Implement event scripts

This commit is contained in:
Dennis Schwerdel 2021-01-23 20:29:15 +01:00
parent 285940c60a
commit e6994e6939
7 changed files with 256 additions and 156 deletions

16
Cargo.lock generated
View File

@ -147,9 +147,9 @@ dependencies = [
[[package]]
name = "getrandom"
version = "0.2.1"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4060f4657be78b8e766215b02b18a2e862d83745545de804638e2b545e81aee6"
checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8"
dependencies = [
"cfg-if 1.0.0",
"libc",
@ -167,9 +167,9 @@ dependencies = [
[[package]]
name = "hermit-abi"
version = "0.1.17"
version = "0.1.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5aca5565f760fb5b220e499d72710ed156fdb74e631659e99377d9ebfbd13ae8"
checksum = "322f4de77956e22ed0e5032c359a0f1273f1f7f0d79bfa3b8ffbc730d7fbcc5c"
dependencies = [
"libc",
]
@ -463,15 +463,15 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3"
[[package]]
name = "serde"
version = "1.0.119"
version = "1.0.120"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9bdd36f49e35b61d49efd8aa7fc068fd295961fd2286d0b2ee9a4c7a14e99cc3"
checksum = "166b2349061381baf54a58e4b13c89369feb0ef2eaa57198899e2312aac30aab"
[[package]]
name = "serde_derive"
version = "1.0.119"
version = "1.0.120"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "552954ce79a059ddd5fd68c271592374bd15cab2274970380c000118aeffe1cd"
checksum = "0ca2a8cb5805ce9e3b95435e3765b7b553cecc762d938d409434338386cb5775"
dependencies = [
"proc-macro2",
"quote",

View File

@ -26,7 +26,8 @@ use crate::{
device::{Device, Type},
error::Error,
messages::{
AddrList, NodeInfo, PeerInfo, MESSAGE_TYPE_CLOSE, MESSAGE_TYPE_DATA, MESSAGE_TYPE_KEEPALIVE, MESSAGE_TYPE_NODE_INFO
AddrList, NodeInfo, PeerInfo, MESSAGE_TYPE_CLOSE, MESSAGE_TYPE_DATA, MESSAGE_TYPE_KEEPALIVE,
MESSAGE_TYPE_NODE_INFO
},
net::{mapped_addr, Socket},
payload::Protocol,
@ -225,6 +226,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
self.own_addresses.push(pfw.get_internal_ip().into());
self.own_addresses.push(pfw.get_external_ip().into());
}
// TODO: detect address changes and call event
Ok(())
}
@ -284,6 +286,11 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
// Ignore error this time
self.connect_sock(a).ok();
}
self.config.call_event_script(
"peer_connecting",
vec![("PEER", format!("{:?}", addr)), ("IFNAME", self.device.ifname().to_owned())],
true
);
Ok(())
}
@ -454,6 +461,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
self.next_stats_out = now + STATS_INTERVAL;
self.traffic.period(Some(5));
}
// TODO: every 5 minutes: EVENT periodic
if let Some(peers) = self.beacon_serializer.get_cmd_results() {
debug!("Loaded beacon with peers: {:?}", peers);
for peer in peers {
@ -628,6 +636,11 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
fn add_new_peer(&mut self, addr: SocketAddr, info: NodeInfo) -> Result<(), Error> {
info!("Added peer {}", addr_nice(addr));
self.config.call_event_script(
"peer_connected",
vec![("PEER", format!("{:?}", addr)), ("IFNAME", self.device.ifname().to_owned())],
true
);
if let Some(init) = self.pending_inits.remove(&addr) {
self.peers.insert(addr, PeerData {
addrs: info.addrs.clone(),
@ -647,6 +660,11 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
fn remove_peer(&mut self, addr: SocketAddr) {
if let Some(_peer) = self.peers.remove(&addr) {
info!("Closing connection to {}", addr_nice(addr));
self.config.call_event_script(
"peer_disconnected",
vec![("PEER", format!("{:?}", addr)), ("IFNAME", self.device.ifname().to_owned())],
true
);
self.table.remove_claims(addr);
}
}
@ -761,6 +779,11 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
let msg_result = init.handle_message(data);
match msg_result {
Ok(res) => {
self.config.call_event_script(
"peer_connecting",
vec![("PEER", format!("{:?}", src)), ("IFNAME", self.device.ifname().to_owned())],
true
);
self.pending_inits.insert(src, init);
Ok(res)
}
@ -800,6 +823,11 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
debug!("Fatal crypto init error from {}: {}", src, e);
info!("Closing pending connection to {} due to error in crypto init", addr_nice(src));
self.pending_inits.remove(&src);
self.config.call_event_script(
"peer_disconnected",
vec![("PEER", format!("{:?}", src)), ("IFNAME", self.device.ifname().to_owned())],
true
);
}
Err(e @ Error::CryptoInit(_)) => {
debug!("Recoverable init error from {}: {}", src, e);
@ -831,6 +859,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
let waiter = try_fail!(WaitImpl::new(&self.socket, &self.device, 1000), "Failed to setup poll: {}");
let mut buffer = MsgBuffer::new(SPACE_BEFORE);
let mut poll_error = false;
self.config.call_event_script("vpn_started", vec![("IFNAME", self.device.ifname())], true);
for evt in waiter {
match evt {
WaitResult::Error(err) => {
@ -856,6 +885,7 @@ impl<D: Device, P: Protocol, S: Socket, TS: TimeSource> GenericCloud<D, P, S, TS
}
}
info!("Shutting down...");
self.config.call_event_script("vpn_shutdown", vec![("IFNAME", self.device.ifname())], true);
buffer.clear();
self.broadcast_msg(MESSAGE_TYPE_CLOSE, &mut buffer).ok();
if let Some(ref path) = self.config.beacon_store {

