def add_route(self, virt_address, virt_address6,
host_address, host_address6):
virt_address = virt_address.split('/')[0]
_route_lock.acquire()
try:
if virt_address in self.client_routes:
try:
self.client_routes.remove(virt_address)
try:
utils.check_call_silent([
'ip',
'route',
'del',
virt_address,
])
except subprocess.CalledProcessError:
pass
except KeyError:
pass
if not host_address or host_address == \
settings.local.host.local_addr:
return
for i in xrange(3):
try:
utils.check_output_logged([
'ip',
'route',
'add',
virt_address,
'via',
host_address,
])
break
except subprocess.CalledProcessError:
if i == 0:
try:
utils.check_call_silent([
'ip',
'route',
'del',
virt_address,
])
except subprocess.CalledProcessError:
pass
elif i == 2:
raise
time.sleep(0.2)
except:
logger.exception('Failed to add route', 'clients',
virt_address=virt_address,
virt_address6=virt_address6,
host_address=host_address,
host_address6=host_address6,
)
finally:
_route_lock.release()
def add_route(self, virt_address, virt_address6,
host_address, host_address6):
virt_address = virt_address.split('/')[0]
_route_lock.acquire()
try:
if virt_address in self.client_routes:
try:
self.client_routes.remove(virt_address)
try:
utils.check_call_silent([
'ip',
'route',
'del',
virt_address,
])
except subprocess.CalledProcessError:
pass
except KeyError:
pass
if not host_address or host_address == \
settings.local.host.local_addr:
return
for i in xrange(3):
try:
utils.check_output_logged([
'ip',
'route',
'add',
virt_address,
'via',
host_address,
])
break
except subprocess.CalledProcessError:
if i == 0:
try:
utils.check_call_silent([
'ip',
'route',
'del',
virt_address,
])
except subprocess.CalledProcessError:
pass
elif i == 2:
raise
time.sleep(0.2)
except:
logger.exception('Failed to add route', 'clients',
virt_address=virt_address,
virt_address6=virt_address6,
host_address=host_address,
host_address6=host_address6,
)
finally:
_route_lock.release()
def _remove_iptables_rule_cmd(self, rule, ipv6=False):
rule = self._parse_rule(rule)
_global_lock.acquire()
try:
utils.check_call_silent(
['ip6tables' if ipv6 else 'iptables', '-D'] + rule, )
return True
except subprocess.CalledProcessError:
return False
finally:
_global_lock.release()
def _remove_iptables_rule_cmd(self, rule, ipv6=False):
rule = self._parse_rule(rule)
_global_lock.acquire()
try:
utils.check_call_silent(
['ip6tables' if ipv6 else 'iptables', '-D'] + rule,
)
return True
except subprocess.CalledProcessError:
return False
finally:
_global_lock.release()
def remove_route(self, virt_address, virt_address6,
host_address, host_address6):
if not host_address:
return
virt_address = virt_address.split('/')[0]
_route_lock.acquire()
try:
utils.check_call_silent([
'ip',
'route',
'del',
virt_address,
])
self.client_routes.pop(virt_address, None)
except subprocess.CalledProcessError:
pass
finally:
_route_lock.release()
def remove_route(self, virt_address, virt_address6, host_address,
host_address6):
if not host_address:
return
virt_address = virt_address.split('/')[0]
_route_lock.acquire()
try:
utils.check_call_silent([
'ip',
'route',
'del',
virt_address,
])
self.client_routes.pop(virt_address, None)
except subprocess.CalledProcessError:
pass
finally:
_route_lock.release()
def remove_iface(self):
try:
utils.check_call_silent([
'ip',
'link',
'set',
'down',
self.iface_name,
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'ip',
'link',
'del',
self.iface_name,
])
except subprocess.CalledProcessError:
pass
def remove_iface(self):
try:
utils.check_call_silent([
'ip',
'link',
'set',
'down',
self.iface_name,
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'ip',
'link',
'del',
self.iface_name,
])
except subprocess.CalledProcessError:
pass
def remove_iface(self):
if _vxlan_instances.get(self.vxlan_id) != self.instance_id:
return
try:
utils.check_call_silent([
'ip',
'link',
'set',
'down',
self.iface_name,
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'ip',
'link',
'del',
self.iface_name,
])
except subprocess.CalledProcessError:
pass
def remove_iface(self):
if _vxlan_instances.get(self.vxlan_id) != self.instance_id:
return
try:
utils.check_call_silent([
'ip',
'link',
'set',
'down',
self.iface_name,
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'ip',
'link',
'del',
self.iface_name,
])
except subprocess.CalledProcessError:
pass
def start(self):
global _loaded
