otgnet forwarding

author: Devaev Maxim <[email protected]> 2021-02-16 08:10:10 +0300
committer: Devaev Maxim <[email protected]> 2021-02-16 08:10:10 +0300
commit: 70fb46d4287e33d34dbf72156372a5c55cb273f7 (patch)
tree: 6ba474f01872e74fdcaf3d5a8a6d996e89d832ad
parent: ecdc65ceb33d3c4f7809b9c7879a717be09771c2 (diff)
4 files changed, 38 insertions, 2 deletions
diff --git a/kvmd/apps/__init__.py b/kvmd/apps/__init__.py
index 557a611a..80fc82ec 100644
--- a/kvmd/apps/__init__.py
+++ b/kvmd/apps/__init__.py
@@ -511,6 +511,7 @@ def _get_config_scheme() -> Dict:
                 "allow_icmp":   Option(True, type=valid_bool),
                 "allow_tcp":    Option([],   type=valid_ports_list),
                 "allow_udp":    Option([67], type=valid_ports_list),
+                "forward_iface": Option("", type=valid_stripped_string),
                 "iptables_cmd": Option(["/usr/bin/iptables"], type=valid_command),
             },
 
@@ -527,7 +528,7 @@ def _get_config_scheme() -> Dict:
                     "--port=0",
                     "--dhcp-range={dhcp_ip_begin},{dhcp_ip_end},24h",
                     "--dhcp-leasefile=/run/kvmd/dnsmasq.lease",
-                    "--dhcp-option=3",
+                    "--dhcp-option={dhcp_option_3}",
                     "--dhcp-option=6",
                     "--keep-in-foreground",
                 ], type=valid_command),
diff --git a/kvmd/apps/otgnet/__init__.py b/kvmd/apps/otgnet/__init__.py
index 8b05f9e8..d3b32549 100644
--- a/kvmd/apps/otgnet/__init__.py
+++ b/kvmd/apps/otgnet/__init__.py
@@ -45,12 +45,14 @@ from .netctl import IfaceAddIpCtl
 from .netctl import IptablesDropAllCtl
 from .netctl import IptablesAllowIcmpCtl
 from .netctl import IptablesAllowPortCtl
+from .netctl import IptablesForwardOut
+from .netctl import IptablesForwardIn
 from .netctl import CustomCtl
 
 
 # =====
 @dataclasses.dataclass(frozen=True)
-class _Netcfg:
+class _Netcfg:  # pylint: disable=too-many-instance-attributes
     iface: str
     iface_ip: str
     net_ip: str
@@ -58,6 +60,7 @@ class _Netcfg:
     net_mask: str
     dhcp_ip_begin: str
     dhcp_ip_end: str
+    dhcp_option_3: str
 
 
 class _Service:  # pylint: disable=too-many-instance-attributes
@@ -68,6 +71,7 @@ class _Service:  # pylint: disable=too-many-instance-attributes
         self.__allow_icmp: bool = config.otgnet.firewall.allow_icmp
         self.__allow_tcp: List[int] = sorted(set(config.otgnet.firewall.allow_tcp))
         self.__allow_udp: List[int] = sorted(set(config.otgnet.firewall.allow_udp))
+        self.__forward_iface: str = config.otgnet.firewall.forward_iface
         self.__iptables_cmd: List[str] = config.otgnet.firewall.iptables_cmd
 
         self.__pre_start_cmd: List[str] = config.otgnet.commands.pre_start_cmd
@@ -101,6 +105,8 @@ class _Service:  # pylint: disable=too-many-instance-attributes
                     *zip(self.__allow_udp, itertools.repeat(False)),
                 ]
             ],
+            *([IptablesForwardOut(self.__iptables_cmd, self.__forward_iface)] if self.__forward_iface else []),
+            *([IptablesForwardIn(self.__iptables_cmd, netcfg.iface)] if self.__forward_iface else []),
             IptablesDropAllCtl(self.__iptables_cmd, netcfg.iface),
             IfaceAddIpCtl(self.__ip_cmd, netcfg.iface, f"{netcfg.iface_ip}/{netcfg.net_prefix}"),
             CustomCtl(self.__post_start_cmd, self.__pre_stop_cmd, placeholders),
@@ -152,6 +158,7 @@ class _Service:  # pylint: disable=too-many-instance-attributes
             net_mask=str(net.netmask),
             dhcp_ip_begin=dhcp_ip_begin,
             dhcp_ip_end=dhcp_ip_end,
+            dhcp_option_3=(f"3,{iface_ip}" if self.__forward_iface else "3"),
         )
         logger.info("Calculated %r address is %s/%d", iface, iface_ip, netcfg.net_prefix)
         return netcfg
diff --git a/kvmd/apps/otgnet/netctl.py b/kvmd/apps/otgnet/netctl.py
index 4d838513..59dca782 100644
--- a/kvmd/apps/otgnet/netctl.py
+++ b/kvmd/apps/otgnet/netctl.py
@@ -85,6 +85,33 @@ class IptablesAllowPortCtl(BaseCtl):
         ]
 
 
+class IptablesForwardOut(BaseCtl):
+    def __init__(self, base_cmd: List[str], iface: str) -> None:
+        self.__base_cmd = base_cmd
+        self.__iface = iface
+
+    def get_command(self, direct: bool) -> List[str]:
+        return [
+            *self.__base_cmd,
+            "--table", "nat",
+            ("-A" if direct else "-D"), "POSTROUTING",
+            "-o", self.__iface, "-j", "MASQUERADE",
+        ]
+
+
+class IptablesForwardIn(BaseCtl):
+    def __init__(self, base_cmd: List[str], iface: str) -> None:
+        self.__base_cmd = base_cmd
+        self.__iface = iface
+
+    def get_command(self, direct: bool) -> List[str]:
+        return [
+            *self.__base_cmd,
+            ("-A" if direct else "-D"), "FORWARD",
+            "-i", self.__iface, "-j", "ACCEPT",
+        ]
+
+
 class CustomCtl(BaseCtl):
     def __init__(
         self,
diff --git a/testenv/linters/vulture-wl.py b/testenv/linters/vulture-wl.py
index c83dc38e..1074a689 100644
--- a/testenv/linters/vulture-wl.py
+++ b/testenv/linters/vulture-wl.py
@@ -37,5 +37,6 @@ _SharedParams.height
 
 _Netcfg.net_ip
 _Netcfg.net_mask
+_Netcfg.dhcp_option_3
 
 _ScriptWriter.get_args
author	Devaev Maxim <[email protected]>	2021-02-16 08:10:10 +0300
committer	Devaev Maxim <[email protected]>	2021-02-16 08:10:10 +0300
commit	70fb46d4287e33d34dbf72156372a5c55cb273f7 (patch)
tree	6ba474f01872e74fdcaf3d5a8a6d996e89d832ad
parent	ecdc65ceb33d3c4f7809b9c7879a717be09771c2 (diff)