plib.py 3.41 KB
Newer Older
1
import logging, errno, os
2
from . import utils
Guillaume Bury's avatar
Guillaume Bury committed
3

Guillaume Bury's avatar
Guillaume Bury committed
4 5 6
here = os.path.realpath(os.path.dirname(__file__))
ovpn_server = os.path.join(here, 'ovpn-server')
ovpn_client = os.path.join(here, 'ovpn-client')
7
ovpn_log = None
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
8

9
def openvpn(iface, encrypt, *args, **kw):
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
10
    args = ['openvpn',
11
        '--dev-type', 'tap',
Julien Muchembled's avatar
Julien Muchembled committed
12
        '--dev', iface,
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
13 14 15
        '--persist-tun',
        '--persist-key',
        '--script-security', '2',
16
        '--up', ovpn_client,
Julien Muchembled's avatar
Julien Muchembled committed
17
        #'--user', 'nobody', '--group', 'nogroup',
Guillaume Bury's avatar
Guillaume Bury committed
18
        ] + list(args)
19 20
    if ovpn_log:
        args += '--log-append', os.path.join(ovpn_log, '%s.log' % iface),
21
    if not encrypt:
22
        args += '--cipher', 'none'
23
    logging.debug('%r', args)
24
    return utils.Popen(args, **kw)
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
25

26
ovpn_link_mtu_dict = {'udp': 1434, 'udp6': 1450}
27

28 29
def server(iface, max_clients, dh_path, fd, port, proto, encrypt, *args, **kw):
    client_script = '%s %s' % (ovpn_server, fd)
30 31 32 33 34 35
    try:
        args = ('--link-mtu', str(ovpn_link_mtu_dict[proto]),
                # mtu-disc ignored for udp6 due to a bug in OpenVPN
                '--mtu-disc', 'yes') + args
    except KeyError:
        proto += '-server'
36
    return openvpn(iface, encrypt,
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
37 38
        '--tls-server',
        '--mode', 'server',
39
        '--client-connect', client_script,
40
        '--client-disconnect', client_script,
Guillaume Bury's avatar
Guillaume Bury committed
41
        '--dh', dh_path,
Guillaume Bury's avatar
Guillaume Bury committed
42
        '--max-clients', str(max_clients),
43
        '--port', str(port),
44
        '--proto', proto,
45
        *args, **kw)
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
46

47

48
def client(iface, address_list, encrypt, *args, **kw):
49
    remote = ['--nobind', '--client']
50 51
    # XXX: We'd like to pass <connection> sections at command-line.
    link_mtu = set()
52
    for ip, port, proto in address_list:
Julien Muchembled's avatar
Julien Muchembled committed
53
        remote += '--remote', ip, port, proto
54 55 56 57
        link_mtu.add(ovpn_link_mtu_dict.get(proto))
    link_mtu, = link_mtu
    if link_mtu:
        remote += '--link-mtu', str(link_mtu), '--mtu-disc', 'yes'
58
    remote += args
59
    return openvpn(iface, encrypt, *remote, **kw)
60

61

62
def router(ip, ip4, src, hello_interval, log_path, state_path,
63 64
           pidfile, control_socket, default, *args, **kw):
    ip, n = ip
65 66
    if ip4:
        ip4, n4 = ip4
67
    cmd = ['babeld',
68 69
            '-h', str(hello_interval),
            '-H', str(hello_interval),
70
            '-L', log_path,
71
            '-S', state_path,
72
            '-I', pidfile,
73
            '-s',
74 75 76 77 78 79
            # Force use of ipv6 subtrees because:
            # - even Linux 2.6.32 has them
            # - the fallback implementation using a separate table
            #   is not equivalent, at least not the way we use babeld
            #   (and we don't need RTA_SRC for ipv4).
            '-C', 'ipv6-subtrees true',
80
            '-C', 'default ' + default,
81
            '-C', 'redistribute local deny',
82
            '-C', 'redistribute ip %s/%s eq %s' % (ip, n, n)]
83 84
    if ip4:
        cmd += '-C', 'redistribute ip %s/%s eq %s' % (ip4, n4, n4)
85 86 87 88 89 90
    if src:
        cmd += '-C', 'install ip ::/0 eq 0 src-prefix ' + src
    elif src is None:
        cmd += '-C', 'redistribute ip ::/0 eq 0'
    cmd += ('-C', 'redistribute deny',
            '-C', 'install pref-src ' + ip)
91 92
    if ip4:
        cmd += '-C', 'install pref-src ' + ip4
93
    if control_socket:
94
        cmd += '-X', '%s' % control_socket
95
    cmd += args
Julien Muchembled's avatar
Julien Muchembled committed
96 97 98 99 100 101
    # WKRD: babeld fails to start if pidfile already exists
    try:
        os.remove(pidfile)
    except OSError, e:
        if e.errno != errno.ENOENT:
            raise
102
    logging.info('%r', cmd)
103
    return utils.Popen(cmd, **kw)