diff options
| -rw-r--r-- | PKGBUILD | 1 | ||||
| -rw-r--r-- | configs/os/services/kvmd-otgnet.service | 12 | ||||
| -rw-r--r-- | kvmd/apps/__init__.py | 31 | ||||
| -rw-r--r-- | kvmd/apps/otgnet/__init__.py | 194 | ||||
| -rw-r--r-- | kvmd/apps/otgnet/__main__.py | 24 | ||||
| -rw-r--r-- | kvmd/apps/otgnet/netctl.py | 92 | ||||
| -rwxr-xr-x | setup.py | 2 | ||||
| -rw-r--r-- | testenv/linters/vulture-wl.py | 3 | ||||
| -rw-r--r-- | testenv/v2-hdmi-rpi4.override.yaml | 7 | ||||
| -rw-r--r-- | testenv/v2-hdmiusb-rpi4.override.yaml | 8 |
10 files changed, 364 insertions, 10 deletions
@@ -61,6 +61,7 @@ depends=( sudo iptables iproute2 + dnsmasq "raspberrypi-io-access>=0.5" "ustreamer>=1.19" ) diff --git a/configs/os/services/kvmd-otgnet.service b/configs/os/services/kvmd-otgnet.service new file mode 100644 index 00000000..9ee278d5 --- /dev/null +++ b/configs/os/services/kvmd-otgnet.service @@ -0,0 +1,12 @@ +[Unit] +Description=Pi-KVM - OTG network service +After=kvmd-otg.service + +[Service] +Type=oneshot +ExecStart=/usr/bin/kvmd-otgnet start +ExecStop=/usr/bin/kvmd-otgnet stop +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target diff --git a/kvmd/apps/__init__.py b/kvmd/apps/__init__.py index a882e0d7..9c07cf94 100644 --- a/kvmd/apps/__init__.py +++ b/kvmd/apps/__init__.py @@ -430,21 +430,34 @@ def _get_config_scheme() -> Dict: "otgnet": { "iface": { - "net": Option("169.254.0.100/31", type=functools.partial(valid_net, v6=False)), + "net": Option("169.254.0.0/24", type=functools.partial(valid_net, v6=False)), + "ip_cmd": Option(["/usr/bin/ip"], type=valid_command), }, "firewall": { - "allow_tcp": Option([], type=valid_ports_list), - "allow_udp": Option([], type=valid_ports_list), - }, - - "dhcp": { - "enabled": Option(True, type=valid_bool), + "allow_tcp": Option([], type=valid_ports_list), + "allow_udp": Option([], type=valid_ports_list), + "iptables_cmd": Option(["/usr/bin/iptables"], type=valid_command), }, "commands": { - "ip_cmd": Option(["/usr/bin/ip"], type=valid_command), - "iptables_cmd": Option(["/usr/bin/iptables"], type=valid_command), + "pre_start_cmd": Option(["/bin/true", "pre-start"], type=valid_command), + "post_start_cmd": Option([ + "/usr/bin/systemd-run", + "--unit=kvmd-otgnet-dnsmasq", + "dnsmasq", + "--interface={iface}", + "--port=0", + "--dhcp-range={dhcp_ip_begin},{dhcp_ip_end},24h", + "--dhcp-leasefile=/run/kvmd/dnsmasq.lease", + "--no-daemon", + ], type=valid_command), + "pre_stop_cmd": Option([ + "/usr/bin/systemctl", + "stop", + "kvmd-otgnet-dnsmasq", + ], type=valid_command), + "post_stop_cmd": Option(["/bin/true", "post-stop"], type=valid_command), }, }, diff --git a/kvmd/apps/otgnet/__init__.py b/kvmd/apps/otgnet/__init__.py new file mode 100644 index 00000000..e28a5a21 --- /dev/null +++ b/kvmd/apps/otgnet/__init__.py @@ -0,0 +1,194 @@ +# ========================================================================== # +# # +# KVMD - The main Pi-KVM daemon. # +# # +# Copyright (C) 2018 Maxim Devaev <[email protected]> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <https://www.gnu.org/licenses/>. # +# # +# ========================================================================== # + + +import