View File

@ -4,19 +4,21 @@
use super::{device::Type, types::Mode, util::Duration};
pub use crate::crypto::Config as CryptoConfig;
use crate::util::run_cmd;
use std::collections::HashMap;
use std::ffi::OsStr;
use std::process::Command;
use std::{
cmp::max,
net::{IpAddr, Ipv6Addr, SocketAddr}
net::{IpAddr, Ipv6Addr, SocketAddr},
thread,
};
use structopt::StructOpt;
use structopt::clap::Shell;
use structopt::StructOpt;
pub const DEFAULT_PEER_TIMEOUT: u16 = 300;
pub const DEFAULT_PORT: u16 = 3210;
fn parse_listen(addr: &str) -> SocketAddr {
if let Some(addr) = addr.strip_prefix("*:") {
let port = try_fail!(addr.parse::<u16>(), "Invalid port: {}");
@ -61,7 +63,9 @@ pub struct Config {
pub statsd_server: Option<String>,
pub statsd_prefix: Option<String>,
pub user: Option<String>,
pub group: Option<String>
pub group: Option<String>,
pub event_script: Option<String>,
pub event_scripts: HashMap<String, String>,
}
impl Default for Config {
@ -94,7 +98,9 @@ impl Default for Config {
statsd_server: None,
statsd_prefix: None,
user: None,
group: None
group: None,
event_script: None,
event_scripts: HashMap::new(),
}
}
}
@ -199,6 +205,12 @@ impl Config {
if !file.crypto.algorithms.is_empty() {
self.crypto.algorithms = file.crypto.algorithms.clone();
}
if let Some(val) = file.event_script {
self.event_script = Some(val)
}
for (k, v) in file.event_scripts {
self.event_scripts.insert(k, v);
}
}
pub fn merge_args(&mut self, mut args: Args) {
@ -292,16 +304,43 @@ impl Config {
if !args.algorithms.is_empty() {
self.crypto.algorithms = args.algorithms.clone();
}
for s in args.event_script {
self.event_script = Some(s);
//TODO: parse params
}
}
pub fn get_keepalive(&self) -> Duration {
match self.keepalive {
Some(dur) => dur,
None => max(self.peer_timeout / 2 - 60, 1)
}
None => max(self.peer_timeout / 2 - 60, 1),
}
}
pub fn call_event_script(
&self, event: &'static str, envs: impl IntoIterator<Item = (&'static str, impl AsRef<OsStr>)>, detach: bool,
) {
let mut script = None;
if let Some(ref s) = self.event_script {
script = Some(s);
}
if let Some(ref s) = self.event_scripts.get(event) {
script = Some(s);
}
if script.is_none() {
return;
}
let script = script.unwrap();
let mut cmd = Command::new("sh");
cmd.arg("-c").arg(script).envs(envs).env("EVENT", event);
debug!("Running event script: {:?}", cmd);
if detach {
thread::spawn(move || run_cmd(cmd));
} else {
run_cmd(cmd)
}
}
}
#[derive(StructOpt, Debug, Default)]
pub struct Args {
@ -463,7 +502,11 @@ pub struct Args {
/// Generate shell completions
#[structopt(long)]
pub completion: Option<Shell>
pub completion: Option<Shell>,
/// Call script on event
#[structopt(long)]
pub event_script: Vec<String>,
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Default)]
@ -473,7 +516,7 @@ pub struct ConfigFileDevice {
pub type_: Option<Type>,
pub name: Option<String>,
pub path: Option<String>,
pub fix_rp_filter: Option<bool>
pub fix_rp_filter: Option<bool>,
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Default)]
@ -482,14 +525,14 @@ pub struct ConfigFileBeacon {
pub store: Option<String>,
pub load: Option<String>,
pub interval: Option<Duration>,
pub password: Option<String>
pub password: Option<String>,
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Default)]
#[serde(rename_all = "kebab-case", deny_unknown_fields, default)]
pub struct ConfigFileStatsd {
