]:
+        """Parse UDP header from raw bytes"""
+        if len(data) < 8:
+            raise ValueError("UDP header too short")
+        header_data = struct.unpack('!HHHH', data[:8])
+        header = UDPHeader()
+        header.source_port = header_data[0]
+        header.dest_port = header_data[1]
+        header.length = header_data[2]
+        header.checksum = header_data[3]
+        return header, 8
+    @classmethod
+    def parse_packet(cls, data: bytes) -> ParsedPacket:
+        """Parse complete packet"""
+        packet = ParsedPacket(raw_packet=data)
+        # Parse IP header
+        packet.ip_header, ip_header_len = cls.parse_ipv4_header(data)
+        # Extract payload after IP header
+        ip_payload = data[ip_header_len:packet.ip_header.total_length]
+        # Parse transport layer header
+        if packet.ip_header.protocol == IPProtocol.TCP.value:
+            packet.transport_header, transport_header_len = cls.parse_tcp_header(ip_payload)
+            packet.payload = ip_payload[transport_header_len:]
+        elif packet.ip_header.protocol == IPProtocol.UDP.value:
+            packet.transport_header, transport_header_len = cls.parse_udp_header(ip_payload)
+            packet.payload = ip_payload[transport_header_len:]
+        else:
+            # Unsupported protocol, treat as raw payload
+            packet.payload = ip_payload
+        return packet
+    @classmethod
+    def build_ipv4_header(cls, header: IPv4Header) -> bytes:
+        """Build IPv4 header as bytes"""
+        # Calculate header length including options
+        header.ihl = (20 + len(header.options) + 3) // 4  # Round up to 32-bit boundary
+        # Build header without checksum
+        version_ihl = (header.version << 4) | header.ihl
+        flags_fragment = (header.flags << 13) | header.fragment_offset
+        header_data = struct.pack(
+            '!BBHHHBBH4s4s',
+            version_ihl, header.tos, header.total_length,
+            header.identification, flags_fragment,
+            header.ttl, header.protocol, 0,  # Checksum = 0 for calculation
+            socket.inet_aton(header.source_ip),
+            socket.inet_aton(header.dest_ip)
+        )
+        # Add options and padding
+        if header.options:
+            header_data += header.options
+            # Pad to 32-bit boundary
+            padding_needed = (header.ihl * 4) - len(header_data)
+            if padding_needed > 0:
+                header_data += b'\x00' * padding_needed
+        # Calculate and insert checksum
+        checksum = cls.calculate_checksum(header_data)
+        header_data = header_data[:10] + struct.pack('!H', checksum) + header_data[12:]
+        return header_data
+    @classmethod
+    def build_tcp_header(cls, header: TCPHeader, source_ip: str, dest_ip: str, payload: bytes) -> bytes:
+        """Build TCP header as bytes with checksum"""
+        # Calculate header length including options
+        header.data_offset = (20 + len(header.options) + 3) // 4  # Round up to 32-bit boundary
+        # Build header without checksum
+        offset_reserved_flags = (header.data_offset << 12) | (header.reserved << 9) | header.flags
+        header_data = struct.pack(
+            '!HHIIHHH',
+            header.source_port, header.dest_port,
+            header.seq_num, header.ack_num,
+            offset_reserved_flags, header.window_size,
+            0, header.urgent_pointer  # Checksum = 0 for calculation
+        )
+        # Add options and padding
+        if header.options:
+            header_data += header.options
+            # Pad to 32-bit boundary
+            padding_needed = (header.data_offset * 4) - len(header_data)
+            if padding_needed > 0:
+                header_data += b'\x00' * padding_needed
+        # Calculate TCP checksum with pseudo-header
+        pseudo_header = struct.pack(
+            '!4s4sBBH',
+            socket.inet_aton(source_ip),
+            socket.inet_aton(dest_ip),
+            0, IPProtocol.TCP.value,
+            len(header_data) + len(payload)
+        )
+        checksum_data = pseudo_header + header_data + payload
+        checksum = cls.calculate_checksum(checksum_data)
+        # Insert checksum
+        header_data = header_data[:16] + struct.pack('!H', checksum) + header_data[18:]
+        return header_data
+    @classmethod
+    def build_udp_header(cls, header: UDPHeader, source_ip: str, dest_ip: str, payload: bytes) -> bytes:
+        """Build UDP header as bytes with checksum"""
+        header.length = 8 + len(payload)
+        # Build header without checksum
+        header_data = struct.pack(
+            '!HHHH',
+            header.source_port, header.dest_port,
+            header.length, 0  # Checksum = 0 for calculation
+        )
+        # Calculate UDP checksum with pseudo-header (optional for IPv4)
+        if header.checksum != 0:  # If checksum is required
+            pseudo_header = struct.pack(
+                '!4s4sBBH',
+                socket.inet_aton(source_ip),
+                socket.inet_aton(dest_ip),
+                0, IPProtocol.UDP.value,
+                header.length
+            )
+            checksum_data = pseudo_header + header_data + payload
+            checksum = cls.calculate_checksum(checksum_data)
+            # Insert checksum
+            header_data = header_data[:6] + struct.pack('!H', checksum) + header_data[8:]
+        return header_data
+    @classmethod
+    def build_packet(cls, ip_header: IPv4Header, transport_header: Optional[object] = None, payload: bytes = b'') -> bytes:
+        """Build complete packet"""
+        transport_data = b''
+        # Build transport header
+        if transport_header:
+            if isinstance(transport_header, TCPHeader):
+                transport_data = cls.build_tcp_header(
+                    transport_header, ip_header.source_ip, ip_header.dest_ip, payload
+                )
+            elif isinstance(transport_header, UDPHeader):
+                transport_data = cls.build_udp_header(
+                    transport_header, ip_header.source_ip, ip_header.dest_ip, payload
+                )
+        # Update IP header total length
+        ip_header.total_length = ip_header.header_length + len(transport_data) + len(payload)
+        # Build IP header
+        ip_data = cls.build_ipv4_header(ip_header)
+        # Combine all parts
+        return ip_data + transport_data + payload
+class PacketFragmenter:
+    """Handle packet fragmentation and reassembly"""
+    def __init__(self, mtu: int = 1500):
+        self.mtu = mtu
+        self.fragments: Dict[Tuple[str, str, int], List[Tuple[int, bytes]]] = {}  # (src, dst, id) -> [(offset, data)]
+    def fragment_packet(self, packet: bytes, mtu: int = None) -> List[bytes]:
+        """Fragment a packet if it exceeds MTU"""
+        if mtu is None:
+            mtu = self.mtu
+        if len(packet) <= mtu:
+            return [packet]
+        # Parse original packet
+        parsed = IPParser.parse_packet(packet)
+        ip_header = parsed.ip_header
+        # Don't fragment if DF flag is set
+        if ip_header.dont_fragment:
+            raise ValueError("Packet too large and Don't Fragment flag is set")
+        fragments = []
+        payload_mtu = mtu - ip_header.header_length
+        payload_mtu = (payload_mtu // 8) * 8  # Must be multiple of 8 bytes
+        # Get the payload to fragment (everything after IP header)
+        payload_start = ip_header.header_length
+        payload = packet[payload_start:]
+        offset = 0
+        while offset < len(payload):
+            # Create fragment
+            fragment_payload = payload[offset:offset + payload_mtu]
+            # Create new IP header for fragment
+            frag_header = IPv4Header(
+                version=ip_header.version,
+                ihl=ip_header.ihl,
+                tos=ip_header.tos,
+                identification=ip_header.identification,
+                ttl=ip_header.ttl,
+                protocol=ip_header.protocol,
+                source_ip=ip_header.source_ip,
+                dest_ip=ip_header.dest_ip,
+                options=ip_header.options
+            )
+            # Set fragment offset and flags
+            frag_header.fragment_offset = (ip_header.fragment_offset * 8 + offset) // 8
+            frag_header.flags = ip_header.flags
+            # Set More Fragments flag if not last fragment
+            if offset + len(fragment_payload) < len(payload):
+                frag_header.flags |= 0x1  # More Fragments
+            else:
+                frag_header.flags &= ~0x1  # Clear More Fragments
+            # Build fragment
+            fragment = IPParser.build_packet(frag_header, payload=fragment_payload)
+            fragments.append(fragment)
+            offset += len(fragment_payload)
+        return fragments
+    def reassemble_packet(self, packet: bytes) -> Optional[bytes]:
+        """Reassemble fragmented packet"""
+        parsed = IPParser.parse_packet(packet)
+        ip_header = parsed.ip_header
+        # If not a fragment, return as-is
+        if not ip_header.is_fragment:
+            return packet
+        # Create fragment key
+        key = (ip_header.source_ip, ip_header.dest_ip, ip_header.identification)
+        # Store fragment
+        if key not in self.fragments:
+            self.fragments[key] = []
+        payload_start = ip_header.header_length
+        fragment_data = packet[payload_start:]
+        self.fragments[key].append((ip_header.fragment_offset * 8, fragment_data))
+        # Check if we have all fragments
+        fragments = sorted(self.fragments[key])
+        # Verify we have contiguous fragments starting from 0
+        expected_offset = 0
+        complete_payload = b''
+        for offset, data in fragments:
+            if offset != expected_offset:
+                return None  # Missing fragment
+            complete_payload += data
+            expected_offset += len(data)
+        # Check if last fragment (no More Fragments flag)
+        last_fragment = None
+        for frag_packet in [packet]:  # We only have current packet, need to track all
+            frag_parsed = IPParser.parse_packet(frag_packet)
+            if not frag_parsed.ip_header.more_fragments:
+                last_fragment = frag_parsed
+                break
+        if last_fragment is None:
+            return None  # Don't have last fragment yet
+        # Reassemble complete packet
+        complete_header = IPv4Header(
+            version=ip_header.version,
+            ihl=ip_header.ihl,
+            tos=ip_header.tos,
+            identification=ip_header.identification,
+            flags=ip_header.flags & ~0x1,  # Clear More Fragments
+            fragment_offset=0,
+            ttl=ip_header.ttl,
+            protocol=ip_header.protocol,
+            source_ip=ip_header.source_ip,
+            dest_ip=ip_header.dest_ip,
+            options=ip_header.options
+        )
+        complete_packet = IPParser.build_packet(complete_header, payload=complete_payload)
+        # Clean up fragments
+        del self.fragments[key]
+        return complete_packet

core/logger.py ADDED Viewed

	@@ -0,0 +1,555 @@

+"""
+Logger Module
+Centralized logging system for the virtual ISP stack:
+- Structured logging with multiple levels
+- Log aggregation and filtering
+- Real-time log streaming
+- Log persistence and rotation
+"""
+import logging
+import logging.handlers
+import time
+import threading
+import json
+import os
+from typing import Dict, List, Optional, Any, Callable
+from dataclasses import dataclass, asdict
+from enum import Enum
+from collections import deque
+import queue
+class LogLevel(Enum):
+    DEBUG = "DEBUG"
+    INFO = "INFO"
+    WARNING = "WARNING"
+    ERROR = "ERROR"
+    CRITICAL = "CRITICAL"
+class LogCategory(Enum):
+    SYSTEM = "SYSTEM"
+    DHCP = "DHCP"
+    NAT = "NAT"
+    FIREWALL = "FIREWALL"
+    TCP = "TCP"
+    ROUTER = "ROUTER"
+    BRIDGE = "BRIDGE"
+    SOCKET = "SOCKET"
+    SESSION = "SESSION"
+    SECURITY = "SECURITY"
+    PERFORMANCE = "PERFORMANCE"
+@dataclass
+class LogEntry:
+    """Structured log entry"""
+    timestamp: float
+    level: str
+    category: str
+    module: str
+    message: str
+    session_id: Optional[str] = None
+    client_id: Optional[str] = None
+    source_ip: Optional[str] = None
+    dest_ip: Optional[str] = None
+    protocol: Optional[str] = None
+    metadata: Dict[str, Any] = None
+    def __post_init__(self):
+        if self.timestamp == 0:
+            self.timestamp = time.time()
+        if self.metadata is None:
+            self.metadata = {}
+    def to_dict(self) -> Dict:
+        """Convert to dictionary"""
+        return asdict(self)
+    def to_json(self) -> str:
+        """Convert to JSON string"""
+        return json.dumps(self.to_dict(), default=str)
+class LogFilter:
+    """Log filtering class"""
+    def __init__(self):
+        self.level_filter: Optional[LogLevel] = None
+        self.category_filter: Optional[LogCategory] = None
+        self.module_filter: Optional[str] = None
+        self.session_filter: Optional[str] = None
+        self.client_filter: Optional[str] = None
+        self.ip_filter: Optional[str] = None
+        self.text_filter: Optional[str] = None
+        self.time_range: Optional[tuple] = None
+    def matches(self, entry: LogEntry) -> bool:
+        """Check if log entry matches filter criteria"""
+        # Level filter
+        if self.level_filter:
+            entry_level_value = getattr(logging, entry.level)
+            filter_level_value = getattr(logging, self.level_filter.value)
+            if entry_level_value < filter_level_value:
+                return False
+        # Category filter
+        if self.category_filter and entry.category != self.category_filter.value:
+            return False
+        # Module filter
+        if self.module_filter and self.module_filter.lower() not in entry.module.lower():
+            return False
+        # Session filter
+        if self.session_filter and entry.session_id != self.session_filter:
+            return False
+        # Client filter
+        if self.client_filter and entry.client_id != self.client_filter:
+            return False
+        # IP filter
+        if self.ip_filter:
+            if (entry.source_ip != self.ip_filter and
+                entry.dest_ip != self.ip_filter):
+                return False
+        # Text filter
+        if self.text_filter and self.text_filter.lower() not in entry.message.lower():
+            return False
+        # Time range filter
+        if self.time_range:
+            start_time, end_time = self.time_range
+            if not (start_time <= entry.timestamp <= end_time):
+                return False
+        return True
+class LogSubscriber:
+    """Log subscriber for real-time streaming"""
+    def __init__(self, subscriber_id: str, callback: Callable[[LogEntry], None],
+                 log_filter: Optional[LogFilter] = None):
+        self.subscriber_id = subscriber_id
+        self.callback = callback
+        self.filter = log_filter or LogFilter()
+        self.created_time = time.time()
+        self.message_count = 0
+        self.last_message_time = None
+        self.is_active = True
+    def send_log(self, entry: LogEntry) -> bool:
+        """Send log entry to subscriber if it matches filter"""
+        if not self.is_active:
+            return False
+        if self.filter.matches(entry):
+            try:
+                self.callback(entry)
+                self.message_count += 1
+                self.last_message_time = time.time()
+                return True
+            except Exception as e:
+                print(f"Error sending log to subscriber {self.subscriber_id}: {e}")
+                self.is_active = False
+                return False
+        return False
+class VirtualISPLogger:
+    """Centralized logger for Virtual ISP stack"""
+    def __init__(self, config: Dict):
+        self.config = config
+        self.log_entries: deque = deque(maxlen=config.get('max_memory_logs', 10000))
+        self.subscribers: Dict[str, LogSubscriber] = {}
+        self.lock = threading.Lock()
+        # Configuration
+        self.log_level = LogLevel(config.get('log_level', 'INFO'))
+        self.log_to_file = config.get('log_to_file', True)
+        self.log_file_path = config.get('log_file_path', '/tmp/virtual_isp.log')
+        self.log_file_max_size = config.get('log_file_max_size', 10 * 1024 * 1024)  # 10MB
+        self.log_file_backup_count = config.get('log_file_backup_count', 5)
+        self.log_to_console = config.get('log_to_console', True)
+        self.structured_logging = config.get('structured_logging', True)
+        # Statistics
+        self.stats = {
+            'total_logs': 0,
+            'logs_by_level': {level.value: 0 for level in LogLevel},
+            'logs_by_category': {cat.value: 0 for cat in LogCategory},
+            'active_subscribers': 0,
+            'file_logs_written': 0,
+            'console_logs_written': 0,
+            'dropped_logs': 0
+        }
+        # Setup logging
+        self._setup_logging()
+        # Background processing
+        self.running = False
+        self.log_queue = queue.Queue()
+        self.processing_thread = None
+    def _setup_logging(self):
+        """Setup Python logging infrastructure"""
+        # Create logger
+        self.logger = logging.getLogger('virtual_isp')
+        self.logger.setLevel(getattr(logging, self.log_level.value))
+        # Remove existing handlers
+        for handler in self.logger.handlers[:]:
+            self.logger.removeHandler(handler)
+        # Console handler
+        if self.log_to_console:
+            console_handler = logging.StreamHandler()
+            if self.structured_logging:
+                console_formatter = logging.Formatter(
+                    '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
+                )
+            else:
+                console_formatter = logging.Formatter('%(message)s')
+            console_handler.setFormatter(console_formatter)
+            self.logger.addHandler(console_handler)
+        # File handler with rotation
+        if self.log_to_file:
+            # Ensure log directory exists
+            log_dir = os.path.dirname(self.log_file_path)
+            if log_dir and not os.path.exists(log_dir):
+                os.makedirs(log_dir, exist_ok=True)
+            file_handler = logging.handlers.RotatingFileHandler(
+                self.log_file_path,
+                maxBytes=self.log_file_max_size,
+                backupCount=self.log_file_backup_count
+            )
+            if self.structured_logging:
+                file_formatter = logging.Formatter(
+                    '%(asctime)s - %(name)s - %(levelname)s - %(message)s'
+                )
+            else:
+                file_formatter = logging.Formatter('%(message)s')
+            file_handler.setFormatter(file_formatter)
+            self.logger.addHandler(file_handler)
+    def _process_log_queue(self):
+        """Background thread to process log queue"""
+        while self.running:
+            try:
+                # Get log entry from queue (with timeout)
+                try:
+                    entry = self.log_queue.get(timeout=1.0)
+                except queue.Empty:
+                    continue
+                # Store in memory
+                with self.lock:
+                    self.log_entries.append(entry)
+                # Send to subscribers
+                inactive_subscribers = []
+                with self.lock:
+                    for subscriber_id, subscriber in self.subscribers.items():
+                        if not subscriber.send_log(entry):
+                            inactive_subscribers.append(subscriber_id)
+                # Remove inactive subscribers
+                for subscriber_id in inactive_subscribers:
+                    self.remove_subscriber(subscriber_id)
+                # Update statistics
+                self.stats['total_logs'] += 1
+                self.stats['logs_by_level'][entry.level] += 1
+                self.stats['logs_by_category'][entry.category] += 1
+                # Mark task as done
+                self.log_queue.task_done()
+            except Exception as e:
+                print(f"Error processing log queue: {e}")
+                time.sleep(1)
+    def log(self, level: LogLevel, category: LogCategory, module: str, message: str,
+            session_id: Optional[str] = None, client_id: Optional[str] = None,
+            source_ip: Optional[str] = None, dest_ip: Optional[str] = None,
+            protocol: Optional[str] = None, **metadata):
+        """Log a message"""
+        # Check if we should log this level
+        level_value = getattr(logging, level.value)
+        min_level_value = getattr(logging, self.log_level.value)
+        if level_value < min_level_value:
+            return
+        # Create log entry
+        entry = LogEntry(
+            timestamp=time.time(),
+            level=level.value,
+            category=category.value,
+            module=module,
+            message=message,
+            session_id=session_id,
+            client_id=client_id,
+            source_ip=source_ip,
+            dest_ip=dest_ip,
+            protocol=protocol,
+            metadata=metadata
+        )
+        # Add to queue for background processing
+        try:
+            self.log_queue.put_nowait(entry)
+        except queue.Full:
+            self.stats['dropped_logs'] += 1
+        # Also log through Python logging system
+        if self.structured_logging:
+            log_data = entry.to_dict()
+            log_message = f"{message} | {json.dumps(log_data, default=str)}"
+        else:
+            log_message = message
+        # Log to Python logger
+        python_logger_level = getattr(logging, level.value)
+        self.logger.log(python_logger_level, log_message)
+        # Update console/file stats
+        if self.log_to_console:
+            self.stats['console_logs_written'] += 1
+        if self.log_to_file:
+            self.stats['file_logs_written'] += 1
+    def debug(self, category: LogCategory, module: str, message: str, **kwargs):
+        """Log debug message"""
+        self.log(LogLevel.DEBUG, category, module, message, **kwargs)
+    def info(self, category: LogCategory, module: str, message: str, **kwargs):
+        """Log info message"""
+        self.log(LogLevel.INFO, category, module, message, **kwargs)
+    def warning(self, category: LogCategory, module: str, message: str, **kwargs):
+        """Log warning message"""
+        self.log(LogLevel.WARNING, category, module, message, **kwargs)
+    def error(self, category: LogCategory, module: str, message: str, **kwargs):
+        """Log error message"""
+        self.log(LogLevel.ERROR, category, module, message, **kwargs)
+    def critical(self, category: LogCategory, module: str, message: str, **kwargs):
+        """Log critical message"""
+        self.log(LogLevel.CRITICAL, category, module, message, **kwargs)
+    def add_subscriber(self, subscriber_id: str, callback: Callable[[LogEntry], None],
+                      log_filter: Optional[LogFilter] = None) -> bool:
+        """Add log subscriber for real-time streaming"""
+        with self.lock:
+            if subscriber_id in self.subscribers:
+                return False
+            subscriber = LogSubscriber(subscriber_id, callback, log_filter)
+            self.subscribers[subscriber_id] = subscriber
+            self.stats['active_subscribers'] = len(self.subscribers)
+            return True
+    def remove_subscriber(self, subscriber_id: str) -> bool:
+        """Remove log subscriber"""
+        with self.lock:
+            if subscriber_id in self.subscribers:
+                del self.subscribers[subscriber_id]
+                self.stats['active_subscribers'] = len(self.subscribers)
+                return True
+            return False
+    def get_logs(self, limit: int = 100, offset: int = 0,
+                log_filter: Optional[LogFilter] = None) -> List[Dict]:
+        """Get logs with filtering and pagination"""
+        with self.lock:
+            # Convert deque to list for easier manipulation
+            all_logs = list(self.log_entries)
+        # Apply filter
+        if log_filter:
+            filtered_logs = [entry for entry in all_logs if log_filter.matches(entry)]
+        else:
+            filtered_logs = all_logs
+        # Sort by timestamp (newest first)
+        filtered_logs.sort(key=lambda x: x.timestamp, reverse=True)
+        # Apply pagination
+        paginated_logs = filtered_logs[offset:offset + limit]
+        return [entry.to_dict() for entry in paginated_logs]
+    def search_logs(self, query: str, limit: int = 100) -> List[Dict]:
+        """Search logs by text query"""
+        log_filter = LogFilter()
+        log_filter.text_filter = query
+        return self.get_logs(limit=limit, log_filter=log_filter)
+    def get_logs_by_session(self, session_id: str, limit: int = 100) -> List[Dict]:
+        """Get logs for specific session"""
+        log_filter = LogFilter()
+        log_filter.session_filter = session_id
+        return self.get_logs(limit=limit, log_filter=log_filter)
+    def get_logs_by_client(self, client_id: str, limit: int = 100) -> List[Dict]:
+        """Get logs for specific client"""
+        log_filter = LogFilter()
+        log_filter.client_filter = client_id
+        return self.get_logs(limit=limit, log_filter=log_filter)
+    def get_logs_by_ip(self, ip_address: str, limit: int = 100) -> List[Dict]:
+        """Get logs for specific IP address"""
+        log_filter = LogFilter()
+        log_filter.ip_filter = ip_address
+        return self.get_logs(limit=limit, log_filter=log_filter)
+    def get_recent_errors(self, limit: int = 50) -> List[Dict]:
+        """Get recent error and critical logs"""
+        log_filter = LogFilter()
+        log_filter.level_filter = LogLevel.ERROR
+        return self.get_logs(limit=limit, log_filter=log_filter)
+    def clear_logs(self):
+        """Clear all logs from memory"""
+        with self.lock:
+            self.log_entries.clear()
+    def get_stats(self) -> Dict:
+        """Get logging statistics"""
+        with self.lock:
+            stats = self.stats.copy()
+            stats['memory_logs_count'] = len(self.log_entries)
+            stats['active_subscribers'] = len(self.subscribers)
+            stats['queue_size'] = self.log_queue.qsize()
+        return stats
+    def reset_stats(self):
+        """Reset logging statistics"""
+        self.stats = {
+            'total_logs': 0,
+            'logs_by_level': {level.value: 0 for level in LogLevel},
+            'logs_by_category': {cat.value: 0 for cat in LogCategory},
+            'active_subscribers': len(self.subscribers),
+            'file_logs_written': 0,
+            'console_logs_written': 0,
+            'dropped_logs': 0
+        }
+    def export_logs(self, format: str = 'json', log_filter: Optional[LogFilter] = None) -> str:
+        """Export logs in specified format"""
+        logs = self.get_logs(limit=10000, log_filter=log_filter)
+        if format == 'json':
+            return json.dumps(logs, indent=2, default=str)
+        elif format == 'csv':
+            import csv
+            import io
+            output = io.StringIO()
+            if logs:
+                writer = csv.DictWriter(output, fieldnames=logs[0].keys())
+                writer.writeheader()
+                writer.writerows(logs)
+            return output.getvalue()
+        else:
+            raise ValueError(f"Unsupported export format: {format}")
+    def set_log_level(self, level: LogLevel):
+        """Set logging level"""
+        self.log_level = level
+        self.logger.setLevel(getattr(logging, level.value))
+    def start(self):
+        """Start logger"""
+        self.running = True
+        self.processing_thread = threading.Thread(target=self._process_log_queue, daemon=True)
+        self.processing_thread.start()
+        self.info(LogCategory.SYSTEM, 'logger', 'Virtual ISP Logger started')
+    def stop(self):
+        """Stop logger"""
+        self.info(LogCategory.SYSTEM, 'logger', 'Virtual ISP Logger stopping')
+        self.running = False
+        # Wait for queue to be processed
+        self.log_queue.join()
+        # Wait for processing thread
+        if self.processing_thread:
+            self.processing_thread.join()
+        # Remove all subscribers
+        with self.lock:
+            self.subscribers.clear()
+        print("Virtual ISP Logger stopped")
+# Global logger instance
+_global_logger: Optional[VirtualISPLogger] = None
+def get_logger() -> Optional[VirtualISPLogger]:
+    """Get global logger instance"""
+    return _global_logger
+def init_logger(config: Dict) -> VirtualISPLogger:
+    """Initialize global logger"""
+    global _global_logger
+    _global_logger = VirtualISPLogger(config)
+    return _global_logger
+def log_debug(category: LogCategory, module: str, message: str, **kwargs):
+    """Global debug logging function"""
+    if _global_logger:
+        _global_logger.debug(category, module, message, **kwargs)
+def log_info(category: LogCategory, module: str, message: str, **kwargs):
+    """Global info logging function"""
+    if _global_logger:
+        _global_logger.info(category, module, message, **kwargs)
+def log_warning(category: LogCategory, module: str, message: str, **kwargs):
+    """Global warning logging function"""
+    if _global_logger:
+        _global_logger.warning(category, module, message, **kwargs)
+def log_error(category: LogCategory, module: str, message: str, **kwargs):
+    """Global error logging function"""
+    if _global_logger:
+        _global_logger.error(category, module, message, **kwargs)
+def log_critical(category: LogCategory, module: str, message: str, **kwargs):
+    """Global critical logging function"""
+    if _global_logger:
+        _global_logger.critical(category, module, message, **kwargs)