os +import asyncio +import ipaddress +import dataclasses +import itertools +import argparse + +from typing import List +from typing import Optional + +from ...logging import get_logger + +from ...yamlconf import Section + +from ... import env +from ... import aioproc + +from .. import init + +from .netctl import BaseCtl +from .netctl import IfaceUpCtl +from .netctl import IfaceAddIpCtl +from .netctl import IptablesDropAllCtl +from .netctl import IptablesAllowPortCtl +from .netctl import CustomCtl + + +# ===== [email protected](frozen=True) +class _Netcfg: + iface: str + iface_ip: str + net_ip: str + net_prefix: int + net_mask: str + dhcp_ip_begin: str + dhcp_ip_end: str + + +class _Service: # pylint: disable=too-many-instance-attributes + def __init__(self, config: Section) -> None: + self.__iface_net: str = config.otgnet.iface.net + self.__ip_cmd: List[str] = config.otgnet.iface.ip_cmd + + self.__allow_tcp: List[int] = sorted(set(config.otgnet.firewall.allow_tcp)) + self.__allow_udp: List[int] = sorted(set(config.otgnet.firewall.allow_udp)) + self.__iptables_cmd: List[str] = config.otgnet.firewall.iptables_cmd + + self.__pre_start_cmd: List[str] = config.otgnet.commands.pre_start_cmd + self.__post_start_cmd: List[str] = config.otgnet.commands.post_start_cmd + self.__pre_stop_cmd: List[str] = config.otgnet.commands.pre_stop_cmd + self.__post_stop_cmd: List[str] = config.otgnet.commands.post_stop_cmd + + self.__gadget: str = config.otg.gadget + self.__driver: str = config.otg.devices.ethernet.driver + + def start(self) -> None: + asyncio.run(self.__run(True)) + + def stop(self) -> None: + asyncio.run(self.__run(False)) + + async def __run(self, direct: bool) -> None: + netcfg = self.__make_netcfg() + placeholders = { + key: str(value) + for (key, value) in dataclasses.asdict(netcfg).items() + } + ctls: List[BaseCtl] = [ + CustomCtl(self.__pre_start_cmd, self.__post_stop_cmd, placeholders), + IfaceUpCtl(self.__ip_cmd, netcfg.iface), + IptablesDropAllCtl(self.__iptables_cmd, netcfg.iface), + *[ + IptablesAllowPortCtl(self.__iptables_cmd, netcfg.iface, port, tcp) + for (port, tcp) in [ + *zip(self.__allow_tcp, itertools.repeat(True)), + *zip(self.__allow_udp, itertools.repeat(False)), + ] + ], + IfaceAddIpCtl(self.__ip_cmd, netcfg.iface, f"{netcfg.iface_ip}/{netcfg.net_prefix}"), + CustomCtl(self.__post_start_cmd, self.__pre_stop_cmd, placeholders), + ] + if direct: + for ctl in ctls: + if not (await self.__run_ctl(ctl, True)): + raise SystemExit(1) + get_logger(0).info("Ready to work") + else: + for ctl in reversed(ctls): + await self.__run_ctl(ctl, False) + get_logger(0).info("Bye-bye") + + async def __run_ctl(self, ctl: BaseCtl, direct: bool) -> bool: + logger = get_logger() + cmd = ctl.get_command(direct) + logger.info("CMD: %s", " ".join(cmd)) + try: + return (not (await aioproc.log_process(cmd, logger)).returncode) + except Exception as err: + logger.exception("Can't execute command: %s", err) + return False + + # ===== + + def __make_netcfg(self) -> _Netcfg: + iface = self.__find_iface() + logger = get_logger() + + logger.info("Using IPv4 network %s ...", self.__iface_net) + net = ipaddress.IPv4Network(self.