local_iface = settings.local.host.local_iface
if not _loaded:
_loaded = True
try:
utils.check_call_silent([
'modprobe',
'vxlan',
])
except subprocess.CalledProcessError:
pass
self.remove_iface()
if not local_iface:
logger.error(
'Failed to find local interface for vxlan',
'vxlan',
vxlan_id=self.vxlan_id,
server_id=self.server_id,
host_id=settings.local.host_id,
local_addr=settings.local.host.local_addr,
)
raise ValueError('Failed to find local interface for vxlan')
utils.check_output_logged([
'ip',
'link',
'add',
self.iface_name,
'type',
'vxlan',
'id',
str(settings.vpn.vxlan_id_start + self.vxlan_id),
'dstport',
'4789',
'dev',
local_iface['interface'],
'nolearning',
],
ignore_states=['File exists'])
self.vxlan_mac = utils.get_interface_mac_address(self.iface_name)
self._init_host()
self.vxlan_addr = self.get_host_addr(self.host_vxlan_id)
if self.ipv6:
self.vxlan_addr6 = utils.ip4to6x64(
settings.vpn.ipv6_prefix,
self.vxlan_net,
self.vxlan_addr,
)
utils.check_output_logged([
'ip',
'address',
'add',
self.vxlan_addr + '/24',
'dev',
self.iface_name,
],
ignore_states=['File exists'])
if self.ipv6:
utils.check_output_logged([
'ip',
'-6',
'address',
'add',
self.vxlan_addr6 + '/64',
'dev',
self.iface_name,
],
ignore_states=['File exists'])
utils.check_output_logged([
'ip',
'link',
'set',
'up',
self.iface_name,
])
self._init_hosts()
def add_host(self, host_vxlan_id, vxlan_mac, host_dst, host_dst6):
if settings.local.host.local_addr == host_dst:
return
self.running_lock.acquire()
try:
if not self.running:
return
for i in xrange(2):
try:
if i == 0:
check_func = utils.check_output
else:
check_func = utils.check_output_logged
check_func([
'bridge',
'fdb',
'add',
vxlan_mac,
'dev',
self.iface_name,
'dst',
host_dst,
],
ignore_states=['File exists'])
break
except subprocess.CalledProcessError:
if i == 0:
utils.check_output_logged([
'bridge',
'fdb',
'del',
vxlan_mac,
'dev',
self.iface_name,
])
else:
raise
utils.check_output_logged([
'arp',
'-s',
self.get_host_addr(host_vxlan_id),
vxlan_mac,
])
if host_dst6:
for i in xrange(2):
try:
if i == 0:
check_func = utils.check_output
else:
check_func = utils.check_output_logged
check_func([
'ip',
'-6',
'neighbour',
'add',
self.get_host_addr6(host_vxlan_id),
'lladdr',
vxlan_mac,
'dev',
self.iface_name,
],
ignore_states=['File exists'])
break
except subprocess.CalledProcessError:
if i == 0:
utils.check_output_logged([
'ip',
'-6',
'neighbour',
'del',
self.get_host_addr6(host_vxlan_id),
'dev',
self.iface_name,
])
for j in xrange(30):
try:
utils.check_call_silent([
'ip',
'-6',
'neighbour',
'del',
self.get_host_addr6(host_vxlan_id),
'dev',
self.iface_name,
])
except:
break
time.sleep(0.5)
else:
raise
except:
logger.error(
'Failed to add vxlan host',
'vxlan',
vxlan_id=self.vxlan_id,
server_id=self.server_id,
)
raise
finally:
self.running_lock.release()
def setup_clean():
try:
try:
utils.check_call_silent([
'killall',
'openvpn',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'openssl',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'pritunl-dns',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'pritunl-web',
])
except subprocess.CalledProcessError:
pass
time.sleep(2)
try:
utils.check_call_silent([
'killall',
'-s9',
'openvpn',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'-s9',
'openssl',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'-s9',
'pritunl-dns',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'-s9',
'pritunl-web',
])
except subprocess.CalledProcessError:
pass
output = subprocess.check_output([
'ip',
'-o',
'link',
'show',
])
for line in output.splitlines():
iface_name = line.split(':')
if len(iface_name) < 2:
continue
iface_name = iface_name[1].strip()
if not iface_name.startswith('pxlan'):
continue
try:
utils.check_call_silent([
'ip',
'link',
'set',
'down',
iface_name,
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'ip',
'link',
'del',
iface_name,
])
except subprocess.CalledProcessError:
pass
output = subprocess.check_output([
'iptables-save',
])
table = None
for line in output.splitlines():
line = line.strip()
if line in ('*nat', '*filter'):
table = line[1:]
continue
if '--comment pritunl_' not in line:
continue
try:
utils.check_call_silent([
'iptables -t %s -D %s' % (table, line[3:]),
], shell=True)
except subprocess.CalledProcessError:
pass
except:
logger.exception('Server clean failed', 'setup')
def start(self):
global _loaded