pub server: Option<String>,
pub prefix: Option<String>
pub prefix: Option<String>,
}
#[derive(Serialize, Deserialize, Debug, PartialEq, Default)]
@ -517,10 +560,11 @@ pub struct ConfigFile {
pub stats_file: Option<String>,
pub statsd: Option<ConfigFileStatsd>,
pub user: Option<String>,
pub group: Option<String>
pub group: Option<String>,
pub event_script: Option<String>,
pub event_scripts: HashMap<String, String>,
}
#[test]
fn config_file() {
let config_file = "
@ -554,7 +598,9 @@ statsd:
server: example.com:1234
prefix: prefix
";
assert_eq!(serde_yaml::from_str::<ConfigFile>(config_file).unwrap(), ConfigFile {
assert_eq!(
serde_yaml::from_str::<ConfigFile>(config_file).unwrap(),
ConfigFile {
device: Some(ConfigFileDevice {
type_: Some(Type::Tun),
name: Some("vpncloud%d".to_string()),
@ -587,8 +633,11 @@ statsd:
statsd: Some(ConfigFileStatsd {
server: Some("example.com:1234".to_string()),
prefix: Some("prefix".to_string())
})
})
}),
event_script: None,
event_scripts: HashMap::new()
}
)
}
#[test]
@ -621,9 +670,12 @@ fn default_config_as_default() {
statsd_server: None,
statsd_prefix: None,
user: None,
group: None
group: None,
event_script: None,
event_scripts: HashMap::new(),
};
let default_config_file = serde_yaml::from_str::<ConfigFile>(include_str!("../assets/example.net.disabled")).unwrap();
let default_config_file =
serde_yaml::from_str::<ConfigFile>(include_str!("../assets/example.net.disabled")).unwrap();
default_config.merge_file(default_config_file);
assert_eq!(default_config, Config::default());
}
@ -636,7 +688,7 @@ fn config_merge() {
type_: Some(Type::Tun),
name: Some("vpncloud%d".to_string()),
path: None,
fix_rp_filter: None
fix_rp_filter: None,
}),
ip: None,
ifup: Some("ifconfig $IFNAME 10.0.1.1/16 mtu 1400 up".to_string()),
@ -650,7 +702,7 @@ fn config_merge() {
store: Some("/run/vpncloud.beacon.out".to_string()),
load: Some("/run/vpncloud.beacon.in".to_string()),
interval: Some(7200),
password: Some("test123".to_string())
password: Some("test123".to_string()),
}),
mode: Some(Mode::Normal),
switch_timeout: Some(300),
@ -663,10 +715,14 @@ fn config_merge() {
stats_file: Some("/var/log/vpncloud.stats".to_string()),
statsd: Some(ConfigFileStatsd {
server: Some("example.com:1234".to_string()),
prefix: Some("prefix".to_string())
})
prefix: Some("prefix".to_string()),
}),
event_script: None,
event_scripts: HashMap::new(),
});
assert_eq!(config, Config {
assert_eq!(
config,
Config {
device_type: Type::Tun,
device_name: "vpncloud%d".to_string(),
device_path: None,
@ -692,7 +748,8 @@ fn config_merge() {
statsd_server: Some("example.com:1234".to_string()),
statsd_prefix: Some("prefix".to_string()),
..Default::default()
});
}
);
config.merge_args(Args {
type_: Some(Type::Tap),
device: Some("vpncloud0".to_string()),
@ -721,7 +778,9 @@ fn config_merge() {
group: Some("root".to_string()),
..Default::default()
});
assert_eq!(config, Config {
assert_eq!(
config,
Config {
device_type: Type::Tap,
device_name: "vpncloud0".to_string(),
device_path: Some("/dev/null".to_string()),
@ -753,6 +812,9 @@ fn config_merge() {
stats_file: Some("/var/log/vpncloud-mynet.stats".to_string()),
statsd_server: Some("example.com:2345".to_string()),
statsd_prefix: Some("prefix2".to_string()),
daemonize: true
});
daemonize: true,
event_script: None,
event_scripts: HashMap::new()
}
);
}