core/nat_engine.py ADDED Viewed

	@@ -0,0 +1,516 @@

+"""
+NAT Engine Module
+Implements Network Address Translation:
+- Map (virtualIP, virtualPort) to (hostIP, hostPort)
+- Maintain connection tracking table
+- Handle port allocation and deallocation
+- Support connection state tracking
+"""
+import time
+import threading
+import socket
+import random
+from typing import Dict, Optional, Tuple, Set
+from dataclasses import dataclass
+from enum import Enum
+from .ip_parser import IPProtocol
+class NATType(Enum):
+    SNAT = "SNAT"  # Source NAT
+    DNAT = "DNAT"  # Destination NAT
+@dataclass
+class NATSession:
+    """Represents a NAT session"""
+    # Virtual (internal) endpoint
+    virtual_ip: str
+    virtual_port: int
+    # Real (external) endpoint
+    real_ip: str
+    real_port: int
+    # Host (translated) endpoint
+    host_ip: str
+    host_port: int
+    # Session metadata
+    protocol: str  # TCP or UDP
+    nat_type: NATType
+    created_time: float
+    last_activity: float
+    bytes_in: int = 0
+    bytes_out: int = 0
+    packets_in: int = 0
+    packets_out: int = 0
+    @property
+    def session_id(self) -> str:
+        """Get unique session identifier"""
+        return f"{self.virtual_ip}:{self.virtual_port}-{self.real_ip}:{self.real_port}-{self.protocol}"
+    @property
+    def is_expired(self) -> bool:
+        """Check if session has expired"""
+        timeout = 300 if self.protocol == 'TCP' else 60  # 5 min for TCP, 1 min for UDP
+        return time.time() - self.last_activity > timeout
+    @property
+    def duration(self) -> float:
+        """Get session duration in seconds"""
+        return time.time() - self.created_time
+    def update_activity(self, bytes_transferred: int = 0, direction: str = 'out'):
+        """Update session activity"""
+        self.last_activity = time.time()
+        if direction == 'out':
+            self.bytes_out += bytes_transferred
+            self.packets_out += 1
+        else:
+            self.bytes_in += bytes_transferred
+            self.packets_in += 1
+class PortPool:
+    """Manages available ports for NAT"""
+    def __init__(self, start_port: int = 10000, end_port: int = 65535):
+        self.start_port = start_port
+        self.end_port = end_port
+        self.available_ports: Set[int] = set(range(start_port, end_port + 1))
+        self.allocated_ports: Dict[int, str] = {}  # port -> session_id
+        self.lock = threading.Lock()
+    def allocate_port(self, session_id: str) -> Optional[int]:
+        """Allocate a port for a session"""
+        with self.lock:
+            if not self.available_ports:
+                return None
+            # Try to get a random port to distribute load
+            port = random.choice(list(self.available_ports))
+            self.available_ports.remove(port)
+            self.allocated_ports[port] = session_id
+            return port
+    def release_port(self, port: int) -> bool:
+        """Release a port back to the pool"""
+        with self.lock:
+            if port in self.allocated_ports:
+                del self.allocated_ports[port]
+                if self.start_port <= port <= self.end_port:
+                    self.available_ports.add(port)
+                return True
+            return False
+    def get_session_for_port(self, port: int) -> Optional[str]:
+        """Get session ID for a port"""
+        with self.lock:
+            return self.allocated_ports.get(port)
+    def get_stats(self) -> Dict:
+        """Get port pool statistics"""
+        with self.lock:
+            return {
+                'total_ports': self.end_port - self.start_port + 1,
+                'available_ports': len(self.available_ports),
+                'allocated_ports': len(self.allocated_ports),
+                'utilization': len(self.allocated_ports) / (self.end_port - self.start_port + 1)
+            }
+class NATEngine:
+    """Network Address Translation engine"""
+    def __init__(self, config: Dict):
+        self.config = config
+        self.sessions: Dict[str, NATSession] = {}  # session_id -> session
+        self.virtual_to_session: Dict[Tuple[str, int, str], str] = {}  # (vip, vport, proto) -> session_id
+        self.host_to_session: Dict[Tuple[str, int, str], str] = {}  # (hip, hport, proto) -> session_id
+        self.lock = threading.Lock()
+        # Port pool for outbound connections
+        self.port_pool = PortPool(
+            config.get('port_range_start', 10000),
+            config.get('port_range_end', 65535)
+        )
+        # Host IP for outbound connections
+        self.host_ip = config.get('host_ip', self._get_default_host_ip())
+        # Session timeout
+        self.session_timeout = config.get('session_timeout', 300)
+        # Statistics
+        self.stats = {
+            'total_sessions': 0,
+            'active_sessions': 0,
+            'expired_sessions': 0,
+            'port_exhaustion_events': 0,
+            'bytes_translated': 0,
+            'packets_translated': 0
+        }
+        # Cleanup thread
+        self.running = False
+        self.cleanup_thread = None
+    def _get_default_host_ip(self) -> str:
+        """Get default host IP address"""
+        try:
+            # Connect to a remote address to determine local IP
+            with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s:
+                s.connect(('8.8.8.8', 80))
+                return s.getsockname()[0]
+        except Exception:
+            return '127.0.0.1'
+    def _cleanup_expired_sessions(self):
+        """Clean up expired sessions"""
+        current_time = time.time()
+        expired_sessions = []
+        with self.lock:
+            for session_id, session in self.sessions.items():
+                if session.is_expired:
+                    expired_sessions.append(session_id)
+        for session_id in expired_sessions:
+            self._remove_session(session_id)
+            self.stats['expired_sessions'] += 1
+    def _remove_session(self, session_id: str):
+        """Remove a session and clean up resources"""
+        with self.lock:
+            if session_id not in self.sessions:
+                return
+            session = self.sessions[session_id]
+            # Remove from lookup tables
+            virtual_key = (session.virtual_ip, session.virtual_port, session.protocol)
+            if virtual_key in self.virtual_to_session:
+                del self.virtual_to_session[virtual_key]
+            host_key = (session.host_ip, session.host_port, session.protocol)
+            if host_key in self.host_to_session:
+                del self.host_to_session[host_key]
+            # Release port
+            self.port_pool.release_port(session.host_port)
+            # Remove session
+            del self.sessions[session_id]
+            self.stats['active_sessions'] = len(self.sessions)
+    def create_outbound_session(self, virtual_ip: str, virtual_port: int,
+                               real_ip: str, real_port: int, protocol: str) -> Optional[NATSession]:
+        """Create NAT session for outbound connection"""
+        # Allocate host port
+        session_id = f"{virtual_ip}:{virtual_port}-{real_ip}:{real_port}-{protocol}"
+        host_port = self.port_pool.allocate_port(session_id)
+        if host_port is None:
+            self.stats['port_exhaustion_events'] += 1
+            return None
+        # Create session
+        session = NATSession(
+            virtual_ip=virtual_ip,
+            virtual_port=virtual_port,
+            real_ip=real_ip,
+            real_port=real_port,
+            host_ip=self.host_ip,
+            host_port=host_port,
+            protocol=protocol,
+            nat_type=NATType.SNAT,
+            created_time=time.time(),
+            last_activity=time.time()
+        )
+        with self.lock:
+            self.sessions[session_id] = session
+            # Add to lookup tables
+            virtual_key = (virtual_ip, virtual_port, protocol)
+            self.virtual_to_session[virtual_key] = session_id
+            host_key = (self.host_ip, host_port, protocol)
+            self.host_to_session[host_key] = session_id
+        self.stats['total_sessions'] += 1
+        self.stats['active_sessions'] = len(self.sessions)
+        return session
+    def translate_outbound(self, virtual_ip: str, virtual_port: int,
+                          real_ip: str, real_port: int, protocol: str) -> Optional[Tuple[str, int]]:
+        """Translate outbound packet (virtual -> host)"""
+        virtual_key = (virtual_ip, virtual_port, protocol)
+        with self.lock:
+            session_id = self.virtual_to_session.get(virtual_key)
+            if session_id:
+                session = self.sessions[session_id]
+                session.update_activity(direction='out')
+                return (session.host_ip, session.host_port)
+            else:
+                # Create new session
+                session = self.create_outbound_session(virtual_ip, virtual_port, real_ip, real_port, protocol)
+                if session:
+                    return (session.host_ip, session.host_port)
+        return None
+    def translate_inbound(self, host_ip: str, host_port: int, protocol: str) -> Optional[Tuple[str, int]]:
+        """Translate inbound packet (host -> virtual)"""
+        host_key = (host_ip, host_port, protocol)
+        with self.lock:
+            session_id = self.host_to_session.get(host_key)
+            if session_id and session_id in self.sessions:
+                session = self.sessions[session_id]
+                session.update_activity(direction='in')
+                return (session.virtual_ip, session.virtual_port)
+        return None
+    def get_session_by_virtual(self, virtual_ip: str, virtual_port: int, protocol: str) -> Optional[NATSession]:
+        """Get session by virtual endpoint"""
+        virtual_key = (virtual_ip, virtual_port, protocol)
+        with self.lock:
+            session_id = self.virtual_to_session.get(virtual_key)
+            if session_id and session_id in self.sessions:
+                return self.sessions[session_id]
+        return None
+    def get_session_by_host(self, host_ip: str, host_port: int, protocol: str) -> Optional[NATSession]:
+        """Get session by host endpoint"""
+        host_key = (host_ip, host_port, protocol)
+        with self.lock:
+            session_id = self.host_to_session.get(host_key)
+            if session_id and session_id in self.sessions:
+                return self.sessions[session_id]
+        return None
+    def close_session(self, session_id: str) -> bool:
+        """Manually close a session"""
+        with self.lock:
+            if session_id in self.sessions:
+                self._remove_session(session_id)
+                return True
+        return False
+    def close_session_by_virtual(self, virtual_ip: str, virtual_port: int, protocol: str) -> bool:
+        """Close session by virtual endpoint"""
+        virtual_key = (virtual_ip, virtual_port, protocol)
+        with self.lock:
+            session_id = self.virtual_to_session.get(virtual_key)
+            if session_id:
+                self._remove_session(session_id)
+                return True
+        return False
+    def get_sessions(self) -> Dict[str, Dict]:
+        """Get all active sessions"""
+        with self.lock:
+            return {
+                session_id: {
+                    'virtual_ip': session.virtual_ip,
+                    'virtual_port': session.virtual_port,
+                    'real_ip': session.real_ip,
+                    'real_port': session.real_port,
+                    'host_ip': session.host_ip,
+                    'host_port': session.host_port,
+                    'protocol': session.protocol,
+                    'nat_type': session.nat_type.value,
+                    'created_time': session.created_time,
+                    'last_activity': session.last_activity,
+                    'duration': session.duration,
+                    'bytes_in': session.bytes_in,
+                    'bytes_out': session.bytes_out,
+                    'packets_in': session.packets_in,
+                    'packets_out': session.packets_out,
+                    'is_expired': session.is_expired
+                }
+                for session_id, session in self.sessions.items()
+            }
+    def get_stats(self) -> Dict:
+        """Get NAT statistics"""
+        port_stats = self.port_pool.get_stats()
+        with self.lock:
+            current_stats = self.stats.copy()
+            current_stats['active_sessions'] = len(self.sessions)
+            current_stats.update(port_stats)
+        return current_stats
+    def update_packet_stats(self, bytes_count: int):
+        """Update packet statistics"""
+        self.stats['bytes_translated'] += bytes_count
+        self.stats['packets_translated'] += 1
+    def _cleanup_loop(self):
+        """Background cleanup loop"""
+        while self.running:
+            try:
+                self._cleanup_expired_sessions()
+                time.sleep(30)  # Cleanup every 30 seconds
+            except Exception as e:
+                print(f"NAT cleanup error: {e}")
+                time.sleep(5)
+    def start(self):
+        """Start NAT engine"""
+        self.running = True
+        self.cleanup_thread = threading.Thread(target=self._cleanup_loop, daemon=True)
+        self.cleanup_thread.start()
+        print(f"NAT engine started - Host IP: {self.host_ip}, Port range: {self.port_pool.start_port}-{self.port_pool.end_port}")
+    def stop(self):
+        """Stop NAT engine"""
+        self.running = False
+        if self.cleanup_thread:
+            self.cleanup_thread.join()
+        # Close all sessions
+        with self.lock:
+            session_ids = list(self.sessions.keys())
+            for session_id in session_ids:
+                self._remove_session(session_id)
+        print("NAT engine stopped")
+    def reset_stats(self):
+        """Reset statistics"""
+        self.stats = {
+            'total_sessions': 0,
+            'active_sessions': len(self.sessions),
+            'expired_sessions': 0,
+            'port_exhaustion_events': 0,
+            'bytes_translated': 0,
+            'packets_translated': 0
+        }
+class NATRule:
+    """Represents a NAT rule for DNAT (port forwarding)"""
+    def __init__(self, external_port: int, internal_ip: str, internal_port: int,
+                 protocol: str = 'TCP', enabled: bool = True):
+        self.external_port = external_port
+        self.internal_ip = internal_ip
+        self.internal_port = internal_port
+        self.protocol = protocol.upper()
+        self.enabled = enabled
+        self.created_time = time.time()
+        self.hit_count = 0
+        self.last_hit = None
+    def matches(self, port: int, protocol: str) -> bool:
+        """Check if rule matches the given port and protocol"""
+        return (self.enabled and
+                self.external_port == port and
+                self.protocol == protocol.upper())
+    def record_hit(self):
+        """Record a rule hit"""
+        self.hit_count += 1
+        self.last_hit = time.time()
+    def to_dict(self) -> Dict:
+        """Convert rule to dictionary"""
+        return {
+            'external_port': self.external_port,
+            'internal_ip': self.internal_ip,
+            'internal_port': self.internal_port,
+            'protocol': self.protocol,
+            'enabled': self.enabled,
+            'created_time': self.created_time,
+            'hit_count': self.hit_count,
+            'last_hit': self.last_hit
+        }
+class DNATEngine:
+    """Destination NAT engine for port forwarding"""
+    def __init__(self):
+        self.rules: Dict[str, NATRule] = {}  # rule_id -> rule
+        self.lock = threading.Lock()
+    def add_rule(self, rule_id: str, external_port: int, internal_ip: str,
+                 internal_port: int, protocol: str = 'TCP') -> bool:
+        """Add DNAT rule"""
+        with self.lock:
+            if rule_id in self.rules:
+                return False
+            rule = NATRule(external_port, internal_ip, internal_port, protocol)
+            self.rules[rule_id] = rule
+            return True
+    def remove_rule(self, rule_id: str) -> bool:
+        """Remove DNAT rule"""
+        with self.lock:
+            if rule_id in self.rules:
+                del self.rules[rule_id]
+                return True
+            return False
+    def enable_rule(self, rule_id: str) -> bool:
+        """Enable DNAT rule"""
+        with self.lock:
+            if rule_id in self.rules:
+                self.rules[rule_id].enabled = True
+                return True
+            return False
+    def disable_rule(self, rule_id: str) -> bool:
+        """Disable DNAT rule"""
+        with self.lock:
+            if rule_id in self.rules:
+                self.rules[rule_id].enabled = False
+                return True
+            return False
+    def translate_inbound_dnat(self, external_port: int, protocol: str) -> Optional[Tuple[str, int]]:
+        """Translate inbound packet using DNAT rules"""
+        with self.lock:
+            for rule in self.rules.values():
+                if rule.matches(external_port, protocol):
+                    rule.record_hit()
+                    return (rule.internal_ip, rule.internal_port)
+        return None
+    def get_rules(self) -> Dict[str, Dict]:
+        """Get all DNAT rules"""
+        with self.lock:
+            return {
+                rule_id: rule.to_dict()
+                for rule_id, rule in self.rules.items()
+            }
+    def clear_rules(self):
+        """Clear all DNAT rules"""
+        with self.lock:
+            self.rules.clear()

core/openvpn_manager.py ADDED Viewed

	@@ -0,0 +1,658 @@

+"""
+OpenVPN Manager Module
+Manages OpenVPN server integration with the Virtual ISP Stack
+"""
+import os
+import json
+import subprocess
+import threading
+import time
+import logging
+from typing import Dict, List, Optional, Any
+from dataclasses import dataclass, asdict
+import ipaddress
+logger = logging.getLogger(__name__)
+@dataclass
+class VPNClient:
+    """Represents a connected VPN client"""
+    client_id: str
+    common_name: str
+    ip_address: str
+    connected_at: float
+    bytes_received: int = 0
+    bytes_sent: int = 0
+    status: str = "connected"
+    routed_through_vpn: bool = False
+@dataclass
+class VPNServerStatus:
+    """Represents VPN server status"""
+    is_running: bool
+    connected_clients: int
+    total_bytes_received: int
+    total_bytes_sent: int
+    uptime: float
+    server_ip: str
+    server_port: int
+class OpenVPNManager:
+    """Manages OpenVPN server and client connections with traffic routing"""
+    def __init__(self, config: Dict[str, Any]):
+        self.config = config
+        self.server_config_path = "/etc/openvpn/server/server.conf"
+        self.status_log_path = "/var/log/openvpn/openvpn-status.log"
+        self.clients: Dict[str, VPNClient] = {}
+        self.server_process = None
+        self.is_running = False
+        self.start_time = None
+        # VPN network configuration
+        self.vpn_network = ipaddress.IPv4Network("10.8.0.0/24")
+        self.vpn_server_ip = "10.8.0.1"
+        self.vpn_port = 1194
+        # Integration with ISP stack
+        self.dhcp_server = None
+        self.nat_engine = None
+        self.firewall = None
+        self.router = None
+        self.traffic_router = None  # New traffic router component
+        # Status monitoring thread
+        self.monitor_thread = None
+        self.monitor_running = False
+        # Client configuration storage
+        self.config_storage_path = "/tmp/vpn_client_configs"
+        os.makedirs(self.config_storage_path, exist_ok=True)
+    def set_isp_components(self, dhcp_server=None, nat_engine=None, firewall=None, router=None, traffic_router=None):
+        """Set references to ISP stack components for integration"""
+        self.dhcp_server = dhcp_server
+        self.nat_engine = nat_engine
+        self.firewall = firewall
+        self.router = router
+        self.traffic_router = traffic_router
+        # Configure traffic router with other components
+        if self.traffic_router:
+            self.traffic_router.set_components(
+                nat_engine=nat_engine,
+                firewall=firewall,
+                dhcp_server=dhcp_server
+            )
+    def start_server(self) -> bool:
+        """Start the OpenVPN server with traffic routing"""
+        try:
+            if self.is_running:
+                logger.warning("OpenVPN server is already running")
+                return True
+            # Ensure configuration exists
+            if not os.path.exists(self.server_config_path):
+                logger.error(f"OpenVPN server configuration not found: {self.server_config_path}")
+                return False
+            # Start traffic router first
+            if self.traffic_router and not self.traffic_router.is_running:
+                if not self.traffic_router.start():
+                    logger.error("Failed to start traffic router")
+                    return False
+            # Create log directory
+            os.makedirs("/var/log/openvpn", exist_ok=True)
+            # Start OpenVPN server
+            cmd = [
+                "/usr/bin/sudo", "openvpn",
+                "--config", self.server_config_path,
+                "--daemon", "openvpn-server",
+                "--log", "/var/log/openvpn/openvpn.log",
+                "--status", self.status_log_path, "10"
+            ]
+            result = subprocess.run(cmd, capture_output=True, text=True)
+            if result.returncode == 0:
+                self.is_running = True
+                self.start_time = time.time()
+                logger.info("OpenVPN server started successfully with traffic routing")
+                # Start monitoring thread
+                self.start_monitoring()
+                # Configure firewall rules for VPN
+                self._configure_vpn_firewall()
+                # Configure NAT for VPN traffic
+                self._configure_vpn_nat()
+                return True
+            else:
+                logger.error(f"Failed to start OpenVPN server: {result.stderr}")
+                return False
+        except Exception as e:
+            logger.error(f"Error starting OpenVPN server: {e}")
+            return False
+    def stop_server(self) -> bool:
+        """Stop the OpenVPN server and traffic routing"""
+        try:
+            if not self.is_running:
+                logger.warning("OpenVPN server is not running")
+                return True
+            # Stop monitoring
+            self.stop_monitoring()
+            # Remove all client routes before stopping
+            if self.traffic_router:
+                for client_id in list(self.clients.keys()):
+                    self.traffic_router.remove_client_route(client_id)
+            # Kill OpenVPN process
+            result = subprocess.run(["/usr/bin/sudo", "pkill", "-f", "openvpn.*server"],
+                                  capture_output=True, text=True)
+            # Stop traffic router
+            if self.traffic_router and self.traffic_router.is_running:
+                self.traffic_router.stop()
+            self.is_running = False
+            self.start_time = None
+            self.clients.clear()
+            logger.info("OpenVPN server and traffic routing stopped")
+            return True
+        except Exception as e:
+            logger.error(f"Error stopping OpenVPN server: {e}")
+            return False
+    def start_monitoring(self):
+        """Start the client monitoring thread"""
+        if self.monitor_thread and self.monitor_thread.is_alive():
+            return
+        self.monitor_running = True
+        self.monitor_thread = threading.Thread(target=self._monitor_clients, daemon=True)
+        self.monitor_thread.start()
+        logger.info("Started OpenVPN client monitoring")
+    def stop_monitoring(self):
+        """Stop the client monitoring thread"""
+        self.monitor_running = False
+        if self.monitor_thread:
+            self.monitor_thread.join(timeout=5)
+        logger.info("Stopped OpenVPN client monitoring")
+    def _monitor_clients(self):
+        """Monitor connected VPN clients"""
+        while self.monitor_running:
+            try:
+                self._update_client_status()
+                time.sleep(10)  # Update every 10 seconds
+            except Exception as e:
+                logger.error(f"Error monitoring VPN clients: {e}")
+                time.sleep(30)  # Wait longer on error
+    def _update_client_status(self):
+        """Update client status from OpenVPN status log and manage traffic routing"""
+        try:
+            if not os.path.exists(self.status_log_path):
+                return
+            with open(self.status_log_path, 'r') as f:
+                content = f.read()
+            # Parse OpenVPN status log
+            lines = content.split('\n')
+            client_section = False
+            routing_section = False
+            current_clients = {}
+            previous_clients = set(self.clients.keys())
+            for line in lines:
+                line = line.strip()
+                if line.startswith("OpenVPN CLIENT LIST"):
+                    client_section = True
+                    continue
+                elif line.startswith("ROUTING TABLE"):
+                    client_section = False
+                    routing_section = True
+                    continue
+                elif line.startswith("GLOBAL STATS"):
+                    routing_section = False
+                    continue
+                if client_section and line and not line.startswith("Updated,"):
+                    # Parse client line: Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
+                    parts = line.split(',')
+                    if len(parts) >= 5:
+                        common_name = parts[0]
+                        real_address = parts[1]
+                        bytes_received = int(parts[2]) if parts[2].isdigit() else 0
+                        bytes_sent = int(parts[3]) if parts[3].isdigit() else 0
+                        connected_since = parts[4]
+                        # Get VPN IP from routing table (will be parsed later)
+                        vpn_ip = "unknown"
+                        # Check if this is an existing client
+                        routed_through_vpn = False
+                        if common_name in self.clients:
+                            routed_through_vpn = self.clients[common_name].routed_through_vpn
+                        client = VPNClient(
+                            client_id=common_name,
+                            common_name=common_name,
+                            ip_address=vpn_ip,
+                            connected_at=time.time(),  # Simplified for now
+                            bytes_received=bytes_received,
+                            bytes_sent=bytes_sent,
+                            routed_through_vpn=routed_through_vpn
+                        )
+                        current_clients[common_name] = client
+                elif routing_section and line and not line.startswith("Virtual Address,"):
+                    # Parse routing line: Virtual Address,Common Name,Real Address,Last Ref
+                    parts = line.split(',')
+                    if len(parts) >= 2:
+                        vpn_ip = parts[0]
+                        common_name = parts[1]
+                        if common_name in current_clients:
+                            current_clients[common_name].ip_address = vpn_ip
+            # Handle new clients - set up traffic routing
+            new_clients = set(current_clients.keys()) - previous_clients
+            for client_id in new_clients:
+                client = current_clients[client_id]
+                if client.ip_address != "unknown" and self.traffic_router:
+                    # Add client route for free data access
+                    if self.traffic_router.add_client_route(client_id, client.ip_address):
+                        client.routed_through_vpn = True
+                        logger.info(f"Added traffic routing for new VPN client: {client_id} ({client.ip_address})")
+            # Handle disconnected clients - clean up routing
+            disconnected_clients = previous_clients - set(current_clients.keys())
+            for client_id in disconnected_clients:
+                if self.traffic_router:
+                    self.traffic_router.remove_client_route(client_id)
+                    logger.info(f"Removed traffic routing for disconnected VPN client: {client_id}")
+            # Update clients dictionary
+            self.clients = current_clients
+            # Integrate with DHCP server if available
+            if self.dhcp_server:
+                self._sync_with_dhcp()
+        except Exception as e:
+            logger.error(f"Error updating client status: {e}")
+    def _sync_with_dhcp(self):
+        """Sync VPN clients with DHCP server"""
+        try:
+            for client in self.clients.values():
+                if client.ip_address != "unknown":
+                    # Register VPN client IP with DHCP server
+                    # This allows the ISP stack to track VPN clients
+                    if hasattr(self.dhcp_server, 'register_static_lease'):
+                        self.dhcp_server.register_static_lease(
+                            client.common_name,
+                            client.ip_address,
+                            "VPN Client"
+                        )
+        except Exception as e:
+            logger.error(f"Error syncing with DHCP: {e}")
+    def _configure_vpn_firewall(self):
+        """Configure firewall rules for VPN traffic"""
+        try:
+            if not self.firewall:
+                return
+            # Add firewall rules for VPN
+            vpn_rules = [
+                {
+                    "rule_id": "allow_openvpn",
+                    "priority": 10,
+                    "action": "ACCEPT",
+                    "direction": "BOTH",
+                    "dest_port": str(self.vpn_port),
+                    "protocol": "UDP",
+                    "description": "Allow OpenVPN traffic",
+                    "enabled": True
+                },
+                {
+                    "rule_id": "allow_vpn_network",
+                    "priority": 11,
+                    "action": "ACCEPT",
+                    "direction": "BOTH",
+                    "source_network": str(self.vpn_network),
+                    "description": "Allow VPN client network traffic",
+                    "enabled": True
+                }
+            ]
+            for rule in vpn_rules:
+                if hasattr(self.firewall, 'add_rule'):
+                    self.firewall.add_rule(rule)
+            logger.info("Configured firewall rules for VPN")
+        except Exception as e:
+            logger.error(f"Error configuring VPN firewall: {e}")
+    def _configure_vpn_nat(self):
+        """Configure NAT for VPN traffic"""
+        try:
+            # NAT configuration will be handled by the external environment (e.g., HuggingFace Spaces setup)
+            # or by the underlying network infrastructure. We are removing direct iptables calls.
+            logger.info("Skipping direct iptables NAT configuration as per instructions.")
+        except Exception as e:
+            logger.error(f"Error configuring VPN NAT: {e}")
+    def get_server_status(self) -> VPNServerStatus:
+        """Get current server status"""
+        total_bytes_received = sum(client.bytes_received for client in self.clients.values())
+        total_bytes_sent = sum(client.bytes_sent for client in self.clients.values())
+        uptime = time.time() - self.start_time if self.start_time else 0
+        return VPNServerStatus(
+            is_running=self.is_running,
+            connected_clients=len(self.clients),
+            total_bytes_received=total_bytes_received,
+            total_bytes_sent=total_bytes_sent,
+            uptime=uptime,
+            server_ip=self.vpn_server_ip,
+            server_port=self.vpn_port
+        )
+    def get_connected_clients(self) -> List[Dict[str, Any]]:
+        """Get list of connected clients"""
+        return [asdict(client) for client in self.clients.values()]
+    def disconnect_client(self, client_id: str) -> bool:
+        """Disconnect a specific client"""
+        try:
+            if client_id not in self.clients:
+                return False
+            # Send kill signal to specific client
+            # This requires OpenVPN management interface, simplified for now
+            logger.info(f"Disconnecting client: {client_id}")
+            # Remove from clients dict
+            del self.clients[client_id]
+            return True
+        except Exception as e:
+            logger.error(f"Error disconnecting client {client_id}: {e}")
+            return False
+    def generate_client_config(self, client_name: str, server_ip: str) -> str:
+        """Generate client configuration file with embedded certificates"""
+        try:
+            # Read real CA certificate
+            ca_cert_path = "/etc/openvpn/server/ca.crt"
+            try:
+                with open(ca_cert_path, 'r') as f:
+                    ca_cert = f.read()
+            except FileNotFoundError:
+                # Fallback to embedded certificate for development
+                ca_cert = """-----BEGIN CERTIFICATE-----
+MIIDMzCCAhugAwIBAgIUNO765P4t/yD/PnIFTMVs0Q32TJYwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDeWVzMB4XDTI1MDgwMjAxMjkzNVoXDTM1MDczMTAxMjkz
+NVowDjEMMAoGA1UEAwwDeWVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAtwhMGXouHnHBRd2RhdrW8sOMgqt4wDXZC0J+4UMjOX6Y7t2O1Sgw/sWhwFPk
+QF/cMoQIvsucklPogcnzzGtv9zDkAXyVyCC27UYbg8JfWZK3ZMrt6dfEmYf4KKXm
+D6PLn9guxzBB63dhEWx/7fd6H9C/rK/u0rOh15DQRnfEI468cmXS5uNg8ke/73+y
+Gzb6q7ZOFByBAwM0hW0lStBaIIcxouFrIK8B72O8H+6t10K1GvgiBhKvM3cc8dpN
+y4qvRoN/o+eXarZG7G9dfm9OFgdd9LoXPTTbO+ftFPKOq4F41PnMd2Zcyk7P3GCr
+3oK7NbISxZ5efLpy45lgSpqKBwIDAQABo4GIMIGFMB0GA1UdDgQWBBQIi0Er30cV
+Qzi+U/LPV4Lf3yvGIzBJBgNVHSMEQjBAgBQIi0Er30cVQzi+U/LPV4Lf3yvGI6ES
+pBAwDjEMMAoGA1UEAwwDeWVzghQ07vrk/i3/IP8+cgVMxWzRDfZMljAMBgNVHRME
+BTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAHzfSFbi1G7WC
+vMSOqSv4/jlBExnz/AlLUBHhgDomIdLK8Pb3tyCD5IYkmi0NT5x6DORcOV2ow1JZ
+o4BL7OVV+fhz3VKXEpG+s3gq5j2m+raqLtu6QKBGg7SIUZ4MLjggvAcPjsK+n8sK
+86sAUFVTccBxJlKBShAUPSNihyWwxB4PQFvwhefNQSoID1kAB2Fzf1beMX6Gp6Lj
+ldI6e63lpYtIbp4+2F5SxJ/hGTUx+nWbOAHPvhBfhN6sEu9G1C5KPR0cm+xxOpZ9
+lA7y4Dea7pyVybR/b7lFquE3TReXCoLx79UNNSv8erIlsy1jh9yXDnTCk8SN1dpO
+YwJ9U0AHXA==
+-----END CERTIFICATE-----"""
+            # Sample client certificate (in production, generate unique per client)
+            client_cert = f"""-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIU{client_name}1234567890abcdefghijklmnopqrstuvwxyz
+ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz1234567
+890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz12345
+67890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz123
+4567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1
+234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxy
+z1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuv
+wxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrs
+tuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmno
+pqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghij
+klmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcd
+efghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567
+890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxy
+z1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnop
+qrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcde
+fghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz12
+34567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijk
+lmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz12
+34567890abcdefghijklmnopqrstuvwxyz1234567890abc
+defghijklmnopqrstuvwxyz1234567890abcdefg
+hijklmnopqrstuvwxyz1234567890
+abcdefghijklmnopqr
+stuvwxyz12345
+67890abc
+def
+-----END CERTIFICATE-----"""
+            # Sample client private key (in production, generate unique per client)
+            client_key = f"""-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC{client_name}1234567
+890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz123456
+7890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz12345
+67890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234
+567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz123
+4567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz12
+34567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1
+234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxy
+z1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuv
+wxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrs
+tuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmno
+pqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghij
+klmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcd
+efghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567
+890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxy
+z1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnop
+qrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234567890abcde
+fghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz12
+34567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijk
+lmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz12
+34567890abcdefghijklmnopqrstuvwxyz1234567890abc
+defghijklmnopqrstuvwxyz1234567890abcdefg
+hijklmnopqrstuvwxyz1234567890
+abcdefghijklmnopqr
+stuvwxyz12345
+67890abc
+defghijk
+lmnopqr
+stuv
+-----END PRIVATE KEY-----"""
+            # Generate complete client configuration
+            client_config = f"""# OpenVPN Client Configuration for {client_name}
+# Generated by Virtual ISP Stack
+# Server: {server_ip}:{self.vpn_port}
+client
+dev tun
+proto udp
+remote {server_ip} {self.vpn_port}
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+cipher AES-256-CBC
+auth SHA256
+verb 3
+key-direction 1
+redirect-gateway def1 bypass-dhcp
+dhcp-option DNS 8.8.8.8
+dhcp-option DNS 8.8.4.4
+remote-cert-tls server
+# Embedded CA Certificate
+<ca>
+{ca_cert}
+</ca>
+# Embedded Client Certificate
+<cert>
+{client_cert}
+</cert>
+# Embedded Client Private Key
+<key>
+{client_key}
+</key>
+# TLS Authentication Key (optional, for extra security)
+# <tls-auth>
+# -----BEGIN OpenVPN Static key V1-----
+# [TLS-AUTH-KEY-CONTENT-WOULD-GO-HERE]
+# -----END OpenVPN Static key V1-----
+# </tls-auth>
+"""
+            logger.info(f"Generated client configuration for {client_name}")
+            return client_config
+        except Exception as e:
+            logger.error(f"Error generating client config: {e}")
+            return ""
+    def save_client_config(self, client_name: str, config_content: str) -> bool:
+        """Save client configuration to storage"""
+        try:
+            config_file_path = os.path.join(self.config_storage_path, f"{client_name}.ovpn")
+            with open(config_file_path, 'w') as f:
+                f.write(config_content)
+            logger.info(f"Saved client configuration for {client_name}")
+            return True
+        except Exception as e:
+            logger.error(f"Error saving client config for {client_name}: {e}")
+            return False
+    def load_client_config(self, client_name: str) -> str:
+        """Load client configuration from storage"""
+        try:
+            config_file_path = os.path.join(self.config_storage_path, f"{client_name}.ovpn")
+            if not os.path.exists(config_file_path):
+                return ""
+            with open(config_file_path, 'r') as f:
+                config_content = f.read()
+            logger.info(f"Loaded client configuration for {client_name}")
+            return config_content
+        except Exception as e:
+            logger.error(f"Error loading client config for {client_name}: {e}")
+            return ""
+    def list_client_configs(self) -> List[str]:
+        """List all stored client configurations"""
+        try:
+            config_files = []
+            if os.path.exists(self.config_storage_path):
+                for filename in os.listdir(self.config_storage_path):
+                    if filename.endswith('.ovpn'):
+                        client_name = filename[:-5]  # Remove .ovpn extension
+                        config_files.append(client_name)
+            return config_files
+        except Exception as e:
+            logger.error(f"Error listing client configs: {e}")
+            return []
+    def delete_client_config(self, client_name: str) -> bool:
+        """Delete client configuration from storage"""
+        try:
+            config_file_path = os.path.join(self.config_storage_path, f"{client_name}.ovpn")
+            if os.path.exists(config_file_path):
+                os.remove(config_file_path)
+                logger.info(f"Deleted client configuration for {client_name}")
+                return True
+            else:
+                logger.warning(f"Client configuration for {client_name} not found")
+                return False
+        except Exception as e:
+            logger.error(f"Error deleting client config for {client_name}: {e}")
+            return False
+    def generate_and_save_client_config(self, client_name: str, server_ip: str) -> str:
+        """Generate client configuration and save it to storage"""
+        try:
+            config_content = self.generate_client_config(client_name, server_ip)
+            if config_content:
+                if self.save_client_config(client_name, config_content):
+                    return config_content
+            return ""
+        except Exception as e:
+            logger.error(f"Error generating and saving client config for {client_name}: {e}")
+            return ""
+    def get_statistics(self) -> Dict[str, Any]:
+        """Get comprehensive VPN statistics"""
+        status = self.get_server_status()
+        return {
+            "server_status": asdict(status),
+            "connected_clients": self.get_connected_clients(),
+            "network_config": {
+                "vpn_network": str(self.vpn_network),
+                "server_ip": self.vpn_server_ip,
+                "server_port": self.vpn_port
+            },
+            "integration_status": {
+                "dhcp_integrated": self.dhcp_server is not None,
+                "nat_integrated": self.nat_engine is not None,
+                "firewall_integrated": self.firewall is not None,
+                "router_integrated": self.router is not None
+            }
+        }
+# Global OpenVPN manager instance
+openvpn_manager = None
+def initialize_openvpn_manager(config: Dict[str, Any]) -> OpenVPNManager:
+    """Initialize the OpenVPN manager"""
+    global openvpn_manager
+    openvpn_manager = OpenVPNManager(config)
+    return openvpn_manager
+def get_openvpn_manager() -> Optional[OpenVPNManager]:
+    """Get the global OpenVPN manager instance"""
+    return openvpn_manager

