Commit 514712db by Bach Dániel Committed by Bach Dániel

code refactoring

parent f6dc0c99
...@@ -5,11 +5,12 @@ import json ...@@ -5,11 +5,12 @@ import json
import logging import logging
from ovs import Switch from ovs import Switch
from utils import (NETNS, ns_exec, sudo, ADDRESSES,
dhcp_no_free_re, dhcp_ack_re)
DHCP_LOGFILE = getenv('DHCP_LOGFILE', '/var/log/syslog') DHCP_LOGFILE = getenv('DHCP_LOGFILE', '/var/log/syslog')
VLAN_CONF = getenv('VLAN_CONF', 'vlan.conf') VLAN_CONF = getenv('VLAN_CONF', 'vlan.conf')
FIREWALL_CONF = getenv('FIREWALL_CONF', 'firewall.conf') FIREWALL_CONF = getenv('FIREWALL_CONF', 'firewall.conf')
from utils import NETNS, ns_exec, sudo, ADDRESSES, UPLINK
celery = Celery('tasks', backend='amqp', ) celery = Celery('tasks', backend='amqp', )
celery.conf.update(CELERY_TASK_RESULT_EXPIRES=300, celery.conf.update(CELERY_TASK_RESULT_EXPIRES=300,
...@@ -20,9 +21,7 @@ logger = logging.getLogger(__name__) ...@@ -20,9 +21,7 @@ logger = logging.getLogger(__name__)
@task(name="firewall.reload_firewall") @task(name="firewall.reload_firewall")
def reload_firewall(data4, data6, onstart=False): def reload_firewall(data4, data6, save_config=True):
print "fw"
ns_exec(NETNS, ('/sbin/ip6tables-restore', '-c'), ns_exec(NETNS, ('/sbin/ip6tables-restore', '-c'),
'\n'.join(data6['filter']) + '\n') '\n'.join(data6['filter']) + '\n')
...@@ -30,40 +29,41 @@ def reload_firewall(data4, data6, onstart=False): ...@@ -30,40 +29,41 @@ def reload_firewall(data4, data6, onstart=False):
('\n'.join(data4['filter']) + '\n' + ('\n'.join(data4['filter']) + '\n' +
'\n'.join(data4['nat']) + '\n')) '\n'.join(data4['nat']) + '\n'))
if onstart is False: if save_config:
with open(FIREWALL_CONF, 'w') as f: with open(FIREWALL_CONF, 'w') as f:
json.dump([data4, data6], f) json.dump([data4, data6], f)
logger.info("Firewall configuration is reloaded.")
@task(name="firewall.reload_firewall_vlan") @task(name="firewall.reload_firewall_vlan")
def reload_firewall_vlan(data, onstart=False): def reload_firewall_vlan(data, save_config=True):
print "fw vlan" # Add additional addresses from config
for k, v in ADDRESSES.items(): for k, v in ADDRESSES.items():
data[k]['addresses'] = data[k]['addresses'] + v data[k]['addresses'] += v
try:
data[UPLINK[0]] = {'interfaces': UPLINK}
except:
pass
br = Switch('firewall') br = Switch('firewall')
br.migrate(data) br.migrate(data)
if onstart is False:
if save_config:
with open(VLAN_CONF, 'w') as f: with open(VLAN_CONF, 'w') as f:
json.dump(data, f) json.dump(data, f)
GATEWAY = getenv('GATEWAY', '152.66.243.254')
try: try:
ns_exec(NETNS, ('/sbin/ip', 'ro', 'add', 'default', 'via', GATEWAY)) ns_exec(NETNS, ('/sbin/ip', 'ro', 'add', 'default', 'via',
ns_exec(NETNS, ('/sbin/ip', 'ro', 'add', '10.12.0.0/22', getenv('GATEWAY', '152.66.243.254')))
'via', '10.12.255.253'))
except: except:
pass pass
logger.info("Interface (vlan) configuration is reloaded.")
@task(name="firewall.reload_dhcp") @task(name="firewall.reload_dhcp")
def reload_dhcp(data): def reload_dhcp(data):
print "dhcp" with open('/etc/dhcp/dhcpd.conf.generated', 'w') as f:
with open('/tools/dhcp3/dhcpd.conf.generated', 'w') as f:
f.write("\n".join(data) + "\n") f.write("\n".join(data) + "\n")
sudo(('/etc/init.d/isc-dhcp-server', 'restart')) sudo(('/etc/init.d/isc-dhcp-server', 'restart'))
logger.info("DHCP configuration is reloaded.")
