GithubFollow/One-KVM
1
0
Fork 0
mirror of https://github.com/mofeng-git/One-KVM.git synced 2025-12-12 01:00:29 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

otgnet forwarding

Browse Source
This commit is contained in:
Devaev Maxim 2021-02-16 08:10:10 +03:00
parent ecdc65ceb3
commit 70fb46d428
4 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
kvmd/apps/__init__.py
View File

@ -511,6 +511,7 @@ def _get_config_scheme() -> Dict:
"allow_icmp": Option(True, type=valid_bool),
"allow_tcp": Option([], type=valid_ports_list),
"allow_udp": Option([67], type=valid_ports_list),
"forward_iface": Option("", type=valid_stripped_string),
"iptables_cmd": Option(["/usr/bin/iptables"], type=valid_command),
},
@ -527,7 +528,7 @@ def _get_config_scheme() -> Dict:
"--port=0",
"--dhcp-range={dhcp_ip_begin},{dhcp_ip_end},24h",
"--dhcp-leasefile=/run/kvmd/dnsmasq.lease",
"--dhcp-option=3",
"--dhcp-option={dhcp_option_3}",
"--dhcp-option=6",
"--keep-in-foreground",
], type=valid_command),

9
kvmd/apps/otgnet/__init__.py
View File

@ -45,12 +45,14 @@ from .netctl import IfaceAddIpCtl
from .netctl import IptablesDropAllCtl
from .netctl import IptablesAllowIcmpCtl
from .netctl import IptablesAllowPortCtl
from .netctl import IptablesForwardOut
from .netctl import IptablesForwardIn
from .netctl import CustomCtl
# =====
@dataclasses.dataclass(frozen=True)
class _Netcfg:
class _Netcfg: # pylint: disable=too-many-instance-attributes
iface: str
iface_ip: str
net_ip: str
@ -58,6 +60,7 @@ class _Netcfg:
net_mask: str
dhcp_ip_begin: str
dhcp_ip_end: str
dhcp_option_3: str
class _Service: # pylint: disable=too-many-instance-attributes
@ -68,6 +71,7 @@ class _Service: # pylint: disable=too-many-instance-attributes
self.__allow_icmp: bool = config.otgnet.firewall.allow_icmp
self.__allow_tcp: List[int] = sorted(set(config.otgnet.firewall.allow_tcp))
self.__allow_udp: List[int] = sorted(set(config.otgnet.firewall.allow_udp))
self.__forward_iface: str = config.otgnet.firewall.forward_iface
self.__iptables_cmd: List[str] = config.otgnet.firewall.iptables_cmd
self.__pre_start_cmd: List[str] = config.otgnet.commands.pre_start_cmd
@ -101,6 +105,8 @@ class _Service: # pylint: disable=too-many-instance-attributes
*zip(self.__allow_udp, itertools.repeat(False)),
]
],
*([IptablesForwardOut(self.__iptables_cmd, self.__forward_iface)] if self.__forward_iface else []),
*([IptablesForwardIn(self.__iptables_cmd, netcfg.iface)] if self.__forward_iface else []),
IptablesDropAllCtl(self.__iptables_cmd, netcfg.iface),
IfaceAddIpCtl(self.__ip_cmd, netcfg.iface, f"{netcfg.iface_ip}/{netcfg.net_prefix}"),
CustomCtl(self.__post_start_cmd, self.__pre_stop_cmd, placeholders),
@ -152,6 +158,7 @@ class _Service: # pylint: disable=too-many-instance-attributes
net_mask=str(net.netmask),
dhcp_ip_begin=dhcp_ip_begin,
dhcp_ip_end=dhcp_ip_end,
dhcp_option_3=(f"3,{iface_ip}" if self.__forward_iface else "3"),
)
logger.info("Calculated %r address is %s/%d", iface, iface_ip, netcfg.net_prefix)
return netcfg

27
kvmd/apps/otgnet/netctl.py
View File

@ -85,6 +85,33 @@ class IptablesAllowPortCtl(BaseCtl):
]
class IptablesForwardOut(BaseCtl):
def __init__(self, base_cmd: List[str], iface: str) -> None:
self.__base_cmd = base_cmd
self.__iface = iface
def get_command(self, direct: bool) -> List[str]:
return [
*self.__base_cmd,
"--table", "nat",
("-A" if direct else "-D"), "POSTROUTING",
"-o", self.__iface, "-j", "MASQUERADE",
]
class IptablesForwardIn(BaseCtl):
def __init__(self, base_cmd: List[str], iface: str) -> None:
self.__base_cmd = base_cmd
self.__iface = iface
def get_command(self, direct: bool) -> List[str]:
return [
*self.__base_cmd,
("-A" if direct else "-D"), "FORWARD",
"-i", self.__iface, "-j", "ACCEPT",
]
class CustomCtl(BaseCtl):
def __init__(
self,

1
testenv/linters/vulture-wl.py
View File

@ -37,5 +37,6 @@ _SharedParams.height
_Netcfg.net_ip
_Netcfg.net_mask
_Netcfg.dhcp_option_3
_ScriptWriter.get_args