__iface_net) + if net.prefixlen > 31: + raise RuntimeError("Too small network, required at least /31") + + if net.prefixlen == 31: + iface_ip = str(net[0]) + dhcp_ip_begin = dhcp_ip_end = str(net[1]) + else: + iface_ip = str(net[1]) + dhcp_ip_begin = str(net[2]) + dhcp_ip_end = str(net[-2]) + + netcfg = _Netcfg( + iface=iface, + iface_ip=iface_ip, + net_ip=str(net.network_address), + net_prefix=net.prefixlen, + net_mask=str(net.netmask), + dhcp_ip_begin=dhcp_ip_begin, + dhcp_ip_end=dhcp_ip_end, + ) + logger.info("Calculated %r address is %s/%d", iface, iface_ip, netcfg.net_prefix) + return netcfg + + def __find_iface(self) -> str: + logger = get_logger() + path = env.SYSFS_PREFIX + os.path.join( + "/sys/kernel/config/usb_gadget", + self.__gadget, + f"functions/{self.__driver}.usb0/ifname", + ) + logger.info("Using OTG gadget %r ...", self.__gadget) + with open(path) as iface_file: + iface = iface_file.read().strip() + logger.info("Using OTG Ethernet interface %r ...", iface) + assert iface + return iface + + +# ===== +def main(argv: Optional[List[str]]=None) -> None: + (parent_parser, argv, config) = init( + add_help=False, + argv=argv, + ) + parser = argparse.ArgumentParser( + prog="kvmd-otgnet", + description="Control KVMD OTG network", + parents=[parent_parser], + ) + parser.set_defaults(cmd=(lambda *_: parser.print_help())) + subparsers = parser.add_subparsers() + + service = _Service(config) + + cmd_start_parser = subparsers.add_parser("start", help="Start OTG network") + cmd_start_parser.set_defaults(cmd=service.start) + + cmd_stop_parser = subparsers.add_parser("stop", help="Stop OTG network") + cmd_stop_parser.set_defaults(cmd=service.stop) + + options = parser.parse_args(argv[1:]) + options.cmd() diff --git a/kvmd/apps/otgnet/__main__.py b/kvmd/apps/otgnet/__main__.py new file mode 100644 index 00000000..77f4e294 --- /dev/null +++ b/kvmd/apps/otgnet/__main__.py @@ -0,0 +1,24 @@ +# ========================================================================== # +# # +# KVMD - The main Pi-KVM daemon. # +# # +# Copyright (C) 2018 Maxim Devaev <[email protected]> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <https://www.gnu.org/licenses/>. # +# # +# ========================================================================== # + + +from . import main +main() diff --git a/kvmd/apps/otgnet/netctl.py b/kvmd/apps/otgnet/netctl.py new file mode 100644 index 00000000..874e904a --- /dev/null +++ b/kvmd/apps/otgnet/netctl.py @@ -0,0 +1,92 @@ +# ========================================================================== # +# # +# KVMD - The main Pi-KVM daemon. # +# # +# Copyright (C) 2018 Maxim Devaev <[email protected]> # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <https://www.gnu.org/licenses/>. # +# # +# ========================================================================== # + + +from typing import List +from typing import Dict + + +# ===== +class BaseCtl: + def get_command(self, direct: bool) -> List[str]: + raise NotImplementedError + + +class IfaceUpCtl(BaseCtl): + def __init__(self, base_cmd: List[str], iface: str) -> None: + self.__base_cmd = base_cmd + self.__iface = iface + + def get_command(self, direct: bool) -> List[str]: + return [*self.