admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated dependencies

Browse Source
This commit is contained in:
Quentin McGaw
2020-04-19 18:13:48 +00:00
parent cbd11bfdf2
commit e805d42197
21 changed files with 140 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/dns/command.go
View File

@@ -1,6 +1,7 @@
package dns
import (
"context"
"fmt"
"io"
"strings"
@@ -8,19 +9,19 @@ import (
"github.com/qdm12/private-internet-access-docker/internal/constants"
)
func (c *configurator) Start(verbosityDetailsLevel uint8) (stdout io.ReadCloser, waitFn func() error, err error) {
func (c *configurator) Start(ctx context.Context, verbosityDetailsLevel uint8) (stdout io.ReadCloser, waitFn func() error, err error) {
c.logger.Info("starting unbound")
args := []string{"-d", "-c", string(constants.UnboundConf)}
if verbosityDetailsLevel > 0 {
args = append(args, "-"+strings.Repeat("v", int(verbosityDetailsLevel)))
}
// Only logs to stderr
_, stdout, waitFn, err = c.commander.Start("unbound", args...)
_, stdout, waitFn, err = c.commander.Start(ctx, "unbound", args...)
return stdout, waitFn, err
}
func (c *configurator) Version() (version string, err error) {
output, err := c.commander.Run("unbound", "-V")
func (c *configurator) Version(ctx context.Context) (version string, err error) {
output, err := c.commander.Run(ctx, "unbound", "-V")
if err != nil {
return "", fmt.Errorf("unbound version: %w", err)
}

9
internal/dns/command_test.go
View File

@@ -1,6 +1,7 @@
package dns
import (
"context"
"fmt"
"testing"
@@ -20,10 +21,10 @@ func Test_Start(t *testing.T) {
logger := mock_logging.NewMockLogger(mockCtrl)
logger.EXPECT().Info("starting unbound").Times(1)
commander := mock_command.NewMockCommander(mockCtrl)
commander.EXPECT().Start("unbound", "-d", "-c", string(constants.UnboundConf), "-vv").
commander.EXPECT().Start(context.Background(), "unbound", "-d", "-c", string(constants.UnboundConf), "-vv").
Return(nil, nil, nil, nil).Times(1)
c := &configurator{commander: commander, logger: logger}
stdout, waitFn, err := c.Start(2)
stdout, waitFn, err := c.Start(context.Background(), 2)
assert.Nil(t, stdout)
assert.Nil(t, waitFn)
assert.NoError(t, err)
@@ -56,10 +57,10 @@ func Test_Version(t *testing.T) {
mockCtrl := gomock.NewController(t)
defer mockCtrl.Finish()
commander := mock_command.NewMockCommander(mockCtrl)
commander.EXPECT().Run("unbound", "-V").
commander.EXPECT().Run(context.Background(), "unbound", "-V").
Return(tc.runOutput, tc.runErr).Times(1)
c := &configurator{commander: commander}
version, err := c.Version()
version, err := c.Version(context.Background())
if tc.err != nil {
require.Error(t, err)
assert.Equal(t, tc.err.Error(), err.Error())

5
internal/dns/dns.go
View File

@@ -1,6 +1,7 @@
package dns
import (
"context"
"io"
"net"
@@ -17,9 +18,9 @@ type Configurator interface {
MakeUnboundConf(settings settings.DNS, uid, gid int) (err error)
UseDNSInternally(IP net.IP)
UseDNSSystemWide(IP net.IP) error
Start(logLevel uint8) (stdout io.ReadCloser, waitFn func() error, err error)
Start(ctx context.Context, logLevel uint8) (stdout io.ReadCloser, waitFn func() error, err error)
WaitForUnbound() (err error)
Version() (version string, err error)
Version(ctx context.Context) (version string, err error)
}
type configurator struct {

