Added all files and cleaned up dependencies

metron · metron · commit ddd1bd0976e3 · 2016-11-21T13:45:19.000-08:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+venv/
+IP2LOCATION-LITE-DB11.CSV
diff --git a/README.MD b/README.MD
@@ -0,0 +1,80 @@
+# Ip2Location Database Wrapper Service
+Ip2Location databases are commonly used in cyber security and anomaly detection, marketing and numerous other industries for converting IP addresses into physical location. IP2Loc provides a number of free and paid databases that offer varying degrees of precision and data set features.
+
+On their website they give some examples of how to use their CSV or BIN databases with systems like MySQL. To this we must first convert an IPv4 address into its longform integer representation. This is technique is extremely common and widely used but the gist is:
+
+```
+IP Number = 16777216*w + 65536*x + 256*y + z
+where
+IP Address = w.x.y.z
+```
+
+Then we would take that number and perform a range query on the database like so:
+
+```sql
+SELECT (country_name, region_name, city_name, latitude, longitude, zip) FROM IP2LOC WHERE (ip_from  <= [SEARCH IP NO]) AND (ip_to >= [SEARCH IP NO]);
+```
+
+But as you might expect this query can take a long...long time to run especially if there are a lot of rows. In fact on my intial test it took 1.04 sec on average (with indexes) to return a result on a quad-core 16GB CentOS server. That is unbelievably, ridiculously, slow and is not suitable for production.
+
+The code in this repository aims to improve on lookup performance so that IP2Location data can be used in real world systems where high throughput is neccesary.
+
+Instead of using a traditional database, this system capitalizes on the nature of the data. This system builds a single contiguous array of keys and then performs a binary search over the keys to return a result. It takes on average 22 operations to find the data that we are looking for and returns this information in as little as 76 micro seconds. This is orders of magnitude faster. However it should be noted that in its current form, this service runs **directly** on Flask. This is **not** acceptable for production. I still need to wrap the whole thing in a production strength reverse-proxy like NGINX. Which I will do at some point in the future...Still after load testing I was able to get almost 2,000 queries per second through the service without it keeling over and dying.
+
+To increase the ease of use this service has been wrapped as a Flask REST service. Unfortunately adding HTTP to our project causes our service to take quite a performance hit. After adding the REST wrapper query time was slowed to around 12ms per query, still much much better than before, but considerably slower than the 76 microseconds we were able to get without the interface. Additionally the entire service is packaged as an RPM using FPM (Effing Package Management) so that a user can simply use Yum to install the service. Finally the service is deployed as a Red Hat/Cent/Fedora system level service. This means you can bring it up using commands like:
+
+```bash
+systemctl ip2loc.service start
+```
+
+In order to get the service running you will need to add a python virutal environment to the working directory such that
+
+```
+IP2LocationService/venv/
+```
+
+is a valid path. You will want to install all the requirements listed in requirements.txt as they are neccesary for the service to run properly. Then you will need to download an IP2Location CSV based database. The free one [available here](http://lite.ip2location.com/database/ip-country-region-city-latitude-longitude-zipcode-timezone) is the easiest to get started with. Simply place the CSV in the working directory and start the service. The steps look like this:
+
+1.) Clone this repo somewhere
+
+2.) Install a virtual env using pip and the included requirements.txt file
+
+3.) Download a Ip2Location database and place it in the same directory. Note that you may want to tailor the "named tuple" in ```search_ip_db.py``` to match the features present in your data. However it should work with the recommended DB out of the box.
+
+Your directory structure should now look something like this:
+```
+	IP2LocationService/
+		ip2loc.service
+		make_links.sh
+		remove_links.sh
+		README.MD
+		requirements.txt
+		search_ip_db.py
+		IP2LOCATIONDB.CSV
+		/venv/
+			all dependencies from requirements.txt
+```
+
+4.) Run FPM on the files in the directory with the following commands:
+```bash
+fpm -n ip2locService -s dir -t rpm --prefix /opt/ --directories /opt/IP2LocationService --after-install ./IP2LocationService/make_links.sh --before-remove ./IP2LocationService/remove_links.sh IP2LocationService
+```
+
+5.) Install the RPM that was just created by running
+```bash
+sudo yum localinstall IP2LocationService
+```
+
+6.) Start the service!
+```bash
+sudo systemctl ip2loc.service start
+```
+
+7.) Query the service and get results!
