- New centralized logfile system for Network, DNS & VPN,
- Now kill VPN suprocesses, - Move file config in syscoinfig file, - Misc fixes.
This commit is contained in:
@@ -39,24 +39,12 @@ declare -Ag NETWORK_DST_NAME_IDX
|
||||
declare -Ag NETWORK_DST_DEV_IDX
|
||||
|
||||
declare -g NETWORK_CONFIG_FILE="/etc/sysconfig/rx3-network"
|
||||
declare -g NETWORK_CONFIG_LOCK="/var/lock/network/rx3-network"
|
||||
declare -g NETWORK_CONFIG_LOCK="/var/lock/network/config"
|
||||
#declare -g NETWORK_CONFIG_LOCK="${NETWORK_CONFIG_FILE}"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
file_lock ${NETWORK_CONFIG_LOCK} READ 9
|
||||
|
||||
[ -e "${NETWORK_CONFIG_FILE}" ] && . "${NETWORK_CONFIG_FILE}"
|
||||
|
||||
file_unlock 9
|
||||
|
||||
|
||||
if [ ! -v LOG ] || [[ "${LOG}" == "" ]]
|
||||
then
|
||||
export LOG=":"
|
||||
fi
|
||||
declare -g NETWORK_LOG_FILE
|
||||
declare -g NETWORK_LOG_LOCK
|
||||
#declare -g NETWORK_LOG_LOCK="${NETWORK_LOG_FILE}"
|
||||
|
||||
|
||||
|
||||
@@ -150,7 +138,7 @@ num_to_ip()
|
||||
|
||||
network_common_load()
|
||||
{
|
||||
${LOG} 1>&2 "Loading common..."
|
||||
log_print "Network" "Loading common..."
|
||||
|
||||
NETWORK_OPENVPN_STATUS="$( sudo /usr/local/sbin/openvpn-status)"
|
||||
NETWORK_TABLE_LIST=""
|
||||
@@ -185,7 +173,7 @@ network_ip_route_tab_load()
|
||||
nirtl_id=0
|
||||
|
||||
|
||||
${LOG} 1>&2 "Loading IP Route tab..."
|
||||
log_print "Network" "Loading IP Route tab..."
|
||||
|
||||
while IFS= read -r line
|
||||
do
|
||||
@@ -273,7 +261,7 @@ network_dst_tab_load()
|
||||
ndtl_id=0
|
||||
|
||||
|
||||
${LOG} 1>&2 "Loading Dst tab..."
|
||||
log_print "Network" "Loading Dst tab..."
|
||||
|
||||
while IFS= read -r line
|
||||
do
|
||||
@@ -459,7 +447,7 @@ network_src_tab_load()
|
||||
nstl_port_default=3000
|
||||
|
||||
|
||||
${LOG} 1>&2 "Loading Src tab..."
|
||||
log_print "Network" "Loading Src tab..."
|
||||
|
||||
ip_base=$( ip_to_num ${NETWORK_SRC_LOCAL_ADDRESS})
|
||||
|
||||
@@ -669,7 +657,7 @@ network_src_tab_ip_lookup()
|
||||
|
||||
network_tab_load()
|
||||
{
|
||||
${LOG} 1>&2 "Loading config..."
|
||||
log_print "Network" "Loading config..."
|
||||
|
||||
dns_tab_load
|
||||
|
||||
@@ -717,14 +705,14 @@ network_table_init()
|
||||
|
||||
if [[ ${dst_type} == "0" ]]
|
||||
then
|
||||
${LOG} "Copy main default route into table 3 (VPN Local routing table)"
|
||||
log_print "Network" "Copy main default route into table 3 (VPN Local routing table)"
|
||||
|
||||
if [[ "$(ip route list match 0.0.0.0 table main)" != "" ]]
|
||||
then
|
||||
${DEBUG} ip route add $(ip route list match 0.0.0.0 table main) table 3
|
||||
fi
|
||||
else
|
||||
${LOG} "Define default route to device: [${dst_device}] into table: [${dst_table}]"
|
||||
log_print "Network" "Define default route to device: [${dst_device}] into table: [${dst_table}]"
|
||||
|
||||
if [[ "$(ip link show ${dst_device})" != "" ]]
|
||||
then
|
||||
@@ -732,7 +720,7 @@ network_table_init()
|
||||
fi
|
||||
fi
|
||||
|
||||
${LOG} "Add Rx3 routes in VPN tables"
|
||||
log_print "Network" "Add Rx3 routes in VPN tables"
|
||||
|
||||
for ip_route_id in ${NETWORK_IP_ROUTE_ID_LIST}
|
||||
do
|
||||
@@ -753,7 +741,7 @@ network_table_init()
|
||||
|
||||
network_table_deinit()
|
||||
{
|
||||
${LOG} "Remove Rx3 routes in VPN tables"
|
||||