7
internal/env/env.go vendored
View File

@@ -1,6 +1,7 @@
package env
import (
"context"
"os"
"github.com/qdm12/golibs/logging"
@@ -8,7 +9,7 @@ import (
type Env interface {
FatalOnError(err error)
PrintVersion(program string, commandFn func() (string, error))
PrintVersion(ctx context.Context, program string, commandFn func(ctx context.Context) (string, error))
}
type env struct {
@@ -30,8 +31,8 @@ func (e *env) FatalOnError(err error) {
}
}
func (e *env) PrintVersion(program string, commandFn func() (string, error)) {
version, err := commandFn()
func (e *env) PrintVersion(ctx context.Context, program string, commandFn func(ctx context.Context) (string, error)) {
version, err := commandFn(ctx)
if err != nil {
e.logger.Error(err)
} else {

5
internal/env/env_test.go vendored
View File

@@ -1,6 +1,7 @@
package env
import (
"context"
"fmt"
"testing"
@@ -75,8 +76,8 @@ func Test_PrintVersion(t *testing.T) {
}).Times(1)
}
e := &env{logger: logger}
commandFn := func() (string, error) { return tc.commandVersion, tc.commandErr }
e.PrintVersion(tc.program, commandFn)
commandFn := func(ctx context.Context) (string, error) { return tc.commandVersion, tc.commandErr }
e.PrintVersion(context.Background(), tc.program, commandFn)
if tc.commandErr != nil {
assert.Equal(t, logged, tc.commandErr.Error())
} else {

19
internal/firewall/firewall.go
View File

@@ -1,6 +1,7 @@
package firewall
import (
"context"
"net"
"github.com/qdm12/golibs/command"
@@ -10,15 +11,15 @@ import (
// Configurator allows to change firewall rules and modify network routes
type Configurator interface {
Version() (string, error)
AcceptAll() error
Clear() error
BlockAll() error
CreateGeneralRules() error
CreateVPNRules(dev models.VPNDevice, defaultInterface string, connections []models.OpenVPNConnection) error
CreateLocalSubnetsRules(subnet net.IPNet, extraSubnets []net.IPNet, defaultInterface string) error
AllowInputTrafficOnPort(device models.VPNDevice, port uint16) error
AllowAnyIncomingOnPort(port uint16) error
Version(ctx context.Context) (string, error)
AcceptAll(ctx context.Context) error
Clear(ctx context.Context) error
BlockAll(ctx context.Context) error
CreateGeneralRules(ctx context.Context) error
CreateVPNRules(ctx context.Context, dev models.VPNDevice, defaultInterface string, connections []models.OpenVPNConnection) error
CreateLocalSubnetsRules(ctx context.Context, subnet net.IPNet, extraSubnets []net.IPNet, defaultInterface string) error
AllowInputTrafficOnPort(ctx context.Context, device models.VPNDevice, port uint16) error
AllowAnyIncomingOnPort(ctx context.Context, port uint16) error
}
type configurator struct {

51
internal/firewall/iptables.go
View File

@@ -1,6 +1,7 @@
package firewall
import (
"context"
"fmt"
"net"
"strings"
@@ -9,8 +10,8 @@ import (
)
// Version obtains the version of the installed iptables
func (c *configurator) Version() (string, error) {
output, err := c.commander.Run("iptables", "--version")
func (c *configurator) Version(ctx context.Context) (string, error) {
output, err := c.commander.Run(ctx, "iptables", "--version")
if err != nil {
return "", err
}
@@ -21,26 +22,26 @@ func (c *configurator) Version() (string, error) {
return words[1], nil
}
func (c *configurator) runIptablesInstructions(instructions []string) error {
func (c *configurator) runIptablesInstructions(ctx context.Context, instructions []string) error {
for _, instruction := range instructions {
if err := c.runIptablesInstruction(instruction); err != nil {
if err := c.runIptablesInstruction(ctx, instruction); err != nil {
return err
}
}
return nil
}
func (c *configurator) runIptablesInstruction(instruction string) error {
func (c *configurator) runIptablesInstruction(ctx context.Context, instruction string) error {
flags := strings.Fields(instruction)
if output, err := c.commander.Run("iptables", flags...); err != nil {
if output, err := c.commander.Run(ctx, "iptables", flags...); err != nil {
return fmt.Errorf("failed executing %q: %s: %w", instruction, output, err)
}
return nil
}
func (c *configurator) Clear() error {
func (c *configurator) Clear(ctx context.Context) error {
c.logger.Info("clearing all rules")
return c.runIptablesInstructions([]string{
return c.runIptablesInstructions(ctx, []string{
"--flush",
"--delete-chain",
"-t nat --flush",
@@ -48,18 +49,18 @@ func (c *configurator) Clear() error {
})
}
func (c *configurator) AcceptAll() error {
func (c *configurator) AcceptAll(ctx context.Context) error {
c.logger.Info("accepting all traffic")
return c.runIptablesInstructions([]string{
return c.runIptablesInstructions(ctx, []string{
"-P INPUT ACCEPT",
"-P OUTPUT ACCEPT",
"-P FORWARD ACCEPT",
})
}
func (c *configurator) BlockAll() error {
func (c *configurator) BlockAll(ctx context.Context) error {
c.logger.Info("blocking all traffic")
return c.runIptablesInstructions([]string{
return c.runIptablesInstructions(ctx, []string{
"-P INPUT DROP",
"-F OUTPUT",
"-P OUTPUT DROP",
@@ -67,9 +68,9 @@ func (c *configurator) BlockAll() error {
})
}
func (c *configurator) CreateGeneralRules() error {
func (c *configurator) CreateGeneralRules(ctx context.Context) error {
c.logger.Info("creating general rules")
return c.runIptablesInstructions([]string{
return c.runIptablesInstructions(ctx, []string{
"-A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT",
"-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT",
"-A OUTPUT -o lo -j ACCEPT",
@@ -77,26 +78,26 @@ func (c *configurator) CreateGeneralRules() error {
})
}
func (c *configurator) CreateVPNRules(dev models.VPNDevice, defaultInterface string, connections []models.OpenVPNConnection) error {
func (c *configurator) CreateVPNRules(ctx context.Context, dev models.VPNDevice, defaultInterface string, connections []models.OpenVPNConnection) error {
for _, connection := range connections {
c.logger.Info("allowing output traffic to VPN server %s through %s on port %s %d",
connection.IP, defaultInterface, connection.Protocol, connection.Port)
if err := c.runIptablesInstruction(
if err := c.runIptablesInstruction(ctx,
fmt.Sprintf("-A OUTPUT -d %s -o %s -p %s -m %s --dport %d -j ACCEPT",
connection.IP, defaultInterface, connection.Protocol, connection.Protocol, connection.Port)); err != nil {
return err
}
}
if err := c.runIptablesInstruction(fmt.Sprintf("-A OUTPUT -o %s -j ACCEPT", dev)); err != nil {
if err := c.runIptablesInstruction(ctx, fmt.Sprintf("-A OUTPUT -o %s -j ACCEPT", dev)); err != nil {
return err
}
return nil
}
func (c *configurator) CreateLocalSubnetsRules(subnet net.IPNet, extraSubnets []net.IPNet, defaultInterface string) error {
func (c *configurator) CreateLocalSubnetsRules(ctx context.Context, subnet net.IPNet, extraSubnets []net.IPNet, defaultInterface string) error {
subnetStr := subnet.String()
c.logger.Info("accepting input and output traffic for %s", subnetStr)
if err := c.runIptablesInstructions([]string{
if err := c.runIptablesInstructions(ctx, []string{
fmt.Sprintf("-A INPUT -s %s -d %s -j ACCEPT", subnetStr, subnetStr),
fmt.Sprintf("-A OUTPUT -s %s -d %s -j ACCEPT", subnetStr, subnetStr),
}); err != nil {
@@ -105,13 +106,13 @@ func (c *configurator) CreateLocalSubnetsRules(subnet net.IPNet, extraSubnets []
for _, extraSubnet := range extraSubnets {
extraSubnetStr := extraSubnet.String()
c.logger.Info("accepting input traffic through %s from %s to %s", defaultInterface, extraSubnetStr, subnetStr)
if err := c.runIptablesInstruction(
if err := c.runIptablesInstruction(ctx,
fmt.Sprintf("-A INPUT -i %s -s %s -d %s -j ACCEPT", defaultInterface, extraSubnetStr, subnetStr)); err != nil {
return err
}
// Thanks to @npawelek
c.logger.Info("accepting output traffic through %s from %s to %s", defaultInterface, subnetStr, extraSubnetStr)
if err := c.runIptablesInstruction(
if err := c.runIptablesInstruction(ctx,
fmt.Sprintf("-A OUTPUT -o %s -s %s -d %s -j ACCEPT", defaultInterface, subnetStr, extraSubnetStr)); err != nil {
return err
}
@@ -120,17 +121,17 @@ func (c *configurator) CreateLocalSubnetsRules(subnet net.IPNet, extraSubnets []
}
// Used for port forwarding
func (c *configurator) AllowInputTrafficOnPort(device models.VPNDevice, port uint16) error {
func (c *configurator) AllowInputTrafficOnPort(ctx context.Context, device models.VPNDevice, port uint16) error {
c.logger.Info("accepting input traffic through %s on port %d", device, port)
return c.runIptablesInstructions([]string{
return c.runIptablesInstructions(ctx, []string{
fmt.Sprintf("-A INPUT -i %s -p tcp --dport %d -j ACCEPT", device, port),
fmt.Sprintf("-A INPUT -i %s -p udp --dport %d -j ACCEPT", device, port),
})
}
func (c *configurator) AllowAnyIncomingOnPort(port uint16) error {
func (c *configurator) AllowAnyIncomingOnPort(ctx context.Context, port uint16) error {
c.logger.Info("accepting any input traffic on port %d", port)
return c.runIptablesInstructions([]string{
return c.runIptablesInstructions(ctx, []string{
fmt.Sprintf("-A INPUT -p tcp --dport %d -j ACCEPT", port),
fmt.Sprintf("-A INPUT -p udp --dport %d -j ACCEPT", port),
})

