From e6994e69394fa18f7d6e349b7d829f6108e582c8 Mon Sep 17 00:00:00 2001 From: Dennis Schwerdel Date: Sat, 23 Jan 2021 20:29:15 +0100 Subject: [PATCH 1/6] Implement event scripts --- Cargo.lock | 16 +-- src/cloud.rs | 32 ++++- src/config.rs | 296 ++++++++++++++++++++++++++++------------------- src/device.rs | 2 +- src/main.rs | 6 + src/oldconfig.rs | 5 +- src/util.rs | 55 +++++---- 7 files changed, 256 insertions(+), 156 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 841f2b8..56c1e2e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -147,9 +147,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4060f4657be78b8e766215b02b18a2e862d83745545de804638e2b545e81aee6" +checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8" dependencies = [ "cfg-if 1.0.0", "libc", @@ -167,9 +167,9 @@ dependencies = [ [[package]] name = "hermit-abi" -version = "0.1.17" +version = "0.1.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5aca5565f760fb5b220e499d72710ed156fdb74e631659e99377d9ebfbd13ae8" +checksum = "322f4de77956e22ed0e5032c359a0f1273f1f7f0d79bfa3b8ffbc730d7fbcc5c" dependencies = [ "libc", ] @@ -463,15 +463,15 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" [[package]] name = "serde" -version = "1.0.119" +version = "1.0.120" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bdd36f49e35b61d49efd8aa7fc068fd295961fd2286d0b2ee9a4c7a14e99cc3" +checksum = "166b2349061381baf54a58e4b13c89369feb0ef2eaa57198899e2312aac30aab" [[package]] name = "serde_derive" -version = "1.0.119" +version = "1.0.120" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "552954ce79a059ddd5fd68c271592374bd15cab2274970380c000118aeffe1cd" +checksum = "0ca2a8cb5805ce9e3b95435e3765b7b553cecc762d938d409434338386cb5775" dependencies = [ "proc-macro2", "quote", diff --git a/src/cloud.rs b/src/cloud.rs index 1a3533a..d740bfc 100644 --- a/src/cloud.rs +++ b/src/cloud.rs @@ -26,7 +26,8 @@ use crate::{ device::{Device, Type}, error::Error, messages::{ - AddrList, NodeInfo, PeerInfo, MESSAGE_TYPE_CLOSE, MESSAGE_TYPE_DATA, MESSAGE_TYPE_KEEPALIVE, MESSAGE_TYPE_NODE_INFO + AddrList, NodeInfo, PeerInfo, MESSAGE_TYPE_CLOSE, MESSAGE_TYPE_DATA, MESSAGE_TYPE_KEEPALIVE, + MESSAGE_TYPE_NODE_INFO }, net::{mapped_addr, Socket}, payload::Protocol, @@ -225,6 +226,7 @@ impl GenericCloud GenericCloud GenericCloud GenericCloud Result<(), Error> { info!("Added peer {}", addr_nice(addr)); + self.config.call_event_script( + "peer_connected", + vec![("PEER", format!("{:?}", addr)), ("IFNAME", self.device.ifname().to_owned())], + true + ); if let Some(init) = self.pending_inits.remove(&addr) { self.peers.insert(addr, PeerData { addrs: info.addrs.clone(), @@ -647,6 +660,11 @@ impl GenericCloud GenericCloud { + self.config.call_event_script( + "peer_connecting", + vec![("PEER", format!("{:?}", src)), ("IFNAME", self.device.ifname().to_owned())], + true + ); self.pending_inits.insert(src, init); Ok(res) } @@ -800,6 +823,11 @@ impl GenericCloud { debug!("Recoverable init error from {}: {}", src, e); @@ -831,6 +859,7 @@ impl GenericCloud { @@ -856,6 +885,7 @@ impl GenericCloud SocketAddr { if let Some(addr) = addr.strip_prefix("*:") { let port = try_fail!(addr.parse::(), "Invalid port: {}"); @@ -61,7 +63,9 @@ pub struct Config { pub statsd_server: Option, pub statsd_prefix: Option, pub user: Option, - pub group: Option + pub group: Option, + pub event_script: Option, + pub event_scripts: HashMap, } impl Default for Config { @@ -94,7 +98,9 @@ impl Default for Config { statsd_server: None, statsd_prefix: None, user: None, - group: None + group: None, + event_script: None, + event_scripts: HashMap::new(), } } } @@ -199,6 +205,12 @@ impl Config { if !file.crypto.algorithms.is_empty() { self.crypto.algorithms = file.crypto.algorithms.clone(); } + if let Some(val) = file.event_script { + self.event_script = Some(val) + } + for (k, v) in file.event_scripts { + self.event_scripts.insert(k, v); + } } pub fn merge_args(&mut self, mut args: Args) { @@ -292,17 +304,44 @@ impl Config { if !args.algorithms.is_empty() { self.crypto.algorithms = args.algorithms.clone(); } + for s in args.event_script { + self.event_script = Some(s); + //TODO: parse params + } } pub fn get_keepalive(&self) -> Duration { match self.keepalive { Some(dur) => dur, - None => max(self.peer_timeout / 2 - 60, 1) + None => max(self.peer_timeout / 2 - 60, 1), + } + } + + pub fn call_event_script( + &self, event: &'static str, envs: impl IntoIterator)>, detach: bool, + ) { + let mut script = None; + if let Some(ref s) = self.event_script { + script = Some(s); + } + if let Some(ref s) = self.event_scripts.get(event) { + script = Some(s); + } + if script.is_none() { + return; + } + let script = script.unwrap(); + let mut cmd = Command::new("sh"); + cmd.arg("-c").arg(script).envs(envs).env("EVENT", event); + debug!("Running event script: {:?