コード例 #1
0
ファイル: cgfw_daemon.py プロジェクト: fpemud/fpemud-cgfw
    def run(self):
        CgfwUtil.mkDirAndClear(self.param.tmpDir)
        try:
            sys.stdout = StdoutRedirector(os.path.join(self.param.tmpDir, "fpemud-cgfw.out"))
            sys.stderr = sys.stdout

            logging.getLogger().addHandler(logging.StreamHandler(sys.stderr))
            logging.getLogger().setLevel(logging.INFO)

            # check configuration
            if len(CgfwCommon.getCgfwCfgList(self.param.etcDir)) == 0:
                raise Exception("no cgfw config file")

            # create main loop
            DBusGMainLoop(set_as_default=True)
            self.param.mainloop = GLib.MainLoop()
            self.param.dbusMainObject = DbusMainObject(self.param, self)

            # write pid file
            with open(os.path.join(self.param.tmpDir, "fpemud-cgfw.pid"), "w") as f:
                f.write(str(os.getpid()))

            # modify dns server configuration
            with open("/etc/resolv.conf", "r") as f:
                self.resloveFileContent = f.read()
            self.dnsmasqProc = self._runDnsmasq()
            with open("/etc/resolv.conf", "w") as f:
                f.write("# Generated by fpemud-cgfw\n")
                f.write("nameserver 127.0.0.1\n")
            logging.info("DNS resolution path modified.")

            # run vpn client
            GObject.timeout_add_seconds(0, self._timeoutCallback)

            # start main loop
            logging.info("Mainloop begins.")
            GLib.unix_signal_add(GLib.PRIORITY_HIGH, signal.SIGINT, self._sigHandlerINT, None)
            GLib.unix_signal_add(GLib.PRIORITY_HIGH, signal.SIGTERM, self._sigHandlerTERM, None)
            GLib.unix_signal_add(GLib.PRIORITY_DEFAULT, signal.SIGHUP, self._sigHandlerHUP, None)
            GLib.unix_signal_add(GLib.PRIORITY_DEFAULT, signal.SIGUSR1, self._sigHandlerUSR1, None)
            self.param.mainloop.run()
            logging.info("Mainloop exits.")
        finally:
            if self.vpnClientPidWatch is not None:
                GLib.source_remove(self.vpnClientPidWatch)
            if self.vpnClientProc is not None:
                self.vpnClientProc.terminate()
                self.vpnClientProc.wait()

            # revert dns resolution path
            if self.resloveFileContent is not None:
                with open("/etc/resolv.conf", "w") as f:
                    f.write(self.resloveFileContent)
            if self.dnsmasqProc is not None:
                self.dnsmasqProc.terminate()
                self.dnsmasqProc.wait()

            logging.shutdown()
            shutil.rmtree(self.param.tmpDir)
コード例 #2
0
ファイル: cgfw_daemon.py プロジェクト: fpemud/fpemud-cgfw
    def _runVpnClient(self):
        assert self.vpnClientProc is None and self.vpnClientPidWatch is None

        # randomly select a config
        cgfwCfg = random.choice(CgfwCommon.getCgfwCfgList(self.param.etcDir))

        # start vpn client process
        logging.info("CGFW VPN %s establishing." % (cgfwCfg.name))
        if cgfwCfg.vtype == "pptp":
            cmd = "/usr/sbin/pppd call %s nodetach" % (cgfwCfg.name)
            self.vpnClientProc = subprocess.Popen(cmd, shell=True, universal_newlines=True)
        else:
            assert False

        # wait for the vpn interface
        time.sleep(0.1)
        while not CgfwUtil.interfaceExists(cgfwCfg.interface):
            if self.vpnClientProc.poll() is not None:
                self.vpnClientProc = None
                logging.info("CGFW VPN %s failed to establish, retry in %d seconds." % (cgfwCfg.name, self.param.retryTimeout))
                GObject.timeout_add_seconds(self.param.retryTimeout, self._timeoutCallback)
                return
            time.sleep(1.0)

        # add routes
        for ip in self.param.nameServerList:
            CgfwUtil.shell("/bin/route add -host %s dev %s" % (ip, cgfwCfg.interface), "stdout")
        for net in CgfwCommon.getPrefixList(self.param.gfwDir):
            r = net.with_netmask.split("/")
            ip = r[0]
            mask = r[1]
            CgfwUtil.shell("/bin/route add -net %s netmask %s dev %s" % (ip, mask, cgfwCfg.interface), "stdout")

        # add dns server
        # dbusObj = dbus.SystemBus().get_object('org.freedesktop.resolve1', '/org/freedesktop/resolve1')
        # ifid = CgfwUtil.getInterfaceIfIndex(cgfwCfg.interface)
        # dbusObj.SetLinkDNS(ifid, [CgfwUtil.ip2ipar("8.8.8.8"), CgfwUtil.ip2ipar("8.8.4.4")], dbus_interface="org.freedesktop.resolve1.Manager")
        # logging.info("CGFW DNS server installed.")

        # watch vpn client process
        # bad things happen if the vpn process terminates before this operation
        self.vpnClientPidWatch = GLib.child_watch_add(self.vpnClientProc.pid, self._childWatchCallback)
        self.curCgfwCfg = cgfwCfg
        logging.info("CGFW VPN %s established." % (cgfwCfg.name))
        self.param.dbusMainObject.VpnConnected(self.bDataChanged)
コード例 #3
0
ファイル: cgfw_cmd.py プロジェクト: fpemud/fpemud-cgfw
    def cmdUpdate(self):
        CgfwUtil.printInfo("Checking IP ranges:")
        if True:
            prefixList = CgfwCommon.getPrefixList(self.param.gfwDir)

            CgfwUtil.printInfoNoNewLine("    Checking private network...")
            priList = CgfwUtil.getReservedIpv4NetworkList()
            for net in prefixList:
                for net2 in priList:
                    if net.overlaps(net2):
                        raise CgfwCmdException("GFWed prefix %s overlaps private network %s" % (net.with_prefixlen, net2.with_prefixlen))
            print("Done.")

            CgfwUtil.printInfoNoNewLine("    Checking non-GFWed network...")
            try:
                lcmList = CgfwCommon.getLatestChinaMainLandIpv4NetworkList()
                for net in prefixList:
                    for net2 in lcmList:
                        if net.overlaps(net2):
                            raise CgfwCmdException("GFWed prefix %s overlaps non-GFWed network %s" % (net.with_prefixlen, net2.with_prefixlen))
                print("Done.")
            except Exception as e:
                if isinstance(e, CgfwCmdException):
                    raise
                else:
                    print("Failed, but however it's better to continue.")

        CgfwUtil.printInfo("Modifying configuration files:")
        for cgfwCfg in CgfwCommon.getCgfwCfgList(self.param.etcDir):
            if cgfwCfg.vtype == "pptp":
                self._syncPptpVpnScript(cgfwCfg)
            else:
                assert False

        # send signal to daemon process if exists
        try:
            with open(os.path.join(self.param.tmpDir, "fpemud-cgfw.pid")) as f:
                os.kill(int(f.read()), signal.SIGHUP)
        except:
            pass
コード例 #4
0
ファイル: cgfw_cmd.py プロジェクト: fpemud/fpemud-cgfw
 def cmdCheck(self):
     for cgfwCfg in CgfwCommon.getCgfwCfgList(self.param.etcDir):
         if cgfwCfg.vtype == "pptp":
             self._checkPptpVpn(cgfwCfg)
         else:
             assert False