9
internal/openvpn/command.go
View File

@@ -1,6 +1,7 @@
package openvpn
import (
"context"
"fmt"
"io"
"strings"
@@ -8,14 +9,14 @@ import (
"github.com/qdm12/private-internet-access-docker/internal/constants"
)
func (c *configurator) Start() (stdout io.ReadCloser, waitFn func() error, err error) {
func (c *configurator) Start(ctx context.Context) (stdout io.ReadCloser, waitFn func() error, err error) {
c.logger.Info("starting openvpn")
stdout, _, waitFn, err = c.commander.Start("openvpn", "--config", string(constants.OpenVPNConf))
stdout, _, waitFn, err = c.commander.Start(ctx, "openvpn", "--config", string(constants.OpenVPNConf))
return stdout, waitFn, err
}
func (c *configurator) Version() (string, error) {
output, err := c.commander.Run("openvpn", "--version")
func (c *configurator) Version(ctx context.Context) (string, error) {
output, err := c.commander.Run(ctx, "openvpn", "--version")
if err != nil && err.Error() != "exit status 1" {
return "", err
}

5
internal/openvpn/openvpn.go
View File

@@ -1,6 +1,7 @@
package openvpn
import (
"context"
"io"
"os"
@@ -11,11 +12,11 @@ import (
)
type Configurator interface {
Version() (string, error)
Version(ctx context.Context) (string, error)
WriteAuthFile(user, password string, uid, gid int) error
CheckTUN() error
CreateTUN() error
Start() (stdout io.ReadCloser, waitFn func() error, err error)
Start(ctx context.Context) (stdout io.ReadCloser, waitFn func() error, err error)
}
type configurator struct {

3
internal/pia/pia.go
View File

@@ -1,6 +1,7 @@
package pia
import (
"context"
"net"
"github.com/qdm12/golibs/crypto/random"
@@ -20,7 +21,7 @@ type Configurator interface {
GetPortForward() (port uint16, err error)
WritePortForward(filepath models.Filepath, port uint16, uid, gid int) (err error)
ClearPortForward(filepath models.Filepath, uid, gid int) (err error)
AllowPortForwardFirewall(device models.VPNDevice, port uint16) (err error)
AllowPortForwardFirewall(ctx context.Context, device models.VPNDevice, port uint16) (err error)
}
type configurator struct {