+```bash
+curl 127.0.0.1:5000/ip2location/getcoor/172.168.0.24
+
+{"type": "success", "result": {"ip_from": 2896690944, "ip_to": 2896692991, "country_code": "US", "country_name": "United States", "region_name": "Virginia", "city_name": "Dulles", "latitude": 38.997708, "longitude": -77.433179, "zip_code": "20166", "time_zone": "-04:00"}}
+```
+
+This software is very much in pre-alpha so if you find any issues please let me know! 
diff --git a/ip2loc.service b/ip2loc.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=IP2LocationService: Creates and externally facing REST service (running on port 8124) that accepts an IP address to GET /ip2location/getcoor/<ip>
+After=network.target
+           
+[Service]
+Type=forking
+ExecStart=/opt/IP2LocationService/venv/bin/python /opt/IP2LocationService/search_ip_db.py
+           
+[Install]
+WantedBy=default.target
diff --git a/make_links.sh b/make_links.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+RUN_LOC=/opt/IP2LocationService/
+cp $RUN_LOC/ip2loc.service /etc/systemd/system/ip2loc.service
+chmod 664 /etc/systemd/system/ip2loc.service
+systemctl daemon-reload
+systemctl enable ip2loc.service
diff --git a/remove_links.sh b/remove_links.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+if [ -h /usr/bin/ip2loc ]
+then rm /usr/bin/ip2loc
+fi
+if [ -e /etc/systemd/system/ip2loc.service ]
+then systemctl disable ip2loc.service && rm /etc/systemd/system/ip2loc.service
+fi
+if [-e /tmp/IP2LOCPID.pid ]
+then rm /tmp/IP2LOCPID.pid
+fi
+systemctl daemon-reload
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,9 @@
+click==6.6
+Flask==0.11.1
+ipaddress==1.0.17
+itsdangerous==0.24
+Jinja2==2.8
+MarkupSafe==0.23
+numpy==1.11.2
+tqdm==4.8.4
+Werkzeug==0.11.11
diff --git a/search_ip_db.py b/search_ip_db.py
@@ -0,0 +1,174 @@
+from flask import Flask, request, logging
+from logging.handlers import RotatingFileHandler
+import csv
+from collections import namedtuple, OrderedDict
+import sys
+import os
+from tqdm import tqdm
+import numpy as np
+import time
+import json
+import ipaddress
+
+
+class ip2location_database:
+
+    db = OrderedDict()
+    db_keys = None
+    ## IN THE ROW BELOW THE '_id' FIELD IS OMITTED BECAUSE NAMED TUPLES CANNOT HAVE FIELDS THAT BEGIN WITH AN UNDERSCORE
+    ip2location_db_row = namedtuple('ip2location_db_row','ip_from ip_to country_code country_name region_name city_name latitude longitude zip_code time_zone')
+    database_flatfile_path = None
+    abs_min = None
+    abs_max = None    
+
+    def __init__(self, db_name="/opt/IP2LocationService/IP2LOCATION-LITE-DB11.CSV"):
+        self.database_flatfile_path = db_name
+        print self.database_flatfile_path
+
+    def read_database(self):
+        try:
+            first_line = True
+            with open(self.database_flatfile_path, "rb") as fin:
+                reader = csv.reader(fin)
+                for row in tqdm(reader):
+                    self.db[int(row[1])] = self.ip2location_db_row(ip_from=int(row[0]), ip_to=int(row[1]), country_code=str(row[2]), country_name=str(row[3]), region_name=str(row[4]), city_name=str(row[5]), latitude=float(row[6]), longitude=float(row[7]), zip_code=str(row[8]), time_zone=str(row[9]))
+                    if first_line:
+                        first_line = False
+                        self.abs_min = int(row[0])
+            self.db_keys = np.array(self.db.keys())
+            self.abs_max = int(self.db_keys[-1])
+        except:
+            print "Failed to read database. Please make sure that file exists and has a schema matching the one found at http://lite.ip2location.com/database/ip-country-region-city-latitude-longitude-zipcode-timezone"
+            print sys.exc_info()[0]
+            raise
+    
+    def set_database_path(self, db_name):
+        self.database_flatfile_path = db_name
+
+    def find_one_ip(self, ip_address_to_query="172.217.3.206"):
+        if '.' in ip_address_to_query:
+            ip_address_to_query = int(ipaddress.IPv4Address(unicode(ip_address_to_query)))
+        else:
+            ip_address_to_query = int(ip_address_to_query)
+
+        if ip_address_to_query < self.abs_min:
+            return "UNDEFINED"
+        elif ip_address_to_query > self.abs_max:
