public IP address autodiscovery #20
14 changed files with 772 additions and 854 deletions
|
@ -1,75 +0,0 @@
|
|||
unstable_features = true
|
||||
|
||||
array_width = 60
|
||||
attr_fn_like_width = 70
|
||||
binop_separator = "Front"
|
||||
blank_lines_lower_bound = 0
|
||||
blank_lines_upper_bound = 1
|
||||
brace_style = "SameLineWhere"
|
||||
chain_width = 60
|
||||
color = "Auto"
|
||||
combine_control_expr = true
|
||||
comment_width = 80
|
||||
condense_wildcard_suffixes = true
|
||||
control_brace_style = "AlwaysSameLine"
|
||||
disable_all_formatting = false
|
||||
empty_item_single_line = true
|
||||
enum_discrim_align_threshold = 0
|
||||
error_on_line_overflow = true
|
||||
error_on_unformatted = true
|
||||
fn_args_layout = "Tall"
|
||||
fn_call_width = 60
|
||||
fn_single_line = true
|
||||
force_explicit_abi = true
|
||||
force_multiline_blocks = false
|
||||
format_code_in_doc_comments = true
|
||||
# format_generated_files = true
|
||||
format_macro_matchers = true
|
||||
format_macro_bodies = true
|
||||
format_strings = true
|
||||
hard_tabs = false
|
||||
#hex_literal_case = "Lower"
|
||||
hide_parse_errors = false
|
||||
ignore = []
|
||||
imports_indent = "Block"
|
||||
imports_layout = "Mixed"
|
||||
indent_style = "Block"
|
||||
inline_attribute_width = 0
|
||||
license_template_path = ""
|
||||
match_arm_blocks = true
|
||||
match_arm_leading_pipes = "Never"
|
||||
match_block_trailing_comma = false
|
||||
max_width = 100
|
||||
merge_derives = true
|
||||
imports_granularity = "Crate"
|
||||
newline_style = "Unix"
|
||||
normalize_comments = true
|
||||
normalize_doc_attributes = true
|
||||
overflow_delimited_expr = false
|
||||
remove_nested_parens = true
|
||||
reorder_impl_items = true
|
||||
reorder_imports = true
|
||||
group_imports = "StdExternalCrate"
|
||||
reorder_modules = true
|
||||
report_fixme = "Unnumbered"
|
||||
report_todo = "Unnumbered"
|
||||
required_version = "1.4.37"
|
||||
skip_children = false
|
||||
single_line_if_else_max_width = 50
|
||||
space_after_colon = true
|
||||
space_before_colon = false
|
||||
#space_around_ranges = false
|
||||
struct_field_align_threshold = 0
|
||||
struct_lit_single_line = true
|
||||
struct_lit_width = 18
|
||||
struct_variant_width = 35
|
||||
tab_spaces = 2
|
||||
trailing_comma = "Vertical"
|
||||
trailing_semicolon = false
|
||||
type_punctuation_density = "Wide"
|
||||
use_field_init_shorthand = false
|
||||
use_small_heuristics = "Off"
|
||||
use_try_shorthand = true
|
||||
version = "Two"
|
||||
where_single_line = true
|
||||
wrap_comments = true
|
|
@ -77,7 +77,8 @@ impl ConfigOpts {
|
|||
Iter: IntoIterator<Item = (String, String)>,
|
||||
{
|
||||
let base: ConfigOptsBase = envy::prefixed("DIPLONAT_").from_iter(iter.clone())?;
|
||||
let consul: ConfigOptsConsul = envy::prefixed("DIPLONAT_CONSUL_").from_iter(iter.clone())?;
|
||||
let consul: ConfigOptsConsul =
|
||||
envy::prefixed("DIPLONAT_CONSUL_").from_iter(iter.clone())?;
|
||||
let acme: ConfigOptsAcme = envy::prefixed("DIPLONAT_ACME_").from_iter(iter.clone())?;
|
||||
|
||||
RuntimeConfig::new(Self {
|
||||
|
|
|
@ -89,16 +89,14 @@ fn ok_from_iter_all_valid_options() {
|
|||
let rt_config = ConfigOpts::from_iter(opts.clone()).unwrap();
|
||||
|
||||
let expiration_time = Duration::from_secs(
|
||||
opts
|
||||
.get(&"DIPLONAT_EXPIRATION_TIME".to_string())
|
||||
opts.get(&"DIPLONAT_EXPIRATION_TIME".to_string())
|
||||
.unwrap()
|
||||
.parse::<u64>()
|
||||
.unwrap()
|
||||
.into(),
|
||||
);
|
||||
let refresh_time = Duration::from_secs(
|
||||
opts
|
||||
.get(&"DIPLONAT_REFRESH_TIME".to_string())
|
||||
opts.get(&"DIPLONAT_REFRESH_TIME".to_string())
|
||||
.unwrap()
|
||||
.parse::<u64>()
|
||||
.unwrap()
|
||||
|
|
|
@ -108,8 +108,9 @@ impl RuntimeConfigConsul {
|
|||
let mut client_key_buf = vec![];
|
||||
File::open(client_key)?.read_to_end(&mut client_key_buf)?;
|
||||
|
||||
let ident =
|
||||
reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?;
|
||||
