public IP address autodiscovery #20
14 changed files with 772 additions and 854 deletions
|
@ -1,75 +0,0 @@
|
||||||
unstable_features = true
|
|
||||||
|
|
||||||
array_width = 60
|
|
||||||
attr_fn_like_width = 70
|
|
||||||
binop_separator = "Front"
|
|
||||||
blank_lines_lower_bound = 0
|
|
||||||
blank_lines_upper_bound = 1
|
|
||||||
brace_style = "SameLineWhere"
|
|
||||||
chain_width = 60
|
|
||||||
color = "Auto"
|
|
||||||
combine_control_expr = true
|
|
||||||
comment_width = 80
|
|
||||||
condense_wildcard_suffixes = true
|
|
||||||
control_brace_style = "AlwaysSameLine"
|
|
||||||
disable_all_formatting = false
|
|
||||||
empty_item_single_line = true
|
|
||||||
enum_discrim_align_threshold = 0
|
|
||||||
error_on_line_overflow = true
|
|
||||||
error_on_unformatted = true
|
|
||||||
fn_args_layout = "Tall"
|
|
||||||
fn_call_width = 60
|
|
||||||
fn_single_line = true
|
|
||||||
force_explicit_abi = true
|
|
||||||
force_multiline_blocks = false
|
|
||||||
format_code_in_doc_comments = true
|
|
||||||
# format_generated_files = true
|
|
||||||
format_macro_matchers = true
|
|
||||||
format_macro_bodies = true
|
|
||||||
format_strings = true
|
|
||||||
hard_tabs = false
|
|
||||||
#hex_literal_case = "Lower"
|
|
||||||
hide_parse_errors = false
|
|
||||||
ignore = []
|
|
||||||
imports_indent = "Block"
|
|
||||||
imports_layout = "Mixed"
|
|
||||||
indent_style = "Block"
|
|
||||||
inline_attribute_width = 0
|
|
||||||
license_template_path = ""
|
|
||||||
match_arm_blocks = true
|
|
||||||
match_arm_leading_pipes = "Never"
|
|
||||||
match_block_trailing_comma = false
|
|
||||||
max_width = 100
|
|
||||||
merge_derives = true
|
|
||||||
imports_granularity = "Crate"
|
|
||||||
newline_style = "Unix"
|
|
||||||
normalize_comments = true
|
|
||||||
normalize_doc_attributes = true
|
|
||||||
overflow_delimited_expr = false
|
|
||||||
remove_nested_parens = true
|
|
||||||
reorder_impl_items = true
|
|
||||||
reorder_imports = true
|
|
||||||
group_imports = "StdExternalCrate"
|
|
||||||
reorder_modules = true
|
|
||||||
report_fixme = "Unnumbered"
|
|
||||||
report_todo = "Unnumbered"
|
|
||||||
required_version = "1.4.37"
|
|
||||||
skip_children = false
|
|
||||||
single_line_if_else_max_width = 50
|
|
||||||
space_after_colon = true
|
|
||||||
space_before_colon = false
|
|
||||||
#space_around_ranges = false
|
|
||||||
struct_field_align_threshold = 0
|
|
||||||
struct_lit_single_line = true
|
|
||||||
struct_lit_width = 18
|
|
||||||
struct_variant_width = 35
|
|
||||||
tab_spaces = 2
|
|
||||||
trailing_comma = "Vertical"
|
|
||||||
trailing_semicolon = false
|
|
||||||
type_punctuation_density = "Wide"
|
|
||||||
use_field_init_shorthand = false
|
|
||||||
use_small_heuristics = "Off"
|
|
||||||
use_try_shorthand = true
|
|
||||||
version = "Two"
|
|
||||||
where_single_line = true
|
|
||||||
wrap_comments = true
|
|
|
@ -77,7 +77,8 @@ impl ConfigOpts {
|
||||||
Iter: IntoIterator<Item = (String, String)>,
|
Iter: IntoIterator<Item = (String, String)>,
|
||||||
{
|
{
|
||||||
let base: ConfigOptsBase = envy::prefixed("DIPLONAT_").from_iter(iter.clone())?;
|
let base: ConfigOptsBase = envy::prefixed("DIPLONAT_").from_iter(iter.clone())?;
|
||||||
let consul: ConfigOptsConsul = envy::prefixed("DIPLONAT_CONSUL_").from_iter(iter.clone())?;
|
let consul: ConfigOptsConsul =
|
||||||
|
envy::prefixed("DIPLONAT_CONSUL_").from_iter(iter.clone())?;
|
||||||
let acme: ConfigOptsAcme = envy::prefixed("DIPLONAT_ACME_").from_iter(iter.clone())?;
|
let acme: ConfigOptsAcme = envy::prefixed("DIPLONAT_ACME_").from_iter(iter.clone())?;
|
||||||
