plib.py 3.45 KB
Newer Older
1
import logging, errno, os
2
from . import utils
Guillaume Bury's avatar
Guillaume Bury committed
3

Guillaume Bury's avatar
Guillaume Bury committed
4 5 6
here = os.path.realpath(os.path.dirname(__file__))
ovpn_server = os.path.join(here, 'ovpn-server')
ovpn_client = os.path.join(here, 'ovpn-client')
7
ovpn_log = None
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
8

9
def openvpn(iface, encrypt, *args, **kw):
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
10
    args = ['openvpn',
11
        '--dev-type', 'tap',
Julien Muchembled's avatar
Julien Muchembled committed
12
        '--dev', iface,
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
13 14 15
        '--persist-tun',
        '--persist-key',
        '--script-security', '2',
16
        '--up', ovpn_client,
Julien Muchembled's avatar
Julien Muchembled committed
17
        #'--user', 'nobody', '--group', 'nogroup',
Guillaume Bury's avatar
Guillaume Bury committed
18
        ] + list(args)
19 20
    if ovpn_log:
        args += '--log-append', os.path.join(ovpn_log, '%s.log' % iface),
21
    if not encrypt:
22
        args += '--cipher', 'none', '--ncp-disable'
23
    logging.debug('%r', args)
24
    return utils.Popen(args, **kw)
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
25

Killian Lufau's avatar
Killian Lufau committed
26
ovpn_link_mtu_dict = {'udp4': 1500, 'udp6': 1500}
27

28
def server(iface, max_clients, dh_path, fd, port, proto, encrypt, *args, **kw):
Killian Lufau's avatar
Killian Lufau committed
29 30
    if proto == 'udp':
        proto = 'udp4'
31
    client_script = '%s %s' % (ovpn_server, fd)
32 33 34 35 36
    try:
        args = ('--link-mtu', str(ovpn_link_mtu_dict[proto]),
                '--mtu-disc', 'yes') + args
    except KeyError:
        proto += '-server'
37
    return openvpn(iface, encrypt,
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
38 39
        '--tls-server',
        '--mode', 'server',
40
        '--client-connect', client_script,
41
        '--client-disconnect', client_script,
Guillaume Bury's avatar
Guillaume Bury committed
42
        '--dh', dh_path,
Guillaume Bury's avatar
Guillaume Bury committed
43
        '--max-clients', str(max_clients),
44
        '--port', str(port),
45
        '--proto', proto,
46
        *args, **kw)
Ulysse Beaugnon's avatar
Ulysse Beaugnon committed
47

48

49
def client(iface, address_list, encrypt, *args, **kw):
50
    remote = ['--nobind', '--client']
51 52
    # XXX: We'd like to pass <connection> sections at command-line.
    link_mtu = set()
53
    for ip, port, proto in address_list:
Killian Lufau's avatar
Killian Lufau committed
54 55
        if proto == 'udp':
            proto = 'udp4'
Julien Muchembled's avatar
Julien Muchembled committed
56
        remote += '--remote', ip, port, proto
57 58 59 60
        link_mtu.add(ovpn_link_mtu_dict.get(proto))
    link_mtu, = link_mtu
    if link_mtu:
        remote += '--link-mtu', str(link_mtu), '--mtu-disc', 'yes'
61
    remote += args
62
    return openvpn(iface, encrypt, *remote, **kw)
63

64

65
def router(ip, ip4, src, hello_interval, log_path, state_path,
66 67
           pidfile, control_socket, default, *args, **kw):
    ip, n = ip
68 69
    if ip4:
        ip4, n4 = ip4
70
    cmd = ['babeld',
71 72
            '-h', str(hello_interval),
            '-H', str(hello_interval),
73
            '-L', log_path,
74
            '-S', state_path,
75
            '-I', pidfile,
76
            '-s',
77 78 79 80 81 82
            # Force use of ipv6 subtrees because:
            # - even Linux 2.6.32 has them
            # - the fallback implementation using a separate table
            #   is not equivalent, at least not the way we use babeld
            #   (and we don't need RTA_SRC for ipv4).
            '-C', 'ipv6-subtrees true',
83
            '-C', 'default ' + default,
84
            '-C', 'redistribute local deny',
85
            '-C', 'redistribute ip %s/%s eq %s' % (ip, n, n)]
86 87
    if ip4:
        cmd += '-C', 'redistribute ip %s/%s eq %s' % (ip4, n4, n4)
88 89 90 91 92 93
    if src:
        cmd += '-C', 'install ip ::/0 eq 0 src-prefix ' + src
    elif src is None:
        cmd += '-C', 'redistribute ip ::/0 eq 0'
    cmd += ('-C', 'redistribute deny',
            '-C', 'install pref-src ' + ip)
94 95
    if ip4:
        cmd += '-C', 'install pref-src ' + ip4
96
    if control_socket:
97
        cmd += '-X', '%s' % control_socket
98
    cmd += args
Julien Muchembled's avatar
Julien Muchembled committed
99 100 101 102 103 104
    # WKRD: babeld fails to start if pidfile already exists
    try:
        os.remove(pidfile)
    except OSError, e:
        if e.errno != errno.ENOENT:
            raise
105
    logging.info('%r', cmd)
106
    return utils.Popen(cmd, **kw)