core/packet_bridge.py ADDED Viewed

	@@ -0,0 +1,664 @@

+"""
+Packet Bridge Module
+Handles communication with virtual clients:
+- Accept packet streams over WebSocket/TCP
+- Deliver response packets back to clients
+- Frame processing (Ethernet → IPv4)
+- Connection management
+"""
+import asyncio
+import websockets
+import socket
+import threading
+import time
+import struct
+from typing import Dict, List, Optional, Callable, Set, Any, Tuple
+from dataclasses import dataclass
+from enum import Enum
+import json
+import logging
+from .ip_parser import IPParser, ParsedPacket
+class BridgeType(Enum):
+    WEBSOCKET = "WEBSOCKET"
+    TCP_SOCKET = "TCP_SOCKET"
+    UDP_SOCKET = "UDP_SOCKET"
+@dataclass
+class ClientConnection:
+    """Represents a client connection to the bridge"""
+    client_id: str
+    bridge_type: BridgeType
+    remote_address: str
+    remote_port: int
+    websocket: Optional[Any] = None  # WebSocket connection
+    socket: Optional['socket.socket'] = None  # TCP/UDP socket
+    connected_time: float = 0
+    last_activity: float = 0
+    packets_received: int = 0
+    packets_sent: int = 0
+    bytes_received: int = 0
+    bytes_sent: int = 0
+    is_active: bool = True
+    def __post_init__(self):
+        if self.connected_time == 0:
+            self.connected_time = time.time()
+        if self.last_activity == 0:
+            self.last_activity = time.time()
+    def update_activity(self, packet_count: int = 1, byte_count: int = 0, direction: str = 'received'):
+        """Update connection activity"""
+        self.last_activity = time.time()
+        if direction == 'received':
+            self.packets_received += packet_count
+            self.bytes_received += byte_count
+        else:
+            self.packets_sent += packet_count
+            self.bytes_sent += byte_count
+    def to_dict(self) -> Dict:
+        """Convert to dictionary"""
+        return {
+            'client_id': self.client_id,
+            'bridge_type': self.bridge_type.value,
+            'remote_address': self.remote_address,
+            'remote_port': self.remote_port,
+            'connected_time': self.connected_time,
+            'last_activity': self.last_activity,
+            'packets_received': self.packets_received,
+            'packets_sent': self.packets_sent,
+            'bytes_received': self.bytes_received,
+            'bytes_sent': self.bytes_sent,
+            'is_active': self.is_active,
+            'duration': time.time() - self.connected_time
+        }
+class EthernetFrame:
+    """Ethernet frame parser"""
+    def __init__(self):
+        self.dest_mac = b'\x00' * 6
+        self.src_mac = b'\x00' * 6
+        self.ethertype = 0x0800  # IPv4
+        self.payload = b''
+    @classmethod
+    def parse(cls, data: bytes) -> Optional['EthernetFrame']:
+        """Parse Ethernet frame from raw bytes"""
+        if len(data) < 14:  # Minimum Ethernet header size
+            return None
+        frame = cls()
+        frame.dest_mac = data[0:6]
+        frame.src_mac = data[6:12]
+        frame.ethertype = struct.unpack('!H', data[12:14])[0]
+        frame.payload = data[14:]
+        return frame
+    def build(self) -> bytes:
+        """Build Ethernet frame as bytes"""
+        header = self.dest_mac + self.src_mac + struct.pack('!H', self.ethertype)
+        return header + self.payload
+    def is_ipv4(self) -> bool:
+        """Check if frame contains IPv4 packet"""
+        return self.ethertype == 0x0800
+    def is_arp(self) -> bool:
+        """Check if frame contains ARP packet"""
+        return self.ethertype == 0x0806
+class PacketBridge:
+    """Packet bridge implementation"""
+    def __init__(self, config: Dict):
+        self.config = config
+        self.clients: Dict[str, ClientConnection] = {}
+        self.packet_handlers: List[Callable[[ParsedPacket, str], Optional[bytes]]] = []
+        self.lock = threading.Lock()
+        # Configuration
+        self.websocket_host = config.get('websocket_host', '0.0.0.0')
+        self.websocket_port = config.get('websocket_port', 8765)
+        self.tcp_host = config.get('tcp_host', '0.0.0.0')
+        self.tcp_port = config.get('tcp_port', 8766)
+        self.max_clients = config.get('max_clients', 100)
+        self.client_timeout = config.get('client_timeout', 300)
+        # WebSocket server
+        self.websocket_server = None
+        self.tcp_server_socket = None
+        # Background tasks
+        self.running = False
+        self.websocket_task = None
+        self.tcp_task = None
+        self.cleanup_task = None
+        # Statistics
+        self.stats = {
+            'total_clients': 0,
+            'active_clients': 0,
+            'packets_processed': 0,
+            'packets_forwarded': 0,
+            'packets_dropped': 0,
+            'bytes_processed': 0,
+            'websocket_connections': 0,
+            'tcp_connections': 0,
+            'connection_errors': 0
+        }
+        # Event loop
+        self.loop = None
+    def add_packet_handler(self, handler: Callable[[ParsedPacket, str], Optional[bytes]]):
+        """Add packet handler function"""
+        self.packet_handlers.append(handler)
+    def remove_packet_handler(self, handler: Callable[[ParsedPacket, str], Optional[bytes]]):
+        """Remove packet handler function"""
+        if handler in self.packet_handlers:
+            self.packet_handlers.remove(handler)
+    def _generate_client_id(self, remote_address: str, remote_port: int) -> str:
+        """Generate unique client ID"""
+        timestamp = int(time.time() * 1000)
+        return f"client_{remote_address}_{remote_port}_{timestamp}"
+    def _process_ethernet_frame(self, frame_data: bytes, client_id: str) -> Optional[bytes]:
+        """Process Ethernet frame and extract IP packet"""
+        try:
+            # Parse Ethernet frame
+            frame = EthernetFrame.parse(frame_data)
+            if not frame or not frame.is_ipv4():
+                return None
+            # Parse IP packet
+            packet = IPParser.parse_packet(frame.payload)
+            self.stats['packets_processed'] += 1
+            self.stats['bytes_processed'] += len(frame_data)
+            # Process through packet handlers
+            response_packet = None
+            for handler in self.packet_handlers:
+                try:
+                    response = handler(packet, client_id)
+                    if response:
+                        response_packet = response
+                        break
+                except Exception as e:
+                    logging.error(f"Packet handler error: {e}")
+            if response_packet:
+                # Wrap response in Ethernet frame
+                response_frame = EthernetFrame()
+                response_frame.dest_mac = frame.src_mac
+                response_frame.src_mac = frame.dest_mac
+                response_frame.ethertype = 0x0800
+                response_frame.payload = response_packet
+                self.stats['packets_forwarded'] += 1
+                return response_frame.build()
+            else:
+                self.stats['packets_dropped'] += 1
+                return None
+        except Exception as e:
+            logging.error(f"Error processing Ethernet frame: {e}")
+            self.stats['packets_dropped'] += 1
+            return None
+    async def _handle_websocket_client(self, websocket, path):
+        """Handle WebSocket client connection"""
+        client_address = websocket.remote_address
+        client_id = self._generate_client_id(client_address[0], client_address[1])
+        # Create client connection
+        client = ClientConnection(
+            client_id=client_id,
+            bridge_type=BridgeType.WEBSOCKET,
+            remote_address=client_address[0],
+            remote_port=client_address[1],
+            websocket=websocket
+        )
+        with self.lock:
+            if len(self.clients) >= self.max_clients:
+                await websocket.close(code=1013, reason="Too many clients")
+                return
+            self.clients[client_id] = client
+        self.stats['total_clients'] += 1
+        self.stats['active_clients'] = len(self.clients)
+        self.stats['websocket_connections'] += 1
+        logging.info(f"WebSocket client connected: {client_id} from {client_address}")
+        try:
+            async for message in websocket:
+                if isinstance(message, bytes):
+                    # Binary message - treat as Ethernet frame
+                    client.update_activity(1, len(message), 'received')
+                    response = self._process_ethernet_frame(message, client_id)
+                    if response:
+                        await websocket.send(response)
+                        client.update_activity(1, len(response), 'sent')
+                elif isinstance(message, str):
+                    # Text message - treat as control message
+                    try:
+                        control_msg = json.loads(message)
+                        await self._handle_control_message(client, control_msg)
+                    except json.JSONDecodeError:
+                        logging.warning(f"Invalid control message from {client_id}: {message}")
+        except websockets.exceptions.ConnectionClosed:
+            logging.info(f"WebSocket client disconnected: {client_id}")
+        except Exception as e:
+            logging.error(f"WebSocket client error: {e}")
+            self.stats['connection_errors'] += 1
+        finally:
+            # Clean up client
+            with self.lock:
+                if client_id in self.clients:
+                    self.clients[client_id].is_active = False
+                    del self.clients[client_id]
+            self.stats['active_clients'] = len(self.clients)
+    async def _handle_control_message(self, client: ClientConnection, message: Dict):
+        """Handle control message from client"""
+        msg_type = message.get('type')
+        if msg_type == 'ping':
+            # Respond to ping
+            response = {'type': 'pong', 'timestamp': time.time()}
+            await client.websocket.send(json.dumps(response))
+        elif msg_type == 'stats':
+            # Send client statistics
+            response = {
+                'type': 'stats',
+                'client_stats': client.to_dict(),
+                'bridge_stats': self.get_stats()
+            }
+            await client.websocket.send(json.dumps(response))
+        elif msg_type == 'config':
+            # Handle configuration updates
+            config_data = message.get('data', {})
+            # Process configuration updates here
+            response = {'type': 'config_ack', 'status': 'ok'}
+            await client.websocket.send(json.dumps(response))
+    def _handle_tcp_client(self, client_socket: socket.socket, client_address: Tuple[str, int]):
+        """Handle TCP client connection"""
+        client_id = self._generate_client_id(client_address[0], client_address[1])
+        # Create client connection
+        client = ClientConnection(
+            client_id=client_id,
+            bridge_type=BridgeType.TCP_SOCKET,
+            remote_address=client_address[0],
+            remote_port=client_address[1],
+            socket=client_socket
+        )
+        with self.lock:
+            if len(self.clients) >= self.max_clients:
+                client_socket.close()
+                return
+            self.clients[client_id] = client
+        self.stats['total_clients'] += 1
+        self.stats['active_clients'] = len(self.clients)
+        self.stats['tcp_connections'] += 1
+        logging.info(f"TCP client connected: {client_id} from {client_address}")
+        try:
+            client_socket.settimeout(self.client_timeout)
+            while client.is_active:
+                try:
+                    # Read frame length (4 bytes)
+                    length_data = client_socket.recv(4)
+                    if not length_data:
+                        break
+                    frame_length = struct.unpack('!I', length_data)[0]
+                    if frame_length > 65536:  # Sanity check
+                        break
+                    # Read frame data
+                    frame_data = b''
+                    while len(frame_data) < frame_length:
+                        chunk = client_socket.recv(frame_length - len(frame_data))
+                        if not chunk:
+                            break
+                        frame_data += chunk
+                    if len(frame_data) != frame_length:
+                        break
+                    client.update_activity(1, len(frame_data), 'received')
+                    # Process frame
+                    response = self._process_ethernet_frame(frame_data, client_id)
+                    if response:
+                        # Send response with length prefix
+                        response_length = struct.pack('!I', len(response))
+                        client_socket.send(response_length + response)
+                        client.update_activity(1, len(response), 'sent')
+                except socket.timeout:
+                    continue
+                except Exception as e:
+                    logging.error(f"TCP client error: {e}")
+                    break
+        except Exception as e:
+            logging.error(f"TCP client handler error: {e}")
+            self.stats['connection_errors'] += 1
+        finally:
+            # Clean up client
+            try:
+                client_socket.close()
+            except:
+                pass
+            with self.lock:
+                if client_id in self.clients:
+                    self.clients[client_id].is_active = False
+                    del self.clients[client_id]
+            self.stats['active_clients'] = len(self.clients)
+            logging.info(f"TCP client disconnected: {client_id}")
+    def _tcp_server_loop(self):
+        """TCP server loop"""
+        try:
+            self.tcp_server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            self.tcp_server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+            self.tcp_server_socket.bind((self.tcp_host, self.tcp_port))
+            self.tcp_server_socket.listen(10)
+            logging.info(f"TCP bridge server listening on {self.tcp_host}:{self.tcp_port}")
+            while self.running:
+                try:
+                    client_socket, client_address = self.tcp_server_socket.accept()
+                    # Handle client in separate thread
+                    client_thread = threading.Thread(
+                        target=self._handle_tcp_client,
+                        args=(client_socket, client_address),
+                        daemon=True
+                    )
+                    client_thread.start()
+                except socket.error as e:
+                    if self.running:
+                        logging.error(f"TCP server error: {e}")
+                        time.sleep(1)
+        except Exception as e:
+            logging.error(f"TCP server loop error: {e}")
+        finally:
+            if self.tcp_server_socket:
+                self.tcp_server_socket.close()
+    def _cleanup_loop(self):
+        """Background cleanup loop"""
+        while self.running:
+            try:
+                current_time = time.time()
+                expired_clients = []
+                with self.lock:
+                    for client_id, client in self.clients.items():
+                        # Mark inactive clients for removal
+                        if current_time - client.last_activity > self.client_timeout:
+                            expired_clients.append(client_id)
+                # Clean up expired clients
+                for client_id in expired_clients:
+                    with self.lock:
+                        if client_id in self.clients:
+                            client = self.clients[client_id]
+                            client.is_active = False
+                            # Close connections
+                            if client.websocket:
+                                try:
+                                    asyncio.run_coroutine_threadsafe(
+                                        client.websocket.close(),
+                                        self.loop
+                                    )
+                                except:
+                                    pass
+                            if client.socket:
+                                try:
+                                    client.socket.close()
+                                except:
+                                    pass
+                            del self.clients[client_id]
+                            logging.info(f"Cleaned up expired client: {client_id}")
+                self.stats['active_clients'] = len(self.clients)
+                time.sleep(30)  # Cleanup every 30 seconds
+            except Exception as e:
+                logging.error(f"Cleanup loop error: {e}")
+                time.sleep(5)
+    def send_packet_to_client(self, client_id: str, packet_data: bytes) -> bool:
+        """Send packet to specific client"""
+        with self.lock:
+            client = self.clients.get(client_id)
+        if not client or not client.is_active:
+            return False
+        try:
+            if client.bridge_type == BridgeType.WEBSOCKET:
+                # Send via WebSocket
+                if client.websocket:
+                    asyncio.run_coroutine_threadsafe(
+                        client.websocket.send(packet_data),
+                        self.loop
+                    )
+                    client.update_activity(1, len(packet_data), 'sent')
+                    return True
+            elif client.bridge_type == BridgeType.TCP_SOCKET:
+                # Send via TCP socket with length prefix
+                if client.socket:
+                    length_prefix = struct.pack('!I', len(packet_data))
+                    client.socket.send(length_prefix + packet_data)
+                    client.update_activity(1, len(packet_data), 'sent')
+                    return True
+        except Exception as e:
+            logging.error(f"Failed to send packet to client {client_id}: {e}")
+            # Mark client as inactive
+            client.is_active = False
+        return False
+    def broadcast_packet(self, packet_data: bytes, exclude_client: Optional[str] = None) -> int:
+        """Broadcast packet to all clients"""
+        sent_count = 0
+        with self.lock:
+            client_ids = list(self.clients.keys())
+        for client_id in client_ids:
+            if client_id != exclude_client:
+                if self.send_packet_to_client(client_id, packet_data):
+                    sent_count += 1
+        return sent_count
+    def get_clients(self) -> Dict[str, Dict]:
+        """Get all connected clients"""
+        with self.lock:
+            return {
+                client_id: client.to_dict()
+                for client_id, client in self.clients.items()
+            }
+    def get_client(self, client_id: str) -> Optional[Dict]:
+        """Get specific client"""
+        with self.lock:
+            client = self.clients.get(client_id)
+            return client.to_dict() if client else None
+    def disconnect_client(self, client_id: str) -> bool:
+        """Disconnect specific client"""
+        with self.lock:
+            client = self.clients.get(client_id)
+            if not client:
+                return False
+            client.is_active = False
+            # Close connection
+            if client.websocket:
+                try:
+                    asyncio.run_coroutine_threadsafe(
+                        client.websocket.close(),
+                        self.loop
+                    )
+                except:
+                    pass
+            if client.socket:
+                try:
+                    client.socket.close()
+                except:
+                    pass
+            del self.clients[client_id]
+            self.stats['active_clients'] = len(self.clients)
+            return True
+    def get_stats(self) -> Dict:
+        """Get bridge statistics"""
+        with self.lock:
+            stats = self.stats.copy()
+            stats['active_clients'] = len(self.clients)
+        return stats
+    def reset_stats(self):
+        """Reset bridge statistics"""
+        self.stats = {
+            'total_clients': 0,
+            'active_clients': len(self.clients),
+            'packets_processed': 0,
+            'packets_forwarded': 0,
+            'packets_dropped': 0,
+            'bytes_processed': 0,
+            'websocket_connections': 0,
+            'tcp_connections': 0,
+            'connection_errors': 0
+        }
+    async def start_websocket_server(self):
+        """Start WebSocket server"""
+        try:
+            self.websocket_server = await websockets.serve(
+                self._handle_websocket_client,
+                self.websocket_host,
+                self.websocket_port,
+                max_size=1024*1024,  # 1MB max message size
+                ping_interval=30,
+                ping_timeout=10
+            )
+            logging.info(f"WebSocket bridge server started on {self.websocket_host}:{self.websocket_port}")
+            # Keep server running
+            await self.websocket_server.wait_closed()
+        except Exception as e:
+            logging.error(f"WebSocket server error: {e}")
+    def start(self):
+        """Start packet bridge"""
+        self.running = True
+        # Start event loop
+        self.loop = asyncio.new_event_loop()
+        asyncio.set_event_loop(self.loop)
+        # Start WebSocket server in a separate thread
+        websocket_thread = threading.Thread(target=self._run_websocket_server_in_thread, daemon=True)
+        websocket_thread.start()
+        # Start TCP server in separate thread
+        tcp_thread = threading.Thread(target=self._tcp_server_loop, daemon=True)
+        tcp_thread.start()
+        # Start cleanup thread
+        cleanup_thread = threading.Thread(target=self._cleanup_loop, daemon=True)
+        cleanup_thread.start()
+        logging.info("Packet bridge started")
+    def stop(self):
+        """Stop packet bridge"""
+        self.running = False
+        # Close WebSocket server
+        if self.websocket_server:
+            self.websocket_server.close()
+        # Close TCP server
+        if self.tcp_server_socket:
+            self.tcp_server_socket.close()
+        # Disconnect all clients
+        with self.lock:
+            client_ids = list(self.clients.keys())
+        for client_id in client_ids:
+            self.disconnect_client(client_id)
+        # Stop event loop
+        if self.loop and not self.loop.is_closed():
+            self.loop.call_soon_threadsafe(self.loop.stop)
+        logging.info("Packet bridge stopped")
+    def _run_websocket_server_in_thread(self):
+        """Run the WebSocket server in a separate thread with its own event loop."""
+        asyncio.set_event_loop(self.loop)
+        self.loop.run_until_complete(self.start_websocket_server())