+            return "UNDEFINED"
+        else:
+            low = 0
+            mid = len(self.db)/2
+            high = len(self.db)
+            iterations = 0
+            while True: 
+                iterations += 1
+                if ip_address_to_query > self.db_keys[mid]:
+                    low = mid
+                    mid = ((high - mid)/2) + mid
+                elif ip_address_to_query >= self.db[self.db_keys[mid]].ip_from:
+                    print iterations
+                    return self.db[self.db_keys[mid]]
+                else:
+                    high = mid
+                    mid = mid - ((mid - low)/2)
+
+    def find_many_ips(self, ip_addresses_to_query=["172.217.3.206"]):
+        min_curr = self.abs_min
+        min_index = 0
+        ip_num_to_ip_map={}
+        results = {}
+        for i in xrange(len(ip_addresses_to_query)):
+            if '.' in ip_addresses_to_query[i]:
+                ip_num = int(ipaddress.IPv4Address(unicode(ip_addresses_to_query[i])))
+                ip_num_to_ip_map[ip_num] = ip_addresses_to_query[i] 
+                ip_addresses_to_query[i] = ip_num
+        ip_addresses_to_query.sort()
+        for item in self.db_keys:
+            for i in xrange(min_index, len(ip_addresses_to_query)):
+                if (ip_addresses_to_query[i] <= item) and (ip_addresses_to_query[i] >= min_curr):
+                    results[ip_addresses_to_query[i]] = self.db[item]
+                else:
+                    min_index = i
+                    break
+        return {ip_num_to_ip_map[results.keys()[i]]:results[results.keys()[i]] for i in xrange(len(results))}
+
+def daemonize():
+    """
+    do the UNIX double-fork magic, see Stevens' "Advanced
+    Programming in the UNIX Environment" for details (ISBN 0201563177)
+    http://www.erlenstar.demon.co.uk/unix/faq_2.html#SEC16
+    """
+    stdin = "/dev/null"
+    stdout = "/dev/null"
+    stderr = "/dev/null"
+    try:
+            pid = os.fork()
+            if pid > 0:
+                    # exit first parent
+                    sys.exit(0)
+    except OSError, e:
+            sys.stderr.write("fork #1 failed: %d (%s)\n" % (e.errno, e.strerror))
+            sys.exit(1)
+
+    # decouple from parent environment
+    os.chdir("/")
+    os.setsid()
+    os.umask(0)
+
+    # do second fork
+    try:
+            pid = os.fork()
+            if pid > 0:
+                    # exit from second parent
+                    sys.exit(0)
+    except OSError, e:
+            sys.stderr.write("fork #2 failed: %d (%s)\n" % (e.errno, e.strerror))
+            sys.exit(1)
+
+    # redirect standard file descriptors
+    sys.stdout.flush()
+    sys.stderr.flush()
+    si = file(stdin, 'r')
+    so = file(stdout, 'a+')
+    se = file(stderr, 'a+', 0)
+    os.dup2(si.fileno(), sys.stdin.fileno())
+    os.dup2(so.fileno(), sys.stdout.fileno())
+    os.dup2(se.fileno(), sys.stderr.fileno())
+
+    # write pidfile
+    # atexit.register(self.delpid)
+    # pid = str(os.getpid())
+    # file(self.pidfile,'w+').write("%s\n" % pid)
+
+app = Flask(__name__)
+db = ip2location_database()
+
+@app.route("/lookup/", methods=['POST'])
+def find_ip():
+    result = {}
+    args = request.get_json(force=True)
+    result['type'] = "success"
+    result['result'] = db.find_one_ip(args['ip'])._asdict()
+    result['result']['_id'] = "" #this must be added here as namedtuples do not support fields with '_' in their name
+    return json.dumps(result)
+
+@app.route("/ip2location/getcoor/<ip>", methods=['GET'])
+def emulate_reddys_service(ip):
+    result = {}
+    try:
+        result['type'] = "success"
+        result['result'] = db.find_one_ip(ip)._asdict()
+        result['result']['_id'] = "" #this must be added here as namedtuples do not support fields with '_' in their name
+        return json.dumps(result)
+    except:
+        result['type'] = "error"
+        result['result'] = None
+        return json.dumps(result)
+
+if __name__ == "__main__":
+    daemonize()
+    db.read_database()
+    logger = logging.getLogger('werkzeug')
+    handler = RotatingFileHandler('access.log', maxBytes=500)
+    logger.addHandler(handler)
+    app.run(host='0.0.0.0', port=5000)