View File

@ -36,7 +36,7 @@ struct IfReq {
impl IfReq {
fn new(name: &str) -> Self {
assert!(name.len() < libc::IF_NAMESIZE);
let mut ifr_name = [0 as u8; libc::IF_NAMESIZE];
let mut ifr_name = [0; libc::IF_NAMESIZE];
ifr_name[..name.len()].clone_from_slice(name.as_bytes());
Self { ifr_name, data: IfReqData { _dummy: [0; 24] } }
}

View File

@ -140,6 +140,9 @@ fn setup_device(config: &Config) -> TunTapDevice {
config.device_name
);
info!("Opened device {}", device.ifname());
config.call_event_script("device_setup", vec![
("IFNAME", device.ifname())
], true);
if let Err(err) = device.set_mtu(None) {
error!("Error setting optimal MTU on {}: {}", device.ifname(), err);
}
@ -159,6 +162,9 @@ fn setup_device(config: &Config) -> TunTapDevice {
warn!("Your networking configuration might be affected by a vulnerability (https://vpncloud.ddswd.de/docs/security/cve-2019-14899/), please change your rp_filter setting to 1 (currently {}).", val);
}
}
config.call_event_script("device_configured", vec![
("IFNAME", device.ifname())
], true);
device
}

View File

@ -1,3 +1,4 @@
use std::collections::HashMap;
use super::{device::Type, types::Mode, util::Duration};
use crate::config::{ConfigFile, ConfigFileBeacon, ConfigFileDevice, ConfigFileStatsd, CryptoConfig};
@ -117,7 +118,9 @@ impl OldConfigFile {
server: self.statsd_server
}),
switch_timeout: self.dst_timeout,
user: self.user
user: self.user,
event_script: None,
event_scripts: HashMap::new()
}
}
}