core/session_tracker.py ADDED Viewed

	@@ -0,0 +1,602 @@

+"""
+Session Tracker Module
+Manages and tracks all network sessions across the virtual ISP stack:
+- Unified session management across all modules
+- Session lifecycle tracking
+- Performance metrics and analytics
+- Session correlation and debugging
+"""
+import time
+import threading
+import uuid
+from typing import Dict, List, Optional, Set, Any, Tuple
+from dataclasses import dataclass, field
+from enum import Enum
+import json
+from .dhcp_server import DHCPLease
+from .nat_engine import NATSession
+from .tcp_engine import TCPConnection
+from .socket_translator import SocketConnection
+class SessionType(Enum):
+    DHCP_LEASE = "DHCP_LEASE"
+    NAT_SESSION = "NAT_SESSION"
+    TCP_CONNECTION = "TCP_CONNECTION"
+    SOCKET_CONNECTION = "SOCKET_CONNECTION"
+    BRIDGE_CLIENT = "BRIDGE_CLIENT"
+class SessionState(Enum):
+    INITIALIZING = "INITIALIZING"
+    ACTIVE = "ACTIVE"
+    IDLE = "IDLE"
+    CLOSING = "CLOSING"
+    CLOSED = "CLOSED"
+    ERROR = "ERROR"
+@dataclass
+class SessionMetrics:
+    """Session performance metrics"""
+    bytes_in: int = 0
+    bytes_out: int = 0
+    packets_in: int = 0
+    packets_out: int = 0
+    errors: int = 0
+    retransmits: int = 0
+    rtt_samples: List[float] = field(default_factory=list)
+    @property
+    def total_bytes(self) -> int:
+        return self.bytes_in + self.bytes_out
+    @property
+    def total_packets(self) -> int:
+        return self.packets_in + self.packets_out
+    @property
+    def average_rtt(self) -> float:
+        return sum(self.rtt_samples) / len(self.rtt_samples) if self.rtt_samples else 0.0
+    def update_bytes(self, bytes_in: int = 0, bytes_out: int = 0):
+        """Update byte counters"""
+        self.bytes_in += bytes_in
+        self.bytes_out += bytes_out
+    def update_packets(self, packets_in: int = 0, packets_out: int = 0):
+        """Update packet counters"""
+        self.packets_in += packets_in
+        self.packets_out += packets_out
+    def add_rtt_sample(self, rtt: float):
+        """Add RTT sample"""
+        self.rtt_samples.append(rtt)
+        # Keep only last 100 samples
+        if len(self.rtt_samples) > 100:
+            self.rtt_samples = self.rtt_samples[-100:]
+    def to_dict(self) -> Dict:
+        """Convert to dictionary"""
+        return {
+            'bytes_in': self.bytes_in,
+            'bytes_out': self.bytes_out,
+            'packets_in': self.packets_in,
+            'packets_out': self.packets_out,
+            'total_bytes': self.total_bytes,
+            'total_packets': self.total_packets,
+            'errors': self.errors,
+            'retransmits': self.retransmits,
+            'average_rtt': self.average_rtt,
+            'rtt_samples_count': len(self.rtt_samples)
+        }
+@dataclass
+class UnifiedSession:
+    """Unified session representation"""
+    session_id: str
+    session_type: SessionType
+    state: SessionState
+    created_time: float
+    last_activity: float
+    # Session identifiers
+    virtual_ip: Optional[str] = None
+    virtual_port: Optional[int] = None
+    real_ip: Optional[str] = None
+    real_port: Optional[int] = None
+    protocol: Optional[str] = None
+    # Related sessions (for correlation)
+    related_sessions: Set[str] = field(default_factory=set)
+    parent_session: Optional[str] = None
+    child_sessions: Set[str] = field(default_factory=set)
+    # Metrics
+    metrics: SessionMetrics = field(default_factory=SessionMetrics)
+    # Additional data
+    metadata: Dict[str, Any] = field(default_factory=dict)
+    def __post_init__(self):
+        if not self.session_id:
+            self.session_id = str(uuid.uuid4())
+        if self.created_time == 0:
+            self.created_time = time.time()
+        if self.last_activity == 0:
+            self.last_activity = time.time()
+    def update_activity(self):
+        """Update last activity timestamp"""
+        self.last_activity = time.time()
+    def add_related_session(self, session_id: str):
+        """Add related session"""
+        self.related_sessions.add(session_id)
+    def add_child_session(self, session_id: str):
+        """Add child session"""
+        self.child_sessions.add(session_id)
+    def set_parent_session(self, session_id: str):
+        """Set parent session"""
+        self.parent_session = session_id
+    @property
+    def duration(self) -> float:
+        """Get session duration in seconds"""
+        return time.time() - self.created_time
+    @property
+    def idle_time(self) -> float:
+        """Get idle time in seconds"""
+        return time.time() - self.last_activity
+    def to_dict(self) -> Dict:
+        """Convert to dictionary"""
+        return {
+            'session_id': self.session_id,
+            'session_type': self.session_type.value,
+            'state': self.state.value,
+            'created_time': self.created_time,
+            'last_activity': self.last_activity,
+            'duration': self.duration,
+            'idle_time': self.idle_time,
+            'virtual_ip': self.virtual_ip,
+            'virtual_port': self.virtual_port,
+            'real_ip': self.real_ip,
+            'real_port': self.real_port,
+            'protocol': self.protocol,
+            'related_sessions': list(self.related_sessions),
+            'parent_session': self.parent_session,
+            'child_sessions': list(self.child_sessions),
+            'metrics': self.metrics.to_dict(),
+            'metadata': self.metadata
+        }
+class SessionTracker:
+    """Unified session tracker"""
+    def __init__(self, config: Dict):
+        self.config = config
+        self.sessions: Dict[str, UnifiedSession] = {}
+        self.session_index: Dict[Tuple[str, str], Set[str]] = {}  # (type, key) -> session_ids
+        self.lock = threading.Lock()
+        # Configuration
+        self.max_sessions = config.get('max_sessions', 10000)
+        self.session_timeout = config.get('session_timeout', 3600)
+        self.cleanup_interval = config.get('cleanup_interval', 300)
+        self.metrics_retention = config.get('metrics_retention', 86400)  # 24 hours
+        # Statistics
+        self.stats = {
+            'total_sessions': 0,
+            'active_sessions': 0,
+            'expired_sessions': 0,
+            'session_types': {t.value: 0 for t in SessionType},
+            'session_states': {s.value: 0 for s in SessionState},
+            'cleanup_runs': 0,
+            'correlations_created': 0
+        }
+        # Background tasks
+        self.running = False
+        self.cleanup_thread = None
+    def _generate_session_key(self, session_type: SessionType, **kwargs) -> str:
+        """Generate session key for indexing"""
+        if session_type == SessionType.DHCP_LEASE:
+            return f"dhcp_{kwargs.get('mac_address', 'unknown')}"
+        elif session_type == SessionType.NAT_SESSION:
+            return f"nat_{kwargs.get('virtual_ip', '')}_{kwargs.get('virtual_port', 0)}_{kwargs.get('protocol', '')}"
+        elif session_type == SessionType.TCP_CONNECTION:
+            return f"tcp_{kwargs.get('local_ip', '')}_{kwargs.get('local_port', 0)}_{kwargs.get('remote_ip', '')}_{kwargs.get('remote_port', 0)}"
+        elif session_type == SessionType.SOCKET_CONNECTION:
+            return f"socket_{kwargs.get('connection_id', 'unknown')}"
+        elif session_type == SessionType.BRIDGE_CLIENT:
+            return f"bridge_{kwargs.get('client_id', 'unknown')}"
+        else:
+            return f"unknown_{time.time()}"
+    def _add_to_index(self, session: UnifiedSession):
+        """Add session to search index"""
+        # Index by type
+        type_key = (session.session_type.value, 'all')
+        if type_key not in self.session_index:
+            self.session_index[type_key] = set()
+        self.session_index[type_key].add(session.session_id)
+        # Index by IP addresses
+        if session.virtual_ip:
+            ip_key = ('virtual_ip', session.virtual_ip)
+            if ip_key not in self.session_index:
+                self.session_index[ip_key] = set()
+            self.session_index[ip_key].add(session.session_id)
+        if session.real_ip:
+            ip_key = ('real_ip', session.real_ip)
+            if ip_key not in self.session_index:
+                self.session_index[ip_key] = set()
+            self.session_index[ip_key].add(session.session_id)
+        # Index by protocol
+        if session.protocol:
+            proto_key = ('protocol', session.protocol)
+            if proto_key not in self.session_index:
+                self.session_index[proto_key] = set()
+            self.session_index[proto_key].add(session.session_id)
+    def _remove_from_index(self, session: UnifiedSession):
+        """Remove session from search index"""
+        for key, session_set in self.session_index.items():
+            session_set.discard(session.session_id)
+    def create_session(self, session_type: SessionType, **kwargs) -> str:
+        """Create new session"""
+        with self.lock:
+            # Check session limit
+            if len(self.sessions) >= self.max_sessions:
+                # Remove oldest expired session
+                self._cleanup_expired_sessions()
+                if len(self.sessions) >= self.max_sessions:
+                    return None
+            # Create session
+            session = UnifiedSession(
+                session_id=kwargs.get('session_id', str(uuid.uuid4())),
+                session_type=session_type,
+                state=SessionState.INITIALIZING,
+                virtual_ip=kwargs.get('virtual_ip'),
+                virtual_port=kwargs.get('virtual_port'),
+                real_ip=kwargs.get('real_ip'),
+                real_port=kwargs.get('real_port'),
+                protocol=kwargs.get('protocol'),
+                metadata=kwargs.get('metadata', {})
+            )
+            # Add to sessions
+            self.sessions[session.session_id] = session
+            self._add_to_index(session)
+            # Update statistics
+            self.stats['total_sessions'] += 1
+            self.stats['active_sessions'] = len(self.sessions)
+            self.stats['session_types'][session_type.value] += 1
+            self.stats['session_states'][SessionState.INITIALIZING.value] += 1
+            return session.session_id
+    def update_session(self, session_id: str, **kwargs) -> bool:
+        """Update session"""
+        with self.lock:
+            session = self.sessions.get(session_id)
+            if not session:
+                return False
+            # Update fields
+            old_state = session.state
+            for key, value in kwargs.items():
+                if hasattr(session, key):
+                    setattr(session, key, value)
+            session.update_activity()
+            # Update state statistics
+            if 'state' in kwargs and kwargs['state'] != old_state:
+                self.stats['session_states'][old_state.value] -= 1
+                self.stats['session_states'][kwargs['state'].value] += 1
+            return True
+    def close_session(self, session_id: str, reason: str = "") -> bool:
+        """Close session"""
+        with self.lock:
+            session = self.sessions.get(session_id)
+            if not session:
+                return False
+            old_state = session.state
+            session.state = SessionState.CLOSED
+            session.update_activity()
+            if reason:
+                session.metadata['close_reason'] = reason
+            # Update statistics
+            self.stats['session_states'][old_state.value] -= 1
+            self.stats['session_states'][SessionState.CLOSED.value] += 1
+            return True
+    def remove_session(self, session_id: str) -> bool:
+        """Remove session completely"""
+        with self.lock:
+            session = self.sessions.get(session_id)
+            if not session:
+                return False
+            # Remove from index
+            self._remove_from_index(session)
+            # Remove from sessions
+            del self.sessions[session_id]
+            # Update statistics
+            self.stats['active_sessions'] = len(self.sessions)
+            self.stats['session_types'][session.session_type.value] -= 1
+            self.stats['session_states'][session.state.value] -= 1
+            return True
+    def get_session(self, session_id: str) -> Optional[UnifiedSession]:
+        """Get session by ID"""
+        with self.lock:
+            return self.sessions.get(session_id)
+    def find_sessions(self, **criteria) -> List[UnifiedSession]:
+        """Find sessions by criteria"""
+        with self.lock:
+            matching_sessions = []
+            # Use index if possible
+            if 'session_type' in criteria:
+                type_key = (criteria['session_type'].value if isinstance(criteria['session_type'], SessionType) else criteria['session_type'], 'all')
+                candidate_ids = self.session_index.get(type_key, set())
+            elif 'virtual_ip' in criteria:
+                ip_key = ('virtual_ip', criteria['virtual_ip'])
+                candidate_ids = self.session_index.get(ip_key, set())
+            elif 'real_ip' in criteria:
+                ip_key = ('real_ip', criteria['real_ip'])
+                candidate_ids = self.session_index.get(ip_key, set())
+            elif 'protocol' in criteria:
+                proto_key = ('protocol', criteria['protocol'])
+                candidate_ids = self.session_index.get(proto_key, set())
+            else:
+                candidate_ids = set(self.sessions.keys())
+            # Filter candidates
+            for session_id in candidate_ids:
+                session = self.sessions.get(session_id)
+                if not session:
+                    continue
+                match = True
+                for key, value in criteria.items():
+                    if hasattr(session, key):
+                        session_value = getattr(session, key)
+                        if isinstance(value, (SessionType, SessionState)):
+                            if session_value != value:
+                                match = False
+                                break
+                        elif session_value != value:
+                            match = False
+                            break
+                    else:
+                        match = False
+                        break
+                if match:
+                    matching_sessions.append(session)
+            return matching_sessions
+    def correlate_sessions(self, session_id1: str, session_id2: str, relationship: str = 'related') -> bool:
+        """Create correlation between sessions"""
+        with self.lock:
+            session1 = self.sessions.get(session_id1)
+            session2 = self.sessions.get(session_id2)
+            if not session1 or not session2:
+                return False
+            if relationship == 'parent_child':
+                session1.add_child_session(session_id2)
+                session2.set_parent_session(session_id1)
+            else:
+                session1.add_related_session(session_id2)
+                session2.add_related_session(session_id1)
+            self.stats['correlations_created'] += 1
+            return True
+    def update_metrics(self, session_id: str, **metrics) -> bool:
+        """Update session metrics"""
+        with self.lock:
+            session = self.sessions.get(session_id)
+            if not session:
+                return False
+            session.update_activity()
+            # Update metrics
+            if 'bytes_in' in metrics or 'bytes_out' in metrics:
+                session.metrics.update_bytes(
+                    metrics.get('bytes_in', 0),
+                    metrics.get('bytes_out', 0)
+                )
+            if 'packets_in' in metrics or 'packets_out' in metrics:
+                session.metrics.update_packets(
+                    metrics.get('packets_in', 0),
+                    metrics.get('packets_out', 0)
+                )
+            if 'rtt' in metrics:
+                session.metrics.add_rtt_sample(metrics['rtt'])
+            if 'errors' in metrics:
+                session.metrics.errors += metrics['errors']
+            if 'retransmits' in metrics:
+                session.metrics.retransmits += metrics['retransmits']
+            return True
+    def _cleanup_expired_sessions(self):
+        """Clean up expired sessions"""
+        current_time = time.time()
+        expired_sessions = []
+        for session_id, session in self.sessions.items():
+            # Check if session is expired
+            if (session.state == SessionState.CLOSED and
+                current_time - session.last_activity > self.cleanup_interval):
+                expired_sessions.append(session_id)
+            elif (session.state != SessionState.CLOSED and
+                  current_time - session.last_activity > self.session_timeout):
+                expired_sessions.append(session_id)
+        # Remove expired sessions
+        for session_id in expired_sessions:
+            self.remove_session(session_id)
+            self.stats['expired_sessions'] += 1
+    def _cleanup_loop(self):
+        """Background cleanup loop"""
+        while self.running:
+            try:
+                with self.lock:
+                    self._cleanup_expired_sessions()
+                    self.stats['cleanup_runs'] += 1
+                time.sleep(self.cleanup_interval)
+            except Exception as e:
+                print(f"Session tracker cleanup error: {e}")
+                time.sleep(60)
+    def get_sessions(self, limit: int = 100, offset: int = 0, **filters) -> List[Dict]:
+        """Get sessions with pagination and filtering"""
+        with self.lock:
+            if filters:
+                sessions = self.find_sessions(**filters)
+            else:
+                sessions = list(self.sessions.values())
+            # Sort by last activity (most recent first)
+            sessions.sort(key=lambda s: s.last_activity, reverse=True)
+            # Apply pagination
+            paginated_sessions = sessions[offset:offset + limit]
+            return [session.to_dict() for session in paginated_sessions]
+    def get_session_summary(self) -> Dict:
+        """Get session summary statistics"""
+        with self.lock:
+            summary = {
+                'total_sessions': len(self.sessions),
+                'by_type': {},
+                'by_state': {},
+                'by_protocol': {},
+                'active_sessions_by_age': {
+                    'last_hour': 0,
+                    'last_day': 0,
+                    'older': 0
+                }
+            }
+            current_time = time.time()
+            hour_ago = current_time - 3600
+            day_ago = current_time - 86400
+            for session in self.sessions.values():
+                # Count by type
+                session_type = session.session_type.value
+                summary['by_type'][session_type] = summary['by_type'].get(session_type, 0) + 1
+                # Count by state
+                session_state = session.state.value
+                summary['by_state'][session_state] = summary['by_state'].get(session_state, 0) + 1
+                # Count by protocol
+                if session.protocol:
+                    summary['by_protocol'][session.protocol] = summary['by_protocol'].get(session.protocol, 0) + 1
+                # Count by age
+                if session.last_activity > hour_ago:
+                    summary['active_sessions_by_age']['last_hour'] += 1
+                elif session.last_activity > day_ago:
+                    summary['active_sessions_by_age']['last_day'] += 1
+                else:
+                    summary['active_sessions_by_age']['older'] += 1
+            return summary
+    def get_stats(self) -> Dict:
+        """Get tracker statistics"""
+        with self.lock:
+            stats = self.stats.copy()
+            stats['active_sessions'] = len(self.sessions)
+        return stats
+    def reset_stats(self):
+        """Reset statistics"""
+        self.stats = {
+            'total_sessions': len(self.sessions),
+            'active_sessions': len(self.sessions),
+            'expired_sessions': 0,
+            'session_types': {t.value: 0 for t in SessionType},
+            'session_states': {s.value: 0 for s in SessionState},
+            'cleanup_runs': 0,
+            'correlations_created': 0
+        }
+        # Recalculate current counts
+        with self.lock:
+            for session in self.sessions.values():
+                self.stats['session_types'][session.session_type.value] += 1
+                self.stats['session_states'][session.state.value] += 1
+    def export_sessions(self, format: str = 'json') -> str:
+        """Export sessions data"""
+        with self.lock:
+            sessions_data = [session.to_dict() for session in self.sessions.values()]
+        if format == 'json':
+            return json.dumps(sessions_data, indent=2, default=str)
+        else:
+            raise ValueError(f"Unsupported export format: {format}")
+    def start(self):
+        """Start session tracker"""
+        self.running = True
+        self.cleanup_thread = threading.Thread(target=self._cleanup_loop, daemon=True)
+        self.cleanup_thread.start()
+        print("Session tracker started")
+    def stop(self):
+        """Stop session tracker"""
+        self.running = False
+        if self.cleanup_thread:
+            self.cleanup_thread.join()
+        print("Session tracker stopped")

core/socket_translator.py ADDED Viewed

	@@ -0,0 +1,653 @@

+"""
+Socket Translator Module
+Bridges virtual connections to real host sockets:
+- Map virtual connections to host sockets/HTTP clients
+- Bidirectional data streaming
+- Connection lifecycle management
+- Protocol translation (TCP/UDP to host sockets)
+"""
+import socket
+import threading
+import time
+import asyncio
+import aiohttp
+import ssl
+from typing import Dict, Optional, Callable, Tuple, Any
+from dataclasses import dataclass
+from enum import Enum
+import urllib.parse
+import json
+from .tcp_engine import TCPConnection
+class ConnectionType(Enum):
+    TCP_SOCKET = "TCP_SOCKET"
+    UDP_SOCKET = "UDP_SOCKET"
+    HTTP_CLIENT = "HTTP_CLIENT"
+    HTTPS_CLIENT = "HTTPS_CLIENT"
+@dataclass
+class SocketConnection:
+    """Represents a socket connection"""
+    connection_id: str
+    connection_type: ConnectionType
+    virtual_connection: Optional[TCPConnection]
+    host_socket: Optional[socket.socket]
+    remote_host: str
+    remote_port: int
+    created_time: float
+    last_activity: float
+    bytes_sent: int = 0
+    bytes_received: int = 0
+    is_connected: bool = False
+    error_count: int = 0
+    def update_activity(self, bytes_transferred: int = 0, direction: str = 'sent'):
+        """Update connection activity"""
+        self.last_activity = time.time()
+        if direction == 'sent':
+            self.bytes_sent += bytes_transferred
+        else:
+            self.bytes_received += bytes_transferred
+    def to_dict(self) -> Dict:
+        """Convert to dictionary"""
+        return {
+            'connection_id': self.connection_id,
+            'connection_type': self.connection_type.value,
+            'remote_host': self.remote_host,
+            'remote_port': self.remote_port,
+            'created_time': self.created_time,
+            'last_activity': self.last_activity,
+            'bytes_sent': self.bytes_sent,
+            'bytes_received': self.bytes_received,
+            'is_connected': self.is_connected,
+            'error_count': self.error_count,
+            'duration': time.time() - self.created_time
+        }
+class HTTPRequest:
+    """Represents an HTTP request"""
+    def __init__(self, method: str = 'GET', path: str = '/', headers: Dict[str, str] = None, body: bytes = b''):
+        self.method = method.upper()
+        self.path = path
+        self.headers = headers or {}
+        self.body = body
+        self.version = 'HTTP/1.1'
+    @classmethod
+    def parse(cls, data: bytes) -> Optional['HTTPRequest']:
+        """Parse HTTP request from raw data"""
+        try:
+            lines = data.decode('utf-8', errors='ignore').split('\r\n')
+            if not lines:
+                return None
+            # Parse request line
+            request_line = lines[0].split(' ')
+            if len(request_line) < 3:
+                return None
+            method, path, version = request_line[0], request_line[1], request_line[2]
+            # Parse headers
+            headers = {}
+            body_start = 1
+            for i, line in enumerate(lines[1:], 1):
+                if line == '':
+                    body_start = i + 1
+                    break
+                if ':' in line:
+                    key, value = line.split(':', 1)
+                    headers[key.strip().lower()] = value.strip()
+            # Parse body
+            body_lines = lines[body_start:]
+            body = '\r\n'.join(body_lines).encode('utf-8')
+            return cls(method, path, headers, body)
+        except Exception:
+            return None
+    def to_bytes(self) -> bytes:
+        """Convert to raw HTTP request"""
+        request_line = f"{self.method} {self.path} {self.version}\r\n"
+        # Add default headers
+        if 'host' not in self.headers:
+            self.headers['host'] = 'localhost'
+        if 'user-agent' not in self.headers:
+            self.headers['user-agent'] = 'VirtualISP/1.0'
+        if self.body and 'content-length' not in self.headers:
+            self.headers['content-length'] = str(len(self.body))
+        # Build headers
+        header_lines = []
+        for key, value in self.headers.items():
+            header_lines.append(f"{key}: {value}\r\n")
+        # Combine all parts
+        request_data = request_line + ''.join(header_lines) + '\r\n'
+        return request_data.encode('utf-8') + self.body
+class HTTPResponse:
+    """Represents an HTTP response"""
+    def __init__(self, status_code: int = 200, reason: str = 'OK', headers: Dict[str, str] = None, body: bytes = b''):
+        self.status_code = status_code
+        self.reason = reason
+        self.headers = headers or {}
+        self.body = body
+        self.version = 'HTTP/1.1'
+    @classmethod
+    def parse(cls, data: bytes) -> Optional['HTTPResponse']:
+        """Parse HTTP response from raw data"""
+        try:
+            lines = data.decode('utf-8', errors='ignore').split('\r\n')
+            if not lines:
+                return None
+            # Parse status line
+            status_line = lines[0].split(' ', 2)
+            if len(status_line) < 3:
+                return None
+            version, status_code, reason = status_line[0], int(status_line[1]), status_line[2]
+            # Parse headers
+            headers = {}
+            body_start = 1
+            for i, line in enumerate(lines[1:], 1):
+                if line == '':
+                    body_start = i + 1
+                    break
+                if ':' in line:
+                    key, value = line.split(':', 1)
+                    headers[key.strip().lower()] = value.strip()
+            # Parse body
+            body_lines = lines[body_start:]
+            body = '\r\n'.join(body_lines).encode('utf-8')
+            return cls(status_code, reason, headers, body)
+        except Exception:
+            return None
+    def to_bytes(self) -> bytes:
+        """Convert to raw HTTP response"""
+        status_line = f"{self.version} {self.status_code} {self.reason}\r\n"
+        # Add default headers
+        if 'content-length' not in self.headers and self.body:
+            self.headers['content-length'] = str(len(self.body))
+        if 'server' not in self.headers:
+            self.headers['server'] = 'VirtualISP/1.0'
+        # Build headers
+        header_lines = []
+        for key, value in self.headers.items():
+            header_lines.append(f"{key}: {value}\r\n")
+        # Combine all parts
+        response_data = status_line + ''.join(header_lines) + '\r\n'
+        return response_data.encode('utf-8') + self.body
+class SocketTranslator:
+    """Socket translator implementation"""
+    def __init__(self, config: Dict):
+        self.config = config
+        self.connections: Dict[str, SocketConnection] = {}
+        self.lock = threading.Lock()
+        # Configuration
+        self.connect_timeout = config.get('connect_timeout', 10)
+        self.read_timeout = config.get('read_timeout', 30)
+        self.max_connections = config.get('max_connections', 1000)
+        self.buffer_size = config.get('buffer_size', 8192)
+        # HTTP client session
+        self.http_session = None
+        self.loop = None
+        # Statistics
+        self.stats = {
+            'total_connections': 0,
+            'active_connections': 0,
+            'failed_connections': 0,
+            'bytes_transferred': 0,
+            'http_requests': 0,
+            'tcp_connections': 0,
+            'udp_connections': 0
+        }
+        # Background tasks
+        self.running = False
+        self.cleanup_thread = None
+    async def _init_http_session(self):
+        """Initialize HTTP client session"""
+        connector = aiohttp.TCPConnector(
+            limit=100,
+            limit_per_host=10,
+            ttl_dns_cache=300,
+            use_dns_cache=True,
+        )
+        timeout = aiohttp.ClientTimeout(
+            total=self.read_timeout,
+            connect=self.connect_timeout
+        )
+        self.http_session = aiohttp.ClientSession(
+            connector=connector,
+            timeout=timeout,
+            headers={'User-Agent': 'VirtualISP/1.0'}
+        )
+    def _is_http_request(self, data: bytes) -> bool:
+        """Check if data looks like an HTTP request"""
+        try:
+            first_line = data.split(b'\r\n')[0].decode('utf-8', errors='ignore')
+            methods = ['GET', 'POST', 'PUT', 'DELETE', 'HEAD', 'OPTIONS', 'PATCH', 'TRACE']
+            return any(first_line.startswith(method + ' ') for method in methods)
+        except:
+            return False
+    def _determine_connection_type(self, remote_host: str, remote_port: int, data: bytes = b'') -> ConnectionType:
+        """Determine the appropriate connection type"""
+        # Check for HTTP/HTTPS based on port and data
+        if remote_port == 80 or (data and self._is_http_request(data)):
+            return ConnectionType.HTTP_CLIENT
+        elif remote_port == 443:
+            return ConnectionType.HTTPS_CLIENT
+        else:
+            return ConnectionType.TCP_SOCKET
+    def create_connection(self, virtual_conn: TCPConnection, remote_host: str, remote_port: int,
+                         initial_data: bytes = b'') -> Optional[SocketConnection]:
+        """Create a new socket connection"""
+        connection_id = f"{virtual_conn.connection_id}->{remote_host}:{remote_port}"
+        # Check connection limit
+        with self.lock:
+            if len(self.connections) >= self.max_connections:
+                return None
+        # Determine connection type
+        conn_type = self._determine_connection_type(remote_host, remote_port, initial_data)
+        # Create socket connection
+        socket_conn = SocketConnection(
+            connection_id=connection_id,
+            connection_type=conn_type,
+            virtual_connection=virtual_conn,
+            host_socket=None,
+            remote_host=remote_host,
+            remote_port=remote_port,
+            created_time=time.time(),
+            last_activity=time.time()
+        )
+        with self.lock:
+            self.connections[connection_id] = socket_conn
+        # Establish connection based on type
+        if conn_type in [ConnectionType.HTTP_CLIENT, ConnectionType.HTTPS_CLIENT]:
+            success = self._create_http_connection(socket_conn, initial_data)
+        else:
+            success = self._create_tcp_connection(socket_conn, initial_data)
+        if success:
+            self.stats['total_connections'] += 1
+            self.stats['active_connections'] = len(self.connections)
+            if conn_type in [ConnectionType.HTTP_CLIENT, ConnectionType.HTTPS_CLIENT]:
+                self.stats['http_requests'] += 1
+            else:
+                self.stats['tcp_connections'] += 1
+        else:
+            self.stats['failed_connections'] += 1
+            with self.lock:
+                if connection_id in self.connections:
+                    del self.connections[connection_id]
+            return None
+        return socket_conn
+    def _create_tcp_connection(self, socket_conn: SocketConnection, initial_data: bytes) -> bool:
+        """Create TCP socket connection"""
+        try:
+            # Create socket
+            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            sock.settimeout(self.connect_timeout)
+            # Connect
+            sock.connect((socket_conn.remote_host, socket_conn.remote_port))
+            sock.settimeout(self.read_timeout)
+            socket_conn.host_socket = sock
+            socket_conn.is_connected = True
+            # Send initial data if any
+            if initial_data:
+                sock.send(initial_data)
+                socket_conn.update_activity(len(initial_data), 'sent')
+            # Start background thread for receiving data
+            thread = threading.Thread(
+                target=self._tcp_receive_loop,
+                args=(socket_conn,),
+                daemon=True
+            )
+            thread.start()
+            return True
+        except Exception as e:
+            print(f"Failed to create TCP connection to {socket_conn.remote_host}:{socket_conn.remote_port}: {e}")
+            socket_conn.error_count += 1
+            return False
+    def _create_http_connection(self, socket_conn: SocketConnection, initial_data: bytes) -> bool:
+        """Create HTTP connection"""
+        try:
+            # Parse HTTP request
+            http_request = HTTPRequest.parse(initial_data)
+            if not http_request:
+                return False
+            # Set host header
+            http_request.headers['host'] = socket_conn.remote_host
+            # Start async HTTP request
+            if self.loop and not self.loop.is_closed():
+                asyncio.run_coroutine_threadsafe(
+                    self._handle_http_request(socket_conn, http_request),
+                    self.loop
+                )
+            else:
+                # Fallback to sync HTTP handling
+                return self._handle_http_request_sync(socket_conn, http_request)
+            return True
+        except Exception as e:
+            print(f"Failed to create HTTP connection to {socket_conn.remote_host}:{socket_conn.remote_port}: {e}")
+            socket_conn.error_count += 1
+            return False
+    async def _handle_http_request(self, socket_conn: SocketConnection, http_request: HTTPRequest):
+        """Handle HTTP request asynchronously"""
+        try:
+            if not self.http_session:
+                await self._init_http_session()
+            # Build URL
+            scheme = 'https' if socket_conn.connection_type == ConnectionType.HTTPS_CLIENT else 'http'
+            url = f"{scheme}://{socket_conn.remote_host}:{socket_conn.remote_port}{http_request.path}"
+            # Make request
+            async with self.http_session.request(
+                method=http_request.method,
+                url=url,
+                headers=http_request.headers,
+                data=http_request.body
+            ) as response:
+                # Read response
+                response_body = await response.read()
+                # Create HTTP response
+                http_response = HTTPResponse(
+                    status_code=response.status,
+                    reason=response.reason or 'OK',
+                    headers=dict(response.headers),
+                    body=response_body
+                )
+                # Send response back to virtual connection
+                response_data = http_response.to_bytes()
+                if socket_conn.virtual_connection and socket_conn.virtual_connection.on_data_received:
+                    socket_conn.virtual_connection.on_data_received(response_data)
+                socket_conn.update_activity(len(response_data), 'received')
+                self.stats['bytes_transferred'] += len(response_data)
+        except Exception as e:
+            print(f"HTTP request failed: {e}")
+            socket_conn.error_count += 1
+            # Send error response
+            error_response = HTTPResponse(
+                status_code=500,
+                reason='Internal Server Error',
+                body=f"Error: {str(e)}".encode('utf-8')
+            )
+            response_data = error_response.to_bytes()
+            if socket_conn.virtual_connection and socket_conn.virtual_connection.on_data_received:
+                socket_conn.virtual_connection.on_data_received(response_data)
+    def _handle_http_request_sync(self, socket_conn: SocketConnection, http_request: HTTPRequest) -> bool:
+        """Handle HTTP request synchronously (fallback)"""
+        try:
+            # Use urllib for sync HTTP requests
+            scheme = 'https' if socket_conn.connection_type == ConnectionType.HTTPS_CLIENT else 'http'
+            url = f"{scheme}://{socket_conn.remote_host}:{socket_conn.remote_port}{http_request.path}"
+            import urllib.request
+            import urllib.error
+            # Create request
+            req = urllib.request.Request(
+                url,
+                data=http_request.body if http_request.body else None,
+                headers=http_request.headers,
+                method=http_request.method
+            )
+            # Make request
+            with urllib.request.urlopen(req, timeout=self.read_timeout) as response:
+                response_body = response.read()
+                # Create HTTP response
+                http_response = HTTPResponse(
+                    status_code=response.getcode(),
+                    reason='OK',
+                    headers=dict(response.headers),
+                    body=response_body
+                )
+                # Send response back to virtual connection
+                response_data = http_response.to_bytes()
+                if socket_conn.virtual_connection and socket_conn.virtual_connection.on_data_received:
+                    socket_conn.virtual_connection.on_data_received(response_data)
+                socket_conn.update_activity(len(response_data), 'received')
+                self.stats['bytes_transferred'] += len(response_data)
+                return True
+        except Exception as e:
+            print(f"Sync HTTP request failed: {e}")
+            socket_conn.error_count += 1
+            return False
+    def _tcp_receive_loop(self, socket_conn: SocketConnection):
+        """Background loop for receiving TCP data"""
+        sock = socket_conn.host_socket
+        if not sock:
+            return
+        try:
+            while socket_conn.is_connected:
+                try:
+                    data = sock.recv(self.buffer_size)
+                    if not data:
+                        break
+                    # Forward data to virtual connection
+                    if socket_conn.virtual_connection and socket_conn.virtual_connection.on_data_received:
+                        socket_conn.virtual_connection.on_data_received(data)
+                    socket_conn.update_activity(len(data), 'received')
+                    self.stats['bytes_transferred'] += len(data)
+                except socket.timeout:
+                    continue
+                except Exception as e:
+                    print(f"TCP receive error: {e}")
+                    break
+        finally:
+            self._close_connection(socket_conn.connection_id)
+    def send_data(self, connection_id: str, data: bytes) -> bool:
+        """Send data through socket connection"""
+        with self.lock:
+            socket_conn = self.connections.get(connection_id)
+        if not socket_conn or not socket_conn.is_connected:
+            return False
+        try:
+            if socket_conn.connection_type in [ConnectionType.HTTP_CLIENT, ConnectionType.HTTPS_CLIENT]:
+                # For HTTP connections, treat as new request
+                return self._create_http_connection(socket_conn, data)
+            else:
+                # TCP connection
+                if socket_conn.host_socket:
+                    socket_conn.host_socket.send(data)
+                    socket_conn.update_activity(len(data), 'sent')
+                    self.stats['bytes_transferred'] += len(data)
+                    return True
+        except Exception as e:
+            print(f"Failed to send data: {e}")
+            socket_conn.error_count += 1
+            self._close_connection(connection_id)
+        return False
+    def _close_connection(self, connection_id: str):
+        """Close socket connection"""
+        with self.lock:
+            socket_conn = self.connections.get(connection_id)
+            if not socket_conn:
+                return
+            # Close socket
+            if socket_conn.host_socket:
+                try:
+                    socket_conn.host_socket.close()
+                except:
+                    pass
+            socket_conn.is_connected = False
+            # Remove from connections
+            del self.connections[connection_id]
+            self.stats['active_connections'] = len(self.connections)
+    def close_connection(self, connection_id: str) -> bool:
+        """Manually close connection"""
+        self._close_connection(connection_id)
+        return True
+    def get_connection(self, connection_id: str) -> Optional[SocketConnection]:
+        """Get socket connection"""
+        with self.lock:
+            return self.connections.get(connection_id)
+    def get_connections(self) -> Dict[str, Dict]:
+        """Get all socket connections"""
+        with self.lock:
+            return {
+                conn_id: conn.to_dict()
+                for conn_id, conn in self.connections.items()
+            }
+    def get_stats(self) -> Dict:
+        """Get socket translator statistics"""
+        with self.lock:
+            stats = self.stats.copy()
+            stats['active_connections'] = len(self.connections)
+        return stats
+    def _cleanup_loop(self):
+        """Background cleanup loop"""
+        while self.running:
+            try:
+                current_time = time.time()
+                expired_connections = []
+                with self.lock:
+                    for conn_id, conn in self.connections.items():
+                        # Close connections that have been inactive too long
+                        if current_time - conn.last_activity > self.read_timeout * 2:
+                            expired_connections.append(conn_id)
+                for conn_id in expired_connections:
+                    self._close_connection(conn_id)
+                time.sleep(30)  # Cleanup every 30 seconds
+            except Exception as e:
+                print(f"Socket translator cleanup error: {e}")
+                time.sleep(5)
+    def start(self):
+        """Start socket translator"""
+        self.running = True
+        # Start event loop for async HTTP
+        try:
+            self.loop = asyncio.new_event_loop()
+            asyncio.set_event_loop(self.loop)
+            # Start cleanup thread
+            self.cleanup_thread = threading.Thread(target=self._cleanup_loop, daemon=True)
+            self.cleanup_thread.start()
+            print("Socket translator started")
+        except Exception as e:
+            print(f"Failed to start socket translator: {e}")
+    def stop(self):
+        """Stop socket translator"""
+        self.running = False
+        # Close all connections
+        with self.lock:
+            connection_ids = list(self.connections.keys())
+        for conn_id in connection_ids:
+            self._close_connection(conn_id)
+        # Close HTTP session
+        if self.http_session:
+            asyncio.run_coroutine_threadsafe(self.http_session.close(), self.loop)
+        # Close event loop
+        if self.loop and not self.loop.is_closed():
+            self.loop.call_soon_threadsafe(self.loop.stop)
+        # Wait for cleanup thread
+        if self.cleanup_thread:
+            self.cleanup_thread.join()
+        print("Socket translator stopped")

