def _syncPptpVpnScript(self, cgfwCfg): # 1. add the same routes again when ppp interface changes from spoofing-up to real-up # it is because pppd deletes the original ppp interface and add a new ppp interface with the same name, this implementation sucks # 2. add nat rules fn = "/etc/ppp/ip-up.d/99-pptp-%s" % (cgfwCfg.name) + ".sh" CgfwUtil.printInfoNoNewLine(" Modifying %s..." % (fn)) buf = "" buf += "#!/bin/bash\n" buf += "\n" buf += "if [ \"$6\" == \"%s\" ] ; then\n" % (cgfwCfg.name) if True: for ip in self.param.nameServerList: buf += " /bin/route add -host %s dev %s\n" % (ip, cgfwCfg.interface) buf += "\n" if True: for net in CgfwCommon.getPrefixList(self.param.gfwDir): r = net.with_netmask.split("/") ip = r[0] mask = r[1] buf += " /bin/route add -net %s netmask %s dev %s\n" % (ip, mask, cgfwCfg.interface) buf += "\n" if True: pidf = os.path.join(self.param.tmpDir, "fpemud-cgfw.pid") buf += " if [ -f \"%s\" ] ; then\n" % (pidf) buf += " /bin/kill -10 $(/bin/cat \"%s\")\n" % (pidf) # send SIGUSR1 buf += " fi\n" buf += "fi\n" with open(fn, "w") as f: f.write(buf) print("Done.") # 1. routes are auto removed when ppp interface is removed # 2. remove nat rules fn = "/etc/ppp/ip-down.d/99-pptp-%s" % (cgfwCfg.name) + ".sh" CgfwUtil.printInfoNoNewLine(" Modifying %s..." % (fn)) buf = "" buf += "#!/bin/bash\n" buf += "\n" buf += "if [ \"$6\" == \"%s\" ] ; then\n" % (cgfwCfg.name) buf += " ;\n" buf += "fi\n" with open(fn, "w") as f: f.write(buf) print("Done.")
def cmdUpdate(self): CgfwUtil.printInfo("Checking IP ranges:") if True: prefixList = CgfwCommon.getPrefixList(self.param.gfwDir) CgfwUtil.printInfoNoNewLine(" Checking private network...") priList = CgfwUtil.getReservedIpv4NetworkList() for net in prefixList: for net2 in priList: if net.overlaps(net2): raise CgfwCmdException("GFWed prefix %s overlaps private network %s" % (net.with_prefixlen, net2.with_prefixlen)) print("Done.") CgfwUtil.printInfoNoNewLine(" Checking non-GFWed network...") try: lcmList = CgfwCommon.getLatestChinaMainLandIpv4NetworkList() for net in prefixList: for net2 in lcmList: if net.overlaps(net2): raise CgfwCmdException("GFWed prefix %s overlaps non-GFWed network %s" % (net.with_prefixlen, net2.with_prefixlen)) print("Done.") except Exception as e: if isinstance(e, CgfwCmdException): raise else: print("Failed, but however it's better to continue.") CgfwUtil.printInfo("Modifying configuration files:") for cgfwCfg in CgfwCommon.getCgfwCfgList(self.param.etcDir): if cgfwCfg.vtype == "pptp": self._syncPptpVpnScript(cgfwCfg) else: assert False # send signal to daemon process if exists try: with open(os.path.join(self.param.tmpDir, "fpemud-cgfw.pid")) as f: os.kill(int(f.read()), signal.SIGHUP) except: pass