}", cmd); + if detach { + thread::spawn(move || run_cmd(cmd)); + } else { + run_cmd(cmd) } } } - #[derive(StructOpt, Debug, Default)] pub struct Args { /// Read configuration options from the specified file. @@ -463,7 +502,11 @@ pub struct Args { /// Generate shell completions #[structopt(long)] - pub completion: Option + pub completion: Option, + + /// Call script on event + #[structopt(long)] + pub event_script: Vec, } #[derive(Serialize, Deserialize, Debug, PartialEq, Default)] @@ -473,7 +516,7 @@ pub struct ConfigFileDevice { pub type_: Option, pub name: Option, pub path: Option, - pub fix_rp_filter: Option + pub fix_rp_filter: Option, } #[derive(Serialize, Deserialize, Debug, PartialEq, Default)] @@ -482,14 +525,14 @@ pub struct ConfigFileBeacon { pub store: Option, pub load: Option, pub interval: Option, - pub password: Option + pub password: Option, } #[derive(Serialize, Deserialize, Debug, PartialEq, Default)] #[serde(rename_all = "kebab-case", deny_unknown_fields, default)] pub struct ConfigFileStatsd { pub server: Option, - pub prefix: Option + pub prefix: Option, } #[derive(Serialize, Deserialize, Debug, PartialEq, Default)] @@ -517,10 +560,11 @@ pub struct ConfigFile { pub stats_file: Option, pub statsd: Option, pub user: Option, - pub group: Option + pub group: Option, + pub event_script: Option, + pub event_scripts: HashMap, } - #[test] fn config_file() { let config_file = " @@ -554,41 +598,46 @@ statsd: server: example.com:1234 prefix: prefix "; - assert_eq!(serde_yaml::from_str::(config_file).unwrap(), ConfigFile { - device: Some(ConfigFileDevice { - type_: Some(Type::Tun), - name: Some("vpncloud%d".to_string()), - path: Some("/dev/net/tun".to_string()), - fix_rp_filter: None - }), - ip: Some("10.0.1.1/16".to_string()), - ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()), - ifdown: Some("true".to_string()), - crypto: CryptoConfig::default(), - listen: None, - peers: Some(vec!["remote.machine.foo:3210".to_string(), "remote.machine.bar:3210".to_string()]), - peer_timeout: Some(600), - keepalive: Some(840), - beacon: Some(ConfigFileBeacon { - store: Some("/run/vpncloud.beacon.out".to_string()), - load: Some("/run/vpncloud.beacon.in".to_string()), - interval: Some(3600), - password: Some("test123".to_string()) - }), - mode: Some(Mode::Normal), - switch_timeout: Some(300), - claims: Some(vec!["10.0.1.0/24".to_string()]), - auto_claim: None, - port_forwarding: Some(true), - user: Some("nobody".to_string()), - group: Some("nogroup".to_string()), - pid_file: Some("/run/vpncloud.run".to_string()), - stats_file: Some("/var/log/vpncloud.stats".to_string()), - statsd: Some(ConfigFileStatsd { - server: Some("example.com:1234".to_string()), - prefix: Some("prefix".to_string()) - }) - }) + assert_eq!( + serde_yaml::from_str::(config_file).unwrap(), + ConfigFile { + device: Some(ConfigFileDevice { + type_: Some(Type::Tun), + name: Some("vpncloud%d".to_string()), + path: Some("/dev/net/tun".to_string()), + fix_rp_filter: None + }), + ip: Some("10.0.1.1/16".to_string()), + ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()), + ifdown: Some("true".to_string()), + crypto: CryptoConfig::default(), + listen: None, + peers: Some(vec!["remote.machine.foo:3210".to_string(), "remote.machine.bar:3210".to_string()]), + peer_timeout: Some(600), + keepalive: Some(840), + beacon: Some(ConfigFileBeacon { + store: Some("/run/vpncloud.beacon.out".to_string()), + load: Some("/run/vpncloud.beacon.in".to_string()), + interval: Some(3600), + password: Some("test123".to_string()) + }), + mode: Some(Mode::Normal), + switch_timeout: Some(300), + claims: Some(vec!["10.0.1.0/24".to_string()]), + auto_claim: None, + port_forwarding: Some(true), + user: Some("nobody".to_string()), + group: Some("nogroup".to_string()), + pid_file: Some("/run/vpncloud.run".to_string()), + stats_file: Some("/var/log/vpncloud.stats".to_string()), + statsd: Some(ConfigFileStatsd { + server: Some("example.com:1234".to_string()), + prefix: Some("prefix".to_string()) + }), + event_script: None, + event_scripts: HashMap::new() + } + ) } #[test] @@ -621,9 +670,12 @@ fn default_config_as_default() { statsd_server: None, statsd_prefix: None, user: None, - group: None + group: None, + event_script: None, + event_scripts: HashMap::new(), }; - let default_config_file = serde_yaml::from_str::(include_str!("../assets/example.net.disabled")).unwrap(); + let default_config_file = + serde_yaml::from_str::(include_str!("../assets/example.net.disabled")).unwrap(); default_config.merge_file(default_config_file); assert_eq!(default_config, Config::default()); } @@ -636,7 +688,7 @@ fn config_merge() { type_: Some(Type::Tun), name: Some("vpncloud%d".to_string()), path: None, - fix_rp_filter: None + fix_rp_filter: None, }), ip: None, ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()), @@ -650,7 +702,7 @@ fn config_merge() { store: Some("/run/vpncloud.beacon.out".to_string()), load: Some("/run/vpncloud.beacon.in".to_string()), interval: Some(7200), - password: Some("test123".to_string()) + password: Some("test123".to_string()), }), mode: Some(Mode::Normal), switch_timeout: Some(300), @@ -663,36 +715,41 @@ fn config_merge() { stats_file: Some("/var/log/vpncloud.stats".to_string()), statsd: Some(ConfigFileStatsd { server: Some("example.com:1234".to_string()), - prefix: Some("prefix".to_string()) - }) - }); - assert_eq!