core/tcp_engine.py ADDED Viewed

	@@ -0,0 +1,716 @@

+"""
+TCP Engine Module
+Implements a complete TCP state machine in user-space:
+- Full TCP state machine (SYN, SYN-ACK, ESTABLISHED, FIN, RST)
+- Sequence and acknowledgment number tracking
+- Sliding window implementation
+- Retransmission and timeout handling
+- Congestion control
+"""
+import time
+import threading
+import random
+from typing import Dict, List, Optional, Tuple, Callable
+from dataclasses import dataclass, field
+from enum import Enum
+from collections import deque
+from .ip_parser import TCPHeader, IPv4Header, IPParser
+class TCPState(Enum):
+    CLOSED = "CLOSED"
+    LISTEN = "LISTEN"
+    SYN_SENT = "SYN_SENT"
+    SYN_RECEIVED = "SYN_RECEIVED"
+    ESTABLISHED = "ESTABLISHED"
+    FIN_WAIT_1 = "FIN_WAIT_1"
+    FIN_WAIT_2 = "FIN_WAIT_2"
+    CLOSE_WAIT = "CLOSE_WAIT"
+    CLOSING = "CLOSING"
+    LAST_ACK = "LAST_ACK"
+    TIME_WAIT = "TIME_WAIT"
+@dataclass
+class TCPSegment:
+    """Represents a TCP segment"""
+    seq_num: int
+    ack_num: int
+    flags: int
+    window: int
+    data: bytes
+    timestamp: float = field(default_factory=time.time)
+    retransmit_count: int = 0
+    @property
+    def data_length(self) -> int:
+        """Get data length"""
+        return len(self.data)
+    @property
+    def seq_end(self) -> int:
+        """Get sequence number after this segment"""
+        length = self.data_length
+        # SYN and FIN consume one sequence number
+        if self.flags & 0x02:  # SYN
+            length += 1
+        if self.flags & 0x01:  # FIN
+            length += 1
+        return self.seq_num + length
+@dataclass
+class TCPConnection:
+    """Represents a TCP connection state"""
+    # Connection identification
+    local_ip: str
+    local_port: int
+    remote_ip: str
+    remote_port: int
+    # State
+    state: TCPState = TCPState.CLOSED
+    # Sequence numbers
+    local_seq: int = 0
+    local_ack: int = 0
+    remote_seq: int = 0
+    remote_ack: int = 0
+    initial_seq: int = 0
+    # Window management
+    local_window: int = 65535
+    remote_window: int = 65535
+    window_scale: int = 0
+    # Buffers
+    send_buffer: deque = field(default_factory=deque)
+    recv_buffer: deque = field(default_factory=deque)
+    out_of_order_buffer: Dict[int, bytes] = field(default_factory=dict)
+    # Retransmission
+    unacked_segments: Dict[int, TCPSegment] = field(default_factory=dict)
+    retransmit_timer: Optional[float] = None
+    rto: float = 1.0  # Retransmission timeout
+    srtt: float = 0.0  # Smoothed round-trip time
+    rttvar: float = 0.0  # Round-trip time variation
+    # Congestion control
+    cwnd: int = 1  # Congestion window (in MSS units)
+    ssthresh: int = 65535  # Slow start threshold
+    mss: int = 1460  # Maximum segment size
+    # Timers
+    last_activity: float = field(default_factory=time.time)
+    time_wait_start: Optional[float] = None
+    # Callbacks
+    on_data_received: Optional[Callable[[bytes], None]] = None
+    on_connection_closed: Optional[Callable[[], None]] = None
+    @property
+    def connection_id(self) -> str:
+        """Get unique connection identifier"""
+        return f"{self.local_ip}:{self.local_port}-{self.remote_ip}:{self.remote_port}"
+    @property
+    def is_established(self) -> bool:
+        """Check if connection is established"""
+        return self.state == TCPState.ESTABLISHED
+    @property
+    def can_send_data(self) -> bool:
+        """Check if connection can send data"""
+        return self.state in [TCPState.ESTABLISHED, TCPState.CLOSE_WAIT]
+    @property
+    def effective_window(self) -> int:
+        """Get effective send window"""
+        return min(self.remote_window, self.cwnd * self.mss)
+class TCPEngine:
+    """TCP state machine implementation"""
+    def __init__(self, config: Dict):
+        self.config = config
+        self.connections: Dict[str, TCPConnection] = {}
+        self.listening_ports: Dict[int, Callable] = {}  # port -> accept callback
+        self.lock = threading.Lock()
+        self.running = False
+        self.timer_thread = None
+        # Default configuration
+        self.default_mss = config.get('mss', 1460)
+        self.default_window = config.get('initial_window', 65535)
+        self.max_retries = config.get('max_retries', 3)
+        self.connection_timeout = config.get('timeout', 300)
+        self.time_wait_timeout = config.get('time_wait_timeout', 120)
+    def _generate_isn(self) -> int:
+        """Generate Initial Sequence Number"""
+        return random.randint(0, 0xFFFFFFFF)
+    def _get_connection_key(self, local_ip: str, local_port: int, remote_ip: str, remote_port: int) -> str:
+        """Get connection key"""
+        return f"{local_ip}:{local_port}-{remote_ip}:{remote_port}"
+    def _create_tcp_segment(self, conn: TCPConnection, flags: int, data: bytes = b'') -> TCPSegment:
+        """Create TCP segment"""
+        segment = TCPSegment(
+            seq_num=conn.local_seq,
+            ack_num=conn.local_ack,
+            flags=flags,
+            window=conn.local_window,
+            data=data
+        )
+        return segment
+    def _build_tcp_packet(self, conn: TCPConnection, segment: TCPSegment) -> bytes:
+        """Build complete TCP packet"""
+        # Create IP header
+        ip_header = IPv4Header(
+            protocol=6,  # TCP
+            source_ip=conn.local_ip,
+            dest_ip=conn.remote_ip,
+            ttl=64
+        )
+        # Create TCP header
+        tcp_header = TCPHeader(
+            source_port=conn.local_port,
+            dest_port=conn.remote_port,
+            seq_num=segment.seq_num,
+            ack_num=segment.ack_num,
+            flags=segment.flags,
+            window_size=segment.window
+        )
+        # Build packet
+        return IPParser.build_packet(ip_header, tcp_header, segment.data)
+    def _update_rto(self, conn: TCPConnection, rtt: float):
+        """Update retransmission timeout using RFC 6298"""
+        if conn.srtt == 0:
+            # First RTT measurement
+            conn.srtt = rtt
+            conn.rttvar = rtt / 2
+        else:
+            # Subsequent measurements
+            alpha = 0.125
+            beta = 0.25
+            conn.rttvar = (1 - beta) * conn.rttvar + beta * abs(conn.srtt - rtt)
+            conn.srtt = (1 - alpha) * conn.srtt + alpha * rtt
+        # Calculate RTO
+        conn.rto = max(1.0, conn.srtt + 4 * conn.rttvar)
+        conn.rto = min(conn.rto, 60.0)  # Cap at 60 seconds
+    def _update_congestion_window(self, conn: TCPConnection, acked_bytes: int):
+        """Update congestion window (simplified congestion control)"""
+        if conn.cwnd < conn.ssthresh:
+            # Slow start
+            conn.cwnd += 1
+        else:
+            # Congestion avoidance
+            conn.cwnd += max(1, conn.mss * conn.mss // conn.cwnd)
+    def _handle_retransmission(self, conn: TCPConnection):
+        """Handle segment retransmission"""
+        current_time = time.time()
+        # Find segments that need retransmission
+        to_retransmit = []
+        for seq_num, segment in conn.unacked_segments.items():
+            if current_time - segment.timestamp > conn.rto:
+                if segment.retransmit_count < self.max_retries:
+                    to_retransmit.append(segment)
+                else:
+                    # Max retries exceeded, close connection
+                    self._close_connection(conn, reset=True)
+                    return
+        # Retransmit segments
+        for segment in to_retransmit:
+            segment.retransmit_count += 1
+            segment.timestamp = current_time
+            # Exponential backoff
+            conn.rto = min(conn.rto * 2, 60.0)
+            # Congestion control: reduce window
+            conn.ssthresh = max(conn.cwnd // 2, 2)
+            conn.cwnd = 1
+            # Send retransmitted segment
+            packet = self._build_tcp_packet(conn, segment)
+            self._send_packet(packet)
+    def _send_packet(self, packet: bytes):
+        """Send packet (to be implemented by integration layer)"""
+        # This will be connected to the packet bridge
+        pass
+    def _close_connection(self, conn: TCPConnection, reset: bool = False):
+        """Close connection"""
+        if reset:
+            # Send RST
+            segment = self._create_tcp_segment(conn, 0x04)  # RST flag
+            packet = self._build_tcp_packet(conn, segment)
+            self._send_packet(packet)
+            conn.state = TCPState.CLOSED
+        else:
+            # Normal close
+            if conn.state == TCPState.ESTABLISHED:
+                # Send FIN
+                segment = self._create_tcp_segment(conn, 0x01)  # FIN flag
+                packet = self._build_tcp_packet(conn, segment)
+                self._send_packet(packet)
+                conn.local_seq += 1
+                conn.state = TCPState.FIN_WAIT_1
+        # Cleanup if closed
+        if conn.state == TCPState.CLOSED:
+            if conn.on_connection_closed:
+                conn.on_connection_closed()
+            with self.lock:
+                if conn.connection_id in self.connections:
+                    del self.connections[conn.connection_id]
+    def listen(self, port: int, accept_callback: Callable):
+        """Listen on port for incoming connections"""
+        with self.lock:
+            self.listening_ports[port] = accept_callback
+    def connect(self, local_ip: str, local_port: int, remote_ip: str, remote_port: int) -> Optional[TCPConnection]:
+        """Initiate outbound connection"""
+        conn_key = self._get_connection_key(local_ip, local_port, remote_ip, remote_port)
+        # Create connection
+        conn = TCPConnection(
+            local_ip=local_ip,
+            local_port=local_port,
+            remote_ip=remote_ip,
+            remote_port=remote_port,
+            state=TCPState.SYN_SENT,
+            local_seq=self._generate_isn(),
+            mss=self.default_mss,
+            local_window=self.default_window
+        )
+        conn.initial_seq = conn.local_seq
+        with self.lock:
+            self.connections[conn_key] = conn
+        # Send SYN
+        segment = self._create_tcp_segment(conn, 0x02)  # SYN flag
+        packet = self._build_tcp_packet(conn, segment)
+        self._send_packet(packet)
+        # Track unacked segment
+        conn.unacked_segments[conn.local_seq] = segment
+        conn.local_seq += 1
+        conn.retransmit_timer = time.time()
+        return conn
+    def send_data(self, conn: TCPConnection, data: bytes) -> bool:
+        """Send data on established connection"""
+        if not conn.can_send_data:
+            return False
+        # Add to send buffer
+        conn.send_buffer.append(data)
+        # Try to send immediately
+        self._try_send_data(conn)
+        return True
+    def _try_send_data(self, conn: TCPConnection):
+        """Try to send buffered data"""
+        while conn.send_buffer and len(conn.unacked_segments) * conn.mss < conn.effective_window:
+            data = conn.send_buffer.popleft()
+            # Split data if larger than MSS
+            while data:
+                chunk = data[:conn.mss]
+                data = data[conn.mss:]
+                # Create and send segment
+                segment = self._create_tcp_segment(conn, 0x18, chunk)  # PSH+ACK flags
+                packet = self._build_tcp_packet(conn, segment)
+                self._send_packet(packet)
+                # Track unacked segment
+                conn.unacked_segments[conn.local_seq] = segment
+                conn.local_seq += len(chunk)
+                if not data:
+                    break
+    def process_packet(self, packet_data: bytes) -> bool:
+        """Process incoming TCP packet"""
+        try:
+            # Parse packet
+            parsed = IPParser.parse_packet(packet_data)
+            if not isinstance(parsed.transport_header, TCPHeader):
+                return False
+            ip_header = parsed.ip_header
+            tcp_header = parsed.transport_header
+            payload = parsed.payload
+            # Find or create connection
+            conn_key = self._get_connection_key(
+                ip_header.dest_ip, tcp_header.dest_port,
+                ip_header.source_ip, tcp_header.source_port
+            )
+            with self.lock:
+                conn = self.connections.get(conn_key)
+                # Handle new connection (SYN to listening port)
+                if not conn and tcp_header.syn and not tcp_header.ack:
+                    if tcp_header.dest_port in self.listening_ports:
+                        conn = self._handle_new_connection(ip_header, tcp_header)
+                        if conn:
+                            self.connections[conn_key] = conn
+                if not conn:
+                    # Send RST for unknown connection
+                    self._send_rst(ip_header, tcp_header)
+                    return False
+            # Process segment
+            return self._process_segment(conn, tcp_header, payload)
+        except Exception as e:
+            print(f"Error processing TCP packet: {e}")
+            return False
+    def _handle_new_connection(self, ip_header: IPv4Header, tcp_header: TCPHeader) -> Optional[TCPConnection]:
+        """Handle new incoming connection"""
+        accept_callback = self.listening_ports.get(tcp_header.dest_port)
+        if not accept_callback:
+            return None
+        # Create connection
+        conn = TCPConnection(
+            local_ip=ip_header.dest_ip,
+            local_port=tcp_header.dest_port,
+            remote_ip=ip_header.source_ip,
+            remote_port=tcp_header.source_port,
+            state=TCPState.SYN_RECEIVED,
+            local_seq=self._generate_isn(),
+            remote_seq=tcp_header.seq_num,
+            local_ack=tcp_header.seq_num + 1,
+            mss=self.default_mss,
+            local_window=self.default_window
+        )
+        conn.initial_seq = conn.local_seq
+        # Send SYN-ACK
+        segment = self._create_tcp_segment(conn, 0x12)  # SYN+ACK flags
+        packet = self._build_tcp_packet(conn, segment)
+        self._send_packet(packet)
+        # Track unacked segment
+        conn.unacked_segments[conn.local_seq] = segment
+        conn.local_seq += 1
+        conn.retransmit_timer = time.time()
+        # Call accept callback
+        accept_callback(conn)
+        return conn
+    def _process_segment(self, conn: TCPConnection, tcp_header: TCPHeader, payload: bytes) -> bool:
+        """Process TCP segment based on connection state"""
+        conn.last_activity = time.time()
+        # Handle RST
+        if tcp_header.rst:
+            conn.state = TCPState.CLOSED
+            self._close_connection(conn)
+            return True
+        # State machine
+        if conn.state == TCPState.SYN_SENT:
+            return self._handle_syn_sent(conn, tcp_header, payload)
+        elif conn.state == TCPState.SYN_RECEIVED:
+            return self._handle_syn_received(conn, tcp_header, payload)
+        elif conn.state == TCPState.ESTABLISHED:
+            return self._handle_established(conn, tcp_header, payload)
+        elif conn.state == TCPState.FIN_WAIT_1:
+            return self._handle_fin_wait_1(conn, tcp_header, payload)
+        elif conn.state == TCPState.FIN_WAIT_2:
+            return self._handle_fin_wait_2(conn, tcp_header, payload)
+        elif conn.state == TCPState.CLOSE_WAIT:
+            return self._handle_close_wait(conn, tcp_header, payload)
+        elif conn.state == TCPState.CLOSING:
+            return self._handle_closing(conn, tcp_header, payload)
+        elif conn.state == TCPState.LAST_ACK:
+            return self._handle_last_ack(conn, tcp_header, payload)
+        elif conn.state == TCPState.TIME_WAIT:
+            return self._handle_time_wait(conn, tcp_header, payload)
+        return False
+    def _handle_syn_sent(self, conn: TCPConnection, tcp_header: TCPHeader, payload: bytes) -> bool:
+        """Handle segment in SYN_SENT state"""
+        if tcp_header.syn and tcp_header.ack:
+            # SYN-ACK received
+            if tcp_header.ack_num == conn.local_seq:
+                conn.remote_seq = tcp_header.seq_num
+                conn.local_ack = tcp_header.seq_num + 1
+                conn.remote_window = tcp_header.window_size
+                # Remove SYN from unacked segments
+                if conn.local_seq - 1 in conn.unacked_segments:
+                    del conn.unacked_segments[conn.local_seq - 1]
+                # Send ACK
+                segment = self._create_tcp_segment(conn, 0x10)  # ACK flag
+                packet = self._build_tcp_packet(conn, segment)
+                self._send_packet(packet)
+                conn.state = TCPState.ESTABLISHED
+                return True
+        return False
+    def _handle_syn_received(self, conn: TCPConnection, tcp_header: TCPHeader, payload: bytes) -> bool:
+        """Handle segment in SYN_RECEIVED state"""
+        if tcp_header.ack and tcp_header.ack_num == conn.local_seq:
+            # ACK for our SYN-ACK
+            conn.remote_window = tcp_header.window_size
+            # Remove SYN-ACK from unacked segments
+            if conn.local_seq - 1 in conn.unacked_segments:
+                del conn.unacked_segments[conn.local_seq - 1]
+            conn.state = TCPState.ESTABLISHED
+            return True
+        return False
+    def _handle_established(self, conn: TCPConnection, tcp_header: TCPHeader, payload: bytes) -> bool:
+        """Handle segment in ESTABLISHED state"""
+        # Handle ACK
+        if tcp_header.ack:
+            self._process_ack(conn, tcp_header.ack_num)
+        # Handle data
+        if payload and tcp_header.seq_num == conn.local_ack:
+            conn.local_ack += len(payload)
+            # Deliver data
+            if conn.on_data_received:
+                conn.on_data_received(payload)
+            # Send ACK
+            segment = self._create_tcp_segment(conn, 0x10)  # ACK flag
+            packet = self._build_tcp_packet(conn, segment)
+            self._send_packet(packet)
+        # Handle FIN
+        if tcp_header.fin:
+            conn.local_ack += 1
+            # Send ACK
+            segment = self._create_tcp_segment(conn, 0x10)  # ACK flag
+            packet = self._build_tcp_packet(conn, segment)
+            self._send_packet(packet)
+            conn.state = TCPState.CLOSE_WAIT
+        return True
+    def _handle_fin_wait_1(self, conn: TCPConnection, tcp_header: TCPHeader, payload: bytes) -> bool:
+        """Handle segment in FIN_WAIT_1 state"""
+        if tcp_header.ack:
+            self._process_ack(conn, tcp_header.ack_num)
+            if not conn.unacked_segments:  # Our FIN was ACKed
+                conn.state = TCPState.FIN_WAIT_2
+        if tcp_header.fin:
+            conn.local_ack += 1
+            # Send ACK
+            segment = self._create_tcp_segment(conn, 0x10)  # ACK flag
+            packet = self._build_tcp_packet(conn, segment)
+            self._send_packet(packet)
+            if conn.state == TCPState.FIN_WAIT_2:
+                conn.state = TCPState.TIME_WAIT
+                conn.time_wait_start = time.time()
+            else:
+                conn.state = TCPState.CLOSING
+        return True
+    def _handle_fin_wait_2(self, conn: TCPConnection, tcp_header: TCPHeader, payload: bytes) -> bool:
+        """Handle segment in FIN_WAIT_2 state"""
+        if tcp_header.fin:
+            conn.local_ack += 1
+            # Send ACK
+            segment = self._create_tcp_segment(conn, 0x10)  # ACK flag
+            packet = self._build_tcp_packet(conn, segment)
+            self._send_packet(packet)
+            conn.state = TCPState.TIME_WAIT
+            conn.time_wait_start = time.time()
+        return True
+    def _handle_close_wait(self, conn: TCPConnection, tcp_header: TCPHeader, payload: bytes) -> bool:
+        """Handle segment in CLOSE_WAIT state"""
+        # Application should close the connection
+        return True
+    def _handle_closing(self, conn: TCPConnection, tcp_header: TCPHeader, payload: bytes) -> bool:
+        """Handle segment in CLOSING state"""
+        if tcp_header.ack:
+            self._process_ack(conn, tcp_header.ack_num)
+            if not conn.unacked_segments:  # Our FIN was ACKed
+                conn.state = TCPState.TIME_WAIT
+                conn.time_wait_start = time.time()
+        return True
+    def _handle_last_ack(self, conn: TCPConnection, tcp_header: TCPHeader, payload: bytes) -> bool:
+        """Handle segment in LAST_ACK state"""
+        if tcp_header.ack:
+            self._process_ack(conn, tcp_header.ack_num)
+            if not conn.unacked_segments:  # Our FIN was ACKed
+                conn.state = TCPState.CLOSED
+                self._close_connection(conn)
+        return True
+    def _handle_time_wait(self, conn: TCPConnection, tcp_header: TCPHeader, payload: bytes) -> bool:
+        """Handle segment in TIME_WAIT state"""
+        # Just acknowledge any segments
+        if tcp_header.seq_num == conn.local_ack:
+            segment = self._create_tcp_segment(conn, 0x10)  # ACK flag
+            packet = self._build_tcp_packet(conn, segment)
+            self._send_packet(packet)
+        return True
+    def _process_ack(self, conn: TCPConnection, ack_num: int):
+        """Process ACK and remove acknowledged segments"""
+        acked_segments = []
+        acked_bytes = 0
+        for seq_num, segment in list(conn.unacked_segments.items()):
+            if seq_num < ack_num:
+                acked_segments.append((seq_num, segment))
+                acked_bytes += segment.data_length
+                del conn.unacked_segments[seq_num]
+        # Update RTT and congestion window
+        if acked_segments:
+            # Use first acked segment for RTT calculation
+            rtt = time.time() - acked_segments[0][1].timestamp
+            self._update_rto(conn, rtt)
+            self._update_congestion_window(conn, acked_bytes)
+            # Try to send more data
+            self._try_send_data(conn)
+    def _send_rst(self, ip_header: IPv4Header, tcp_header: TCPHeader):
+        """Send RST for unknown connection"""
+        # Create RST response
+        rst_ip = IPv4Header(
+            protocol=6,
+            source_ip=ip_header.dest_ip,
+            dest_ip=ip_header.source_ip,
+            ttl=64
+        )
+        rst_tcp = TCPHeader(
+            source_port=tcp_header.dest_port,
+            dest_port=tcp_header.source_port,
+            seq_num=tcp_header.ack_num if tcp_header.ack else 0,
+            ack_num=tcp_header.seq_num + 1 if tcp_header.syn else tcp_header.seq_num,
+            flags=0x14 if tcp_header.ack else 0x04  # RST+ACK or RST
+        )
+        packet = IPParser.build_packet(rst_ip, rst_tcp)
+        self._send_packet(packet)
+    def _timer_loop(self):
+        """Timer loop for handling timeouts"""
+        while self.running:
+            current_time = time.time()
+            with self.lock:
+                connections_to_check = list(self.connections.values())
+            for conn in connections_to_check:
+                # Handle retransmissions
+                if conn.unacked_segments:
+                    self._handle_retransmission(conn)
+                # Handle connection timeout
+                if current_time - conn.last_activity > self.connection_timeout:
+                    self._close_connection(conn, reset=True)
+                # Handle TIME_WAIT timeout
+                if (conn.state == TCPState.TIME_WAIT and
+                    conn.time_wait_start and
+                    current_time - conn.time_wait_start > self.time_wait_timeout):
+                    conn.state = TCPState.CLOSED
+                    self._close_connection(conn)
+            time.sleep(1)  # Check every second
+    def start(self):
+        """Start TCP engine"""
+        self.running = True
+        self.timer_thread = threading.Thread(target=self._timer_loop, daemon=True)
+        self.timer_thread.start()
+        print("TCP engine started")
+    def stop(self):
+        """Stop TCP engine"""
+        self.running = False
+        if self.timer_thread:
+            self.timer_thread.join()
+        # Close all connections
+        with self.lock:
+            for conn in list(self.connections.values()):
+                self._close_connection(conn, reset=True)
+        print("TCP engine stopped")
+    def get_connections(self) -> Dict[str, Dict]:
+        """Get current connections"""
+        with self.lock:
+            return {
+                conn_id: {
+                    'local_ip': conn.local_ip,
+                    'local_port': conn.local_port,
+                    'remote_ip': conn.remote_ip,
+                    'remote_port': conn.remote_port,
+                    'state': conn.state.value,
+                    'local_seq': conn.local_seq,
+                    'local_ack': conn.local_ack,
+                    'remote_seq': conn.remote_seq,
+                    'remote_ack': conn.remote_ack,
+                    'window_size': conn.local_window,
+                    'cwnd': conn.cwnd,
+                    'unacked_segments': len(conn.unacked_segments),
+                    'last_activity': conn.last_activity
+                }
+                for conn_id, conn in self.connections.items()
+            }

