diff options
author | Devaev Maxim <[email protected]> | 2021-02-16 08:10:10 +0300 |
---|---|---|
committer | Devaev Maxim <[email protected]> | 2021-02-16 08:10:10 +0300 |
commit | 70fb46d4287e33d34dbf72156372a5c55cb273f7 (patch) | |
tree | 6ba474f01872e74fdcaf3d5a8a6d996e89d832ad /kvmd | |
parent | ecdc65ceb33d3c4f7809b9c7879a717be09771c2 (diff) |
otgnet forwarding
Diffstat (limited to 'kvmd')
-rw-r--r-- | kvmd/apps/__init__.py | 3 | ||||
-rw-r--r-- | kvmd/apps/otgnet/__init__.py | 9 | ||||
-rw-r--r-- | kvmd/apps/otgnet/netctl.py | 27 |
3 files changed, 37 insertions, 2 deletions
diff --git a/kvmd/apps/__init__.py b/kvmd/apps/__init__.py index 557a611a..80fc82ec 100644 --- a/kvmd/apps/__init__.py +++ b/kvmd/apps/__init__.py @@ -511,6 +511,7 @@ def _get_config_scheme() -> Dict: "allow_icmp": Option(True, type=valid_bool), "allow_tcp": Option([], type=valid_ports_list), "allow_udp": Option([67], type=valid_ports_list), + "forward_iface": Option("", type=valid_stripped_string), "iptables_cmd": Option(["/usr/bin/iptables"], type=valid_command), }, @@ -527,7 +528,7 @@ def _get_config_scheme() -> Dict: "--port=0", "--dhcp-range={dhcp_ip_begin},{dhcp_ip_end},24h", "--dhcp-leasefile=/run/kvmd/dnsmasq.lease", - "--dhcp-option=3", + "--dhcp-option={dhcp_option_3}", "--dhcp-option=6", "--keep-in-foreground", ], type=valid_command), diff --git a/kvmd/apps/otgnet/__init__.py b/kvmd/apps/otgnet/__init__.py index 8b05f9e8..d3b32549 100644 --- a/kvmd/apps/otgnet/__init__.py +++ b/kvmd/apps/otgnet/__init__.py @@ -45,12 +45,14 @@ from .netctl import IfaceAddIpCtl from .netctl import IptablesDropAllCtl from .netctl import IptablesAllowIcmpCtl from .netctl import IptablesAllowPortCtl +from .netctl import IptablesForwardOut +from .netctl import IptablesForwardIn from .netctl import CustomCtl # ===== @dataclasses.dataclass(frozen=True) -class _Netcfg: +class _Netcfg: # pylint: disable=too-many-instance-attributes iface: str iface_ip: str net_ip: str @@ -58,6 +60,7 @@ class _Netcfg: net_mask: str dhcp_ip_begin: str dhcp_ip_end: str + dhcp_option_3: str class _Service: # pylint: disable=too-many-instance-attributes @@ -68,6 +71,7 @@ class _Service: # pylint: disable=too-many-instance-attributes self.__allow_icmp: bool = config.otgnet.firewall.allow_icmp self.__allow_tcp: List[int] = sorted(set(config.otgnet.firewall.allow_tcp)) self.__allow_udp: List[int] = sorted(set(config.otgnet.firewall.allow_udp)) + self.__forward_iface: str = config.otgnet.firewall.forward_iface self.__iptables_cmd: List[str] = config.otgnet.firewall.iptables_cmd self.__pre_start_cmd: List[str] = config.otgnet.commands.pre_start_cmd @@ -101,6 +105,8 @@ class _Service: # pylint: disable=too-many-instance-attributes *zip(self.__allow_udp, itertools.repeat(False)), ] ], + *([IptablesForwardOut(self.__iptables_cmd, self.__forward_iface)] if self.__forward_iface else []), + *([IptablesForwardIn(self.__iptables_cmd, netcfg.iface)] if self.__forward_iface else []), IptablesDropAllCtl(self.__iptables_cmd, netcfg.iface), IfaceAddIpCtl(self.__ip_cmd, netcfg.iface, f"{netcfg.iface_ip}/{netcfg.net_prefix}"), CustomCtl(self.__post_start_cmd, self.__pre_stop_cmd, placeholders), @@ -152,6 +158,7 @@ class _Service: # pylint: disable=too-many-instance-attributes net_mask=str(net.netmask), dhcp_ip_begin=dhcp_ip_begin, dhcp_ip_end=dhcp_ip_end, + dhcp_option_3=(f"3,{iface_ip}" if self.__forward_iface else "3"), ) logger.info("Calculated %r address is %s/%d", iface, iface_ip, netcfg.net_prefix) return netcfg diff --git a/kvmd/apps/otgnet/netctl.py b/kvmd/apps/otgnet/netctl.py index 4d838513..59dca782 100644 --- a/kvmd/apps/otgnet/netctl.py +++ b/kvmd/apps/otgnet/netctl.py @@ -85,6 +85,33 @@ class IptablesAllowPortCtl(BaseCtl): ] +class IptablesForwardOut(BaseCtl): + def __init__(self, base_cmd: List[str], iface: str) -> None: + self.__base_cmd = base_cmd + self.__iface = iface + + def get_command(self, direct: bool) -> List[str]: + return [ + *self.__base_cmd, + "--table", "nat", + ("-A" if direct else "-D"), "POSTROUTING", + "-o", self.__iface, "-j", "MASQUERADE", + ] + + +class IptablesForwardIn(BaseCtl): + def __init__(self, base_cmd: List[str], iface: str) -> None: + self.__base_cmd = base_cmd + self.__iface = iface + + def get_command(self, direct: bool) -> List[str]: + return [ + *self.__base_cmd, + ("-A" if direct else "-D"), "FORWARD", + "-i", self.__iface, "-j", "ACCEPT", + ] + + class CustomCtl(BaseCtl): def __init__( self, |