(config, Config { - device_type: Type::Tun, - device_name: "vpncloud%d".to_string(), - device_path: None, - ip: None, - ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()), - ifdown: Some("true".to_string()), - listen: "[::]:3210".parse::().unwrap(), - peers: vec!["remote.machine.foo:3210".to_string(), "remote.machine.bar:3210".to_string()], - peer_timeout: 600, - keepalive: Some(840), - switch_timeout: 300, - beacon_store: Some("/run/vpncloud.beacon.out".to_string()), - beacon_load: Some("/run/vpncloud.beacon.in".to_string()), - beacon_interval: 7200, - beacon_password: Some("test123".to_string()), - mode: Mode::Normal, - port_forwarding: true, - claims: vec!["10.0.1.0/24".to_string()], - user: Some("nobody".to_string()), - group: Some("nogroup".to_string()), - pid_file: Some("/run/vpncloud.run".to_string()), - stats_file: Some("/var/log/vpncloud.stats".to_string()), - statsd_server: Some("example.com:1234".to_string()), - statsd_prefix: Some("prefix".to_string()), - ..Default::default() + prefix: Some("prefix".to_string()), + }), + event_script: None, + event_scripts: HashMap::new(), }); + assert_eq!( + config, + Config { + device_type: Type::Tun, + device_name: "vpncloud%d".to_string(), + device_path: None, + ip: None, + ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()), + ifdown: Some("true".to_string()), + listen: "[::]:3210".parse::().unwrap(), + peers: vec!["remote.machine.foo:3210".to_string(), "remote.machine.bar:3210".to_string()], + peer_timeout: 600, + keepalive: Some(840), + switch_timeout: 300, + beacon_store: Some("/run/vpncloud.beacon.out".to_string()), + beacon_load: Some("/run/vpncloud.beacon.in".to_string()), + beacon_interval: 7200, + beacon_password: Some("test123".to_string()), + mode: Mode::Normal, + port_forwarding: true, + claims: vec!["10.0.1.0/24".to_string()], + user: Some("nobody".to_string()), + group: Some("nogroup".to_string()), + pid_file: Some("/run/vpncloud.run".to_string()), + stats_file: Some("/var/log/vpncloud.stats".to_string()), + statsd_server: Some("example.com:1234".to_string()), + statsd_prefix: Some("prefix".to_string()), + ..Default::default() + } + ); config.merge_args(Args { type_: Some(Type::Tap), device: Some("vpncloud0".to_string()), @@ -721,38 +778,43 @@ fn config_merge() { group: Some("root".to_string()), ..Default::default() }); - assert_eq!(config, Config { - device_type: Type::Tap, - device_name: "vpncloud0".to_string(), - device_path: Some("/dev/null".to_string()), - fix_rp_filter: false, - ip: None, - ifup: Some("ifconfig $IFNAME 10.0.1.2/16 mtu 1400 up".to_string()), - ifdown: Some("ifconfig $IFNAME down".to_string()), - crypto: CryptoConfig { password: Some("anothersecret".to_string()), ..CryptoConfig::default() }, - listen: "[::]:3211".parse::().unwrap(), - peers: vec![ - "remote.machine.foo:3210".to_string(), - "remote.machine.bar:3210".to_string(), - "another:3210".to_string() - ], - peer_timeout: 1801, - keepalive: Some(850), - switch_timeout: 301, - beacon_store: Some("/run/vpncloud.beacon.out2".to_string()), - beacon_load: Some("/run/vpncloud.beacon.in2".to_string()), - beacon_interval: 3600, - beacon_password: Some("test1234".to_string()), - mode: Mode::Switch, - port_forwarding: false, - claims: vec!["10.0.1.0/24".to_string()], - auto_claim: true, - user: Some("root".to_string()), - group: Some("root".to_string()), - pid_file: Some("/run/vpncloud-mynet.run".to_string()), - stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()), - statsd_server: Some("example.com:2345".to_string()), - statsd_prefix: Some("prefix2".to_string()), - daemonize: true - }); + assert_eq!( + config, + Config { + device_type: Type::Tap, + device_name: "vpncloud0".to_string(), + device_path: Some("/dev/null".to_string()), + fix_rp_filter: false, + ip: None, + ifup: Some("ifconfig $IFNAME 10.0.1.2/16 mtu 1400 up".to_string()), + ifdown: Some("ifconfig $IFNAME down".to_string()), + crypto: CryptoConfig { password: Some("anothersecret".to_string()), ..CryptoConfig::default() }, + listen: "[::]:3211".parse::().unwrap(), + peers: vec![ + "remote.machine.foo:3210".to_string(), + "remote.machine.bar:3210".to_string(), + "another:3210".to_string() + ], + peer_timeout: 1801, + keepalive: Some(850), + switch_timeout: 301, + beacon_store: Some("/run/vpncloud.beacon.out2".to_string()), + beacon_load: Some("/run/vpncloud.beacon.in2".to_string()), + beacon_interval: 3600, + beacon_password: Some("test1234".to_string()), + mode: Mode::Switch, + port_forwarding: false, + claims: vec!