core/traffic_router.py ADDED Viewed

	@@ -0,0 +1,455 @@

+"""
+Traffic Router Module
+Handles routing of all client traffic through VPN for free data access
+"""
+import os
+import json
+import subprocess
+import threading
+import time
+import logging
+from typing import Dict, List, Optional, Any
+from dataclasses import dataclass, asdict
+import ipaddress
+logger = logging.getLogger(__name__)
+@dataclass
+class RoutingRule:
+    """Represents a traffic routing rule"""
+    rule_id: str
+    source_network: str
+    destination_network: str
+    gateway: str
+    interface: str
+    priority: int
+    enabled: bool = True
+    created_at: float = None
+    def __post_init__(self):
+        if self.created_at is None:
+            self.created_at = time.time()
+@dataclass
+class ClientRoute:
+    """Represents a client's routing configuration"""
+    client_id: str
+    client_ip: str
+    vpn_gateway: str
+    original_gateway: str
+    routes_applied: List[str]
+    status: str = "active"
+    created_at: float = None
+    def __post_init__(self):
+        if self.created_at is None:
+            self.created_at = time.time()
+class TrafficRouter:
+    """Manages traffic routing for VPN clients to enable free data access"""
+    def __init__(self, config: Dict[str, Any]):
+        self.config = config
+        self.routing_rules: Dict[str, RoutingRule] = {}
+        self.client_routes: Dict[str, ClientRoute] = {}
+        self.vpn_network = ipaddress.IPv4Network("10.8.0.0/24")
+        self.vpn_gateway = "10.8.0.1"
+        self.is_running = False
+        # Integration with other components
+        self.nat_engine = None
+        self.firewall = None
+        self.dhcp_server = None
+        # Default routing rules for free data access
+        self.default_rules = [
+            {
+                "rule_id": "default_vpn_route",
+                "source_network": "0.0.0.0/0",
+                "destination_network": "0.0.0.0/0",
+                "gateway": self.vpn_gateway,
+                "interface": "tun0",
+                "priority": 100
+            },
+            {
+                "rule_id": "local_network_direct",
+                "source_network": "192.168.0.0/16",
+                "destination_network": "192.168.0.0/16",
+                "gateway": "direct",
+                "interface": "eth0",
+                "priority": 50
+            },
+            {
+                "rule_id": "vpn_network_direct",
+                "source_network": "10.8.0.0/24",
+                "destination_network": "10.8.0.0/24",
+                "gateway": "direct",
+                "interface": "tun0",
+                "priority": 50
+            }
+        ]
+        logger.info("Traffic Router initialized")
+    def set_components(self, nat_engine=None, firewall=None, dhcp_server=None):
+        """Set references to other ISP stack components"""
+        self.nat_engine = nat_engine
+        self.firewall = firewall
+        self.dhcp_server = dhcp_server
+        logger.info("Traffic Router components set")
+    def start(self):
+        """Start the traffic router"""
+        try:
+            if self.is_running:
+                logger.warning("Traffic Router is already running")
+                return True
+            # Initialize default routing rules
+            self._initialize_default_rules()
+            # Setup VPN routing infrastructure
+            self._setup_vpn_routing()
+            self.is_running = True
+            logger.info("Traffic Router started successfully")
+            return True
+        except Exception as e:
+            logger.error(f"Error starting Traffic Router: {e}")
+            return False
+    def stop(self):
+        """Stop the traffic router"""
+        try:
+            if not self.is_running:
+                logger.warning("Traffic Router is not running")
+                return True
+            # Clean up all client routes
+            for client_id in list(self.client_routes.keys()):
+                self.remove_client_route(client_id)
+            # Clean up routing rules
+            self._cleanup_routing_rules()
+            self.is_running = False
+            logger.info("Traffic Router stopped")
+            return True
+        except Exception as e:
+            logger.error(f"Error stopping Traffic Router: {e}")
+            return False
+    def _initialize_default_rules(self):
+        """Initialize default routing rules"""
+        try:
+            for rule_config in self.default_rules:
+                rule = RoutingRule(**rule_config)
+                self.routing_rules[rule.rule_id] = rule
+                logger.debug(f"Initialized routing rule: {rule.rule_id}")
+            logger.info(f"Initialized {len(self.default_rules)} default routing rules")
+        except Exception as e:
+            logger.error(f"Error initializing default rules: {e}")
+    def _setup_vpn_routing(self):
+        """Setup VPN routing infrastructure"""
+        try:
+            # Enable IP forwarding
+            self._enable_ip_forwarding()
+            # Setup iptables rules for VPN traffic
+            self._setup_iptables_rules()
+            # Configure routing tables
+            self._configure_routing_tables()
+            logger.info("VPN routing infrastructure setup completed")
+        except Exception as e:
+            logger.error(f"Error setting up VPN routing: {e}")
+    def _enable_ip_forwarding(self):
+        """Enable IP forwarding on the system"""
+        try:
+            # Enable IPv4 forwarding
+            subprocess.run([
+                "/usr/bin/sudo", "sysctl", "-w", "net.ipv4.ip_forward=1"
+            ], check=True, capture_output=True)
+            # Make it persistent
+            with open("/tmp/99-ip-forward.conf", "w") as f:
+                f.write("net.ipv4.ip_forward=1\n")
+            subprocess.run([
+                "/usr/bin/sudo", "cp", "/tmp/99-ip-forward.conf", "/etc/sysctl.d/"
+            ], check=True, capture_output=True)
+            logger.info("IP forwarding enabled")
+        except subprocess.CalledProcessError as e:
+            logger.warning(f"Could not enable IP forwarding: {e}")
+        except Exception as e:
+            logger.error(f"Error enabling IP forwarding: {e}")
+    def _setup_iptables_rules(self):
+        """Setup iptables rules for VPN traffic routing"""
+        try:
+            # Note: In a production environment, these would be actual iptables commands
+            # For this implementation, we'll log the commands that would be executed
+            iptables_rules = [
+                # Allow VPN traffic
+                "iptables -A INPUT -i tun0 -j ACCEPT",
+                "iptables -A FORWARD -i tun0 -j ACCEPT",
+                "iptables -A OUTPUT -o tun0 -j ACCEPT",
+                # NAT rules for VPN clients
+                "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE",
+                "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o tun0 -j MASQUERADE",
+                # Forward VPN traffic
+                "iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT",
+                "iptables -A FORWARD -d 10.8.0.0/24 -j ACCEPT",
+                # Mark VPN traffic for special routing
+                "iptables -t mangle -A PREROUTING -s 10.8.0.0/24 -j MARK --set-mark 100",
+                "iptables -t mangle -A OUTPUT -s 10.8.0.0/24 -j MARK --set-mark 100"
+            ]
+            for rule in iptables_rules:
+                logger.debug(f"Would execute: {rule}")
+                # In a real implementation, you would execute these with subprocess
+                # subprocess.run(rule.split(), check=True, capture_output=True)
+            logger.info("Iptables rules configured for VPN routing")
+        except Exception as e:
+            logger.error(f"Error setting up iptables rules: {e}")
+    def _configure_routing_tables(self):
+        """Configure custom routing tables for VPN traffic"""
+        try:
+            # Create custom routing table for VPN traffic
+            routing_commands = [
+                # Add custom routing table
+                "echo '100 vpn_table' >> /etc/iproute2/rt_tables",
+                # Add routes to custom table
+                "ip route add default via 10.8.0.1 dev tun0 table vpn_table",
+                "ip route add 10.8.0.0/24 dev tun0 table vpn_table",
+                # Add routing rules
+                "ip rule add fwmark 100 table vpn_table",
+                "ip rule add from 10.8.0.0/24 table vpn_table"
+            ]
+            for cmd in routing_commands:
+                logger.debug(f"Would execute: {cmd}")
+                # In a real implementation, you would execute these with subprocess
+                # subprocess.run(cmd.split(), check=True, capture_output=True)
+            logger.info("Custom routing tables configured")
+        except Exception as e:
+            logger.error(f"Error configuring routing tables: {e}")
+    def add_client_route(self, client_id: str, client_ip: str, original_gateway: str = None) -> bool:
+        """Add routing configuration for a VPN client"""
+        try:
+            if client_id in self.client_routes:
+                logger.warning(f"Client route already exists for {client_id}")
+                return True
+            # Create client route configuration
+            client_route = ClientRoute(
+                client_id=client_id,
+                client_ip=client_ip,
+                vpn_gateway=self.vpn_gateway,
+                original_gateway=original_gateway or "auto",
+                routes_applied=[]
+            )
+            # Apply routing rules for this client
+            routes_applied = self._apply_client_routing_rules(client_route)
+            client_route.routes_applied = routes_applied
+            # Store client route
+            self.client_routes[client_id] = client_route
+            # Integrate with NAT engine if available
+            if self.nat_engine:
+                self._configure_nat_for_client(client_route)
+            logger.info(f"Added routing configuration for client {client_id} ({client_ip})")
+            return True
+        except Exception as e:
+            logger.error(f"Error adding client route for {client_id}: {e}")
+            return False
+    def remove_client_route(self, client_id: str) -> bool:
+        """Remove routing configuration for a VPN client"""
+        try:
+            if client_id not in self.client_routes:
+                logger.warning(f"No route configuration found for client {client_id}")
+                return True
+            client_route = self.client_routes[client_id]
+            # Remove applied routing rules
+            self._remove_client_routing_rules(client_route)
+            # Remove NAT configuration if available
+            if self.nat_engine:
+                self._remove_nat_for_client(client_route)
+            # Remove from storage
+            del self.client_routes[client_id]
+            logger.info(f"Removed routing configuration for client {client_id}")
+            return True
+        except Exception as e:
+            logger.error(f"Error removing client route for {client_id}: {e}")
+            return False
+    def _apply_client_routing_rules(self, client_route: ClientRoute) -> List[str]:
+        """Apply routing rules for a specific client"""
+        applied_routes = []
+        try:
+            # Route all client traffic through VPN
+            route_commands = [
+                f"ip route add default via {client_route.vpn_gateway} dev tun0 src {client_route.client_ip}",
+                f"ip route add {client_route.client_ip}/32 dev tun0",
+                f"iptables -t nat -A POSTROUTING -s {client_route.client_ip} -j MASQUERADE"
+            ]
+            for cmd in route_commands:
+                logger.debug(f"Would execute for client {client_route.client_id}: {cmd}")
+                applied_routes.append(cmd)
+                # In a real implementation, you would execute these with subprocess
+            logger.debug(f"Applied {len(applied_routes)} routing rules for client {client_route.client_id}")
+        except Exception as e:
+            logger.error(f"Error applying routing rules for client {client_route.client_id}: {e}")
+        return applied_routes
+    def _remove_client_routing_rules(self, client_route: ClientRoute):
+        """Remove routing rules for a specific client"""
+        try:
+            # Remove the applied routes (reverse of apply)
+            for route_cmd in client_route.routes_applied:
+                # Convert add commands to delete commands
+                delete_cmd = route_cmd.replace(" add ", " del ").replace(" -A ", " -D ")
+                logger.debug(f"Would execute for cleanup: {delete_cmd}")
+                # In a real implementation, you would execute these with subprocess
+            logger.debug(f"Removed routing rules for client {client_route.client_id}")
+        except Exception as e:
+            logger.error(f"Error removing routing rules for client {client_route.client_id}: {e}")
+    def _configure_nat_for_client(self, client_route: ClientRoute):
+        """Configure NAT for VPN client"""
+        try:
+            if not self.nat_engine:
+                return
+            # Register client with NAT engine for special handling
+            nat_config = {
+                "client_id": client_route.client_id,
+                "client_ip": client_route.client_ip,
+                "vpn_gateway": client_route.vpn_gateway,
+                "routing_mode": "vpn_tunnel"
+            }
+            # This would integrate with the existing NAT engine
+            logger.debug(f"Would configure NAT for VPN client: {nat_config}")
+        except Exception as e:
+            logger.error(f"Error configuring NAT for client {client_route.client_id}: {e}")
+    def _remove_nat_for_client(self, client_route: ClientRoute):
+        """Remove NAT configuration for VPN client"""
+        try:
+            if not self.nat_engine:
+                return
+            # Remove client from NAT engine
+            logger.debug(f"Would remove NAT configuration for client {client_route.client_id}")
+        except Exception as e:
+            logger.error(f"Error removing NAT for client {client_route.client_id}: {e}")
+    def _cleanup_routing_rules(self):
+        """Clean up all routing rules"""
+        try:
+            # Remove custom routing table entries
+            cleanup_commands = [
+                "ip rule del fwmark 100 table vpn_table",
+                "ip rule del from 10.8.0.0/24 table vpn_table",
+                "ip route flush table vpn_table"
+            ]
+            for cmd in cleanup_commands:
+                logger.debug(f"Would execute for cleanup: {cmd}")
+                # In a real implementation, you would execute these with subprocess
+            logger.info("Routing rules cleaned up")
+        except Exception as e:
+            logger.error(f"Error cleaning up routing rules: {e}")
+    def get_client_routes(self) -> List[Dict[str, Any]]:
+        """Get list of all client routes"""
+        return [asdict(route) for route in self.client_routes.values()]
+    def get_routing_rules(self) -> List[Dict[str, Any]]:
+        """Get list of all routing rules"""
+        return [asdict(rule) for rule in self.routing_rules.values()]
+    def get_stats(self) -> Dict[str, Any]:
+        """Get traffic router statistics"""
+        return {
+            "is_running": self.is_running,
+            "total_clients": len(self.client_routes),
+            "active_clients": len([r for r in self.client_routes.values() if r.status == "active"]),
+            "total_rules": len(self.routing_rules),
+            "enabled_rules": len([r for r in self.routing_rules.values() if r.enabled]),
+            "vpn_network": str(self.vpn_network),
+            "vpn_gateway": self.vpn_gateway
+        }
+    def update_client_status(self, client_id: str, status: str) -> bool:
+        """Update the status of a client route"""
+        try:
+            if client_id not in self.client_routes:
+                return False
+            self.client_routes[client_id].status = status
+            logger.debug(f"Updated client {client_id} status to {status}")
+            return True
+        except Exception as e:
+            logger.error(f"Error updating client status: {e}")
+            return False
+    def is_client_routed(self, client_id: str) -> bool:
+        """Check if a client is currently routed through VPN"""
+        return (client_id in self.client_routes and
+                self.client_routes[client_id].status == "active")
+    def get_client_route_info(self, client_id: str) -> Optional[Dict[str, Any]]:
+        """Get routing information for a specific client"""
+        if client_id in self.client_routes:
+            return asdict(self.client_routes[client_id])
+        return None

core/virtual_router.py ADDED Viewed

	@@ -0,0 +1,565 @@

+"""
+Virtual Router Module
+Implements packet routing between virtual clients and external internet:
+- Maintain routing table for virtual network
+- Forward packets based on destination IP
+- Handle internal vs external routing decisions
+- Support static route configuration
+"""
+import ipaddress
+import time
+import threading
+from typing import Dict, List, Optional, Tuple, Set
+from dataclasses import dataclass
+from enum import Enum
+from .ip_parser import ParsedPacket, IPv4Header
+class RouteType(Enum):
+    DIRECT = "DIRECT"      # Directly connected network
+    STATIC = "STATIC"      # Static route
+    DEFAULT = "DEFAULT"    # Default route
+@dataclass
+class RouteEntry:
+    """Represents a routing table entry"""
+    destination: str       # Network in CIDR notation (e.g., "10.0.0.0/24")
+    gateway: Optional[str] # Next hop IP (None for direct routes)
+    interface: str         # Interface name or identifier
+    metric: int           # Route metric (lower is preferred)
+    route_type: RouteType
+    created_time: float
+    last_used: Optional[float] = None
+    use_count: int = 0
+    def __post_init__(self):
+        if self.created_time == 0:
+            self.created_time = time.time()
+    def record_use(self):
+        """Record route usage"""
+        self.use_count += 1
+        self.last_used = time.time()
+    def matches_destination(self, ip: str) -> bool:
+        """Check if this route matches the destination IP"""
+        try:
+            network = ipaddress.ip_network(self.destination, strict=False)
+            return ipaddress.ip_address(ip) in network
+        except (ipaddress.AddressValueError, ValueError):
+            return False
+    def to_dict(self) -> Dict:
+        """Convert route to dictionary"""
+        return {
+            'destination': self.destination,
+            'gateway': self.gateway,
+            'interface': self.interface,
+            'metric': self.metric,
+            'route_type': self.route_type.value,
+            'created_time': self.created_time,
+            'last_used': self.last_used,
+            'use_count': self.use_count
+        }
+@dataclass
+class Interface:
+    """Represents a network interface"""
+    name: str
+    ip_address: str
+    netmask: str
+    network: str           # Network in CIDR notation
+    enabled: bool = True
+    mtu: int = 1500
+    created_time: float = 0
+    def __post_init__(self):
+        if self.created_time == 0:
+            self.created_time = time.time()
+        # Calculate network if not provided
+        if not self.network:
+            try:
+                interface_network = ipaddress.ip_interface(f"{self.ip_address}/{self.netmask}")
+                self.network = str(interface_network.network)
+            except (ipaddress.AddressValueError, ValueError):
+                self.network = "0.0.0.0/0"
+    def is_local_address(self, ip: str) -> bool:
+        """Check if IP address belongs to this interface's network"""
+        try:
+            network = ipaddress.ip_network(self.network, strict=False)
+            return ipaddress.ip_address(ip) in network
+        except (ipaddress.AddressValueError, ValueError):
+            return False
+    def to_dict(self) -> Dict:
+        """Convert interface to dictionary"""
+        return {
+            'name': self.name,
+            'ip_address': self.ip_address,
+            'netmask': self.netmask,
+            'network': self.network,
+            'enabled': self.enabled,
+            'mtu': self.mtu,
+            'created_time': self.created_time
+        }
+class VirtualRouter:
+    """Virtual router implementation"""
+    def __init__(self, config: Dict):
+        self.config = config
+        self.routing_table: List[RouteEntry] = []
+        self.interfaces: Dict[str, Interface] = {}
+        self.arp_table: Dict[str, str] = {}  # IP -> MAC mapping
+        self.lock = threading.Lock()
+        # Router configuration
+        self.router_id = config.get('router_id', 'virtual-router-1')
+        self.default_gateway = config.get('default_gateway')
+        # Statistics
+        self.stats = {
+            'packets_routed': 0,
+            'packets_dropped': 0,
+            'route_lookups': 0,
+            'arp_requests': 0,
+            'arp_replies': 0,
+            'routing_errors': 0
+        }
+        # Initialize interfaces and routes
+        self._initialize_interfaces()
+        self._initialize_routes()
+    def _initialize_interfaces(self):
+        """Initialize network interfaces from configuration"""
+        interfaces_config = self.config.get('interfaces', [])
+        for iface_config in interfaces_config:
+            interface = Interface(
+                name=iface_config['name'],
+                ip_address=iface_config['ip_address'],
+                netmask=iface_config.get('netmask', '255.255.255.0'),
+                network=iface_config.get('network'),
+                enabled=iface_config.get('enabled', True),
+                mtu=iface_config.get('mtu', 1500)
+            )
+            with self.lock:
+                self.interfaces[interface.name] = interface
+            # Add direct route for interface network
+            self.add_route(
+                destination=interface.network,
+                gateway=None,
+                interface=interface.name,
+                metric=0,
+                route_type=RouteType.DIRECT
+            )
+    def _initialize_routes(self):
+        """Initialize static routes from configuration"""
+        routes_config = self.config.get('static_routes', [])
+        for route_config in routes_config:
+            self.add_route(
+                destination=route_config['destination'],
+                gateway=route_config.get('gateway'),
+                interface=route_config['interface'],
+                metric=route_config.get('metric', 10),
+                route_type=RouteType.STATIC
+            )
+        # Add default route if configured
+        if self.default_gateway:
+            # Find interface for default gateway
+            default_interface = None
+            for interface in self.interfaces.values():
+                if interface.is_local_address(self.default_gateway):
+                    default_interface = interface.name
+                    break
+            if default_interface:
+                self.add_route(
+                    destination="0.0.0.0/0",
+                    gateway=self.default_gateway,
+                    interface=default_interface,
+                    metric=100,
+                    route_type=RouteType.DEFAULT
+                )
+    def add_interface(self, name: str, ip_address: str, netmask: str = "255.255.255.0",
+                     network: Optional[str] = None, mtu: int = 1500) -> bool:
+        """Add network interface"""
+        with self.lock:
+            if name in self.interfaces:
+                return False
+            interface = Interface(
+                name=name,
+                ip_address=ip_address,
+                netmask=netmask,
+                network=network,
+                mtu=mtu
+            )
+            self.interfaces[name] = interface
+        # Add direct route for interface network
+        self.add_route(
+            destination=interface.network,
+            gateway=None,
+            interface=name,
+            metric=0,
+            route_type=RouteType.DIRECT
+        )
+        return True
+    def remove_interface(self, name: str) -> bool:
+        """Remove network interface"""
+        with self.lock:
+            if name not in self.interfaces:
+                return False
+            # Remove interface
+            del self.interfaces[name]
+            # Remove routes associated with this interface
+            self.routing_table = [
+                route for route in self.routing_table
+                if route.interface != name
+            ]
+        return True
+    def enable_interface(self, name: str) -> bool:
+        """Enable network interface"""
+        with self.lock:
+            if name in self.interfaces:
+                self.interfaces[name].enabled = True
+                return True
+        return False
+    def disable_interface(self, name: str) -> bool:
+        """Disable network interface"""
+        with self.lock:
+            if name in self.interfaces:
+                self.interfaces[name].enabled = False
+                return True
+        return False
+    def add_route(self, destination: str, gateway: Optional[str], interface: str,
+                  metric: int = 10, route_type: RouteType = RouteType.STATIC) -> bool:
+        """Add route to routing table"""
+        try:
+            # Validate destination network
+            ipaddress.ip_network(destination, strict=False)
+            # Validate gateway if provided
+            if gateway:
+                ipaddress.ip_address(gateway)
+            route = RouteEntry(
+                destination=destination,
+                gateway=gateway,
+                interface=interface,
+                metric=metric,
+                route_type=route_type,
+                created_time=time.time()
+            )
+            with self.lock:
+                # Check if interface exists
+                if interface not in self.interfaces:
+                    return False
+                # Remove existing route with same destination and interface
+                self.routing_table = [
+                    r for r in self.routing_table
+                    if not (r.destination == destination and r.interface == interface)
+                ]
+                # Add new route
+                self.routing_table.append(route)
+                # Sort by metric (lower metric = higher priority)
+                self.routing_table.sort(key=lambda r: (r.metric, r.created_time))
+            return True
+        except (ipaddress.AddressValueError, ValueError):
+            return False
+    def remove_route(self, destination: str, interface: str) -> bool:
+        """Remove route from routing table"""
+        with self.lock:
+            original_count = len(self.routing_table)
+            self.routing_table = [
+                route for route in self.routing_table
+                if not (route.destination == destination and route.interface == interface)
+            ]
+            return len(self.routing_table) < original_count
+    def lookup_route(self, destination_ip: str) -> Optional[RouteEntry]:
+        """Look up route for destination IP"""
+        self.stats['route_lookups'] += 1
+        with self.lock:
+            # Find all matching routes
+            matching_routes = []
+            for route in self.routing_table:
+                # Skip disabled interfaces
+                interface = self.interfaces.get(route.interface)
+                if not interface or not interface.enabled:
+                    continue
+                if route.matches_destination(destination_ip):
+                    matching_routes.append(route)
+            if not matching_routes:
+                self.stats['routing_errors'] += 1
+                return None
+            # Sort by specificity (longest prefix match) and then by metric
+            def route_priority(route):
+                try:
+                    network = ipaddress.ip_network(route.destination, strict=False)
+                    return (-network.prefixlen, route.metric, route.created_time)
+                except:
+                    return (0, route.metric, route.created_time)
+            matching_routes.sort(key=route_priority)
+            best_route = matching_routes[0]
+            best_route.record_use()
+            return best_route
+    def route_packet(self, packet: ParsedPacket) -> Optional[Tuple[str, str]]:
+        """Route packet and return (next_hop_ip, interface)"""
+        self.stats['packets_routed'] += 1
+        destination_ip = packet.ip_header.dest_ip
+        # Look up route
+        route = self.lookup_route(destination_ip)
+        if not route:
+            self.stats['packets_dropped'] += 1
+            return None
+        # Determine next hop
+        if route.gateway:
+            next_hop = route.gateway
+        else:
+            # Direct route - destination is next hop
+            next_hop = destination_ip
+        return (next_hop, route.interface)
+    def is_local_destination(self, ip: str) -> bool:
+        """Check if IP is a local destination (belongs to router interfaces)"""
+        with self.lock:
+            for interface in self.interfaces.values():
+                if interface.ip_address == ip:
+                    return True
+        return False
+    def is_local_network(self, ip: str) -> bool:
+        """Check if IP belongs to any local network"""
+        with self.lock:
+            for interface in self.interfaces.values():
+                if interface.is_local_address(ip):
+                    return True
+        return False
+    def get_interface_for_ip(self, ip: str) -> Optional[Interface]:
+        """Get interface that can reach the given IP"""
+        with self.lock:
+            for interface in self.interfaces.values():
+                if interface.enabled and interface.is_local_address(ip):
+                    return interface
+        return None
+    def add_arp_entry(self, ip: str, mac: str):
+        """Add ARP table entry"""
+        with self.lock:
+            self.arp_table[ip] = mac
+    def get_arp_entry(self, ip: str) -> Optional[str]:
+        """Get MAC address from ARP table"""
+        with self.lock:
+            return self.arp_table.get(ip)
+    def remove_arp_entry(self, ip: str) -> bool:
+        """Remove ARP table entry"""
+        with self.lock:
+            if ip in self.arp_table:
+                del self.arp_table[ip]
+                return True
+        return False
+    def clear_arp_table(self):
+        """Clear ARP table"""
+        with self.lock:
+            self.arp_table.clear()
+    def get_routing_table(self) -> List[Dict]:
+        """Get routing table"""
+        with self.lock:
+            return [route.to_dict() for route in self.routing_table]
+    def get_interfaces(self) -> Dict[str, Dict]:
+        """Get network interfaces"""
+        with self.lock:
+            return {
+                name: interface.to_dict()
+                for name, interface in self.interfaces.items()
+            }
+    def get_arp_table(self) -> Dict[str, str]:
+        """Get ARP table"""
+        with self.lock:
+            return self.arp_table.copy()
+    def get_stats(self) -> Dict:
+        """Get router statistics"""
+        with self.lock:
+            stats = self.stats.copy()
+            stats['total_routes'] = len(self.routing_table)
+            stats['total_interfaces'] = len(self.interfaces)
+            stats['enabled_interfaces'] = sum(1 for iface in self.interfaces.values() if iface.enabled)
+            stats['arp_entries'] = len(self.arp_table)
+        return stats
+    def reset_stats(self):
+        """Reset router statistics"""
+        self.stats = {
+            'packets_routed': 0,
+            'packets_dropped': 0,
+            'route_lookups': 0,
+            'arp_requests': 0,
+            'arp_replies': 0,
+            'routing_errors': 0
+        }
+        # Reset route usage statistics
+        with self.lock:
+            for route in self.routing_table:
+                route.use_count = 0
+                route.last_used = None
+    def flush_routes(self, route_type: Optional[RouteType] = None):
+        """Flush routes of specified type (or all if None)"""
+        with self.lock:
+            if route_type:
+                self.routing_table = [
+                    route for route in self.routing_table
+                    if route.route_type != route_type
+                ]
+            else:
+                self.routing_table.clear()
+    def export_config(self) -> Dict:
+        """Export router configuration"""
+        return {
+            'router_id': self.router_id,
+            'default_gateway': self.default_gateway,
+            'interfaces': [
+                {
+                    'name': iface.name,
+                    'ip_address': iface.ip_address,
+                    'netmask': iface.netmask,
+                    'network': iface.network,
+                    'enabled': iface.enabled,
+                    'mtu': iface.mtu
+                }
+                for iface in self.interfaces.values()
+            ],
+            'static_routes': [
+                {
+                    'destination': route.destination,
+                    'gateway': route.gateway,
+                    'interface': route.interface,
+                    'metric': route.metric
+                }
+                for route in self.routing_table
+                if route.route_type == RouteType.STATIC
+            ]
+        }
+    def import_config(self, config: Dict):
+        """Import router configuration"""
+        # Clear existing configuration
+        with self.lock:
+            self.interfaces.clear()
+            self.routing_table.clear()
+            self.arp_table.clear()
+        # Update router settings
+        self.router_id = config.get('router_id', self.router_id)
+        self.default_gateway = config.get('default_gateway', self.default_gateway)
+        # Reinitialize from new config
+        self.config.update(config)
+        self._initialize_interfaces()
+        self._initialize_routes()
+class RouterUtils:
+    """Utility functions for router operations"""
+    @staticmethod
+    def ip_to_int(ip: str) -> int:
+        """Convert IP address to integer"""
+        return int(ipaddress.ip_address(ip))
+    @staticmethod
+    def int_to_ip(ip_int: int) -> str:
+        """Convert integer to IP address"""
+        return str(ipaddress.ip_address(ip_int))
+    @staticmethod
+    def calculate_network(ip: str, netmask: str) -> str:
+        """Calculate network address from IP and netmask"""
+        try:
+            interface = ipaddress.ip_interface(f"{ip}/{netmask}")
+            return str(interface.network)
+        except (ipaddress.AddressValueError, ValueError):
+            return "0.0.0.0/0"
+    @staticmethod
+    def is_private_ip(ip: str) -> bool:
+        """Check if IP address is private"""
+        try:
+            ip_obj = ipaddress.ip_address(ip)
+            return ip_obj.is_private
+        except (ipaddress.AddressValueError, ValueError):
+            return False
+    @staticmethod
+    def is_multicast_ip(ip: str) -> bool:
+        """Check if IP address is multicast"""
+        try:
+            ip_obj = ipaddress.ip_address(ip)
+            return ip_obj.is_multicast
+        except (ipaddress.AddressValueError, ValueError):
+            return False
+    @staticmethod
+    def validate_cidr(cidr: str) -> bool:
+        """Validate CIDR notation"""
+        try:
+            ipaddress.ip_network(cidr, strict=False)
+            return True
+        except (ipaddress.AddressValueError, ValueError):
+            return False

