public IP address autodiscovery #20

Merged
lx merged 10 commits from stun into main 2023-04-21 09:56:22 +00:00
14 changed files with 772 additions and 854 deletions
Showing only changes of commit b3f76f272a - Show all commits

View file

@ -1,75 +0,0 @@
unstable_features = true
array_width = 60
attr_fn_like_width = 70
binop_separator = "Front"
blank_lines_lower_bound = 0
blank_lines_upper_bound = 1
brace_style = "SameLineWhere"
chain_width = 60
color = "Auto"
combine_control_expr = true
comment_width = 80
condense_wildcard_suffixes = true
control_brace_style = "AlwaysSameLine"
disable_all_formatting = false
empty_item_single_line = true
enum_discrim_align_threshold = 0
error_on_line_overflow = true
error_on_unformatted = true
fn_args_layout = "Tall"
fn_call_width = 60
fn_single_line = true
force_explicit_abi = true
force_multiline_blocks = false
format_code_in_doc_comments = true
# format_generated_files = true
format_macro_matchers = true
format_macro_bodies = true
format_strings = true
hard_tabs = false
#hex_literal_case = "Lower"
hide_parse_errors = false
ignore = []
imports_indent = "Block"
imports_layout = "Mixed"
indent_style = "Block"
inline_attribute_width = 0
license_template_path = ""
match_arm_blocks = true
match_arm_leading_pipes = "Never"
match_block_trailing_comma = false
max_width = 100
merge_derives = true
imports_granularity = "Crate"
newline_style = "Unix"
normalize_comments = true
normalize_doc_attributes = true
overflow_delimited_expr = false
remove_nested_parens = true
reorder_impl_items = true
reorder_imports = true
group_imports = "StdExternalCrate"
reorder_modules = true
report_fixme = "Unnumbered"
report_todo = "Unnumbered"
required_version = "1.4.37"
skip_children = false
single_line_if_else_max_width = 50
space_after_colon = true
space_before_colon = false
#space_around_ranges = false
struct_field_align_threshold = 0
struct_lit_single_line = true
struct_lit_width = 18
struct_variant_width = 35
tab_spaces = 2
trailing_comma = "Vertical"
trailing_semicolon = false
type_punctuation_density = "Wide"
use_field_init_shorthand = false
use_small_heuristics = "Off"
use_try_shorthand = true
version = "Two"
where_single_line = true
wrap_comments = true

View file

@ -77,7 +77,8 @@ impl ConfigOpts {
Iter: IntoIterator<Item = (String, String)>,
{
let base: ConfigOptsBase = envy::prefixed("DIPLONAT_").from_iter(iter.clone())?;
let consul: ConfigOptsConsul = envy::prefixed("DIPLONAT_CONSUL_").from_iter(iter.clone())?;
let consul: ConfigOptsConsul =
envy::prefixed("DIPLONAT_CONSUL_").from_iter(iter.clone())?;
let acme: ConfigOptsAcme = envy::prefixed("DIPLONAT_ACME_").from_iter(iter.clone())?;
RuntimeConfig::new(Self {

View file

@ -89,16 +89,14 @@ fn ok_from_iter_all_valid_options() {
let rt_config = ConfigOpts::from_iter(opts.clone()).unwrap();
let expiration_time = Duration::from_secs(
opts
.get(&"DIPLONAT_EXPIRATION_TIME".to_string())
opts.get(&"DIPLONAT_EXPIRATION_TIME".to_string())
.unwrap()
.parse::<u64>()
.unwrap()
.into(),
);
let refresh_time = Duration::from_secs(
opts
.get(&"DIPLONAT_REFRESH_TIME".to_string())
opts.get(&"DIPLONAT_REFRESH_TIME".to_string())
.unwrap()
.parse::<u64>()
.unwrap()