|
|
||||||
RuntimeConfig::new(Self {
|
RuntimeConfig::new(Self {
|
||||||
|
|
|
@ -89,16 +89,14 @@ fn ok_from_iter_all_valid_options() {
|
||||||
let rt_config = ConfigOpts::from_iter(opts.clone()).unwrap();
|
let rt_config = ConfigOpts::from_iter(opts.clone()).unwrap();
|
||||||
|
|
||||||
let expiration_time = Duration::from_secs(
|
let expiration_time = Duration::from_secs(
|
||||||
opts
|
opts.get(&"DIPLONAT_EXPIRATION_TIME".to_string())
|
||||||
.get(&"DIPLONAT_EXPIRATION_TIME".to_string())
|
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.parse::<u64>()
|
.parse::<u64>()
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.into(),
|
.into(),
|
||||||
);
|
);
|
||||||
let refresh_time = Duration::from_secs(
|
let refresh_time = Duration::from_secs(
|
||||||
opts
|
opts.get(&"DIPLONAT_REFRESH_TIME".to_string())
|
||||||
.get(&"DIPLONAT_REFRESH_TIME".to_string())
|
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.parse::<u64>()
|
.parse::<u64>()
|
||||||
.unwrap()
|
.unwrap()
|
||||||
|
|
|
@ -108,8 +108,9 @@ impl RuntimeConfigConsul {
|
||||||
let mut client_key_buf = vec![];
|
let mut client_key_buf = vec![];
|
||||||
File::open(client_key)?.read_to_end(&mut client_key_buf)?;
|
File::open(client_key)?.read_to_end(&mut client_key_buf)?;
|
||||||
|
|
||||||
let ident =
|
let ident = reqwest::Identity::from_pem(
|
||||||
reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?;
|
&[&client_cert_buf[..], &client_key_buf[..]].concat()[..],
|
||||||
|
)?;
|
||||||
|
|
||||||
Some((cert, opts.tls_skip_verify, ident))
|
Some((cert, opts.tls_skip_verify, ident))
|
||||||
}
|
}
|
||||||
|
@ -127,7 +128,8 @@ impl RuntimeConfigConsul {
|
||||||
|
|
||||||
impl RuntimeConfigFirewall {
|
impl RuntimeConfigFirewall {
|
||||||
pub(super) fn new(opts: &ConfigOptsBase) -> Result<Self> {
|
pub(super) fn new(opts: &ConfigOptsBase) -> Result<Self> {
|
||||||
let refresh_time = Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
let refresh_time =
|
||||||
|
Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
||||||
|
|
||||||
Ok(Self { refresh_time })
|
Ok(Self { refresh_time })
|
||||||
}
|
}
|
||||||
|
@ -137,12 +139,12 @@ impl RuntimeConfigIgd {
|
||||||
pub(super) fn new(opts: &ConfigOptsBase) -> Result<Self> {
|
pub(super) fn new(opts: &ConfigOptsBase) -> Result<Self> {
|
||||||
let private_ip = opts.private_ip.clone();
|
let private_ip = opts.private_ip.clone();
|
||||||
let expiration_time = Duration::from_secs(
|
let expiration_time = Duration::from_secs(
|
||||||
opts
|
opts.expiration_time
|
||||||
.expiration_time
|
|
||||||
.unwrap_or(super::EXPIRATION_TIME)
|
.unwrap_or(super::EXPIRATION_TIME)
|
||||||
.into(),
|
.into(),
|
||||||
);
|
);
|
||||||
let refresh_time = Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
let refresh_time =
|
||||||
|
Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
||||||
|
|
||||||
if refresh_time.as_secs() * 2 > expiration_time.as_secs() {
|
if refresh_time.as_secs() * 2 > expiration_time.as_secs() {
|
||||||
return Err(anyhow!(
|
return Err(anyhow!(
|
||||||
|
@ -179,7 +181,8 @@ impl RuntimeConfigStun {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let refresh_time = Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
let refresh_time =
|
||||||
|
Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
||||||
|
|
||||||
Ok(Self {
|
Ok(Self {
|
||||||
stun_server_v4: stun_server_v4
|
stun_server_v4: stun_server_v4
|
||||||
|
|
21
src/fw.rs
21
src/fw.rs
|
@ -12,11 +12,9 @@ pub fn setup(ipt: &iptables::IPTables) -> Result<()> {
|
||||||
cleanup(ipt)?;
|
cleanup(ipt)?;
|
||||||
|
|
||||||