local_iface = settings.local.host.local_iface
if not _loaded:
_loaded = True
try:
utils.check_call_silent([
'modprobe',
'vxlan',
])
except subprocess.CalledProcessError:
pass
self.remove_iface()
if not local_iface:
logger.error('Failed to find local interface for vxlan', 'vxlan',
vxlan_id=self.vxlan_id,
server_id=self.server_id,
host_id=settings.local.host_id,
local_addr=settings.local.host.local_addr,
)
raise ValueError('Failed to find local interface for vxlan')
utils.check_output_logged([
'ip',
'link',
'add',
self.iface_name,
'type',
'vxlan',
'id',
str(settings.vpn.vxlan_id_start + self.vxlan_id),
'dstport',
'4789',
'dev',
local_iface['interface'],
'nolearning',
], ignore_states=['File exists'])
self.vxlan_mac = utils.get_interface_mac_address(self.iface_name)
self._init_host()
self.vxlan_addr = self.get_host_addr(self.host_vxlan_id)
if self.ipv6:
self.vxlan_addr6 = utils.ip4to6x64(
settings.vpn.ipv6_prefix,
self.vxlan_net,
self.vxlan_addr,
)
utils.check_output_logged([
'ip',
'address',
'add',
self.vxlan_addr + '/24',
'dev',
self.iface_name,
], ignore_states=['File exists'])
if self.ipv6:
utils.check_output_logged([
'ip',
'-6',
'address',
'add',
self.vxlan_addr6 + '/64',
'dev',
self.iface_name,
], ignore_states=['File exists'])
utils.check_output_logged([
'ip',
'link',
'set',
'up',
self.iface_name,
])
self._init_hosts()
def add_host(self, host_vxlan_id, vxlan_mac, host_dst, host_dst6):
if settings.local.host.local_addr == host_dst:
return
self.running_lock.acquire()
try:
if not self.running:
return
for i in xrange(2):
try:
if i == 0:
check_func = utils.check_output
else:
check_func = utils.check_output_logged
check_func([
'bridge',
'fdb',
'add',
vxlan_mac,
'dev',
self.iface_name,
'dst',
host_dst,
], ignore_states=['File exists'])
break
except subprocess.CalledProcessError:
if i == 0:
utils.check_output_logged([
'bridge',
'fdb',
'del',
vxlan_mac,
'dev',
self.iface_name,
])
else:
raise
utils.check_output_logged([
'arp',
'-s',
self.get_host_addr(host_vxlan_id),
vxlan_mac,
])
if host_dst6:
for i in xrange(2):
try:
if i == 0:
check_func = utils.check_output
else:
check_func = utils.check_output_logged
check_func([
'ip',
'-6',
'neighbour',
'add',
self.get_host_addr6(host_vxlan_id),
'lladdr',
vxlan_mac,
'dev',
self.iface_name,
], ignore_states=['File exists'])
break
except subprocess.CalledProcessError:
if i == 0:
utils.check_output_logged([
'ip',
'-6',
'neighbour',
'del',
self.get_host_addr6(host_vxlan_id),
'dev',
self.iface_name,
])
for j in xrange(30):
try:
utils.check_call_silent([
'ip',
'-6',
'neighbour',
'del',
self.get_host_addr6(host_vxlan_id),
'dev',
self.iface_name,
])
except:
break
time.sleep(0.5)
else:
raise
except:
logger.error('Failed to add vxlan host', 'vxlan',
vxlan_id=self.vxlan_id,
server_id=self.server_id,
)
raise
finally:
self.running_lock.release()
def setup_clean():
try:
try:
utils.check_call_silent([
'killall',
'openvpn',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'openssl',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'pritunl-dns',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'pritunl-web',
])
except subprocess.CalledProcessError:
pass
time.sleep(2)
try:
utils.check_call_silent([
'killall',
'-s9',
'openvpn',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'-s9',
'openssl',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'-s9',
'pritunl-dns',
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'killall',
'-s9',
'pritunl-web',
])
except subprocess.CalledProcessError:
pass
output = subprocess.check_output([
'ip',
'-o',
'link',
'show',
])
for line in output.splitlines():
iface_name = line.split(':')
if len(iface_name) < 2:
continue
iface_name = iface_name[1].strip()
if not iface_name.startswith('pxlan'):
continue
try:
utils.check_call_silent([
'ip',
'link',
'set',
'down',
iface_name,
])
except subprocess.CalledProcessError:
pass
try:
utils.check_call_silent([
'ip',
'link',
'del',
iface_name,
])
except subprocess.CalledProcessError:
pass
output = subprocess.check_output([
'iptables-save',
])
table = None
for line in output.splitlines():
line = line.strip()
if line in ('*nat', '*filter'):
table = line[1:]
continue
if '--comment pritunl_' not in line:
continue
try:
utils.check_call_silent([
'iptables -t %s -D %s' % (table, line[3:]),
],
shell=True)
except subprocess.CalledProcessError:
pass
except:
logger.exception('Server clean failed', 'setup')