def ipset_save(data): def ipset_save(data):
...@@ -88,8 +88,8 @@ def ipset_restore(l_add, l_del): ...@@ -88,8 +88,8 @@ def ipset_restore(l_add, l_del):
ipset = [] ipset = []
ipset.append('create blacklist hash:ip family inet hashsize ' ipset.append('create blacklist hash:ip family inet hashsize '
'4096 maxelem 65536') '4096 maxelem 65536')
ipset = ipset + ['add blacklist %s' % x for x in l_add] ipset += ['add blacklist %s' % x for x in l_add]
ipset = ipset + ['del blacklist %s' % x for x in l_del] ipset += ['del blacklist %s' % x for x in l_del]
ns_exec(NETNS, ('/usr/sbin/ipset', 'restore', '-exist'), ns_exec(NETNS, ('/usr/sbin/ipset', 'restore', '-exist'),
'\n'.join(ipset) + '\n') '\n'.join(ipset) + '\n')
...@@ -97,26 +97,9 @@ def ipset_restore(l_add, l_del): ...@@ -97,26 +97,9 @@ def ipset_restore(l_add, l_del):
@task(name="firewall.reload_blacklist") @task(name="firewall.reload_blacklist")
def reload_blacklist(data): def reload_blacklist(data):
print "blacklist"
l_add, l_del = ipset_save(data) l_add, l_del = ipset_save(data)
ipset_restore(l_add, l_del) ipset_restore(l_add, l_del)
logger.info("Blacklist configuration is reloaded.")
# 2013-06-26 12:16:59 DHCPACK on 10.4.0.14 to 5c:b5:24:e6:5c:81
# (android_b555bfdba7c837d) via vlan0004
dhcp_ack_re = re.compile(r'\S DHCPACK on (?P<ip>[0-9.]+) to '
r'(?P<mac>[a-zA-Z0-9:]+) '
r'(\((?P<hostname>[^)]+)\) )?'
r'via (?P<interface>[a-zA-Z0-9]+)')
# 2013-06-25 11:08:38 DHCPDISCOVER from 48:5b:39:8e:82:78
# via vlan0005: network 10.5.0.0/16: no free leases
dhcp_no_free_re = re.compile(r'\S DHCPDISCOVER '
r'from (?P<mac>[a-zA-Z0-9:]+) '
r'via (?P<interface>[a-zA-Z0-9]+):')
@task(name="firewall.get_dhcp_clients") @task(name="firewall.get_dhcp_clients")
...@@ -153,9 +136,8 @@ def start_firewall(): ...@@ -153,9 +136,8 @@ def start_firewall():
with open(FIREWALL_CONF, 'r') as f: with open(FIREWALL_CONF, 'r') as f:
data4, data6 = json.load(f) data4, data6 = json.load(f)
reload_firewall(data4, data6, True) reload_firewall(data4, data6, True)
except: except Exception as e:
print 'nemsikerult:(' logger.error('Unhandled exception: %s', unicode(e))
# raise
def start_networking(): def start_networking():
...@@ -163,13 +145,13 @@ def start_networking(): ...@@ -163,13 +145,13 @@ def start_networking():
with open(VLAN_CONF, 'r') as f: with open(VLAN_CONF, 'r') as f:
data = json.load(f) data = json.load(f)
reload_firewall_vlan(data, True) reload_firewall_vlan(data, True)
except: except Exception as e:
print 'nemsikerult:(' logger.error('Unhandled exception: %s', unicode(e))
# raise
def main(): def main():
start_networking() start_networking()
start_firewall() start_firewall()
main() main()
...@@ -2,6 +2,7 @@ from os import getenv, devnull ...@@ -2,6 +2,7 @@ from os import getenv, devnull
import subprocess as sp import subprocess as sp
import logging import logging
import json import json
import re
logging.basicConfig() logging.basicConfig()
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
...@@ -9,8 +10,23 @@ logger.setLevel(logging.DEBUG) ...@@ -9,8 +10,23 @@ logger.setLevel(logging.DEBUG)
NETNS = getenv('NETNS', 'fw') NETNS = getenv('NETNS', 'fw')
MAC = getenv('MAC') MAC = getenv('MAC')
UPLINK = json.loads(getenv('UPLINK', '[]'))
ADDRESSES = json.loads(getenv('ADDRESSES', '{}')) ADDRESSES = json.loads(getenv('ADDRESSES', '{}'))
HA = bool(getenv('HA', False))
# 2013-06-26 12:16:59 DHCPACK on 10.4.0.14 to 5c:b5:24:e6:5c:81
# (android_b555bfdba7c837d) via vlan0004
dhcp_ack_re = re.compile(r'\S DHCPACK on (?P<ip>[0-9.]+) to '
r'(?P<mac>[a-zA-Z0-9:]+) '
r'(\((?P<hostname>[^)]+)\) )?'
r'via (?P<interface>[a-zA-Z0-9]+)')
# 2013-06-25 11:08:38 DHCPDISCOVER from 48:5b:39:8e:82:78
# via vlan0005: network 10.5.0.0/16: no free leases
dhcp_no_free_re = re.compile(r'\S DHCPDISCOVER '
r'from (?P<mac>[a-zA-Z0-9:]+) '
r'via (?P<interface>[a-zA-Z0-9]+):')
def sudo(args, stdin=None): def sudo(args, stdin=None):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment