admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Maint: firewall and routing use logger.Debug

Browse Source 
- Remove SetVerbose and SetDebug from both
- Log routing teardown
- Default logging level set to info
This commit is contained in:
Quentin McGaw (desktop)
2021-07-23 18:20:18 +00:00
parent b23eb8f29d
commit 94b60d9f70
7 changed files with 57 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
cmd/gluetun/main.go
View File

@@ -32,6 +32,7 @@ import (
"github.com/qdm12/gluetun/internal/unix" "github.com/qdm12/gluetun/internal/unix"
"github.com/qdm12/gluetun/internal/updater" "github.com/qdm12/gluetun/internal/updater"
versionpkg "github.com/qdm12/gluetun/internal/version" versionpkg "github.com/qdm12/gluetun/internal/version"
"github.com/qdm12/golibs/command"
"github.com/qdm12/golibs/logging" "github.com/qdm12/golibs/logging"
"github.com/qdm12/golibs/params" "github.com/qdm12/golibs/params"
"github.com/qdm12/goshutdown" "github.com/qdm12/goshutdown"
@@ -62,7 +63,9 @@ func main() {
ctx, stop := signal.NotifyContext(ctx, syscall.SIGINT, syscall.SIGTERM, os.Interrupt) ctx, stop := signal.NotifyContext(ctx, syscall.SIGINT, syscall.SIGTERM, os.Interrupt)
ctx, cancel := context.WithCancel(ctx) ctx, cancel := context.WithCancel(ctx)
logger := logging.NewParent(logging.Settings{}) logger := logging.NewParent(logging.Settings{
Level: logging.LevelInfo,
})
args := os.Args args := os.Args
unix := unix.New() unix := unix.New()
@@ -137,11 +140,6 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
const cacertsPath = "/etc/ssl/certs/ca-certificates.crt" const cacertsPath = "/etc/ssl/certs/ca-certificates.crt"
dnsConf := unbound.NewConfigurator(nil, dnsCrypto, dnsConf := unbound.NewConfigurator(nil, dnsCrypto,
"/etc/unbound", "/usr/sbin/unbound", cacertsPath) "/etc/unbound", "/usr/sbin/unbound", cacertsPath)
routingConf := routing.NewRouting(
logger.NewChild(logging.Settings{Prefix: "routing: "}))
firewallConf := firewall.NewConfigurator(
logger.NewChild(logging.Settings{Prefix: "firewall: "}),
routingConf)
announcementExp, err := time.Parse(time.RFC3339, "2021-07-22T00:00:00Z") announcementExp, err := time.Parse(time.RFC3339, "2021-07-22T00:00:00Z")
if err != nil { if err != nil {
@@ -164,13 +162,18 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
fmt.Println(line) fmt.Println(line)
} }
if err := printVersions(ctx, logger, []printVersionElement{ cmder := command.NewCommander()
err = printVersions(ctx, logger, []printVersionElement{
{name: "Alpine", getVersion: alpineConf.Version}, {name: "Alpine", getVersion: alpineConf.Version},
{name: "OpenVPN 2.4", getVersion: ovpnConf.Version24}, {name: "OpenVPN 2.4", getVersion: ovpnConf.Version24},
{name: "OpenVPN 2.5", getVersion: ovpnConf.Version25}, {name: "OpenVPN 2.5", getVersion: ovpnConf.Version25},
{name: "Unbound", getVersion: dnsConf.Version}, {name: "Unbound", getVersion: dnsConf.Version},
{name: "IPtables", getVersion: firewallConf.Version}, {name: "IPtables", getVersion: func(ctx context.Context) (version string, err error) {
}); err != nil { return firewall.Version(ctx, cmder)
}},
})
if err != nil {
return err return err
} }
@@ -217,10 +220,20 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
return err return err
} }
firewallLogLevel := logging.LevelInfo
if allSettings.Firewall.Debug { if allSettings.Firewall.Debug {
firewallConf.SetDebug() firewallLogLevel = logging.LevelDebug
routingConf.SetDebug()
} }
routingLogger := logger.NewChild(logging.Settings{
Prefix: "routing: ",
Level: firewallLogLevel,
})
routingConf := routing.NewRouting(routingLogger)
firewallLogger := logger.NewChild(logging.Settings{
Prefix: "firewall: ",
Level: firewallLogLevel,
})
firewallConf := firewall.NewConfigurator(firewallLogger, routingConf)
defaultInterface, defaultGateway, err := routingConf.DefaultRoute() defaultInterface, defaultGateway, err := routingConf.DefaultRoute()
if err != nil { if err != nil {
@@ -246,7 +259,7 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
return fmt.Errorf("%w: %s", errSetupRouting, err) return fmt.Errorf("%w: %s", errSetupRouting, err)
} }
defer func() { defer func() {
routingConf.SetVerbose(false) logger.Info("routing cleanup...")
if err := routingConf.TearDown(); err != nil { if err := routingConf.TearDown(); err != nil {
logger.Error("cannot teardown routing: " + err.Error()) logger.Error("cannot teardown routing: " + err.Error())
} }