5
internal/pia/portforward.go
View File

@@ -1,6 +1,7 @@
package pia
import (
"context"
"encoding/hex"
"encoding/json"
"fmt"
@@ -47,9 +48,9 @@ func (c *configurator) WritePortForward(filepath models.Filepath, port uint16, u
files.Permissions(0400))
}
func (c *configurator) AllowPortForwardFirewall(device models.VPNDevice, port uint16) (err error) {
func (c *configurator) AllowPortForwardFirewall(ctx context.Context, device models.VPNDevice, port uint16) (err error) {
c.logger.Info("Allowing forwarded port %d through firewall", port)
return c.firewall.AllowInputTrafficOnPort(device, port)
return c.firewall.AllowInputTrafficOnPort(ctx, device, port)
}
func (c *configurator) ClearPortForward(filepath models.Filepath, uid, gid int) (err error) {

11
internal/routing/mutate.go
View File

@@ -1,23 +1,24 @@
package routing
import (
"context"
"net"
"fmt"
)
func (r *routing) AddRoutesVia(subnets []net.IPNet, defaultGateway net.IP, defaultInterface string) error {
func (r *routing) AddRoutesVia(ctx context.Context, subnets []net.IPNet, defaultGateway net.IP, defaultInterface string) error {
for _, subnet := range subnets {
exists, err := r.routeExists(subnet)
if err != nil {
return err
} else if exists { // thanks to @npawelek https://github.com/npawelek
if err := r.removeRoute(subnet); err != nil {
if err := r.removeRoute(ctx, subnet); err != nil {
return err
}
}
r.logger.Info("adding %s as route via %s", subnet.String(), defaultInterface)
output, err := r.commander.Run("ip", "route", "add", subnet.String(), "via", defaultGateway.String(), "dev", defaultInterface)
output, err := r.commander.Run(ctx, "ip", "route", "add", subnet.String(), "via", defaultGateway.String(), "dev", defaultInterface)
if err != nil {
return fmt.Errorf("cannot add route for %s via %s %s %s: %s: %w", subnet.String(), defaultGateway.String(), "dev", defaultInterface, output, err)
}
@@ -25,8 +26,8 @@ func (r *routing) AddRoutesVia(subnets []net.IPNet, defaultGateway net.IP, defau
return nil
}
func (r *routing) removeRoute(subnet net.IPNet) (err error) {
output, err := r.commander.Run("ip", "route", "del", subnet.String())
func (r *routing) removeRoute(ctx context.Context, subnet net.IPNet) (err error) {
output, err := r.commander.Run(ctx, "ip", "route", "del", subnet.String())
if err != nil {
return fmt.Errorf("cannot delete route for %s: %s: %w", subnet.String(), output, err)
}

5
internal/routing/mutate_test.go
View File

@@ -1,6 +1,7 @@
package routing
import (
"context"
"fmt"
"net"
"testing"
@@ -51,10 +52,10 @@ func Test_removeRoute(t *testing.T) {
defer mockCtrl.Finish()
commander := mock_command.NewMockCommander(mockCtrl)
commander.EXPECT().Run("ip", "route", "del", tc.subnet.String()).
commander.EXPECT().Run(context.Background(), "ip", "route", "del", tc.subnet.String()).
Return(tc.runOutput, tc.runErr).Times(1)
r := &routing{commander: commander}
err := r.removeRoute(tc.subnet)
err := r.removeRoute(context.Background(), tc.subnet)
if tc.err != nil {
require.Error(t, err)
assert.Equal(t, tc.err.Error(), err.Error())