info!("{}: creating DIPLONAT chain using", ipt.cmd);
|
info!("{}: creating DIPLONAT chain using", ipt.cmd);
|
||||||
ipt
|
ipt.new_chain("filter", "DIPLONAT")
|
||||||
.new_chain("filter", "DIPLONAT")
|
|
||||||
.context("Failed to create new chain")?;
|
.context("Failed to create new chain")?;
|
||||||
ipt
|
ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)
|
||||||
.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)
|
|
||||||
.context("Failed to insert jump rule")?;
|
.context("Failed to insert jump rule")?;
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
|
@ -25,8 +23,7 @@ pub fn setup(ipt: &iptables::IPTables) -> Result<()> {
|
||||||
pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<()> {
|
pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<()> {
|
||||||
for p in ports.tcp_ports {
|
for p in ports.tcp_ports {
|
||||||
info!("{}: opening TCP port {}", ipt.cmd, p);
|
info!("{}: opening TCP port {}", ipt.cmd, p);
|
||||||
ipt
|
ipt.append(
|
||||||
.append(
|
|
||||||
"filter",
|
"filter",
|
||||||
"DIPLONAT",
|
"DIPLONAT",
|
||||||
&format!("-p tcp --dport {} -j ACCEPT", p),
|
&format!("-p tcp --dport {} -j ACCEPT", p),
|
||||||
|
@ -36,8 +33,7 @@ pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts)
|
||||||
|
|
||||||
for p in ports.udp_ports {
|
for p in ports.udp_ports {
|
||||||
info!("{}: opening UDP port {}", ipt.cmd, p);
|
info!("{}: opening UDP port {}", ipt.cmd, p);
|
||||||
ipt
|
ipt.append(
|
||||||
.append(
|
|
||||||
"filter",
|
"filter",
|
||||||
"DIPLONAT",
|
"DIPLONAT",
|
||||||
&format!("-p udp --dport {} -j ACCEPT", p),
|
&format!("-p udp --dport {} -j ACCEPT", p),
|
||||||
|
@ -84,18 +80,15 @@ pub fn get_opened_ports(ipt: &iptables::IPTables) -> Result<messages::PublicExpo
|
||||||
pub fn cleanup(ipt: &iptables::IPTables) -> Result<()> {
|
pub fn cleanup(ipt: &iptables::IPTables) -> Result<()> {
|
||||||
if ipt.chain_exists("filter", "DIPLONAT")? {
|
if ipt.chain_exists("filter", "DIPLONAT")? {
|
||||||
info!("{}: removing old DIPLONAT chain", ipt.cmd);
|
info!("{}: removing old DIPLONAT chain", ipt.cmd);
|
||||||
ipt
|
ipt.flush_chain("filter", "DIPLONAT")
|
||||||
.flush_chain("filter", "DIPLONAT")
|
|
||||||
.context("Failed to flush the DIPLONAT chain")?;
|
.context("Failed to flush the DIPLONAT chain")?;
|
||||||
|
|
||||||
if ipt.exists("filter", "INPUT", "-j DIPLONAT")? {
|
if ipt.exists("filter", "INPUT", "-j DIPLONAT")? {
|
||||||
ipt
|
ipt.delete("filter", "INPUT", "-j DIPLONAT")
|
||||||
.delete("filter", "INPUT", "-j DIPLONAT")
|
|
||||||
.context("Failed to delete jump rule")?;
|
.context("Failed to delete jump rule")?;
|
||||||
}
|
}
|
||||||
|
|
||||||
ipt
|
ipt.delete_chain("filter", "DIPLONAT")
|
||||||
.delete_chain("filter", "DIPLONAT")
|
|
||||||
.context("Failed to delete chain")?;
|
.context("Failed to delete chain")?;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -108,8 +108,7 @@ impl IgdActor {
|
||||||
let service = service_str
|
let service = service_str
|
||||||
.parse::<SocketAddrV4>()
|
.parse::<SocketAddrV4>()
|
||||||
.context("Invalid socket address")?;
|
.context("Invalid socket address")?;
|
||||||
self
|
self.gateway
|
||||||
.gateway
|
|
||||||
.add_port(
|
.add_port(
|
||||||
*proto,
|
*proto,
|
||||||
*port,
|
*port,
|
||||||
|
|
|
@ -71,8 +71,7 @@ impl StunActor {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
self
|
self.consul
|
||||||
.consul
|
|
||||||
.kv_put(
|
.kv_put(
|
||||||
&consul_key,
|
&consul_key,
|
||||||
serde_json::to_vec(&AutodiscoverResult {
|
serde_json::to_vec(&AutodiscoverResult {
|
||||||
|
|
Loading…
Reference in a new issue