7
internal/firewall/firewall.go
View File

@@ -15,13 +15,11 @@ import (
// Configurator allows to change firewall rules and modify network routes. // Configurator allows to change firewall rules and modify network routes.
type Configurator interface { type Configurator interface {
Version(ctx context.Context) (string, error)
SetEnabled(ctx context.Context, enabled bool) (err error) SetEnabled(ctx context.Context, enabled bool) (err error)
SetVPNConnection(ctx context.Context, connection models.OpenVPNConnection) (err error) SetVPNConnection(ctx context.Context, connection models.OpenVPNConnection) (err error)
SetAllowedPort(ctx context.Context, port uint16, intf string) (err error) SetAllowedPort(ctx context.Context, port uint16, intf string) (err error)
SetOutboundSubnets(ctx context.Context, subnets []net.IPNet) (err error) SetOutboundSubnets(ctx context.Context, subnets []net.IPNet) (err error)
RemoveAllowedPort(ctx context.Context, port uint16) (err error) RemoveAllowedPort(ctx context.Context, port uint16) (err error)
SetDebug()
// SetNetworkInformation is meant to be called only once // SetNetworkInformation is meant to be called only once
SetNetworkInformation(defaultInterface string, defaultGateway net.IP, SetNetworkInformation(defaultInterface string, defaultGateway net.IP,
localNetworks []routing.LocalNetwork, localIP net.IP) localNetworks []routing.LocalNetwork, localIP net.IP)
@@ -33,7 +31,6 @@ type configurator struct { //nolint:maligned
routing routing.Routing routing routing.Routing
iptablesMutex sync.Mutex iptablesMutex sync.Mutex
ip6tablesMutex sync.Mutex ip6tablesMutex sync.Mutex
debug bool
defaultInterface string defaultInterface string
defaultGateway net.IP defaultGateway net.IP
localNetworks []routing.LocalNetwork localNetworks []routing.LocalNetwork
@@ -65,10 +62,6 @@ func NewConfigurator(logger logging.Logger, routing routing.Routing) Configurato
} }
} }
func (c *configurator) SetDebug() {
c.debug = true
}
func (c *configurator) SetNetworkInformation( func (c *configurator) SetNetworkInformation(
defaultInterface string, defaultGateway net.IP, localNetworks []routing.LocalNetwork, localIP net.IP) { defaultInterface string, defaultGateway net.IP, localNetworks []routing.LocalNetwork, localIP net.IP) {
c.networkInfoMutex.Lock() c.networkInfoMutex.Lock()

6
internal/firewall/ip6tables.go
View File

@@ -38,9 +38,9 @@ func (c *configurator) runIP6tablesInstruction(ctx context.Context, instruction
} }
c.ip6tablesMutex.Lock() // only one ip6tables command at once c.ip6tablesMutex.Lock() // only one ip6tables command at once
defer c.ip6tablesMutex.Unlock() defer c.ip6tablesMutex.Unlock()
if c.debug {
fmt.Println("ip6tables " + instruction) c.logger.Debug("ip6tables " + instruction)
}
flags := strings.Fields(instruction) flags := strings.Fields(instruction)
cmd := exec.CommandContext(ctx, "ip6tables", flags...) cmd := exec.CommandContext(ctx, "ip6tables", flags...)
if output, err := c.commander.Run(cmd); err != nil { if output, err := c.commander.Run(cmd); err != nil {