["10.0.1.0/24".to_string()], + auto_claim: true, + user: Some("root".to_string()), + group: Some("root".to_string()), + pid_file: Some("/run/vpncloud-mynet.run".to_string()), + stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()), + statsd_server: Some("example.com:2345".to_string()), + statsd_prefix: Some("prefix2".to_string()), + daemonize: true, + event_script: None, + event_scripts: HashMap::new() + } + ); } diff --git a/src/device.rs b/src/device.rs index 34c7b18..3d5e011 100644 --- a/src/device.rs +++ b/src/device.rs @@ -36,7 +36,7 @@ struct IfReq { impl IfReq { fn new(name: &str) -> Self { assert!(name.len() < libc::IF_NAMESIZE); - let mut ifr_name = [0 as u8; libc::IF_NAMESIZE]; + let mut ifr_name = [0; libc::IF_NAMESIZE]; ifr_name[..name.len()].clone_from_slice(name.as_bytes()); Self { ifr_name, data: IfReqData { _dummy: [0; 24] } } } diff --git a/src/main.rs b/src/main.rs index dd73dcc..9a36d5c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -140,6 +140,9 @@ fn setup_device(config: &Config) -> TunTapDevice { config.device_name ); info!("Opened device {}", device.ifname()); + config.call_event_script("device_setup", vec![ + ("IFNAME", device.ifname()) + ], true); if let Err(err) = device.set_mtu(None) { error!("Error setting optimal MTU on {}: {}", device.ifname(), err); } @@ -159,6 +162,9 @@ fn setup_device(config: &Config) -> TunTapDevice { warn!("Your networking configuration might be affected by a vulnerability (https://vpncloud.ddswd.de/docs/security/cve-2019-14899/), please change your rp_filter setting to 1 (currently {}).", val); } } + config.call_event_script("device_configured", vec![ + ("IFNAME", device.ifname()) + ], true); device } diff --git a/src/oldconfig.rs b/src/oldconfig.rs index 0a717a0..908912f 100644 --- a/src/oldconfig.rs +++ b/src/oldconfig.rs @@ -1,3 +1,4 @@ +use std::collections::HashMap; use super::{device::Type, types::Mode, util::Duration}; use crate::config::{ConfigFile, ConfigFileBeacon, ConfigFileDevice, ConfigFileStatsd, CryptoConfig}; @@ -117,7 +118,9 @@ impl OldConfigFile { server: self.statsd_server }), switch_timeout: self.dst_timeout, - user: self.user + user: self.user, + event_script: None, + event_scripts: HashMap::new() } } } \ No newline at end of file diff --git a/src/util.rs b/src/util.rs index 42a53b1..e1c4ae5 100644 --- a/src/util.rs +++ b/src/util.rs @@ -2,31 +2,31 @@ // Copyright (C) 2015-2020 Dennis Schwerdel // This software is licensed under GPL-3 or newer (see LICENSE.md) +use std::process::Command; use std::{ fmt, net::{Ipv4Addr, SocketAddr, ToSocketAddrs, UdpSocket}, - sync::atomic::{AtomicIsize, Ordering} + sync::atomic::{AtomicIsize, Ordering}, }; use crate::error::Error; -#[cfg(not(target_os = "linux"))] use time; +#[cfg(not(target_os = "linux"))] +use time; use signal::{trap::Trap, Signal}; use smallvec::SmallVec; use std::time::Instant; - pub type Duration = u32; pub type Time = i64; - #[derive(Clone)] pub struct MsgBuffer { space_before: usize, buffer: [u8; 65535], start: usize, - end: usize + end: usize, } impl MsgBuffer { @@ -98,7 +98,6 @@ impl MsgBuffer { } } - const HEX_CHARS: &[u8] = b"0123456789abcdef"; pub fn bytes_to_hex(bytes: &[u8]) -> String { @@ -113,13 +112,12 @@ pub fn bytes_to_hex(bytes: &[u8]) -> String { pub fn addr_nice(addr: SocketAddr) -> SocketAddr { if let SocketAddr::V6(v6addr) = addr { if let Some(ip) = v6addr.ip().to_ipv4() { - return (ip, addr.port()).into() + return (ip, addr.port()).into(); } } addr } - pub struct Encoder; impl Encoder { @@ -172,7 +170,6 @@ impl Encoder { } } - macro_rules! fail { ($format:expr) => ( { use std::process; @@ -215,17 +212,14 @@ pub fn get_internal_ip() -> Ipv4Addr { } } - #[allow(unknown_lints, clippy::needless_pass_by_value)] pub fn resolve(addr: Addr) -> Result, Error> { let mut addrs = addr.to_socket_addrs().map_err(|_| Error::NameUnresolvable(format!("{:?}", addr)))?.collect::>(); // Try IPv4 first as it usually is faster - addrs.sort_by_key(|addr| { - match *addr { - SocketAddr::V4(_) => 4, - SocketAddr::V6(_) => 6 - } + addrs.sort_by_key(|addr| match *addr { + SocketAddr::V4(_) => 4, + SocketAddr::V6(_) => 6, }); // Remove duplicates in addrs (why are there duplicates???) addrs.dedup(); @@ -239,7 +233,6 @@ macro_rules! addr { }}; } - pub struct Bytes(pub u64); impl fmt::Display for Bytes { @@ -248,31 +241,30 @@ impl fmt::Display for Bytes { if size >= 512.0 { size /= 1024.0; } else { - return write!(formatter, "{:.0} B", size) + return write!(formatter, "{:.0} B", size); } if size >= 512.0 { size /= 1024.0; } else { - return write!(formatter, "{:.1} KiB", size) + return write!(formatter, "{:.1} KiB", size); } if size >= 512.0 { size /= 1024.0; } else { - return write!(formatter, "{:.1} MiB", size) + return write!(formatter, "{:.1} MiB", size); } if size >= 512.0 { size /= 1024.0; } else { - return write!(formatter, "{:.1} GiB", size) + return write!(formatter, "{:.1} GiB", size); } write!