View File

@ -2,31 +2,31 @@
// Copyright (C) 2015-2020 Dennis Schwerdel
// This software is licensed under GPL-3 or newer (see LICENSE.md)
use std::process::Command;
use std::{
fmt,
net::{Ipv4Addr, SocketAddr, ToSocketAddrs, UdpSocket},
sync::atomic::{AtomicIsize, Ordering}
sync::atomic::{AtomicIsize, Ordering},
};
use crate::error::Error;
#[cfg(not(target_os = "linux"))] use time;
#[cfg(not(target_os = "linux"))]
use time;
use signal::{trap::Trap, Signal};
use smallvec::SmallVec;
use std::time::Instant;
pub type Duration = u32;
pub type Time = i64;
#[derive(Clone)]
pub struct MsgBuffer {
space_before: usize,
buffer: [u8; 65535],
start: usize,
end: usize
end: usize,
}
impl MsgBuffer {
@ -98,7 +98,6 @@ impl MsgBuffer {
}
}
const HEX_CHARS: &[u8] = b"0123456789abcdef";
pub fn bytes_to_hex(bytes: &[u8]) -> String {
@ -113,13 +112,12 @@ pub fn bytes_to_hex(bytes: &[u8]) -> String {
pub fn addr_nice(addr: SocketAddr) -> SocketAddr {
if let SocketAddr::V6(v6addr) = addr {
if let Some(ip) = v6addr.ip().to_ipv4() {
return (ip, addr.port()).into()
return (ip, addr.port()).into();
}
}
addr
}
pub struct Encoder;
impl Encoder {
@ -172,7 +170,6 @@ impl Encoder {
}
}
macro_rules! fail {
($format:expr) => ( {
use std::process;
@ -215,17 +212,14 @@ pub fn get_internal_ip() -> Ipv4Addr {
}
}
#[allow(unknown_lints, clippy::needless_pass_by_value)]
pub fn resolve<Addr: ToSocketAddrs + fmt::Debug>(addr: Addr) -> Result<SmallVec<[SocketAddr; 4]>, Error> {
let mut addrs =
addr.to_socket_addrs().map_err(|_| Error::NameUnresolvable(format!("{:?}", addr)))?.collect::<SmallVec<_>>();
// Try IPv4 first as it usually is faster
addrs.sort_by_key(|addr| {
match *addr {
addrs.sort_by_key(|addr| match *addr {
SocketAddr::V4(_) => 4,
SocketAddr::V6(_) => 6
}
SocketAddr::V6(_) => 6,
});
// Remove duplicates in addrs (why are there duplicates???)
addrs.dedup();
@ -239,7 +233,6 @@ macro_rules! addr {
}};
}
pub struct Bytes(pub u64);
impl fmt::Display for Bytes {
@ -248,31 +241,30 @@ impl fmt::Display for Bytes {
if size >= 512.0 {
size /= 1024.0;
} else {
return write!(formatter, "{:.0} B", size)
return write!(formatter, "{:.0} B", size);
}
if size >= 512.0 {
size /= 1024.0;
} else {
return write!(formatter, "{:.1} KiB", size)
return write!(formatter, "{:.1} KiB", size);
}
if size >= 512.0 {
size /= 1024.0;
} else {
return write!(formatter, "{:.1} MiB", size)
return write!(formatter, "{:.1} MiB", size);
}
if size >= 512.0 {
size /= 1024.0;
} else {
return write!(formatter, "{:.1} GiB", size)
return write!(formatter, "{:.1} GiB", size);
}
write!(formatter, "{:.1} TiB", size)
}
}
pub struct CtrlC {
dummy_time: Instant,
trap: Trap
trap: Trap,
}
impl CtrlC {
@ -293,7 +285,6 @@ impl Default for CtrlC {
}
}
pub trait TimeSource: Sync + Copy + Send + 'static {
fn now() -> Time;
}
@ -336,7 +327,6 @@ impl TimeSource for MockTimeSource {
}
}
/// Helper function that multiplies the base62 data in buf[0..buflen] by 16 and adds m to it
fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize {
let mut d: usize = m as usize;
@ -356,7 +346,7 @@ fn base62_add_mult_16(buf: &mut [u8], mut buflen: usize, m: u8) -> usize {
const BASE62: [char; 62] = [
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',
'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j',
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'
'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
];
pub fn to_base62(data: &[u8]) -> String {
@ -382,7 +372,7 @@ pub fn from_base62(data: &str) -> Result<Vec<u8>, char> {
'0'..='9' => ((c as usize) % ('0' as usize)),
'A'..='Z' => ((c as usize) % ('A' as usize)) + 10,
'a'..='z' => ((c as usize) % ('a' as usize)) + 36,
_ => return Err(c)
_ => return Err(c),
};
for item in &mut buf {
val += *item as usize * 62;
@ -397,11 +387,10 @@ pub fn from_base62(data: &str) -> Result<Vec<u8>, char> {
Ok(buf)
}
#[derive(Default)]
pub struct StatsdMsg {
entries: Vec<String>,
key: Vec<String>
key: Vec<String>,
}
impl StatsdMsg {
@ -426,6 +415,16 @@ impl StatsdMsg {
}
}
pub fn run_cmd(mut cmd: Command) {
match cmd.status() {
Ok(status) => {
if !status.success() {
error!("Command returned error: {:?}", status.code())
}
}
Err(e) => error!("Failed to execute command {:?}: {}", cmd, e),
}
}
#[test]
fn base62() {