log_print "Network" "Remove Rx3 routes in VPN tables"
|
||||
|
||||
for table in ${NETWORK_TABLE_LIST}
|
||||
do
|
||||
@@ -770,9 +758,9 @@ network_table_deinit()
|
||||
network_dst_tab_get ${dst_id}
|
||||
|
||||
|
||||
${LOG} "Remove default route in table: [${dst_table}]"
|
||||
log_print "Network" "Remove default route in table: [${dst_table}]"
|
||||
|
||||
${DEBUG} ip route del default table ${dst_table}
|
||||
${DEBUG} ip route del default table ${dst_table} 2>/dev/null
|
||||
done
|
||||
}
|
||||
|
||||
@@ -832,21 +820,21 @@ network_dst_address_refresh()
|
||||
local proxy_port=8080
|
||||
|
||||
|
||||
dst_ip_new=$( nc ${proxy_host} ${proxy_port})
|
||||
dst_ip_new=$( nc -w 5 ${proxy_host} ${proxy_port})
|
||||
|
||||
if is_valid_ip ${dst_ip_new}
|
||||
then
|
||||
if [[ "${dst_ip_old}" != "${dst_ip_new}" ]]
|
||||
then
|
||||
${LOG} "Update ${dst_host_name}: Old: [${dst_ip_old}] New: [${dst_ip_new}]"
|
||||
log_print "Network" "Update ${dst_host_name}: Old: [${dst_ip_old}] New: [${dst_ip_new}]"
|
||||
${DEBUG} /usr/local/sbin/ip_host_update "${dst_host_name/.*}" "${dst_host_name#*.}" "${dst_ip_new}" 60
|
||||
|
||||
tab_assign NETWORK_DST_TAB "${dst_id},IP" "${dst_ip_new}"
|
||||
else
|
||||
${LOG} "Skiping ${dst_host_name}: IP: [${dst_ip_old}]"
|
||||
log_print "Network" "Skiping ${dst_host_name}: IP: [${dst_ip_old}]"
|
||||
fi
|
||||
else
|
||||
${LOG} "Skiping ${dst_host_name}: Invalid IP: [${dst_ip_new}] Old IP[${dst_ip_old}]"
|
||||
log_print "Network" "Skiping ${dst_host_name}: Invalid IP: [${dst_ip_new}] Old IP: [${dst_ip_old}]"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -886,18 +874,18 @@ function bridge_up
|
||||
bu_table=$6
|
||||
|
||||
|
||||
${LOG} "Create bridge [${bu_bridge_device}]..."
|
||||
log_print "Network" "Create bridge [${bu_bridge_device}]..."
|
||||
|
||||
${DEBUG} ip link add name ${bu_bridge_device} type bridge
|
||||
|
||||
|
||||
${LOG} "Configure host side [${bu_bridge_device}:${bu_bridge_address}/${bu_bridge_mask}]..."
|
||||
log_print "Network" "Configure host side [${bu_bridge_device}:${bu_bridge_address}/${bu_bridge_mask}]..."
|
||||
|
||||
${DEBUG} ip link set ${bu_bridge_device} up
|
||||
${DEBUG} ip addr add ${bu_bridge_address}/${bu_bridge_mask} dev ${bu_bridge_device}
|
||||
|
||||
|
||||
${LOG} "Configure IP rule and routing [${bu_bridge_device}]..."
|
||||
log_print "Network" "Configure IP rule and routing [${bu_bridge_device}]..."
|
||||
|
||||
${DEBUG} ip rule add from ${bu_peer_address} table ${bu_table}
|
||||
|
||||
@@ -926,17 +914,17 @@ function bridge_down
|
||||
bd_table=$6
|
||||
|
||||
|
||||
${LOG} "Remove IP routing and rule [${bd_bridge_device}]..."
|
||||
log_print "Network" "Remove IP routing and rule [${bd_bridge_device}]..."
|
||||
|
||||
for bd_tab in ${NETWORK_TABLE_LIST}
|
||||
do
|
||||
${DEBUG} ip route del ${bd_bridge_network}/${bd_bridge_mask} dev ${bd_bridge_device} table ${bd_tab} || true
|
||||
${DEBUG} ip route del ${bd_bridge_network}/${bd_bridge_mask} dev ${bd_bridge_device} table ${bd_tab} 2>/dev/null || true
|
||||
done
|
||||
|
||||
${DEBUG} ip rule del from ${bd_peer_address} table ${bd_table}
|
||||
${DEBUG} ip rule del from ${bd_peer_address} table ${bd_table} 2>/dev/null
|
||||
|
||||
|
||||
${LOG} "Remove bridge [${bd_bridge_device}]..."
|
||||
log_print "Network" "Remove bridge [${bd_bridge_device}]..."