(formatter, "{:.1} TiB", size) } } - pub struct CtrlC { dummy_time: Instant, - trap: Trap + trap: Trap, } impl CtrlC { @@ -293,7 +285,6 @@ impl Default for CtrlC { } } - pub trait TimeSource: Sync + Copy + Send + 'static { fn now() -> Time; } @@ -336,7 +327,6 @@ impl TimeSource for MockTimeSource { } } - /// Helper function that multiplies the base62 data in buf[0..buflen] by 16 and adds m to it fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize { let mut d: usize = m as usize; @@ -356,7 +346,7 @@ fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize { const BASE62: [char; 62] = [ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', - 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' + 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', ]; pub fn to_base62(data: &[u8]) -> String { @@ -382,7 +372,7 @@ pub fn from_base62(data: &str) -> Result, char> { '0'..='9' => ((c as usize) % ('0' as usize)), 'A'..='Z' => ((c as usize) % ('A' as usize)) + 10, 'a'..='z' => ((c as usize) % ('a' as usize)) + 36, - _ => return Err(c) + _ => return Err(c), }; for item in &mut buf { val += *item as usize * 62; @@ -397,11 +387,10 @@ pub fn from_base62(data: &str) -> Result, char> { Ok(buf) } - #[derive(Default)] pub struct StatsdMsg { entries: Vec, - key: Vec + key: Vec, } impl StatsdMsg { @@ -426,6 +415,16 @@ impl StatsdMsg { } } +pub fn run_cmd(mut cmd: Command) { + match cmd.status() { + Ok(status) => { + if !status.success() { + error!("Command returned error: {:?}", status.code()) + } + } + Err(e) => error!("Failed to execute command {:?}: {}", cmd, e), + } +} #[test] fn base62() { From 8e3cdbddbfc5ba0e4227d7b24f6f18096175b6c1 Mon Sep 17 00:00:00 2001 From: Dennis Schwerdel Date: Sat, 23 Jan 2021 21:03:36 +0100 Subject: [PATCH 2/6] Formatting --- src/cloud.rs | 36 +++++++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 11 deletions(-) diff --git a/src/cloud.rs b/src/cloud.rs index d740bfc..d4ae40e 100644 --- a/src/cloud.rs +++ b/src/cloud.rs @@ -281,16 +281,18 @@ impl GenericCloud GenericCloud>().join(" ")), + ("NODE_ID", format!("{:?}", info.node_id)), + ], true ); if let Some(init) = self.pending_inits.remove(&addr) { @@ -658,14 +665,18 @@ impl GenericCloud GenericCloud { self.config.call_event_script( "peer_connecting", - vec![("PEER", format!("{:?}", src)), ("IFNAME", self.device.ifname().to_owned())], + vec![ + ("PEER", format!("{:?}", addr_nice(src))), + ("IFNAME", self.device.ifname().to_owned()), + ], true ); self.pending_inits.insert(src, init); @@ -825,7 +839,7 @@ impl GenericCloud Date: Sat, 23 Jan 2021 21:18:25 +0100 Subject: [PATCH 3/6] node_id formatting --- src/cloud.rs | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/cloud.rs b/src/cloud.rs index d4ae40e..3411e3e 100644 --- a/src/cloud.rs +++ b/src/cloud.rs @@ -36,7 +36,7 @@ use crate::{ table::ClaimTable, traffic::TrafficStats, types::{Address, Mode, NodeId, Range, RangeList}, - util::{addr_nice, resolve, CtrlC, Duration, MsgBuffer, StatsdMsg, Time, TimeSource} + util::{addr_nice, bytes_to_hex, resolve, CtrlC, Duration, MsgBuffer, StatsdMsg, Time, TimeSource} }; pub type Hash = BuildHasherDefault; @@ -126,7 +126,12 @@ impl GenericCloud error!("{}", e) + Err(Error::DeviceIo(_, e)) if e.kind() == io::ErrorKind::AddrNotAvailable => { + info!("No address set on interface.") + } + Err(e) => { + error!("{}", e) + } } } let now = TS::now(); @@ -644,7 +649,7 @@ impl GenericCloud>().join(" ")), - ("NODE_ID", format!("{:?}", info.node_id)), + ("NODE_ID", bytes_to_hex(&info.node_id)), ], true ); @@ -673,7 +678,7 @@ impl GenericCloud Date: Sun, 24 Jan 2021 17:47:02 +0100 Subject: [PATCH 4/6] Fix tests --- src/device.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/device.rs b/src/device.rs index 3d5e011..290539b 100644 --- a/src/device.rs +++ b/src/device.rs @@ -5,12 +5,12 @@ use std::{ cmp, collections::VecDeque, + convert::TryInto, fmt, fs::{self, File}, io::{self, BufRead, BufReader, Cursor, Error as IoError, Read, Write}, net::{Ipv4Addr, UdpSocket}, os::unix::io::{AsRawFd, RawFd}, - convert::TryInto, str, str::FromStr }; @@ -329,7 +329,7 @@ impl Device for MockDevice { } fn ifname(&self) -> &str { - unimplemented!() + "mock0" } fn read(&mut self, buffer: &mut MsgBuffer) -> Result<(), Error> { From f95fb17dd4b3638affd8fbee6d572192c19d1954 Mon Sep 17 00:00:00 2001 From: Dennis Schwerdel Date: Sun, 24 Jan 2021 19:24:40 +0100 Subject: [PATCH 5/6] rename to hook --- src/cloud.rs | 18 ++- src/config.rs | 286 +++++++++++++++++++++++------------------------ src/main.rs | 8 +- src/oldconfig.rs | 13 +-- 4 files changed, 156 insertions(+), 169 deletions(-) diff --git a/src/cloud.rs b/src/cloud.rs index 3411e3e..e93fe31 100644 --- a/src/cloud.rs +++ b/src/cloud.rs @@ -129,9 +129,7 @@ impl GenericCloud { info!("No address set on interface.") } - Err(e) => { - error!("{}", e) - } + Err(e) => error!("{}", e) } } let now = TS::now(); @@ -287,7 +285,7 @@ impl GenericCloud GenericCloud Result<(), Error> { info!