3
internal/routing/routing.go
View File

@@ -1,6 +1,7 @@
package routing
import (
"context"
"net"
"github.com/qdm12/golibs/command"
@@ -9,7 +10,7 @@ import (
)
type Routing interface {
AddRoutesVia(subnets []net.IPNet, defaultGateway net.IP, defaultInterface string) error
AddRoutesVia(ctx context.Context, subnets []net.IPNet, defaultGateway net.IP, defaultInterface string) error
DefaultRoute() (defaultInterface string, defaultGateway net.IP, defaultSubnet net.IPNet, err error)
CurrentPublicIP(defaultInterface string) (ip net.IP, err error)
}

9
internal/shadowsocks/command.go
View File

@@ -1,6 +1,7 @@
package shadowsocks
import (
"context"
"fmt"
"io"
"strings"
@@ -8,7 +9,7 @@ import (
"github.com/qdm12/private-internet-access-docker/internal/constants"
)
func (c *configurator) Start(server string, port uint16, password string, log bool) (stdout, stderr io.ReadCloser, waitFn func() error, err error) {
func (c *configurator) Start(ctx context.Context, server string, port uint16, password string, log bool) (stdout, stderr io.ReadCloser, waitFn func() error, err error) {
c.logger.Info("starting shadowsocks server")
args := []string{
"-c", string(constants.ShadowsocksConf),
@@ -18,13 +19,13 @@ func (c *configurator) Start(server string, port uint16, password string, log bo
if log {
args = append(args, "-v")
}
stdout, stderr, waitFn, err = c.commander.Start("ss-server", args...)
stdout, stderr, waitFn, err = c.commander.Start(ctx, "ss-server", args...)
return stdout, stderr, waitFn, err
}
// Version obtains the version of the installed shadowsocks server
func (c *configurator) Version() (string, error) {
output, err := c.commander.Run("ss-server", "-h")
func (c *configurator) Version(ctx context.Context) (string, error) {
output, err := c.commander.Run(ctx, "ss-server", "-h")
if err != nil {
return "", err
}

5
internal/shadowsocks/shadowsocks.go
View File

@@ -1,6 +1,7 @@
package shadowsocks
import (
"context"
"io"
"github.com/qdm12/golibs/command"
@@ -9,9 +10,9 @@ import (
)
type Configurator interface {
Version() (string, error)
Version(ctx context.Context) (string, error)
MakeConf(port uint16, password, method string, uid, gid int) (err error)
Start(server string, port uint16, password string, log bool) (stdout, stderr io.ReadCloser, waitFn func() error, err error)
Start(ctx context.Context, server string, port uint16, password string, log bool) (stdout, stderr io.ReadCloser, waitFn func() error, err error)
}
type configurator struct {

9
internal/tinyproxy/command.go
View File

@@ -1,20 +1,21 @@
package tinyproxy
import (
"context"
"fmt"
"io"
"strings"
)
func (c *configurator) Start() (stdout io.ReadCloser, waitFn func() error, err error) {
func (c *configurator) Start(ctx context.Context) (stdout io.ReadCloser, waitFn func() error, err error) {
c.logger.Info("starting tinyproxy server")
stdout, _, waitFn, err = c.commander.Start("tinyproxy", "-d")
stdout, _, waitFn, err = c.commander.Start(ctx, "tinyproxy", "-d")
return stdout, waitFn, err
}
// Version obtains the version of the installed Tinyproxy server
func (c *configurator) Version() (string, error) {
output, err := c.commander.Run("tinyproxy", "-v")
func (c *configurator) Version(ctx context.Context) (string, error) {
output, err := c.commander.Run(ctx, "tinyproxy", "-v")
if err != nil {
return "", err
}

5
internal/tinyproxy/tinyproxy.go
View File

@@ -1,6 +1,7 @@
package tinyproxy
import (
"context"
"io"
"github.com/qdm12/golibs/command"
@@ -10,9 +11,9 @@ import (
)
type Configurator interface {
Version() (string, error)
Version(ctx context.Context) (string, error)
MakeConf(logLevel models.TinyProxyLogLevel, port uint16, user, password string, uid, gid int) error
Start() (stdout io.ReadCloser, waitFn func() error, err error)
Start(ctx context.Context) (stdout io.ReadCloser, waitFn func() error, err error)
}
type configurator struct {