|
||||
|
||||
${DEBUG} ip link show ${bd_bridge_device} &>/dev/null && ${DEBUG} ip link del ${bd_bridge_device}
|
||||
}
|
||||
@@ -951,7 +939,7 @@ function bridge_down
|
||||
|
||||
network_bridge_init()
|
||||
{
|
||||
${LOG} "Add all Bridges"
|
||||
log_print "Network" "Add all Bridges"
|
||||
|
||||
for src_id in ${NETWORK_SRC_ID_LIST}
|
||||
do
|
||||
@@ -980,7 +968,7 @@ network_bridge_init()
|
||||
|
||||
network_bridge_deinit()
|
||||
{
|
||||
${LOG} "Remove all Bridge"
|
||||
log_print "Network" "Remove all Bridge"
|
||||
|
||||
for src_id in ${NETWORK_SRC_ID_LIST}
|
||||
do
|
||||
@@ -1046,12 +1034,12 @@ network_forward_remove()
|
||||
|
||||
network_forward_start()
|
||||
{
|
||||
${LOG} "Create VPN forward chain"
|
||||
log_print "Network" "Create VPN forward chain"
|
||||
|
||||
${DEBUG} iptables -t nat -N PREROUTING-VPN
|
||||
|
||||
|
||||
${LOG} "Add jump rule for VPN"
|
||||
log_print "Network" "Add jump rule for VPN"
|
||||
|
||||
for dst_id in ${NETWORK_DST_ID_LIST}
|
||||
do
|
||||
@@ -1064,7 +1052,7 @@ network_forward_start()
|
||||
done
|
||||
|
||||
|
||||
${LOG} "Add VPN client addresse rules"
|
||||
log_print "Network" "Add VPN client addresse rules"
|
||||
|
||||
for src_id in ${NETWORK_SRC_ID_LIST}
|
||||
do
|
||||
@@ -1089,7 +1077,7 @@ network_forward_start()
|
||||
|
||||
network_forward_stop()
|
||||
{
|
||||
${LOG} "Remove VPN client addresse rules"
|
||||
log_print "Network" "Remove VPN client addresse rules"
|
||||
|
||||
for src_id in ${NETWORK_SRC_ID_LIST}
|
||||
do
|
||||
@@ -1104,7 +1092,7 @@ network_forward_stop()
|
||||
done
|
||||
|
||||
|
||||
${LOG} "Remove Jump rule for VPN"
|
||||
log_print "Network" "Remove Jump rule for VPN"
|
||||
|
||||
for dst_id in ${NETWORK_DST_ID_LIST}
|
||||
do
|
||||
@@ -1112,14 +1100,14 @@ network_forward_stop()
|
||||
|
||||
if [[ "${dst_type}" != "0" ]]
|
||||
then
|
||||
${DEBUG} iptables -t nat -D PREROUTING -i ${dst_device} -j PREROUTING-VPN
|
||||
${DEBUG} iptables -t nat -D PREROUTING -i ${dst_device} -j PREROUTING-VPN 2>/dev/null
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
${LOG} "Delete VPN forward chain"
|
||||
log_print "Network" "Delete VPN forward chain"
|
||||
|
||||
${DEBUG} iptables -t nat -X PREROUTING-VPN
|
||||
${DEBUG} iptables -t nat -X PREROUTING-VPN 2>/dev/null
|
||||
}
|
||||
|
||||
|
||||
@@ -1132,9 +1120,39 @@ network_forward_stop()
|
||||
|
||||
network_init()
|
||||
{
|
||||
file_dir_init ${NETWORK_CONFIG_LOCK} root apache
|
||||
file_lock ${NETWORK_CONFIG_LOCK} READ 9
|
||||
|
||||
[ -e "${NETWORK_CONFIG_FILE}" ] && . "${NETWORK_CONFIG_FILE}"
|
||||
|
||||
file_unlock 9
|
||||
|
||||
|
||||
# By default Loggin is enabled
|
||||
# export LOG="" to disable it
|
||||
|
||||
if [ -v LOG ] && [[ "${LOG}" == "" ]]
|
||||
then
|
||||
export NETWORK_LOG_FILE=""
|
||||
export NETWORK_LOG_LOCK=""
|
||||
fi
|
||||
|
||||
|
||||
# By default Echoing is disabled
|
||||
# export LOG="echo" to enable it
|
||||
|
||||
if [ ! -v ECHO ] || [[ "${ECHO}" == "" ]]
|
||||
then
|
||||
export ECHO=":"
|
||||
fi
|
||||
|
||||
log_set "${NETWORK_LOG_FILE}" "${NETWORK_LOG_LOCK}" "${ECHO}"
|
||||
|
||||
|
||||
dns_init
|
||||
|
||||
file_dir_init ${NETWORK_CONFIG_LOCK} root apache
|
||||
file_dir_init ${NETWORK_LOG_FILE} root apache
|
||||
file_dir_init ${NETWORK_LOG_LOCK} root apache
|
||||
|
||||
network_tab_load
|
||||
}
|
||||
@@ -1179,11 +1197,14 @@ network_start()
|
||||
|
||||
network_stop()
|
||||
{
|
||||
|
||||
network_forward_stop
|
||||
|
||||
network_bridge_deinit
|
||||
|
||||
network_table_deinit
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user