("Added peer {}", addr_nice(addr)); - self.config.call_event_script( + self.config.call_hook( "peer_connected", vec![ ("PEER", format!("{:?}", addr_nice(addr))), @@ -673,7 +671,7 @@ impl GenericCloud GenericCloud { - self.config.call_event_script( + self.config.call_hook( "peer_connecting", vec![ ("PEER", format!("{:?}", addr_nice(src))), @@ -842,7 +840,7 @@ impl GenericCloud GenericCloud { @@ -904,7 +902,7 @@ impl GenericCloud, pub user: Option, pub group: Option, - pub event_script: Option, - pub event_scripts: HashMap, + pub hook: Option, + pub hooks: HashMap } impl Default for Config { @@ -99,8 +98,8 @@ impl Default for Config { statsd_prefix: None, user: None, group: None, - event_script: None, - event_scripts: HashMap::new(), + hook: None, + hooks: HashMap::new() } } } @@ -205,11 +204,11 @@ impl Config { if !file.crypto.algorithms.is_empty() { self.crypto.algorithms = file.crypto.algorithms.clone(); } - if let Some(val) = file.event_script { - self.event_script = Some(val) + if let Some(val) = file.hook { + self.hook = Some(val) } - for (k, v) in file.event_scripts { - self.event_scripts.insert(k, v); + for (k, v) in file.hooks { + self.hooks.insert(k, v); } } @@ -304,31 +303,37 @@ impl Config { if !args.algorithms.is_empty() { self.crypto.algorithms = args.algorithms.clone(); } - for s in args.event_script { - self.event_script = Some(s); - //TODO: parse params + for s in args.hook { + if s.contains(':') { + let pos = s.find(':').unwrap(); + let name = &s[..pos]; + let hook = &s[pos+1..]; + self.hooks.insert(name.to_string(), hook.to_string()); + } else { + self.hook = Some(s); + } } } pub fn get_keepalive(&self) -> Duration { match self.keepalive { Some(dur) => dur, - None => max(self.peer_timeout / 2 - 60, 1), + None => max(self.peer_timeout / 2 - 60, 1) } } - pub fn call_event_script( - &self, event: &'static str, envs: impl IntoIterator)>, detach: bool, + pub fn call_hook( + &self, event: &'static str, envs: impl IntoIterator)>, detach: bool ) { let mut script = None; - if let Some(ref s) = self.event_script { + if let Some(ref s) = self.hook { script = Some(s); } - if let Some(ref s) = self.event_scripts.get(event) { + if let Some(ref s) = self.hooks.get(event) { script = Some(s); } if script.is_none() { - return; + return } let script = script.unwrap(); let mut cmd = Command::new("sh"); @@ -506,7 +511,7 @@ pub struct Args { /// Call script on event #[structopt(long)] - pub event_script: Vec, + pub hook: Vec } #[derive(Serialize, Deserialize, Debug, PartialEq, Default)] @@ -516,7 +521,7 @@ pub struct ConfigFileDevice { pub type_: Option, pub name: Option, pub path: Option, - pub fix_rp_filter: Option, + pub fix_rp_filter: Option } #[derive(Serialize, Deserialize, Debug, PartialEq, Default)] @@ -525,14 +530,14 @@ pub struct ConfigFileBeacon { pub store: Option, pub load: Option, pub interval: Option, - pub password: Option, + pub password: Option } #[derive(Serialize, Deserialize, Debug, PartialEq, Default)] #[serde(rename_all = "kebab-case", deny_unknown_fields, default)] pub struct ConfigFileStatsd { pub server: Option, - pub prefix: Option, + pub prefix: Option } #[derive(Serialize, Deserialize, Debug, PartialEq, Default)] @@ -561,8 +566,8 @@ pub struct ConfigFile { pub statsd: Option, pub user: Option, pub group: Option, - pub event_script: Option, - pub event_scripts: HashMap, + pub hook: Option, + pub hooks: HashMap } #[test] @@ -598,46 +603,43 @@ statsd: server: example.com:1234 prefix: prefix "; - assert_eq!( - serde_yaml::from_str::(config_file).unwrap(), - ConfigFile { - device: Some(ConfigFileDevice { - type_: Some(Type::Tun), - name: Some("vpncloud%d".to_string()), - path: Some("/dev/net/tun".to_string()), - fix_rp_filter: None - }), - ip: Some("10.0.1.1/16".to_string()), - ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()), - ifdown: Some("true".to_string()), - crypto: CryptoConfig::default(), - listen: None, - peers: Some(vec!["remote.machine.foo:3210".to_string(), "remote.machine.bar:3210".to_string()]), - peer_timeout: Some(600), - keepalive: Some(840), - beacon: Some(ConfigFileBeacon { - store: Some("/run/vpncloud.beacon.out".to_string()), - load: Some("/run/vpncloud.beacon.in".to_string()), - interval: Some(3600), - password: Some("test123".to_string()) - }), - mode: Some(Mode::Normal), - switch_timeout: Some(300), - claims: Some(vec!["10.0.1.0/24".to_string()]), - auto_claim: None, - port_forwarding: Some(true), - user: Some("nobody".to_string()), - group: Some("nogroup".to_string()), - pid_file: Some("/run/vpncloud.run".to_string()), - stats_file: Some("/var/log/vpncloud.stats".to_string()), - statsd: Some(ConfigFileStatsd { - server: Some("example.com:1234".to_string()), - prefix: Some("prefix".to_string()) - }), - event_script: None, - event_scripts: HashMap::new() - } - ) + assert_eq!