GithubFollow/One-KVM
1
0
Fork 0
mirror of https://github.com/mofeng-git/One-KVM.git synced 2025-12-12 01:00:29 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

otgnet forwarding

Browse Source
This commit is contained in:
Devaev Maxim 2021-02-16 08:10:10 +03:00
parent ecdc65ceb3
commit 70fb46d428
4 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
kvmd/apps/__init__.py
View File

@ -511,6 +511,7 @@ def _get_config_scheme() -> Dict:
"allow_icmp": Option(True, type=valid_bool), "allow_icmp": Option(True, type=valid_bool),
"allow_tcp": Option([], type=valid_ports_list), "allow_tcp": Option([], type=valid_ports_list),
"allow_udp": Option([67], type=valid_ports_list), "allow_udp": Option([67], type=valid_ports_list),
"forward_iface": Option("", type=valid_stripped_string),
"iptables_cmd": Option(["/usr/bin/iptables"], type=valid_command), "iptables_cmd": Option(["/usr/bin/iptables"], type=valid_command),
}, },
@ -527,7 +528,7 @@ def _get_config_scheme() -> Dict:
"--port=0", "--port=0",
"--dhcp-range={dhcp_ip_begin},{dhcp_ip_end},24h", "--dhcp-range={dhcp_ip_begin},{dhcp_ip_end},24h",
"--dhcp-leasefile=/run/kvmd/dnsmasq.lease", "--dhcp-leasefile=/run/kvmd/dnsmasq.lease",
"--dhcp-option=3", "--dhcp-option={dhcp_option_3}",
"--dhcp-option=6", "--dhcp-option=6",
"--keep-in-foreground", "--keep-in-foreground",
], type=valid_command), ], type=valid_command),

9
kvmd/apps/otgnet/__init__.py
View File

@ -45,12 +45,14 @@ from .netctl import IfaceAddIpCtl
from .netctl import IptablesDropAllCtl from .netctl import IptablesDropAllCtl
from .netctl import IptablesAllowIcmpCtl from .netctl import IptablesAllowIcmpCtl
from .netctl import IptablesAllowPortCtl from .netctl import IptablesAllowPortCtl
from .netctl import IptablesForwardOut
from .netctl import IptablesForwardIn
from .netctl import CustomCtl from .netctl import CustomCtl
# ===== # =====
@dataclasses.dataclass(frozen=True) @dataclasses.dataclass(frozen=True)
class _Netcfg: class _Netcfg: # pylint: disable=too-many-instance-attributes
iface: str iface: str
iface_ip: str iface_ip: str
net_ip: str net_ip: str
@ -58,6 +60,7 @@ class _Netcfg:
net_mask: str net_mask: str
dhcp_ip_begin: str dhcp_ip_begin: str
dhcp_ip_end: str dhcp_ip_end: str
dhcp_option_3: str
class _Service: # pylint: disable=too-many-instance-attributes class _Service: # pylint: disable=too-many-instance-attributes
@ -68,6 +71,7 @@ class _Service: # pylint: disable=too-many-instance-attributes
self.__allow_icmp: bool = config.otgnet.firewall.allow_icmp self.__allow_icmp: bool = config.otgnet.firewall.allow_icmp
self.__allow_tcp: List[int] = sorted(set(config.otgnet.firewall.allow_tcp)) self.__allow_tcp: List[int] = sorted(set(config.otgnet.firewall.allow_tcp))
self.__allow_udp: List[int] = sorted(set(config.otgnet.firewall.allow_udp)) self.__allow_udp: List[int] = sorted(set(config.otgnet.firewall.allow_udp))
self.__forward_iface: str = config.otgnet.firewall.forward_iface
self.__iptables_cmd: List[str] = config.otgnet.firewall.iptables_cmd self.__iptables_cmd: List[str] = config.otgnet.firewall.iptables_cmd
self.__pre_start_cmd: List[str] = config.otgnet.commands.pre_start_cmd self.__pre_start_cmd: List[str] = config.otgnet.commands.pre_start_cmd
@ -101,6 +105,8 @@ class _Service: # pylint: disable=too-many-instance-attributes
*zip(self.__allow_udp, itertools.repeat(False)), *zip(self.__allow_udp, itertools.repeat(False)),
] ]
], ],
*([IptablesForwardOut(self.__iptables_cmd, self.__forward_iface)] if self.__forward_iface else []),
*([IptablesForwardIn(self.__iptables_cmd, netcfg.iface)] if self.__forward_iface else []),
IptablesDropAllCtl(self.__iptables_cmd, netcfg.iface), IptablesDropAllCtl(self.__iptables_cmd, netcfg.iface),
IfaceAddIpCtl(self.__ip_cmd, netcfg.iface, f"{netcfg.iface_ip}/{netcfg.net_prefix}"), IfaceAddIpCtl(self.__ip_cmd, netcfg.iface, f"{netcfg.iface_ip}/{netcfg.net_prefix}"),
CustomCtl(self.__post_start_cmd, self.__pre_stop_cmd, placeholders), CustomCtl(self.__post_start_cmd, self.__pre_stop_cmd, placeholders),
@ -152,6 +158,7 @@ class _Service: # pylint: disable=too-many-instance-attributes
net_mask=str(net.netmask), net_mask=str(net.netmask),
dhcp_ip_begin=dhcp_ip_begin, dhcp_ip_begin=dhcp_ip_begin,
dhcp_ip_end=dhcp_ip_end, dhcp_ip_end=dhcp_ip_end,
dhcp_option_3=(f"3,{iface_ip}" if self.__forward_iface else "3"),
) )
logger.info("Calculated %r address is %s/%d", iface, iface_ip, netcfg.net_prefix) logger.info("Calculated %r address is %s/%d", iface, iface_ip, netcfg.net_prefix)
return netcfg return netcfg

27
kvmd/apps/otgnet/netctl.py
View File

@ -85,6 +85,33 @@ class IptablesAllowPortCtl(BaseCtl):
] ]
class IptablesForwardOut(BaseCtl):
def __init__(self, base_cmd: List[str], iface: str) -> None:
self.__base_cmd = base_cmd
self.__iface = iface
def get_command(self, direct: bool) -> List[str]:
return [
*self.__base_cmd,
"--table", "nat",
("-A" if direct else "-D"), "POSTROUTING",
"-o", self.__iface, "-j", "MASQUERADE",
]
class IptablesForwardIn(BaseCtl):
def __init__(self, base_cmd: List[str], iface: str) -> None:
self.__base_cmd = base_cmd
self.__iface = iface
def get_command(self, direct: bool) -> List[str]:
return [
*self.__base_cmd,
("-A" if direct else "-D"), "FORWARD",
"-i", self.__iface, "-j", "ACCEPT",
]
class CustomCtl(BaseCtl): class CustomCtl(BaseCtl):
def __init__( def __init__(
self, self,

1
testenv/linters/vulture-wl.py
View File

@ -37,5 +37,6 @@ _SharedParams.height
_Netcfg.net_ip _Netcfg.net_ip
_Netcfg.net_mask _Netcfg.net_mask
_Netcfg.dhcp_option_3
_ScriptWriter.get_args _ScriptWriter.get_args