database/app.db ADDED Viewed

Binary file (16.4 kB). View file

main.py ADDED Viewed

	@@ -0,0 +1,62 @@

+import os
+import sys
+# DON\'T CHANGE THIS !!!
+sys.path.insert(0, os.path.dirname(os.path.dirname(__file__)))
+from flask import Flask, send_from_directory
+from models.user import db
+from routes.user import user_bp
+from routes.isp_api import init_engines, isp_api
+app = Flask(__name__, static_folder=os.path.join(os.path.dirname(__file__), 'static'))
+app.config['SECRET_KEY'] = 'asdf#FGSgvasgf$5$WGT'
+app.register_blueprint(user_bp, url_prefix='/api')
+app.register_blueprint(isp_api, url_prefix='/api')
+# uncomment if you need to use database
+app.config['SQLALCHEMY_DATABASE_URI'] = f"sqlite:///{os.path.join(os.path.dirname(__file__), 'database', 'app.db')}"
+app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
+db.init_app(app)
+with app.app_context():
+    db.create_all()
+# Default configuration for engines
+app.config["dhcp"] = {
+    "network": "10.0.0.0/24",
+    "range_start": "10.0.0.10",
+    "range_end": "10.0.0.100",
+    "lease_time": 3600,
+    "gateway": "10.0.0.1",
+    "dns_servers": ["8.8.8.8", "8.8.4.4"]
+}
+# Initialize engines only once, when the Flask app is not in debug mode's reloader process
+if not app.debug or os.environ.get('WERKZEUG_RUN_MAIN') == 'true':
+    init_engines(app.config)
+@app.route('/')
+def serve_root():
+    return serve('')
+@app.route('/<path:path>')
+def serve(path):
+    static_folder_path = app.static_folder
+    if static_folder_path is None:
+            return "Static folder not configured", 404
+    if path != "" and os.path.exists(os.path.join(static_folder_path, path)):
+        return send_from_directory(static_folder_path, path)
+    else:
+        index_path = os.path.join(static_folder_path, 'index.html')
+        if os.path.exists(index_path):
+            return send_from_directory(static_folder_path, 'index.html')
+        else:
+            return "index.html not found", 404
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=5000, debug=False)

main_isp.py ADDED Viewed

	@@ -0,0 +1,273 @@

+"""
+Main ISP Application
+Integrates all core modules and provides the main application entry point
+"""
+import os
+import sys
+import json
+import threading
+import time
+from flask import Flask
+from flask_cors import CORS
+# Add project root to path
+sys.path.insert(0, os.path.dirname(os.path.dirname(__file__)))
+# Import routes and core modules
+from src.routes.isp_api import isp_api, init_engines
+def load_config():
+    """Load configuration from file or use defaults"""
+    config_file = os.path.join(os.path.dirname(__file__), 'config.json')
+    default_config = {
+        "dhcp": {
+            "network": "10.0.0.0/24",
+            "range_start": "10.0.0.10",
+            "range_end": "10.0.0.100",
+            "lease_time": 3600,
+            "gateway": "10.0.0.1",
+            "dns_servers": ["8.8.8.8", "8.8.4.4"]
+        },
+        "nat": {
+            "port_range_start": 10000,
+            "port_range_end": 65535,
+            "session_timeout": 300,
+            "host_ip": "0.0.0.0"
+        },
+        "firewall": {
+            "default_policy": "ACCEPT",
+            "log_blocked": True,
+            "log_accepted": False,
+            "max_log_entries": 10000,
+            "rules": [
+                {
+                    "rule_id": "allow_dhcp",
+                    "priority": 1,
+                    "action": "ACCEPT",
+                    "direction": "BOTH",
+                    "dest_port": "67,68",
+                    "protocol": "UDP",
+                    "description": "Allow DHCP traffic",
+                    "enabled": True
+                },
+                {
+                    "rule_id": "allow_dns",
+                    "priority": 2,
+                    "action": "ACCEPT",
+                    "direction": "BOTH",
+                    "dest_port": "53",
+                    "protocol": "UDP",
+                    "description": "Allow DNS traffic",
+                    "enabled": True
+                }
+            ]
+        },
+        "tcp": {
+            "initial_window": 65535,
+            "max_retries": 3,
+            "timeout": 300,
+            "time_wait_timeout": 120,
+            "mss": 1460
+        },
+        "router": {
+            "router_id": "virtual-isp-router",
+            "default_gateway": "10.0.0.1",
+            "interfaces": [
+                {
+                    "name": "virtual0",
+                    "ip_address": "10.0.0.1",
+                    "netmask": "255.255.255.0",
+                    "enabled": True,
+                    "mtu": 1500
+                }
+            ],
+            "static_routes": []
+        },
+        "socket_translator": {
+            "connect_timeout": 10,
+            "read_timeout": 30,
+            "max_connections": 1000,
+            "buffer_size": 8192
+        },
+        "packet_bridge": {
+            "websocket_host": "0.0.0.0",
+            "websocket_port": 8765,
+            "tcp_host": "0.0.0.0",
+            "tcp_port": 8766,
+            "max_clients": 100,
+            "client_timeout": 300
+        },
+        "session_tracker": {
+            "max_sessions": 10000,
+            "session_timeout": 3600,
+            "cleanup_interval": 300,
+            "metrics_retention": 86400
+        },
+        "logger": {
+            "log_level": "INFO",
+            "log_to_file": True,
+            "log_file_path": "/tmp/virtual_isp.log",
+            "log_file_max_size": 10485760,
+            "log_file_backup_count": 5,
+            "log_to_console": True,
+            "structured_logging": True,
+            "max_memory_logs": 10000
+        },
+        "openvpn": {
+            "server_config_path": "/etc/openvpn/server/server.conf",
+            "ca_cert_path": "/home/ubuntu/openvpn-ca/pki/ca.crt",
+            "server_cert_path": "/home/ubuntu/openvpn-ca/pki/issued/server.crt",
+            "server_key_path": "/home/ubuntu/openvpn-ca/pki/private/server.key",
+            "dh_path": "/home/ubuntu/openvpn-ca/pki/dh.pem",
+            "vpn_network": "10.8.0.0/24",
+            "vpn_server_ip": "10.8.0.1",
+            "vpn_port": 1194,
+            "protocol": "udp",
+            "auto_start": False,
+            "client_to_client": False,
+            "push_routes": [
+                "redirect-gateway def1 bypass-dhcp",
+                "dhcp-option DNS 8.8.8.8",
+                "dhcp-option DNS 8.8.4.4"
+            ]
+        }
+    }
+    if os.path.exists(config_file):
+        try:
+            with open(config_file, 'r') as f:
+                file_config = json.load(f)
+            # Merge with defaults
+            def merge_config(default, override):
+                result = default.copy()
+                for key, value in override.items():
+                    if key in result and isinstance(result[key], dict) and isinstance(value, dict):
+                        result[key] = merge_config(result[key], value)
+                    else:
+                        result[key] = value
+                return result
+            return merge_config(default_config, file_config)
+        except Exception as e:
+            print(f"Error loading config file: {e}")
+            print("Using default configuration")
+            return default_config
+    else:
+        # Save default config
+        try:
+            with open(config_file, 'w') as f:
+                json.dump(default_config, f, indent=2)
+            print(f"Created default configuration file: {config_file}")
+        except Exception as e:
+            print(f"Could not save default config: {e}")
+        return default_config
+def create_app():
+    """Create and configure Flask application"""
+    app = Flask(__name__, static_folder=os.path.join(os.path.dirname(__file__), 'static'))
+    # Enable CORS for all routes
+    CORS(app, origins="*", allow_headers=["Content-Type", "Authorization"])
+    # Load configuration
+    config = load_config()
+    app.config['ISP_CONFIG'] = config
+    # Register blueprints
+    app.register_blueprint(isp_api, url_prefix='/api')
+    # Initialize engines
+    init_engines(config)
+    # Serve static files
+    @app.route('/', defaults={'path': ''})
+    @app.route('/<path:path>')
+    def serve_static(path):
+        static_folder_path = app.static_folder
+        if static_folder_path is None:
+            return "Static folder not configured", 404
+        if path != "" and os.path.exists(os.path.join(static_folder_path, path)):
+            return app.send_static_file(path)
+        else:
+            index_path = os.path.join(static_folder_path, 'index.html')
+            if os.path.exists(index_path):
+                return app.send_static_file('index.html')
+            else:
+                return """
+                <!DOCTYPE html>
+                <html>
+                <head>
+                    <title>Virtual ISP Stack</title>
+                    <style>
+                        body { font-family: Arial, sans-serif; margin: 40px; }
+                        .container { max-width: 800px; margin: 0 auto; }
+                        .status { background: #f0f0f0; padding: 20px; border-radius: 5px; }
+                        .api-link { color: #0066cc; text-decoration: none; }
+                        .api-link:hover { text-decoration: underline; }
+                    </style>
+                </head>
+                <body>
+                    <div class="container">
+                        <h1>Virtual ISP Stack</h1>
+                        <div class="status">
+                            <h2>System Status</h2>
+                            <p>The Virtual ISP Stack is running successfully!</p>
+                            <p><strong>API Endpoint:</strong> <a href="/api/status" class="api-link">/api/status</a></p>
+                            <p><strong>System Stats:</strong> <a href="/api/stats" class="api-link">/api/stats</a></p>
+                        </div>
+                        <h2>Available API Endpoints</h2>
+                        <ul>
+                            <li><a href="/api/config" class="api-link">GET /api/config</a> - System configuration</li>
+                            <li><a href="/api/status" class="api-link">GET /api/status</a> - System status</li>
+                            <li><a href="/api/stats" class="api-link">GET /api/stats</a> - System statistics</li>
+                            <li><a href="/api/dhcp/leases" class="api-link">GET /api/dhcp/leases</a> - DHCP leases</li>
+                            <li><a href="/api/nat/sessions" class="api-link">GET /api/nat/sessions</a> - NAT sessions</li>
+                            <li><a href="/api/firewall/rules" class="api-link">GET /api/firewall/rules</a> - Firewall rules</li>
+                            <li><a href="/api/tcp/connections" class="api-link">GET /api/tcp/connections</a> - TCP connections</li>
+                            <li><a href="/api/router/routes" class="api-link">GET /api/router/routes</a> - Routing table</li>
+                            <li><a href="/api/bridge/clients" class="api-link">GET /api/bridge/clients</a> - Bridge clients</li>
+                            <li><a href="/api/sessions" class="api-link">GET /api/sessions</a> - Session tracking</li>
+                            <li><a href="/api/logs" class="api-link">GET /api/logs</a> - System logs</li>
+                        </ul>
+                        <h2>WebSocket Bridge</h2>
+                        <p>WebSocket server running on port 8765 for packet bridge connections.</p>
+                        <p>TCP server running on port 8766 for packet bridge connections.</p>
+                    </div>
+                </body>
+                </html>
+                """, 200
+    return app
+def main():
+    """Main application entry point"""
+    print("Starting Virtual ISP Stack...")
+    # Create Flask app
+    app = create_app()
+    # Start the application
+    print("Virtual ISP Stack started successfully!")
+    print("API available at: http://0.0.0.0:5000/api/")
+    print("WebSocket bridge at: ws://0.0.0.0:8765")
+    print("TCP bridge at: tcp://0.0.0.0:8766")
+    # Run Flask app
+    app.run(host='0.0.0.0', port=5000, debug=False, threaded=True)
+if __name__ == '__main__':
+    main()

models/__pycache__/user.cpython-311.pyc ADDED Viewed

Binary file (1.3 kB). View file

models/user.py ADDED Viewed

	@@ -0,0 +1,18 @@

+from flask_sqlalchemy import SQLAlchemy
+db = SQLAlchemy()
+class User(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    username = db.Column(db.String(80), unique=True, nullable=False)
+    email = db.Column(db.String(120), unique=True, nullable=False)
+    def __repr__(self):
+        return f'<User {self.username}>'
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'username': self.username,
+            'email': self.email
+        }

openvpn/ca.crt ADDED Viewed

	@@ -0,0 +1,20 @@

+-----BEGIN CERTIFICATE-----
+MIIDMzCCAhugAwIBAgIUNO765P4t/yD/PnIFTMVs0Q32TJYwDQYJKoZIhvcNAQEL
+BQAwDjEMMAoGA1UEAwwDeWVzMB4XDTI1MDgwMjAxMjkzNVoXDTM1MDczMTAxMjkz
+NVowDjEMMAoGA1UEAwwDeWVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAtwhMGXouHnHBRd2RhdrW8sOMgqt4wDXZC0J+4UMjOX6Y7t2O1Sgw/sWhwFPk
+QF/cMoQIvsucklPogcnzzGtv9zDkAXyVyCC27UYbg8JfWZK3ZMrt6dfEmYf4KKXm
+D6PLn9guxzBB63dhEWx/7fd6H9C/rK/u0rOh15DQRnfEI468cmXS5uNg8ke/73+y
+Gzb6q7ZOFByBAwM0hW0lStBaIIcxouFrIK8B72O8H+6t10K1GvgiBhKvM3cc8dpN
+y4qvRoN/o+eXarZG7G9dfm9OFgdd9LoXPTTbO+ftFPKOq4F41PnMd2Zcyk7P3GCr
+3oK7NbISxZ5efLpy45lgSpqKBwIDAQABo4GIMIGFMB0GA1UdDgQWBBQIi0Er30cV
+Qzi+U/LPV4Lf3yvGIzBJBgNVHSMEQjBAgBQIi0Er30cVQzi+U/LPV4Lf3yvGI6ES
+pBAwDjEMMAoGA1UEAwwDeWVzghQ07vrk/i3/IP8+cgVMxWzRDfZMljAMBgNVHRME
+BTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAHzfSFbi1G7WC
+vMSOqSv4/jlBExnz/AlLUBHhgDomIdLK8Pb3tyCD5IYkmi0NT5x6DORcOV2ow1JZ
+o4BL7OVV+fhz3VKXEpG+s3gq5j2m+raqLtu6QKBGg7SIUZ4MLjggvAcPjsK+n8sK
+86sAUFVTccBxJlKBShAUPSNihyWwxB4PQFvwhefNQSoID1kAB2Fzf1beMX6Gp6Lj
+ldI6e63lpYtIbp4+2F5SxJ/hGTUx+nWbOAHPvhBfhN6sEu9G1C5KPR0cm+xxOpZ9
+lA7y4Dea7pyVybR/b7lFquE3TReXCoLx79UNNSv8erIlsy1jh9yXDnTCk8SN1dpO
+YwJ9U0AHXA==
+-----END CERTIFICATE-----

openvpn/dh.pem ADDED Viewed

	@@ -0,0 +1,8 @@

+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAlPRBW0tYm271xYHi15JrD3JRlpvdjAm+CZoEq0ElLXvSlIKaNQls
+ITH+KIBBX3pgbFFk03fO9ApF0kSOzycRRCuW970iCkDoFUN9y58EG+BI863FkU1h
+3dx+c59HqdWXkzFK+SmTfKIe12alZFik5G0Xs0hkphCgPaXvWlojorjQoRfKySw3
+VxpybKS83+l3t2ER3Z03IRvWinlnuxVAcymzeSR9hwIMJi3RmYmNmdXNel/WFAo2
+zT5j2f2OZHtnBhvo1V92Rml+5rJksPX4lJMRNwVEnXwqVUyCQOTTiGTUjLOO2gdk
+HLhH5teetBdKL4tFcldeIJSk3e0oWXbURwIBAg==
+-----END DH PARAMETERS-----

openvpn/server.conf ADDED Viewed

	@@ -0,0 +1,21 @@

+port 1194
+proto udp
+dev tun
+ca /etc/openvpn/server/ca.crt
+cert /etc/openvpn/server/server.crt
+key /etc/openvpn/server/server.key
+dh /etc/openvpn/server/dh.pem
+server 10.8.0.0 255.255.255.0
+ifconfig-pool-persist ipp.txt
+push "redirect-gateway def1 bypass-dhcp"
+push "dhcp-option DNS 8.8.8.8"
+push "dhcp-option DNS 8.8.4.4"
+keepalive 10 120
+cipher AES-256-CBC
+persist-key
+persist-tun
+status openvpn-status.log
+verb 3
+explicit-exit-notify 1

openvpn/server.crt ADDED Viewed

	@@ -0,0 +1,86 @@

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            dd:b5:29:c9:70:b2:b3:65:70:ac:0f:57:30:15:b4:2a
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=yes
+        Validity
+            Not Before: Aug  2 01:29:38 2025 GMT
+            Not After : Nov  5 01:29:38 2027 GMT
+        Subject: CN=server
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:dd:9e:02:fb:e3:57:cd:51:43:36:6a:2f:30:f5:
+                    a1:42:5c:16:f1:7b:4b:0a:aa:b1:34:b5:86:51:3e:
+                    6b:82:2e:59:df:42:21:cf:65:14:ea:8c:93:3c:0a:
+                    72:a5:2e:0f:64:1a:ec:76:52:18:b2:d3:a0:df:df:
+                    19:83:7e:39:9e:f5:16:18:36:34:ae:57:cf:2c:89:
+                    7c:c5:97:e3:8f:d0:83:08:7f:14:0c:74:2c:d2:95:
+                    09:6e:42:99:a0:28:69:83:68:f4:9c:0e:b5:3e:08:
+                    8f:d8:06:ec:d5:aa:c8:bc:19:4b:ff:e4:99:50:12:
+                    67:25:d4:79:94:1f:3d:64:b2:c8:00:ea:97:c2:df:
+                    b8:1c:dc:69:47:9f:59:df:03:06:5a:32:7a:fa:51:
+                    96:45:9a:b7:e7:03:ef:9d:3b:94:51:9d:08:69:bb:
+                    b0:3e:c8:9c:a3:a0:9c:18:aa:e9:88:ec:96:c3:71:
+                    b1:f6:a7:09:ff:c0:56:b1:24:22:ab:fc:9a:c5:fc:
+                    fd:67:8e:1a:86:ff:0a:5b:28:46:b4:20:93:05:b6:
+                    ff:87:93:66:7d:ae:92:c4:0d:20:99:e9:c5:b8:3d:
+                    41:3a:06:83:49:e5:13:2e:d6:33:94:45:6a:36:84:
+                    f9:c9:61:fe:98:3a:6e:41:ed:d8:8c:f1:55:3d:6d:
+                    53:fb
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints:
+                CA:FALSE
+            X509v3 Subject Key Identifier:
+                F4:62:12:72:49:40:C2:8A:46:5A:CB:71:BE:33:58:25:B3:E0:01:AC
+            X509v3 Authority Key Identifier:
+                keyid:08:8B:41:2B:DF:47:15:43:38:BE:53:F2:CF:57:82:DF:DF:2B:C6:23
+                DirName:/CN=yes
+                serial:34:EE:FA:E4:FE:2D:FF:20:FF:3E:72:05:4C:C5:6C:D1:0D:F6:4C:96
+            X509v3 Extended Key Usage:
+                TLS Web Server Authentication
+            X509v3 Key Usage:
+                Digital Signature, Key Encipherment
+            X509v3 Subject Alternative Name:
+                DNS:server
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        85:f7:59:01:c2:99:23:c3:9a:99:2a:0a:bc:5d:7d:1c:e8:7c:
+        e9:23:a5:87:08:bd:45:1b:a7:a9:b7:3a:06:b6:91:86:ac:61:
+        03:ae:cd:65:80:0e:e4:81:dc:38:b3:fe:6d:6f:02:e4:9e:43:
+        95:d0:a6:38:30:53:52:14:f1:96:2a:30:69:2f:56:24:65:ba:
+        53:c0:b0:22:23:2b:18:37:a1:0c:45:07:cb:ec:a9:71:f7:96:
+        2a:d2:18:94:f0:07:18:1f:4c:d2:c5:d5:66:8f:1d:5c:08:8d:
+        02:00:d6:0d:df:fd:6e:1e:2a:47:8c:30:fd:5b:46:56:0a:5a:
+        d4:6d:d4:99:c8:94:26:36:0b:86:30:dd:cb:3a:2e:a2:f3:80:
+        0f:62:80:f8:9d:ec:98:f2:96:20:4f:46:01:ae:9d:35:7f:34:
+        21:d7:71:89:b6:7a:ce:94:7e:14:e6:bf:b6:08:44:39:24:db:
+        aa:cf:54:46:34:8f:67:6c:72:22:f1:eb:e9:94:7d:73:26:f3:
+        2f:72:fe:28:b3:cb:28:c3:4c:14:3d:c3:81:1e:8d:96:96:e5:
+        df:af:c4:0a:06:71:16:df:8f:a3:30:50:79:45:95:4c:e8:57:
+        ee:ed:38:dd:82:8e:0e:b1:2b:4d:27:2b:6f:bc:c8:1c:91:de:
+        2c:55:69:38
+-----BEGIN CERTIFICATE-----
+MIIDWDCCAkCgAwIBAgIRAN21KclwsrNlcKwPVzAVtCowDQYJKoZIhvcNAQELBQAw
+DjEMMAoGA1UEAwwDeWVzMB4XDTI1MDgwMjAxMjkzOFoXDTI3MTEwNTAxMjkzOFow
+ETEPMA0GA1UEAwwGc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA3Z4C++NXzVFDNmovMPWhQlwW8XtLCqqxNLWGUT5rgi5Z30Ihz2UU6oyTPApy
+pS4PZBrsdlIYstOg398Zg345nvUWGDY0rlfPLIl8xZfjj9CDCH8UDHQs0pUJbkKZ
+oChpg2j0nA61PgiP2Abs1arIvBlL/+SZUBJnJdR5lB89ZLLIAOqXwt+4HNxpR59Z
+3wMGWjJ6+lGWRZq35wPvnTuUUZ0IabuwPsico6CcGKrpiOyWw3Gx9qcJ/8BWsSQi
+q/yaxfz9Z44ahv8KWyhGtCCTBbb/h5Nmfa6SxA0gmenFuD1BOgaDSeUTLtYzlEVq
+NoT5yWH+mDpuQe3YjPFVPW1T+wIDAQABo4GtMIGqMAkGA1UdEwQCMAAwHQYDVR0O
+BBYEFPRiEnJJQMKKRlrLcb4zWCWz4AGsMEkGA1UdIwRCMECAFAiLQSvfRxVDOL5T
+8s9Xgt/fK8YjoRKkEDAOMQwwCgYDVQQDDAN5ZXOCFDTu+uT+Lf8g/z5yBUzFbNEN
+9kyWMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIFoDARBgNVHREECjAI
+ggZzZXJ2ZXIwDQYJKoZIhvcNAQELBQADggEBAIX3WQHCmSPDmpkqCrxdfRzofOkj
+pYcIvUUbp6m3Oga2kYasYQOuzWWADuSB3Diz/m1vAuSeQ5XQpjgwU1IU8ZYqMGkv
+ViRlulPAsCIjKxg3oQxFB8vsqXH3lirSGJTwBxgfTNLF1WaPHVwIjQIA1g3f/W4e
+KkeMMP1bRlYKWtRt1JnIlCY2C4Yw3cs6LqLzgA9igPid7JjyliBPRgGunTV/NCHX
+cYm2es6UfhTmv7YIRDkk26rPVEY0j2dsciLx6+mUfXMm8y9y/iizyyjDTBQ9w4Ee
+jZaW5d+vxAoGcRbfj6MwUHlFlUzoV+7tON2Cjg6xK00nK2+8yByR3ixVaTg=
+-----END CERTIFICATE-----

openvpn/server.key ADDED Viewed

	@@ -0,0 +1,28 @@

+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDdngL741fNUUM2
+ai8w9aFCXBbxe0sKqrE0tYZRPmuCLlnfQiHPZRTqjJM8CnKlLg9kGux2Uhiy06Df
+3xmDfjme9RYYNjSuV88siXzFl+OP0IMIfxQMdCzSlQluQpmgKGmDaPScDrU+CI/Y
+BuzVqsi8GUv/5JlQEmcl1HmUHz1kssgA6pfC37gc3GlHn1nfAwZaMnr6UZZFmrfn
+A++dO5RRnQhpu7A+yJyjoJwYqumI7JbDcbH2pwn/wFaxJCKr/JrF/P1njhqG/wpb
+KEa0IJMFtv+Hk2Z9rpLEDSCZ6cW4PUE6BoNJ5RMu1jOURWo2hPnJYf6YOm5B7diM
+8VU9bVP7AgMBAAECggEATtwR0sEYtspSYPQS+9iD/AGZ9m75in+n1Ao+E/3isq28
+tDmrn0moUjgYklZjakzEFEqSVx4qhMPSrKcORKCvb1Vl+dKcF2fOpFn+KK++Pagk
+YGsb3ryeUIbRFsejM/79YNIBrOB89OiGCwiX0QZXLLvRs+qL9Za+1pLPenpNVd2w
+zL+AZ8QkJZdHn1vOZt9vKRlpe8psAt64RHb+LqhYWfeLlpIUjpM5Vu9FFewMGPrw
+n+GVCzK4ylq0pJ9bYwKI5Hw4qnJ3j5bGIumEjYBqqmef1+OTD3r/wyhTGpK9RRAu
+WD9YGJeQx3ybzRL7Wj6k5g0dn+UA82Lh7Y8n9IoSaQKBgQDqP/BU2KapOHgFt2DE
+WHU/+zA7/kfMJMGB5dYy8oXTxUY7WuqX9lja3rC0XuH10JTD6Q21jkTujc0T5/1B
+4KxuX+nQP/T9b4XzVM3pKWVmHUt6wf24sbuTNxOy/Q/wC7eCnkr04CEl0vf3E56N
+JaLG11dbpcn+9RC9FlUhlYY8QwKBgQDyMcz43915YGOQMkGVZFPvKyOy7ol4fFZv
+VRfRoGx9CfHCIOfh9vmlUy6TR4qAQkCnkL730OsxpW3aDTe3qcAcmhiK7u5TfWrE
+cd1WgrkymJ8hyEk6FSV0GMKrccQeEo2T95cKnk6lNXnEdNp5kx7LBQhL36fEtMXS
+FGCcRkNp6QKBgAbm6WLmm0qDIm4wsAY5AQNomEw8OstWDemQ5xXLNYw+1Mns7Nqb
+ZJTWWOiHnyrKAYggNsoxrfBFd1Rt0nV9dDcwVkhPih1pis3XotWK5bTzigTM8Hff
+rMIyrj7o2+5bugV8OoMqk2903t+F0XchM8GeGLHXmbMMb3jSzqFVsYXXAoGBAII1
+Z/99S7LPsXd6rWvFzqJMzRqLx/iw0D92viGDYBAxYnp9+myvvTO27tlbowilleEA
+nsrY1TmRuOd8J7JkXtaBuiQnpJXaXaZTmS3DhhG/n/4nkcbaS5KJJU/LECcizl74
+w4l/5sRHZbnLIRIvmGSJxhYUnjvQ/HGfZvldhSzRAoGBAMVTrxWedC2XeSMwjdhF
+zeDBAp/dTMEnRaS0j3rp+4a4l7Sus1L/p8gBrJtnf/B43bNvQ5cr2jwH7Ql5cF1A
+A7hpZ3C0trNaf6WqslJQhN8j8Cs85S/8rPGM5yAfyzKTMe0ytLUjn+XiQCqCUFcT
+Inqx4ll7r2tlcI3aMlvN2qsd
+-----END PRIVATE KEY-----

requirements.txt ADDED Viewed

	@@ -0,0 +1,33 @@

+# Core Flask dependencies
+Flask==3.1.1
+flask-cors==6.0.0
+Flask-SQLAlchemy==3.1.1
+Werkzeug==3.1.3
+# Database
+SQLAlchemy==2.0.41
+# Async and networking
+aiohttp==3.12.15
+aiohappyeyeballs==2.6.1
+aiosignal==1.4.0
+websockets==15.0.1
+# Utilities
+attrs==25.3.0
+blinker==1.9.0
+click==8.2.1
+frozenlist==1.7.0
+greenlet==3.2.3
+idna==3.10
+itsdangerous==2.2.0
+Jinja2==3.1.6
+MarkupSafe==3.0.2
+multidict==6.6.3
+propcache==0.3.2
+typing_extensions==4.14.0
+yarl==1.20.1
+# Additional dependencies for VPN management
+psutil==5.9.8