11
internal/firewall/iptables.go
View File

@@ -11,6 +11,7 @@ import (
"strings" "strings"
"github.com/qdm12/gluetun/internal/models" "github.com/qdm12/gluetun/internal/models"
"github.com/qdm12/golibs/command"
) )
var ( var (
@@ -46,9 +47,9 @@ func flipRule(rule string) string {
} }
// Version obtains the version of the installed iptables. // Version obtains the version of the installed iptables.
func (c *configurator) Version(ctx context.Context) (string, error) { func Version(ctx context.Context, commander command.Commander) (string, error) {
cmd := exec.CommandContext(ctx, "iptables", "--version") cmd := exec.CommandContext(ctx, "iptables", "--version")
output, err := c.commander.Run(cmd) output, err := commander.Run(cmd)
if err != nil { if err != nil {
return "", err return "", err
} }
@@ -72,9 +73,9 @@ func (c *configurator) runIptablesInstructions(ctx context.Context, instructions
func (c *configurator) runIptablesInstruction(ctx context.Context, instruction string) error { func (c *configurator) runIptablesInstruction(ctx context.Context, instruction string) error {
c.iptablesMutex.Lock() // only one iptables command at once c.iptablesMutex.Lock() // only one iptables command at once
defer c.iptablesMutex.Unlock() defer c.iptablesMutex.Unlock()
if c.debug {
fmt.Printf("iptables %s\n", instruction) c.logger.Debug("iptables " + instruction)
}
flags := strings.Fields(instruction) flags := strings.Fields(instruction)
cmd := exec.CommandContext(ctx, "iptables", flags...) cmd := exec.CommandContext(ctx, "iptables", flags...)
if output, err := c.commander.Run(cmd); err != nil { if output, err := c.commander.Run(cmd); err != nil {

33
internal/routing/mutate.go
View File

@@ -5,6 +5,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"net" "net"
"strconv"
"github.com/vishvananda/netlink" "github.com/vishvananda/netlink"
) )
@@ -18,12 +19,11 @@ var (
func (r *routing) addRouteVia(destination net.IPNet, gateway net.IP, iface string, table int) error { func (r *routing) addRouteVia(destination net.IPNet, gateway net.IP, iface string, table int) error {
destinationStr := destination.String() destinationStr := destination.String()
if r.verbose {
r.logger.Info("adding route for " + destinationStr) r.logger.Info("adding route for " + destinationStr)
} r.logger.Debug("ip route replace " + destinationStr +
if r.debug { " via " + gateway.String() +
fmt.Printf("ip route replace %s via %s dev %s table %d\n", destinationStr, gateway, iface, table) " dev " + iface +
} " table " + strconv.Itoa(table))
link, err := netlink.LinkByName(iface) link, err := netlink.LinkByName(iface)
if err != nil { if err != nil {
@@ -44,12 +44,11 @@ func (r *routing) addRouteVia(destination net.IPNet, gateway net.IP, iface strin
func (r *routing) deleteRouteVia(destination net.IPNet, gateway net.IP, iface string, table int) (err error) { func (r *routing) deleteRouteVia(destination net.IPNet, gateway net.IP, iface string, table int) (err error) {
destinationStr := destination.String() destinationStr := destination.String()
if r.verbose {
r.logger.Info("deleting route for " + destinationStr) r.logger.Info("deleting route for " + destinationStr)
} r.logger.Debug("ip route delete " + destinationStr +
if r.debug { " via " + gateway.String() +
fmt.Printf("ip route delete %s via %s dev %s table %d\n", destinationStr, gateway, iface, table) " dev " + iface +
} " table " + strconv.Itoa(table))
link, err := netlink.LinkByName(iface) link, err := netlink.LinkByName(iface)
if err != nil { if err != nil {
@@ -69,10 +68,9 @@ func (r *routing) deleteRouteVia(destination net.IPNet, gateway net.IP, iface st
} }
func (r *routing) addIPRule(src net.IP, table, priority int) error { func (r *routing) addIPRule(src net.IP, table, priority int) error {
if r.debug { r.logger.Debug("ip rule add from " + src.String() +
fmt.Printf("ip rule add from %s lookup %d pref %d\n", " lookup " + strconv.Itoa(table) +
src, table, priority) " pref " + strconv.Itoa(priority))
}
rule := netlink.NewRule() rule := netlink.NewRule()
rule.Src = netlink.NewIPNet(src) rule.Src = netlink.NewIPNet(src)
@@ -100,10 +98,9 @@ func (r *routing) addIPRule(src net.IP, table, priority int) error {
} }
func (r *routing) deleteIPRule(src net.IP, table, priority int) error { func (r *routing) deleteIPRule(src net.IP, table, priority int) error {
if r.debug { r.logger.Debug("ip rule del from " + src.String() +
fmt.Printf("ip rule del from %s lookup %d pref %d\n", " lookup " + strconv.Itoa(table) +
src, table, priority) " pref " + strconv.Itoa(priority))
}
rule := netlink.NewRule() rule := netlink.NewRule()
rule.Src = netlink.NewIPNet(src) rule.Src = netlink.NewIPNet(src)