(serde_yaml::from_str::(config_file).unwrap(), ConfigFile { + device: Some(ConfigFileDevice { + type_: Some(Type::Tun), + name: Some("vpncloud%d".to_string()), + path: Some("/dev/net/tun".to_string()), + fix_rp_filter: None + }), + ip: Some("10.0.1.1/16".to_string()), + ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()), + ifdown: Some("true".to_string()), + crypto: CryptoConfig::default(), + listen: None, + peers: Some(vec!["remote.machine.foo:3210".to_string(), "remote.machine.bar:3210".to_string()]), + peer_timeout: Some(600), + keepalive: Some(840), + beacon: Some(ConfigFileBeacon { + store: Some("/run/vpncloud.beacon.out".to_string()), + load: Some("/run/vpncloud.beacon.in".to_string()), + interval: Some(3600), + password: Some("test123".to_string()) + }), + mode: Some(Mode::Normal), + switch_timeout: Some(300), + claims: Some(vec!["10.0.1.0/24".to_string()]), + auto_claim: None, + port_forwarding: Some(true), + user: Some("nobody".to_string()), + group: Some("nogroup".to_string()), + pid_file: Some("/run/vpncloud.run".to_string()), + stats_file: Some("/var/log/vpncloud.stats".to_string()), + statsd: Some(ConfigFileStatsd { + server: Some("example.com:1234".to_string()), + prefix: Some("prefix".to_string()) + }), + hook: None, + hooks: HashMap::new() + }) } #[test] @@ -671,8 +673,8 @@ fn default_config_as_default() { statsd_prefix: None, user: None, group: None, - event_script: None, - event_scripts: HashMap::new(), + hook: None, + hooks: HashMap::new() }; let default_config_file = serde_yaml::from_str::(include_str!("../assets/example.net.disabled")).unwrap(); @@ -688,7 +690,7 @@ fn config_merge() { type_: Some(Type::Tun), name: Some("vpncloud%d".to_string()), path: None, - fix_rp_filter: None, + fix_rp_filter: None }), ip: None, ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()), @@ -702,7 +704,7 @@ fn config_merge() { store: Some("/run/vpncloud.beacon.out".to_string()), load: Some("/run/vpncloud.beacon.in".to_string()), interval: Some(7200), - password: Some("test123".to_string()), + password: Some("test123".to_string()) }), mode: Some(Mode::Normal), switch_timeout: Some(300), @@ -715,41 +717,38 @@ fn config_merge() { stats_file: Some("/var/log/vpncloud.stats".to_string()), statsd: Some(ConfigFileStatsd { server: Some("example.com:1234".to_string()), - prefix: Some("prefix".to_string()), + prefix: Some("prefix".to_string()) }), - event_script: None, - event_scripts: HashMap::new(), + hook: None, + hooks: HashMap::new() + }); + assert_eq!(config, Config { + device_type: Type::Tun, + device_name: "vpncloud%d".to_string(), + device_path: None, + ip: None, + ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()), + ifdown: Some("true".to_string()), + listen: "[::]:3210".parse::().unwrap(), + peers: vec!["remote.machine.foo:3210".to_string(), "remote.machine.bar:3210".to_string()], + peer_timeout: 600, + keepalive: Some(840), + switch_timeout: 300, + beacon_store: Some("/run/vpncloud.beacon.out".to_string()), + beacon_load: Some("/run/vpncloud.beacon.in".to_string()), + beacon_interval: 7200, + beacon_password: Some("test123".to_string()), + mode: Mode::Normal, + port_forwarding: true, + claims: vec!["10.0.1.0/24".to_string()], + user: Some("nobody".to_string()), + group: Some("nogroup".to_string()), + pid_file: Some("/run/vpncloud.run".to_string()), + stats_file: Some("/var/log/vpncloud.stats".to_string()), + statsd_server: Some("example.com:1234".to_string()), + statsd_prefix: Some("prefix".to_string()), + ..Default::default() }); - assert_eq!( - config, - Config { - device_type: Type::Tun, - device_name: "vpncloud%d".to_string(), - device_path: None, - ip: None, - ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()), - ifdown: Some("true".to_string()), - listen: "[::]:3210".parse::().unwrap(), - peers: vec!["remote.machine.foo:3210".to_string(), "remote.machine.bar:3210".to_string()], - peer_timeout: 600, - keepalive: Some(840), - switch_timeout: 300, - beacon_store: Some("/run/vpncloud.beacon.out".to_string()), - beacon_load: Some("/run/vpncloud.beacon.in".to_string()), - beacon_interval: 7200, - beacon_password: Some("test123".to_string()), - mode: Mode::Normal, - port_forwarding: true, - claims: vec!["10.0.1.0/24".to_string()], - user: Some("nobody".to_string()), - group: Some("nogroup".to_string()), - pid_file: Some("/run/vpncloud.run".to_string()), - stats_file: Some("/var/log/vpncloud.stats".to_string()), - statsd_server: Some("example.com:1234".to_string()), - statsd_prefix: Some("prefix".to_string()), - ..Default::default() - } - ); config.merge_args(Args { type_: Some(Type::Tap), device: Some("vpncloud0".to_string()), @@ -778,43 +777,40 @@ fn config_merge() { group: Some("root".to_string()), ..Default::default() }); - assert_eq!