__base_cmd, "link", "set", self.__iface, ("up" if direct else "down")] + + +class IfaceAddIpCtl(BaseCtl): + def __init__(self, base_cmd: List[str], iface: str, cidr: str) -> None: + self.__base_cmd = base_cmd + self.__iface = iface + self.__cidr = cidr + + def get_command(self, direct: bool) -> List[str]: + return [*self.__base_cmd, "address", ("add" if direct else "del"), self.__cidr, "dev", self.__iface] + + +class IptablesDropAllCtl(BaseCtl): + def __init__(self, base_cmd: List[str], iface: str) -> None: + self.__base_cmd = base_cmd + self.__iface = iface + + def get_command(self, direct: bool) -> List[str]: + return [*self.__base_cmd, ("-A" if direct else "-D"), "INPUT", "-i", self.__iface, "-j", "DROP"] + + +class IptablesAllowPortCtl(BaseCtl): + def __init__(self, base_cmd: List[str], iface: str, port: int, tcp: bool) -> None: + self.__base_cmd = base_cmd + self.__iface = iface + self.__port = port + self.__proto = ("tcp" if tcp else "udp") + + def get_command(self, direct: bool) -> List[str]: + return [ + *self.__base_cmd, + ("-A" if direct else "-D"), "INPUT", "-i", self.__iface, "-p", self.__proto, + "--dport", str(self.__port), "-j", "ACCEPT", + ] + + +class CustomCtl(BaseCtl): + def __init__( + self, + direct_cmd: List[str], + reverse_cmd: List[str], + placeholders: Dict[str, str], + ) -> None: + + self.__direct_cmd = direct_cmd + self.__reverse_cmd = reverse_cmd + self.__placeholders = placeholders + + def get_command(self, direct: bool) -> List[str]: + return [ + part.format(**self.__placeholders) + for part in (self.__direct_cmd if direct else self.__reverse_cmd) + ] @@ -95,6 +95,7 @@ def main() -> None: "kvmd.apps.kvmd.api", "kvmd.apps.otg", "kvmd.apps.otg.hid", + "kvmd.apps.otgnet", "kvmd.apps.otgmsd", "kvmd.apps.htpasswd", "kvmd.apps.cleanup", @@ -121,6 +122,7 @@ def main() -> None: "console_scripts": [ "kvmd = kvmd.apps.kvmd:main", "kvmd-otg = kvmd.apps.otg:main", + "kvmd-otgnet = kvmd.apps.otgnet:main", "kvmd-otgmsd = kvmd.apps.otgmsd:main", "kvmd-htpasswd = kvmd.apps.htpasswd:main", "kvmd-cleanup = kvmd.apps.cleanup:main", diff --git a/testenv/linters/vulture-wl.py b/testenv/linters/vulture-wl.py index 62338131..608f0aab 100644 --- a/testenv/linters/vulture-wl.py +++ b/testenv/linters/vulture-wl.py @@ -31,4 +31,7 @@ _KeyMapping.x11_keys _SharedParams.width _SharedParams.height +_Netcfg.net_ip +_Netcfg.net_mask + _ScriptWriter.get_args diff --git a/testenv/v2-hdmi-rpi4.override.yaml b/testenv/v2-hdmi-rpi4.override.yaml index 348f3c50..c848eb44 100644 --- a/testenv/v2-hdmi-rpi4.override.yaml +++ b/testenv/v2-hdmi-rpi4.override.yaml @@ -91,3 +91,10 @@ vnc: auth: vncauth: enabled: true + +otgnet: + commands: + post_start_cmd: + - "/bin/true" + pre_stop_cmd: + - "/bin/true" diff --git a/testenv/v2-hdmiusb-rpi4.override.yaml b/testenv/v2-hdmiusb-rpi4.override.yaml index 60442fae..6cfd5a96 100644 --- a/testenv/v2-hdmiusb-rpi4.override.yaml +++ b/testenv/v2-hdmiusb-rpi4.override.yaml @@ -31,10 +31,16 @@ kvmd: - "--notify-parent" - "--no-log-colors" - vnc: keymap: /usr/share/kvmd/keymaps/ru auth: vncauth: enabled: true + +otgnet: + commands: + post_start_cmd: + - "/bin/true" + pre_stop_cmd: + - "/bin/true" |