8
internal/routing/reader.go
View File

@@ -49,10 +49,8 @@ func (r *routing) DefaultRoute() (defaultInterface string, defaultGateway net.IP
} }
attributes := link.Attrs() attributes := link.Attrs()
defaultInterface = attributes.Name defaultInterface = attributes.Name
if r.verbose {
r.logger.Info("default route found: interface " + defaultInterface + r.logger.Info("default route found: interface " + defaultInterface +
", gateway " + defaultGateway.String()) ", gateway " + defaultGateway.String())
}
return defaultInterface, defaultGateway, nil return defaultInterface, defaultGateway, nil
} }
} }
@@ -105,9 +103,7 @@ func (r *routing) LocalSubnet() (defaultSubnet net.IPNet, err error) {
continue continue
} }
defaultSubnet = *route.Dst defaultSubnet = *route.Dst
if r.verbose {
r.logger.Info("local subnet found: " + defaultSubnet.String()) r.logger.Info("local subnet found: " + defaultSubnet.String())
}
return defaultSubnet, nil return defaultSubnet, nil
} }
@@ -128,10 +124,8 @@ func (r *routing) LocalNetworks() (localNetworks []LocalNetwork, err error) {
} }
localLinks[link.Attrs().Index] = struct{}{} localLinks[link.Attrs().Index] = struct{}{}
if r.verbose {
r.logger.Info("local ethernet link found: " + link.Attrs().Name) r.logger.Info("local ethernet link found: " + link.Attrs().Name)
} }
}
if len(localLinks) == 0 { if len(localLinks) == 0 {
return localNetworks, fmt.Errorf("%w: in %d links", ErrLinkLocalNotFound, len(links)) return localNetworks, fmt.Errorf("%w: in %d links", ErrLinkLocalNotFound, len(links))
@@ -152,9 +146,7 @@ func (r *routing) LocalNetworks() (localNetworks []LocalNetwork, err error) {
var localNet LocalNetwork var localNet LocalNetwork
localNet.IPNet = route.Dst localNet.IPNet = route.Dst
if r.verbose {
r.logger.Info("local ipnet found: " + localNet.IPNet.String()) r.logger.Info("local ipnet found: " + localNet.IPNet.String())
}
link, err := netlink.LinkByIndex(route.LinkIndex) link, err := netlink.LinkByIndex(route.LinkIndex)
if err != nil { if err != nil {

15
internal/routing/routing.go
View File

@@ -20,16 +20,10 @@ type Routing interface {
DefaultIP() (defaultIP net.IP, err error) DefaultIP() (defaultIP net.IP, err error)
VPNDestinationIP() (ip net.IP, err error) VPNDestinationIP() (ip net.IP, err error)
VPNLocalGatewayIP() (ip net.IP, err error) VPNLocalGatewayIP() (ip net.IP, err error)
// Internal state
SetVerbose(verbose bool)
SetDebug()
} }
type routing struct { type routing struct {
logger logging.Logger logger logging.Logger
verbose bool
debug bool
outboundSubnets []net.IPNet outboundSubnets []net.IPNet
stateMutex sync.RWMutex stateMutex sync.RWMutex
} }
@@ -38,14 +32,5 @@ type routing struct {
func NewRouting(logger logging.Logger) Routing { func NewRouting(logger logging.Logger) Routing {
return &routing{ return &routing{
logger: logger, logger: logger,
verbose: true,
} }
} }
func (r *routing) SetVerbose(verbose bool) {
r.verbose = verbose
}
func (r *routing) SetDebug() {
r.debug = true
}