def add_route(self, virt_address, virt_address6, host_address, host_address6): virt_address = virt_address.split('/')[0] _route_lock.acquire() try: if virt_address in self.client_routes: try: self.client_routes.remove(virt_address) try: utils.check_call_silent([ 'ip', 'route', 'del', virt_address, ]) except subprocess.CalledProcessError: pass except KeyError: pass if not host_address or host_address == \ settings.local.host.local_addr: return for i in xrange(3): try: utils.check_output_logged([ 'ip', 'route', 'add', virt_address, 'via', host_address, ]) break except subprocess.CalledProcessError: if i == 0: try: utils.check_call_silent([ 'ip', 'route', 'del', virt_address, ]) except subprocess.CalledProcessError: pass elif i == 2: raise time.sleep(0.2) except: logger.exception('Failed to add route', 'clients', virt_address=virt_address, virt_address6=virt_address6, host_address=host_address, host_address6=host_address6, ) finally: _route_lock.release()
def _remove_iptables_rule_cmd(self, rule, ipv6=False): rule = self._parse_rule(rule) _global_lock.acquire() try: utils.check_call_silent( ['ip6tables' if ipv6 else 'iptables', '-D'] + rule, ) return True except subprocess.CalledProcessError: return False finally: _global_lock.release()
def remove_route(self, virt_address, virt_address6, host_address, host_address6): if not host_address: return virt_address = virt_address.split('/')[0] _route_lock.acquire() try: utils.check_call_silent([ 'ip', 'route', 'del', virt_address, ]) self.client_routes.pop(virt_address, None) except subprocess.CalledProcessError: pass finally: _route_lock.release()
def remove_iface(self): try: utils.check_call_silent([ 'ip', 'link', 'set', 'down', self.iface_name, ]) except subprocess.CalledProcessError: pass try: utils.check_call_silent([ 'ip', 'link', 'del', self.iface_name, ]) except subprocess.CalledProcessError: pass
def remove_iface(self): if _vxlan_instances.get(self.vxlan_id) != self.instance_id: return try: utils.check_call_silent([ 'ip', 'link', 'set', 'down', self.iface_name, ]) except subprocess.CalledProcessError: pass try: utils.check_call_silent([ 'ip', 'link', 'del', self.iface_name, ]) except subprocess.CalledProcessError: pass
def start(self): global _loaded local_iface = settings.local.host.local_iface if not _loaded: _loaded = True try: utils.check_call_silent([ 'modprobe', 'vxlan', ]) except subprocess.CalledProcessError: pass self.remove_iface() if not local_iface: logger.error( 'Failed to find local interface for vxlan', 'vxlan', vxlan_id=self.vxlan_id, server_id=self.server_id, host_id=settings.local.host_id, local_addr=settings.local.host.local_addr, ) raise ValueError('Failed to find local interface for vxlan') utils.check_output_logged([ 'ip', 'link', 'add', self.iface_name, 'type', 'vxlan', 'id', str(settings.vpn.vxlan_id_start + self.vxlan_id), 'dstport', '4789', 'dev', local_iface['interface'], 'nolearning', ], ignore_states=['File exists']) self.vxlan_mac = utils.get_interface_mac_address(self.iface_name) self._init_host() self.vxlan_addr = self.get_host_addr(self.host_vxlan_id) if self.ipv6: self.vxlan_addr6 = utils.ip4to6x64( settings.vpn.ipv6_prefix, self.vxlan_net, self.vxlan_addr, ) utils.check_output_logged([ 'ip', 'address', 'add', self.vxlan_addr + '/24', 'dev', self.iface_name, ], ignore_states=['File exists']) if self.ipv6: utils.check_output_logged([ 'ip', '-6', 'address', 'add', self.vxlan_addr6 + '/64', 'dev', self.iface_name, ], ignore_states=['File exists']) utils.check_output_logged([ 'ip', 'link', 'set', 'up', self.iface_name, ]) self._init_hosts()
def add_host(self, host_vxlan_id, vxlan_mac, host_dst, host_dst6): if settings.local.host.local_addr == host_dst: return self.running_lock.acquire() try: if not self.running: return for i in xrange(2): try: if i == 0: check_func = utils.check_output else: check_func = utils.check_output_logged check_func([ 'bridge', 'fdb', 'add', vxlan_mac, 'dev', self.iface_name, 'dst', host_dst, ], ignore_states=['File exists']) break except subprocess.CalledProcessError: if i == 0: utils.check_output_logged([ 'bridge', 'fdb', 'del', vxlan_mac, 'dev', self.iface_name, ]) else: raise utils.check_output_logged([ 'arp', '-s', self.get_host_addr(host_vxlan_id), vxlan_mac, ]) if host_dst6: for i in xrange(2): try: if i == 0: check_func = utils.check_output else: check_func = utils.check_output_logged check_func([ 'ip', '-6', 'neighbour', 'add', self.get_host_addr6(host_vxlan_id), 'lladdr', vxlan_mac, 'dev', self.iface_name, ], ignore_states=['File exists']) break except subprocess.CalledProcessError: if i == 0: utils.check_output_logged([ 'ip', '-6', 'neighbour', 'del', self.get_host_addr6(host_vxlan_id), 'dev', self.iface_name, ]) for j in xrange(30): try: utils.check_call_silent([ 'ip', '-6', 'neighbour', 'del', self.get_host_addr6(host_vxlan_id), 'dev', self.iface_name, ]) except: break time.sleep(0.5) else: raise except: logger.error( 'Failed to add vxlan host', 'vxlan', vxlan_id=self.vxlan_id, server_id=self.server_id, ) raise finally: self.running_lock.release()