( - config, - Config { - device_type: Type::Tap, - device_name: "vpncloud0".to_string(), - device_path: Some("/dev/null".to_string()), - fix_rp_filter: false, - ip: None, - ifup: Some("ifconfig $IFNAME 10.0.1.2/16 mtu 1400 up".to_string()), - ifdown: Some("ifconfig $IFNAME down".to_string()), - crypto: CryptoConfig { password: Some("anothersecret".to_string()), ..CryptoConfig::default() }, - listen: "[::]:3211".parse::().unwrap(), - peers: vec![ - "remote.machine.foo:3210".to_string(), - "remote.machine.bar:3210".to_string(), - "another:3210".to_string() - ], - peer_timeout: 1801, - keepalive: Some(850), - switch_timeout: 301, - beacon_store: Some("/run/vpncloud.beacon.out2".to_string()), - beacon_load: Some("/run/vpncloud.beacon.in2".to_string()), - beacon_interval: 3600, - beacon_password: Some("test1234".to_string()), - mode: Mode::Switch, - port_forwarding: false, - claims: vec!["10.0.1.0/24".to_string()], - auto_claim: true, - user: Some("root".to_string()), - group: Some("root".to_string()), - pid_file: Some("/run/vpncloud-mynet.run".to_string()), - stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()), - statsd_server: Some("example.com:2345".to_string()), - statsd_prefix: Some("prefix2".to_string()), - daemonize: true, - event_script: None, - event_scripts: HashMap::new() - } - ); + assert_eq!(config, Config { + device_type: Type::Tap, + device_name: "vpncloud0".to_string(), + device_path: Some("/dev/null".to_string()), + fix_rp_filter: false, + ip: None, + ifup: Some("ifconfig $IFNAME 10.0.1.2/16 mtu 1400 up".to_string()), + ifdown: Some("ifconfig $IFNAME down".to_string()), + crypto: CryptoConfig { password: Some("anothersecret".to_string()), ..CryptoConfig::default() }, + listen: "[::]:3211".parse::().unwrap(), + peers: vec![ + "remote.machine.foo:3210".to_string(), + "remote.machine.bar:3210".to_string(), + "another:3210".to_string() + ], + peer_timeout: 1801, + keepalive: Some(850), + switch_timeout: 301, + beacon_store: Some("/run/vpncloud.beacon.out2".to_string()), + beacon_load: Some("/run/vpncloud.beacon.in2".to_string()), + beacon_interval: 3600, + beacon_password: Some("test1234".to_string()), + mode: Mode::Switch, + port_forwarding: false, + claims: vec!["10.0.1.0/24".to_string()], + auto_claim: true, + user: Some("root".to_string()), + group: Some("root".to_string()), + pid_file: Some("/run/vpncloud-mynet.run".to_string()), + stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()), + statsd_server: Some("example.com:2345".to_string()), + statsd_prefix: Some("prefix2".to_string()), + daemonize: true, + hook: None, + hooks: HashMap::new() + }); } diff --git a/src/main.rs b/src/main.rs index 9a36d5c..4e39f3c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -140,9 +140,7 @@ fn setup_device(config: &Config) -> TunTapDevice { config.device_name ); info!("Opened device {}", device.ifname()); - config.call_event_script("device_setup", vec![ - ("IFNAME", device.ifname()) - ], true); + config.call_hook("device_setup", vec![("IFNAME", device.ifname())], true); if let Err(err) = device.set_mtu(None) { error!("Error setting optimal MTU on {}: {}", device.ifname(), err); } @@ -162,9 +160,7 @@ fn setup_device(config: &Config) -> TunTapDevice { warn!("Your networking configuration might be affected by a vulnerability (https://vpncloud.ddswd.de/docs/security/cve-2019-14899/), please change your rp_filter setting to 1 (currently {}).", val); } } - config.call_event_script("device_configured", vec![ - ("IFNAME", device.ifname()) - ], true); + config.call_hook("device_configured", vec![("IFNAME", device.ifname())], true); device } diff --git a/src/oldconfig.rs b/src/oldconfig.rs index 908912f..330336f 100644 --- a/src/oldconfig.rs +++ b/src/oldconfig.rs @@ -1,6 +1,6 @@ -use std::collections::HashMap; use super::{device::Type, types::Mode, util::Duration}; use crate::config::{ConfigFile, ConfigFileBeacon, ConfigFileDevice, ConfigFileStatsd, CryptoConfig}; +use std::collections::HashMap; #[derive(Serialize, Deserialize, Debug, PartialEq, Clone, Copy)] pub enum OldCryptoMethod { @@ -113,14 +113,11 @@ impl OldConfigFile { pid_file: self.pid_file, port_forwarding: self.port_forwarding, stats_file: self.stats_file, - statsd: Some(ConfigFileStatsd { - prefix: self.statsd_prefix, - server: self.statsd_server - }), + statsd: Some(ConfigFileStatsd { prefix: self.statsd_prefix, server: self.statsd_server }), switch_timeout: self.dst_timeout, user: self.user, - event_script: None, - event_scripts: HashMap::new() + hook: None, + hooks: HashMap::new() } } -} \ No newline at end of file +} From 2a8ea5087befd05243a784a7daa8d46db7b42b10 Mon Sep 17 00:00:00 2001 From: Dennis Schwerdel Date: Sun, 24 Jan 2021 19:25:34 +0100 Subject: [PATCH 6/6] Changelog entry --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ecab01e..1929536 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,8 +5,9 @@ This project follows [semantic versioning](http://semver.org). ### UNRELEASED - [added] Support for creating shell completions +- [added] Support for hook scripts to handle certain situations - [removed] Removed dummy device type -- [changed] Updated depdendencies +- [changed] Updated dependencies - [changed] Changed Rust version to 1.49.0 - [fixed] Added missing peer address propagation