let ident = reqwest::Identity::from_pem(
|
||||
&[&client_cert_buf[..], &client_key_buf[..]].concat()[..],
|
||||
)?;
|
||||
|
||||
Some((cert, opts.tls_skip_verify, ident))
|
||||
}
|
||||
|
@ -127,7 +128,8 @@ impl RuntimeConfigConsul {
|
|||
|
||||
impl RuntimeConfigFirewall {
|
||||
pub(super) fn new(opts: &ConfigOptsBase) -> Result<Self> {
|
||||
let refresh_time = Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
||||
let refresh_time =
|
||||
Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
||||
|
||||
Ok(Self { refresh_time })
|
||||
}
|
||||
|
@ -137,12 +139,12 @@ impl RuntimeConfigIgd {
|
|||
pub(super) fn new(opts: &ConfigOptsBase) -> Result<Self> {
|
||||
let private_ip = opts.private_ip.clone();
|
||||
let expiration_time = Duration::from_secs(
|
||||
opts
|
||||
.expiration_time
|
||||
opts.expiration_time
|
||||
.unwrap_or(super::EXPIRATION_TIME)
|
||||
.into(),
|
||||
);
|
||||
let refresh_time = Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
||||
let refresh_time =
|
||||
Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
||||
|
||||
if refresh_time.as_secs() * 2 > expiration_time.as_secs() {
|
||||
return Err(anyhow!(
|
||||
|
@ -179,7 +181,8 @@ impl RuntimeConfigStun {
|
|||
}
|
||||
}
|
||||
|
||||
let refresh_time = Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
||||
let refresh_time =
|
||||
Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
|
||||
|
||||
Ok(Self {
|
||||
stun_server_v4: stun_server_v4
|
||||
|
|
21
src/fw.rs
21
src/fw.rs
|
@ -12,11 +12,9 @@ pub fn setup(ipt: &iptables::IPTables) -> Result<()> {
|
|||
cleanup(ipt)?;
|
||||
|
||||
info!("{}: creating DIPLONAT chain using", ipt.cmd);
|
||||
ipt
|
||||
.new_chain("filter", "DIPLONAT")
|
||||
ipt.new_chain("filter", "DIPLONAT")
|
||||
.context("Failed to create new chain")?;
|
||||
ipt
|
||||
.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)
|
||||
ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)
|
||||
.context("Failed to insert jump rule")?;
|
||||
|
||||
Ok(())
|
||||
|
@ -25,8 +23,7 @@ pub fn setup(ipt: &iptables::IPTables) -> Result<()> {
|
|||
pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<()> {
|
||||
for p in ports.tcp_ports {
|
||||
info!("{}: opening TCP port {}", ipt.cmd, p);
|
||||
ipt
|
||||
.append(
|
||||
ipt.append(
|
||||
"filter",
|
||||
"DIPLONAT",
|
||||
&format!("-p tcp --dport {} -j ACCEPT", p),
|
||||
|
@ -36,8 +33,7 @@ pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts)
|
|||
|
||||
for p in ports.udp_ports {
|
||||
info!("{}: opening UDP port {}", ipt.cmd, p);
|
||||
ipt
|
||||
.append(
|
||||
ipt.append(
|
||||
"filter",
|
||||
"DIPLONAT",
|
||||
&format!("-p udp --dport {} -j ACCEPT", p),
|
||||
|
@ -84,18 +80,15 @@ pub fn get_opened_ports(ipt: &iptables::IPTables) -> Result<messages::PublicExpo
|
|||
pub fn cleanup(ipt: &iptables::IPTables) -> Result<()> {
|
||||
if ipt.chain_exists("filter", "DIPLONAT")? {
|
||||
info!("{}: removing old DIPLONAT chain", ipt.cmd);
|
||||
ipt
|
||||
.flush_chain("filter", "DIPLONAT")
|
||||
ipt.flush_chain("filter", "DIPLONAT")
|
||||
.context("Failed to flush the DIPLONAT chain")?;
|
||||
|
||||
if ipt.exists("filter", "INPUT", "-j DIPLONAT")? {
|
||||
ipt
|
||||
.delete("filter", "INPUT", "-j DIPLONAT")
|
||||
ipt.delete("filter", "INPUT", "-j DIPLONAT")
|
||||
.context("Failed to delete jump rule")?;
|
||||
}
|
||||
|
||||
ipt
|
||||
.delete_chain("filter", "DIPLONAT")
|
||||
ipt.delete_chain("filter", "DIPLONAT")
|
||||
.context("Failed to delete chain")?;
|
||||
}
|
||||
|
||||
|
|
|
@ -108,8 +108,7 @@ impl IgdActor {
|
|||
let service = service_str
|
||||
.parse::<SocketAddrV4>()
|
||||
.context("Invalid socket address")?;
|
||||
self
|
||||
.gateway
|
||||
self.gateway
|
||||
.add_port(
|
||||
*proto,
|
||||
*port,
|
||||
|
|
|
@ -71,8 +71,7 @@ impl StunActor {
|
|||
}
|
||||
};
|
||||
|
||||
self
|
||||
.consul
|
||||
self.consul
|
||||
.kv_put(
|
||||
&consul_key,
|
||||
serde_json::to_vec(&AutodiscoverResult {
|
||||
|
|
Loading…
Reference in a new issue