def setup_clean(): try: try: utils.check_call_silent([ 'killall', 'openvpn', ]) except subprocess.CalledProcessError: pass try: utils.check_call_silent([ 'killall', 'openssl', ]) except subprocess.CalledProcessError: pass try: utils.check_call_silent([ 'killall', 'pritunl-dns', ]) except subprocess.CalledProcessError: pass try: utils.check_call_silent([ 'killall', 'pritunl-web', ]) except subprocess.CalledProcessError: pass time.sleep(2) try: utils.check_call_silent([ 'killall', '-s9', 'openvpn', ]) except subprocess.CalledProcessError: pass try: utils.check_call_silent([ 'killall', '-s9', 'openssl', ]) except subprocess.CalledProcessError: pass try: utils.check_call_silent([ 'killall', '-s9', 'pritunl-dns', ]) except subprocess.CalledProcessError: pass try: utils.check_call_silent([ 'killall', '-s9', 'pritunl-web', ]) except subprocess.CalledProcessError: pass output = subprocess.check_output([ 'ip', '-o', 'link', 'show', ]) for line in output.splitlines(): iface_name = line.split(':') if len(iface_name) < 2: continue iface_name = iface_name[1].strip() if not iface_name.startswith('pxlan'): continue try: utils.check_call_silent([ 'ip', 'link', 'set', 'down', iface_name, ]) except subprocess.CalledProcessError: pass try: utils.check_call_silent([ 'ip', 'link', 'del', iface_name, ]) except subprocess.CalledProcessError: pass output = subprocess.check_output([ 'iptables-save', ]) table = None for line in output.splitlines(): line = line.strip() if line in ('*nat', '*filter'): table = line[1:] continue if '--comment pritunl_' not in line: continue try: utils.check_call_silent([ 'iptables -t %s -D %s' % (table, line[3:]), ], shell=True) except subprocess.CalledProcessError: pass except: logger.exception('Server clean failed', 'setup')
def start(self): global _loaded local_iface = settings.local.host.local_iface if not _loaded: _loaded = True try: utils.check_call_silent([ 'modprobe', 'vxlan', ]) except subprocess.CalledProcessError: pass self.remove_iface() if not local_iface: logger.error('Failed to find local interface for vxlan', 'vxlan', vxlan_id=self.vxlan_id, server_id=self.server_id, host_id=settings.local.host_id, local_addr=settings.local.host.local_addr, ) raise ValueError('Failed to find local interface for vxlan') utils.check_output_logged([ 'ip', 'link', 'add', self.iface_name, 'type', 'vxlan', 'id', str(settings.vpn.vxlan_id_start + self.vxlan_id), 'dstport', '4789', 'dev', local_iface['interface'], 'nolearning', ], ignore_states=['File exists']) self.vxlan_mac = utils.get_interface_mac_address(self.iface_name) self._init_host() self.vxlan_addr = self.get_host_addr(self.host_vxlan_id) if self.ipv6: self.vxlan_addr6 = utils.ip4to6x64( settings.vpn.ipv6_prefix, self.vxlan_net, self.vxlan_addr, ) utils.check_output_logged([ 'ip', 'address', 'add', self.vxlan_addr + '/24', 'dev', self.iface_name, ], ignore_states=['File exists']) if self.ipv6: utils.check_output_logged([ 'ip', '-6', 'address', 'add', self.vxlan_addr6 + '/64', 'dev', self.iface_name, ], ignore_states=['File exists']) utils.check_output_logged([ 'ip', 'link', 'set', 'up', self.iface_name, ]) self._init_hosts()
def add_host(self, host_vxlan_id, vxlan_mac, host_dst, host_dst6): if settings.local.host.local_addr == host_dst: return self.running_lock.acquire() try: if not self.running: return for i in xrange(2): try: if i == 0: check_func = utils.check_output else: check_func = utils.check_output_logged check_func([ 'bridge', 'fdb', 'add', vxlan_mac, 'dev', self.iface_name, 'dst', host_dst, ], ignore_states=['File exists']) break except subprocess.CalledProcessError: if i == 0: utils.check_output_logged([ 'bridge', 'fdb', 'del', vxlan_mac, 'dev', self.iface_name, ]) else: raise utils.check_output_logged([ 'arp', '-s', self.get_host_addr(host_vxlan_id), vxlan_mac, ]) if host_dst6: for i in xrange(2): try: if i == 0: check_func = utils.check_output else: check_func = utils.check_output_logged check_func([ 'ip', '-6', 'neighbour', 'add', self.get_host_addr6(host_vxlan_id), 'lladdr', vxlan_mac, 'dev', self.iface_name, ], ignore_states=['File exists']) break except subprocess.CalledProcessError: if i == 0: utils.check_output_logged([ 'ip', '-6', 'neighbour', 'del', self.get_host_addr6(host_vxlan_id), 'dev', self.iface_name, ]) for j in xrange(30): try: utils.check_call_silent([ 'ip', '-6', 'neighbour', 'del', self.get_host_addr6(host_vxlan_id), 'dev', self.iface_name, ]) except: break time.sleep(0.5) else: raise except: logger.error('Failed to add vxlan host', 'vxlan', vxlan_id=self.vxlan_id, server_id=self.server_id, ) raise finally: self.running_lock.release()