def _syncPptpVpnScript(self, cgfwCfg):
# 1. add the same routes again when ppp interface changes from spoofing-up to real-up
# it is because pppd deletes the original ppp interface and add a new ppp interface with the same name, this implementation sucks
# 2. add nat rules
fn = "/etc/ppp/ip-up.d/99-pptp-%s" % (cgfwCfg.name) + ".sh"
CgfwUtil.printInfoNoNewLine(" Modifying %s..." % (fn))
buf = ""
buf += "#!/bin/bash\n"
buf += "\n"
buf += "if [ \"$6\" == \"%s\" ] ; then\n" % (cgfwCfg.name)
if True:
for ip in self.param.nameServerList:
buf += " /bin/route add -host %s dev %s\n" % (ip, cgfwCfg.interface)
buf += "\n"
if True:
for net in CgfwCommon.getPrefixList(self.param.gfwDir):
r = net.with_netmask.split("/")
ip = r[0]
mask = r[1]
buf += " /bin/route add -net %s netmask %s dev %s\n" % (ip, mask, cgfwCfg.interface)
buf += "\n"
if True:
pidf = os.path.join(self.param.tmpDir, "fpemud-cgfw.pid")
buf += " if [ -f \"%s\" ] ; then\n" % (pidf)
buf += " /bin/kill -10 $(/bin/cat \"%s\")\n" % (pidf) # send SIGUSR1
buf += " fi\n"
buf += "fi\n"
with open(fn, "w") as f:
f.write(buf)
print("Done.")
# 1. routes are auto removed when ppp interface is removed
# 2. remove nat rules
fn = "/etc/ppp/ip-down.d/99-pptp-%s" % (cgfwCfg.name) + ".sh"
CgfwUtil.printInfoNoNewLine(" Modifying %s..." % (fn))
buf = ""
buf += "#!/bin/bash\n"
buf += "\n"
buf += "if [ \"$6\" == \"%s\" ] ; then\n" % (cgfwCfg.name)
buf += " ;\n"
buf += "fi\n"
with open(fn, "w") as f:
f.write(buf)
print("Done.")
def cmdUpdate(self):
CgfwUtil.printInfo("Checking IP ranges:")
if True:
prefixList = CgfwCommon.getPrefixList(self.param.gfwDir)
CgfwUtil.printInfoNoNewLine(" Checking private network...")
priList = CgfwUtil.getReservedIpv4NetworkList()
for net in prefixList:
for net2 in priList:
if net.overlaps(net2):
raise CgfwCmdException("GFWed prefix %s overlaps private network %s" % (net.with_prefixlen, net2.with_prefixlen))
print("Done.")
CgfwUtil.printInfoNoNewLine(" Checking non-GFWed network...")
try:
lcmList = CgfwCommon.getLatestChinaMainLandIpv4NetworkList()
for net in prefixList:
for net2 in lcmList:
if net.overlaps(net2):
raise CgfwCmdException("GFWed prefix %s overlaps non-GFWed network %s" % (net.with_prefixlen, net2.with_prefixlen))
print("Done.")
except Exception as e:
if isinstance(e, CgfwCmdException):
raise
else:
print("Failed, but however it's better to continue.")
CgfwUtil.printInfo("Modifying configuration files:")
for cgfwCfg in CgfwCommon.getCgfwCfgList(self.param.etcDir):
if cgfwCfg.vtype == "pptp":
self._syncPptpVpnScript(cgfwCfg)
else:
assert False
# send signal to daemon process if exists
try:
with open(os.path.join(self.param.tmpDir, "fpemud-cgfw.pid")) as f:
os.kill(int(f.read()), signal.SIGHUP)
except:
pass