View file

@ -108,8 +108,9 @@ impl RuntimeConfigConsul {
let mut client_key_buf = vec![];
File::open(client_key)?.read_to_end(&mut client_key_buf)?;
let ident =
reqwest::Identity::from_pem(&[&client_cert_buf[..], &client_key_buf[..]].concat()[..])?;
let ident = reqwest::Identity::from_pem(
&[&client_cert_buf[..], &client_key_buf[..]].concat()[..],
)?;
Some((cert, opts.tls_skip_verify, ident))
}
@ -127,7 +128,8 @@ impl RuntimeConfigConsul {
impl RuntimeConfigFirewall {
pub(super) fn new(opts: &ConfigOptsBase) -> Result<Self> {
let refresh_time = Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
let refresh_time =
Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
Ok(Self { refresh_time })
}
@ -137,12 +139,12 @@ impl RuntimeConfigIgd {
pub(super) fn new(opts: &ConfigOptsBase) -> Result<Self> {
let private_ip = opts.private_ip.clone();
let expiration_time = Duration::from_secs(
opts
.expiration_time
opts.expiration_time
.unwrap_or(super::EXPIRATION_TIME)
.into(),
);
let refresh_time = Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
let refresh_time =
Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
if refresh_time.as_secs() * 2 > expiration_time.as_secs() {
return Err(anyhow!(
@ -179,7 +181,8 @@ impl RuntimeConfigStun {
}
}
let refresh_time = Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
let refresh_time =
Duration::from_secs(opts.refresh_time.unwrap_or(super::REFRESH_TIME).into());
Ok(Self {
stun_server_v4: stun_server_v4

View file

@ -12,11 +12,9 @@ pub fn setup(ipt: &iptables::IPTables) -> Result<()> {
cleanup(ipt)?;
info!("{}: creating DIPLONAT chain using", ipt.cmd);
ipt
.new_chain("filter", "DIPLONAT")
ipt.new_chain("filter", "DIPLONAT")
.context("Failed to create new chain")?;
ipt
.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)
ipt.insert_unique("filter", "INPUT", "-j DIPLONAT", 1)
.context("Failed to insert jump rule")?;
Ok(())
@ -25,8 +23,7 @@ pub fn setup(ipt: &iptables::IPTables) -> Result<()> {
pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts) -> Result<()> {
for p in ports.tcp_ports {
info!("{}: opening TCP port {}", ipt.cmd, p);
ipt
.append(
ipt.append(
"filter",
"DIPLONAT",
&format!("-p tcp --dport {} -j ACCEPT", p),
@ -36,8 +33,7 @@ pub fn open_ports(ipt: &iptables::IPTables, ports: messages::PublicExposedPorts)
for p in ports.udp_ports {
info!("{}: opening UDP port {}", ipt.cmd, p);
ipt
.append(
ipt.append(
"filter",
"DIPLONAT",
&format!("-p udp --dport {} -j ACCEPT", p),
@ -84,18 +80,15 @@ pub fn get_opened_ports(ipt: &iptables::IPTables) -> Result<messages::PublicExpo
pub fn cleanup(ipt: &iptables::IPTables) -> Result<()> {
if ipt.chain_exists("filter", "DIPLONAT")? {
info!("{}: removing old DIPLONAT chain", ipt.cmd);
ipt
.flush_chain("filter", "DIPLONAT")
ipt.flush_chain("filter", "DIPLONAT")
.context("Failed to flush the DIPLONAT chain")?;
if ipt.exists("filter", "INPUT", "-j DIPLONAT")? {
ipt
.delete("filter", "INPUT", "-j DIPLONAT")
ipt.delete("filter", "INPUT", "-j DIPLONAT")
.context("Failed to delete jump rule")?;
}
ipt
.delete_chain("filter", "DIPLONAT")
ipt.delete_chain("filter", "DIPLONAT")
.context("Failed to delete chain")?;
}

View file

@ -108,8 +108,7 @@ impl IgdActor {
let service = service_str
.parse::<SocketAddrV4>()
.context("Invalid socket address")?;
self
.gateway
self.gateway
.add_port(
*proto,
*port,

View file

@ -71,8 +71,7 @@ impl StunActor {
}
};
self
.consul
self.consul
.kv_put(
&consul_key,
serde_json::to_vec(&AutodiscoverResult {