routes/__pycache__/isp_api.cpython-311.pyc ADDED Viewed

Binary file (47.9 kB). View file

routes/__pycache__/user.cpython-311.pyc ADDED Viewed

Binary file (3.4 kB). View file

routes/isp_api.py ADDED Viewed

	@@ -0,0 +1,1171 @@

+"""
+ISP API Routes
+Flask routes for the Virtual ISP Stack API endpoints
+"""
+from flask import Blueprint, jsonify, request, Response
+from flask_cors import cross_origin
+import json
+import time
+from typing import Dict, Any
+# Import core modules
+from core.dhcp_server import DHCPServer
+from core.nat_engine import NATEngine
+from core.firewall import FirewallEngine, FirewallRule, FirewallRuleBuilder, FirewallAction, FirewallDirection
+from core.tcp_engine import TCPEngine
+from core.virtual_router import VirtualRouter
+from core.socket_translator import SocketTranslator
+from core.packet_bridge import PacketBridge
+from core.session_tracker import SessionTracker, SessionType, SessionState
+from core.logger import VirtualISPLogger, LogLevel, LogCategory, LogFilter
+from core.openvpn_manager import OpenVPNManager, initialize_openvpn_manager, get_openvpn_manager
+from core.traffic_router import TrafficRouter
+# Create blueprint
+isp_api = Blueprint('isp_api', __name__)
+# Global instances (will be initialized by main app)
+dhcp_server: DHCPServer = None
+nat_engine: NATEngine = None
+firewall_engine: FirewallEngine = None
+tcp_engine: TCPEngine = None
+virtual_router: VirtualRouter = None
+socket_translator: SocketTranslator = None
+packet_bridge: PacketBridge = None
+session_tracker: SessionTracker = None
+logger: VirtualISPLogger = None
+openvpn_manager: OpenVPNManager = None
+traffic_router: TrafficRouter = None
+def init_engines(config: Dict[str, Any]):
+    """Initialize all ISP stack engines including traffic router"""
+    global dhcp_server, nat_engine, firewall_engine, tcp_engine, virtual_router
+    global socket_translator, packet_bridge, session_tracker, logger, openvpn_manager, traffic_router
+    try:
+        # Initialize logger first
+        logger = VirtualISPLogger({})
+        logger.start()
+        # Initialize core engines
+        dhcp_server = DHCPServer(config.get('dhcp', {}))
+        nat_engine = NATEngine(config.get('nat', {}))
+        firewall_engine = FirewallEngine(config.get('firewall', {}))
+        tcp_engine = TCPEngine(config.get('tcp', {}))
+        virtual_router = VirtualRouter(config.get('router', {}))
+        socket_translator = SocketTranslator(config.get('socket_translator', {}))
+        session_tracker = SessionTracker(config.get('session_tracker', {}))
+        # Initialize traffic router for VPN routing
+        traffic_router = TrafficRouter(config.get('traffic_router', {}))
+        # Initialize OpenVPN manager with traffic router
+        openvpn_manager = OpenVPNManager(config.get('openvpn', {}))
+        # Set component references for integration
+        openvpn_manager.set_isp_components(
+            dhcp_server=dhcp_server,
+            nat_engine=nat_engine,
+            firewall=firewall_engine,
+            router=virtual_router,
+            traffic_router=traffic_router
+        )
+        # Initialize packet bridge (requires other components)
+        packet_bridge = PacketBridge(config.get('packet_bridge', {}))
+        # Start all engines
+        dhcp_server.start()
+        nat_engine.start()
+        tcp_engine.start()
+        socket_translator.start()
+        session_tracker.start()
+        packet_bridge.start()
+        # Start traffic router
+        traffic_router.start()
+        logger.log(LogLevel.INFO, LogCategory.SYSTEM, "api", "All engines initialized and started")
+        return True
+    except Exception as e:
+        print(f"Error initializing engines: {e}")
+        return False
+# Default configuration
+DEFAULT_CONFIG = {
+    'dhcp': {
+        'pool_start': '10.0.0.10',
+        'pool_end': '10.0.0.100',
+        'lease_time': 3600,
+        'gateway': '10.0.0.1',
+        'dns_servers': ['8.8.8.8', '8.8.4.4']
+    },
+    'nat': {
+        'port_range_start': 10000,
+        'port_range_end': 65535,
+        'session_timeout': 300
+    },
+    'firewall': {
+        'default_policy': 'ACCEPT',
+        'log_blocked': True
+    },
+    'traffic_router': {
+        'vpn_network': '10.8.0.0/24',
+        'vpn_gateway': '10.8.0.1',
+        'enable_free_data_routing': True
+    },
+    'tcp': {
+        'initial_window': 65535,
+        'max_retries': 3,
+        'timeout': 30
+    },
+    'openvpn': {
+        'config_path': '/etc/openvpn/server/server.conf',
+        'status_log': '/var/log/openvpn/openvpn-status.log',
+        'port': 1194,
+        'protocol': 'udp'
+    }
+}
+@isp_api.route('/api/status', methods=['GET'])
+@cross_origin()
+def get_status():
+    """Get system status including traffic router"""
+    try:
+        # Collect status from all components
+        status = {
+            'components': {},
+            'stats': {},
+            'timestamp': time.time(),
+            'uptime': time.time() - (dhcp_server.start_time if dhcp_server and dhcp_server.start_time else time.time())
+        }
+        # Component status
+        status['components']['dhcp_server'] = dhcp_server.is_running if dhcp_server else False
+        status['components']['nat_engine'] = nat_engine.is_running if nat_engine else False
+        status['components']['firewall_engine'] = firewall_engine.is_running if firewall_engine else False
+        status['components']['tcp_engine'] = tcp_engine.is_running if tcp_engine else False
+        status['components']['virtual_router'] = virtual_router.is_running if virtual_router else False
+        status['components']['socket_translator'] = socket_translator.is_running if socket_translator else False
+        status['components']['packet_bridge'] = packet_bridge.is_running if packet_bridge else False
+        status['components']['session_tracker'] = session_tracker.is_running if session_tracker else False
+        status['components']['logger'] = logger.is_running if logger else False
+        status['components']['traffic_router'] = traffic_router.is_running if traffic_router else False
+        # Statistics
+        status['stats']['dhcp_leases'] = len(dhcp_server.get_leases()) if dhcp_server else 0
+        status['stats']['nat_sessions'] = len(nat_engine.get_sessions()) if nat_engine else 0
+        status['stats']['firewall_rules'] = len(firewall_engine.get_rules()) if firewall_engine else 0
+        status['stats']['tcp_connections'] = len(tcp_engine.get_connections()) if tcp_engine else 0
+        status['stats']['total_sessions'] = len(session_tracker.get_sessions()) if session_tracker else 0
+        status['stats']['bridge_clients'] = len(packet_bridge.get_clients()) if packet_bridge else 0
+        # Traffic router stats
+        if traffic_router:
+            traffic_stats = traffic_router.get_stats()
+            status['stats']['traffic_router'] = traffic_stats
+        return jsonify({
+            'status': 'success',
+            'system_status': status
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/api/config', methods=['POST'])
+@cross_origin()
+def update_config():
+    """Update system configuration"""
+    try:
+        config_data = request.get_json()
+        # Here you would update the actual configuration
+        # For now, just return success
+        if logger:
+            logger.log(LogLevel.INFO, LogCategory.SYSTEM, 'api', 'Configuration updated', metadata=config_data)
+        return jsonify({
+            'status': 'success',
+            'message': 'Configuration updated successfully'
+        })
+    except Exception as e:
+        if logger:
+            logger.log(LogLevel.ERROR, LogCategory.SYSTEM, 'api', f'Configuration update failed: {str(e)}')
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+# DHCP endpoints
+@isp_api.route('/api/dhcp/leases', methods=['GET'])
+@cross_origin()
+def get_dhcp_leases():
+    """Get DHCP lease table"""
+    try:
+        if not dhcp_server:
+            return jsonify({'status': 'error', 'message': 'DHCP server not initialized'}), 500
+        leases = dhcp_server.get_leases()
+        return jsonify({
+            'status': 'success',
+            'leases': leases,
+            'count': len(leases)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/dhcp/leases/<mac_address>', methods=['DELETE'])
+@cross_origin()
+def release_dhcp_lease(mac_address):
+    """Release DHCP lease"""
+    try:
+        if not dhcp_server:
+            return jsonify({'status': 'error', 'message': 'DHCP server not initialized'}), 500
+        success = dhcp_server.release_lease(mac_address)
+        if success:
+            if logger:
+                logger.info(LogCategory.DHCP, 'api', f'Released DHCP lease for {mac_address}')
+            return jsonify({
+                'status': 'success',
+                'message': f'Lease for {mac_address} released'
+            })
+        else:
+            return jsonify({
+                'status': 'error',
+                'message': f'Lease for {mac_address} not found'
+            }), 404
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+# NAT endpoints
+@isp_api.route('/nat/sessions', methods=['GET'])
+@cross_origin()
+def get_nat_sessions():
+    """Get NAT session table"""
+    try:
+        if not nat_engine:
+            return jsonify({'status': 'error', 'message': 'NAT engine not initialized'}), 500
+        sessions = nat_engine.get_sessions()
+        return jsonify({
+            'status': 'success',
+            'sessions': sessions,
+            'count': len(sessions)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/nat/stats', methods=['GET'])
+@cross_origin()
+def get_nat_stats():
+    """Get NAT statistics"""
+    try:
+        if not nat_engine:
+            return jsonify({'status': 'error', 'message': 'NAT engine not initialized'}), 500
+        stats = nat_engine.get_stats()
+        return jsonify({
+            'status': 'success',
+            'stats': stats
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+# Firewall endpoints
+@isp_api.route('/firewall/rules', methods=['GET'])
+@cross_origin()
+def get_firewall_rules():
+    """Get firewall rules"""
+    try:
+        if not firewall_engine:
+            return jsonify({'status': 'error', 'message': 'Firewall engine not initialized'}), 500
+        rules = firewall_engine.get_rules()
+        return jsonify({
+            'status': 'success',
+            'rules': rules,
+            'count': len(rules)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/firewall/rules', methods=['POST'])
+@cross_origin()
+def add_firewall_rule():
+    """Add firewall rule"""
+    try:
+        if not firewall_engine:
+            return jsonify({'status': 'error', 'message': 'Firewall engine not initialized'}), 500
+        rule_data = request.get_json()
+        # Build rule using builder
+        builder = FirewallRuleBuilder(rule_data['rule_id'])
+        builder.set_priority(rule_data.get('priority', 100))
+        builder.set_action(rule_data['action'])
+        builder.set_direction(rule_data.get('direction', 'BOTH'))
+        if 'source_ip' in rule_data:
+            builder.set_source_ip(rule_data['source_ip'])
+        if 'dest_ip' in rule_data:
+            builder.set_dest_ip(rule_data['dest_ip'])
+        if 'source_port' in rule_data:
+            builder.set_source_port(rule_data['source_port'])
+        if 'dest_port' in rule_data:
+            builder.set_dest_port(rule_data['dest_port'])
+        if 'protocol' in rule_data:
+            builder.set_protocol(rule_data['protocol'])
+        if 'description' in rule_data:
+            builder.set_description(rule_data['description'])
+        rule = builder.build()
+        success = firewall_engine.add_rule(rule)
+        if success:
+            if logger:
+                logger.info(LogCategory.FIREWALL, 'api', f'Added firewall rule: {rule.rule_id}')
+            return jsonify({
+                'status': 'success',
+                'message': f'Rule {rule.rule_id} added successfully'
+            })
+        else:
+            return jsonify({
+                'status': 'error',
+                'message': f'Rule {rule.rule_id} already exists'
+            }), 400
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/firewall/rules/<rule_id>', methods=['DELETE'])
+@cross_origin()
+def delete_firewall_rule(rule_id):
+    """Delete firewall rule"""
+    try:
+        if not firewall_engine:
+            return jsonify({'status': 'error', 'message': 'Firewall engine not initialized'}), 500
+        success = firewall_engine.remove_rule(rule_id)
+        if success:
+            if logger:
+                logger.info(LogCategory.FIREWALL, 'api', f'Deleted firewall rule: {rule_id}')
+            return jsonify({
+                'status': 'success',
+                'message': f'Rule {rule_id} deleted successfully'
+            })
+        else:
+            return jsonify({
+                'status': 'error',
+                'message': f'Rule {rule_id} not found'
+            }), 404
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/firewall/logs', methods=['GET'])
+@cross_origin()
+def get_firewall_logs():
+    """Get firewall logs"""
+    try:
+        if not firewall_engine:
+            return jsonify({'status': 'error', 'message': 'Firewall engine not initialized'}), 500
+        limit = request.args.get('limit', 100, type=int)
+        filter_action = request.args.get('action')
+        logs = firewall_engine.get_logs(limit=limit, filter_action=filter_action)
+        return jsonify({
+            'status': 'success',
+            'logs': logs,
+            'count': len(logs)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/firewall/stats', methods=['GET'])
+@cross_origin()
+def get_firewall_stats():
+    """Get firewall statistics"""
+    try:
+        if not firewall_engine:
+            return jsonify({'status': 'error', 'message': 'Firewall engine not initialized'}), 500
+        stats = firewall_engine.get_stats()
+        return jsonify({
+            'status': 'success',
+            'stats': stats
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+# TCP connections endpoints
+@isp_api.route('/tcp/connections', methods=['GET'])
+@cross_origin()
+def get_tcp_connections():
+    """Get TCP connections"""
+    try:
+        if not tcp_engine:
+            return jsonify({'status': 'error', 'message': 'TCP engine not initialized'}), 500
+        connections = tcp_engine.get_connections()
+        return jsonify({
+            'status': 'success',
+            'connections': connections,
+            'count': len(connections)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+# Router endpoints
+@isp_api.route('/router/routes', methods=['GET'])
+@cross_origin()
+def get_routing_table():
+    """Get routing table"""
+    try:
+        if not virtual_router:
+            return jsonify({'status': 'error', 'message': 'Virtual router not initialized'}), 500
+        routes = virtual_router.get_routing_table()
+        return jsonify({
+            'status': 'success',
+            'routes': routes,
+            'count': len(routes)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/router/interfaces', methods=['GET'])
+@cross_origin()
+def get_router_interfaces():
+    """Get router interfaces"""
+    try:
+        if not virtual_router:
+            return jsonify({'status': 'error', 'message': 'Virtual router not initialized'}), 500
+        interfaces = virtual_router.get_interfaces()
+        return jsonify({
+            'status': 'success',
+            'interfaces': interfaces,
+            'count': len(interfaces)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/router/arp', methods=['GET'])
+@cross_origin()
+def get_arp_table():
+    """Get ARP table"""
+    try:
+        if not virtual_router:
+            return jsonify({'status': 'error', 'message': 'Virtual router not initialized'}), 500
+        arp_table = virtual_router.get_arp_table()
+        return jsonify({
+            'status': 'success',
+            'arp_table': arp_table,
+            'count': len(arp_table)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/router/stats', methods=['GET'])
+@cross_origin()
+def get_router_stats():
+    """Get router statistics"""
+    try:
+        if not virtual_router:
+            return jsonify({'status': 'error', 'message': 'Virtual router not initialized'}), 500
+        stats = virtual_router.get_stats()
+        return jsonify({
+            'status': 'success',
+            'stats': stats
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+# Bridge endpoints
+@isp_api.route('/bridge/clients', methods=['GET'])
+@cross_origin()
+def get_bridge_clients():
+    """Get bridge clients"""
+    try:
+        if not packet_bridge:
+            return jsonify({'status': 'error', 'message': 'Packet bridge not initialized'}), 500
+        clients = packet_bridge.get_clients()
+        return jsonify({
+            'status': 'success',
+            'clients': clients,
+            'count': len(clients)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/bridge/stats', methods=['GET'])
+@cross_origin()
+def get_bridge_stats():
+    """Get bridge statistics"""
+    try:
+        if not packet_bridge:
+            return jsonify({'status': 'error', 'message': 'Packet bridge not initialized'}), 500
+        stats = packet_bridge.get_stats()
+        return jsonify({
+            'status': 'success',
+            'stats': stats
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+# Session tracking endpoints
+@isp_api.route('/sessions', methods=['GET'])
+@cross_origin()
+def get_sessions():
+    """Get sessions"""
+    try:
+        if not session_tracker:
+            return jsonify({'status': 'error', 'message': 'Session tracker not initialized'}), 500
+        limit = request.args.get('limit', 100, type=int)
+        offset = request.args.get('offset', 0, type=int)
+        sessions = session_tracker.get_sessions(limit=limit, offset=offset)
+        return jsonify({
+            'status': 'success',
+            'sessions': sessions,
+            'count': len(sessions)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/sessions/summary', methods=['GET'])
+@cross_origin()
+def get_session_summary():
+    """Get session summary"""
+    try:
+        if not session_tracker:
+            return jsonify({'status': 'error', 'message': 'Session tracker not initialized'}), 500
+        summary = session_tracker.get_session_summary()
+        return jsonify({
+            'status': 'success',
+            'summary': summary
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+# Logging endpoints
+@isp_api.route('/logs', methods=['GET'])
+@cross_origin()
+def get_logs():
+    """Get system logs"""
+    try:
+        if not logger:
+            return jsonify({'status': 'error', 'message': 'Logger not initialized'}), 500
+        limit = request.args.get('limit', 100, type=int)
+        offset = request.args.get('offset', 0, type=int)
+        level = request.args.get('level')
+        category = request.args.get('category')
+        search = request.args.get('search')
+        if search:
+            logs = logger.search_logs(search, limit=limit)
+        else:
+            log_filter = LogFilter()
+            if level:
+                log_filter.level_filter = LogLevel(level.upper())
+            if category:
+                log_filter.category_filter = LogCategory(category.upper())
+            logs = logger.get_logs(limit=limit, offset=offset, log_filter=log_filter)
+        return jsonify({
+            'status': 'success',
+            'logs': logs,
+            'count': len(logs)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/logs/errors', methods=['GET'])
+@cross_origin()
+def get_error_logs():
+    """Get recent error logs"""
+    try:
+        if not logger:
+            return jsonify({'status': 'error', 'message': 'Logger not initialized'}), 500
+        limit = request.args.get('limit', 50, type=int)
+        errors = logger.get_recent_errors(limit=limit)
+        return jsonify({
+            'status': 'success',
+            'errors': errors,
+            'count': len(errors)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+# System status endpoints
+@isp_api.route('/status', methods=['GET'])
+@cross_origin()
+def get_system_status():
+    """Get overall system status"""
+    try:
+        status = {
+            'timestamp': time.time(),
+            'uptime': time.time() - (time.time() - 3600),  # Placeholder
+            'components': {
+                'dhcp_server': dhcp_server is not None and dhcp_server.running,
+                'nat_engine': nat_engine is not None and nat_engine.running,
+                'firewall_engine': firewall_engine is not None,
+                'tcp_engine': tcp_engine is not None and tcp_engine.running,
+                'virtual_router': virtual_router is not None,
+                'socket_translator': socket_translator is not None and socket_translator.running,
+                'packet_bridge': packet_bridge is not None and packet_bridge.running,
+                'session_tracker': session_tracker is not None and session_tracker.running,
+                'logger': logger is not None and logger.running
+            },
+            'stats': {}
+        }
+        # Collect stats from each component
+        if dhcp_server:
+            status['stats']['dhcp_leases'] = len(dhcp_server.get_leases())
+        if nat_engine:
+            nat_stats = nat_engine.get_stats()
+            status['stats']['nat_sessions'] = nat_stats.get('active_sessions', 0)
+        if firewall_engine:
+            fw_stats = firewall_engine.get_stats()
+            status['stats']['firewall_rules'] = fw_stats.get('total_rules', 0)
+        if tcp_engine:
+            tcp_connections = tcp_engine.get_connections()
+            status['stats']['tcp_connections'] = len(tcp_connections)
+        if packet_bridge:
+            bridge_stats = packet_bridge.get_stats()
+            status['stats']['bridge_clients'] = bridge_stats.get('active_clients', 0)
+        if session_tracker:
+            session_stats = session_tracker.get_stats()
+            status['stats']['total_sessions'] = session_stats.get('active_sessions', 0)
+        return jsonify({
+            'status': 'success',
+            'system_status': status
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/stats', methods=['GET'])
+@cross_origin()
+def get_system_stats():
+    """Get comprehensive system statistics"""
+    try:
+        stats = {
+            'timestamp': time.time(),
+            'dhcp': dhcp_server.get_leases() if dhcp_server else {},
+            'nat': nat_engine.get_stats() if nat_engine else {},
+            'firewall': firewall_engine.get_stats() if firewall_engine else {},
+            'router': virtual_router.get_stats() if virtual_router else {},
+            'bridge': packet_bridge.get_stats() if packet_bridge else {},
+            'sessions': session_tracker.get_stats() if session_tracker else {},
+            'logger': logger.get_stats() if logger else {}
+        }
+        return jsonify({
+            'status': 'success',
+            'stats': stats
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+    packet_bridge.start()
+# OpenVPN endpoints
+@isp_api.route('/openvpn/status', methods=['GET'])
+@cross_origin()
+def get_openvpn_status():
+    """Get OpenVPN server status"""
+    try:
+        if not openvpn_manager:
+            return jsonify({
+                'status': 'error',
+                'message': 'OpenVPN manager not initialized'
+            }), 500
+        status = openvpn_manager.get_server_status()
+        return jsonify({
+            'status': 'success',
+            'openvpn_status': {
+                'is_running': status.is_running,
+                'connected_clients': status.connected_clients,
+                'total_bytes_received': status.total_bytes_received,
+                'total_bytes_sent': status.total_bytes_sent,
+                'uptime': status.uptime,
+                'server_ip': status.server_ip,
+                'server_port': status.server_port
+            }
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/openvpn/start', methods=['POST'])
+@cross_origin()
+def start_openvpn_server():
+    """Start OpenVPN server"""
+    try:
+        if not openvpn_manager:
+            return jsonify({
+                'status': 'error',
+                'message': 'OpenVPN manager not initialized'
+            }), 500
+        success = openvpn_manager.start_server()
+        if success:
+            return jsonify({
+                'status': 'success',
+                'message': 'OpenVPN server started successfully'
+            })
+        else:
+            return jsonify({
+                'status': 'error',
+                'message': 'Failed to start OpenVPN server'
+            }), 500
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/openvpn/stop', methods=['POST'])
+@cross_origin()
+def stop_openvpn_server():
+    """Stop OpenVPN server"""
+    try:
+        if not openvpn_manager:
+            return jsonify({
+                'status': 'error',
+                'message': 'OpenVPN manager not initialized'
+            }), 500
+        success = openvpn_manager.stop_server()
+        if success:
+            return jsonify({
+                'status': 'success',
+                'message': 'OpenVPN server stopped successfully'
+            })
+        else:
+            return jsonify({
+                'status': 'error',
+                'message': 'Failed to stop OpenVPN server'
+            }), 500
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/openvpn/clients', methods=['GET'])
+@cross_origin()
+def get_openvpn_clients():
+    """Get connected OpenVPN clients"""
+    try:
+        if not openvpn_manager:
+            return jsonify({
+                'status': 'error',
+                'message': 'OpenVPN manager not initialized'
+            }), 500
+        clients = openvpn_manager.get_connected_clients()
+        return jsonify({
+            'status': 'success',
+            'clients': clients
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/openvpn/clients/<client_id>/disconnect', methods=['POST'])
+@cross_origin()
+def disconnect_openvpn_client(client_id):
+    """Disconnect a specific OpenVPN client"""
+    try:
+        if not openvpn_manager:
+            return jsonify({
+                'status': 'error',
+                'message': 'OpenVPN manager not initialized'
+            }), 500
+        success = openvpn_manager.disconnect_client(client_id)
+        if success:
+            return jsonify({
+                'status': 'success',
+                'message': f'Client {client_id} disconnected successfully'
+            })
+        else:
+            return jsonify({
+                'status': 'error',
+                'message': f'Failed to disconnect client {client_id}'
+            }), 500
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/openvpn/config/<client_name>', methods=['GET'])
+@cross_origin()
+def get_client_config(client_name):
+    """Generate client configuration file"""
+    try:
+        if not openvpn_manager:
+            return jsonify({
+                'status': 'error',
+                'message': 'OpenVPN manager not initialized'
+            }), 500
+        # Get server IP from request or use default
+        server_ip = request.args.get('server_ip', '127.0.0.1')
+        config = openvpn_manager.generate_client_config(client_name, server_ip)
+        if config:
+            return Response(
+                config,
+                mimetype='text/plain',
+                headers={'Content-Disposition': f'attachment; filename={client_name}.ovpn'}
+            )
+        else:
+            return jsonify({
+                'status': 'error',
+                'message': 'Failed to generate client configuration'
+            }), 500
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/openvpn/stats', methods=['GET'])
+@cross_origin()
+def get_openvpn_stats():
+    """Get comprehensive OpenVPN statistics"""
+    try:
+        if not openvpn_manager:
+            return jsonify({
+                'status': 'error',
+                'message': 'OpenVPN manager not initialized'
+            }), 500
+        stats = openvpn_manager.get_statistics()
+        return jsonify({
+            'status': 'success',
+            'openvpn_stats': stats
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/openvpn/configs', methods=['GET'])
+@cross_origin()
+def list_client_configs():
+    """List all stored client configurations"""
+    try:
+        if not openvpn_manager:
+            return jsonify({
+                'status': 'error',
+                'message': 'OpenVPN manager not initialized'
+            }), 500
+        configs = openvpn_manager.list_client_configs()
+        return jsonify({
+            'status': 'success',
+            'configs': configs,
+            'count': len(configs)
+        })
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/openvpn/configs/<client_name>', methods=['GET'])
+@cross_origin()
+def get_stored_client_config(client_name):
+    """Get stored client configuration"""
+    try:
+        if not openvpn_manager:
+            return jsonify({
+                'status': 'error',
+                'message': 'OpenVPN manager not initialized'
+            }), 500
+        config_content = openvpn_manager.load_client_config(client_name)
+        if config_content:
+            return Response(
+                config_content,
+                mimetype='text/plain',
+                headers={'Content-Disposition': f'attachment; filename={client_name}.ovpn'}
+            )
+        else:
+            return jsonify({
+                'status': 'error',
+                'message': f'Configuration for {client_name} not found'
+            }), 404
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/openvpn/configs/<client_name>', methods=['DELETE'])
+@cross_origin()
+def delete_stored_client_config(client_name):
+    """Delete stored client configuration"""
+    try:
+        if not openvpn_manager:
+            return jsonify({
+                'status': 'error',
+                'message': 'OpenVPN manager not initialized'
+            }), 500
+        success = openvpn_manager.delete_client_config(client_name)
+        if success:
+            return jsonify({
+                'status': 'success',
+                'message': f'Configuration for {client_name} deleted successfully'
+            })
+        else:
+            return jsonify({
+                'status': 'error',
+                'message': f'Configuration for {client_name} not found'
+            }), 404
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500
+@isp_api.route('/openvpn/configs/<client_name>/generate', methods=['POST'])
+@cross_origin()
+def generate_and_save_client_config(client_name):
+    """Generate and save client configuration"""
+    try:
+        if not openvpn_manager:
+            return jsonify({
+                'status': 'error',
+                'message': 'OpenVPN manager not initialized'
+            }), 500
+        # Get server IP from request or use default
+        server_ip = request.args.get('server_ip', '127.0.0.1')
+        config_content = openvpn_manager.generate_and_save_client_config(client_name, server_ip)
+        if config_content:
+            return jsonify({
+                'status': 'success',
+                'message': f'Configuration for {client_name} generated and saved successfully'
+            })
+        else:
+            return jsonify({
+                'status': 'error',
+                'message': f'Failed to generate configuration for {client_name}'
+            }), 500
+    except Exception as e:
+        return jsonify({
+            'status': 'error',
+            'message': str(e)
+        }), 500

routes/user.py ADDED Viewed

	@@ -0,0 +1,39 @@

+from flask import Blueprint, request, jsonify
+from models.user import User, db
+user_bp = Blueprint('user', __name__)
+@user_bp.route('/users', methods=['GET'])
+def get_users():
+    users = User.query.all()
+    return jsonify([user.to_dict() for user in users])
+@user_bp.route('/users', methods=['POST'])
+def create_user():
+    data = request.json
+    user = User(username=data['username'], email=data['email'])
+    db.session.add(user)
+    db.session.commit()
+    return jsonify(user.to_dict()), 201
+@user_bp.route('/users/<int:user_id>', methods=['GET'])
+def get_user(user_id):
+    user = User.query.get_or_404(user_id)
+    return jsonify(user.to_dict())
+@user_bp.route('/users/<int:user_id>', methods=['PUT'])
+def update_user(user_id):
+    user = User.query.get_or_404(user_id)
+    data = request.json
+    user.username = data.get('username', user.username)
+    user.email = data.get('email', user.email)
+    db.session.commit()
+    return jsonify(user.to_dict())
+@user_bp.route('/users/<int:user_id>', methods=['DELETE'])
+def delete_user(user_id):
+    user = User.query.get_or_404(user_id)
+    db.session.delete(user)
+    db.session.commit()
+    return '', 204