groche97/netjaileRS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

set dependencies version and include bindgen in build script to create c bindgens

Browse Source
This commit is contained in:
Guillermo Roche
2024-11-09 15:49:59 +01:00
parent e22e4587a4
commit 2587556288
13 changed files with 230 additions and 2816 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/manage_interfaces/mod.rs
View File

@@ -1,6 +1,4 @@
use rtnetlink::{new_connection, Error, Handle};
use netlink_packet_route::link::LinkMessage;
use std::net::IpAddr;
use rtnetlink::{new_connection, Error};
use std::os::fd::AsRawFd;
use futures::TryStreamExt;
mod netlink;
@@ -29,7 +27,6 @@ pub fn configure_wireguard_interface(
tokio::runtime::Runtime::new().unwrap().handle().block_on( async {
let (connection, handle, _) = new_connection().unwrap();
tokio::spawn(connection);
//netlink::create_wireguard_interface(handle.clone(), interface_name.clone()).await?;
let link = netlink::get_link_interface(handle.clone(), interface_name.clone()).await?;
netlink::assign_ip(handle.clone(), link.clone(), interface_ip, prefix).await?;
crate::wireguard_manager::add_properties::set_params(wg_pub_key, wg_priv_key, peer_ip, interface_name.clone());
@@ -48,51 +45,6 @@ pub fn set_interface_lo_up() -> Result<(), Error> {
})
}
/*pub fn set_interface_up(interface: String) -> Result<(), Error> {
tokio::runtime::Runtime::new().unwrap().handle().block_on( async {
let (connection, handle, _) = new_connection().unwrap();
tokio::spawn(connection);
let mut links = handle.link().get().match_name(interface).execute();
if let Some(link) = links.try_next().await.unwrap() {
let index = link.header.index;
log::debug!("index:{}", index);
handle
.link()
.set(index)
.up()
.execute()
.await.unwrap()
} else {
log::debug!("no link link lo found");
}
});
Ok(())
}
pub fn create_wireguard_interface(interface: String) -> Result<(), Error> {
tokio::runtime::Runtime::new().unwrap().handle().block_on( async {
let (connection, handle, _) = new_connection().unwrap();
tokio::spawn(connection);
handle.link().add().wireguard(interface).execute().await.unwrap();
});
Ok(())
}
pub async fn assign_ip(handle: Handle, link: LinkMessage, interface: String, ip: String, prefix: u8) -> Result<(), Error> {
let usable_ip: IpAddr = match ip.parse() {
Ok(ip_ok) => ip_ok,
Err(_e) => {
log::debug!("malformed ip");
return Err(Error::InvalidIp(ip.into_bytes()));
},
};
handle
.address()
.add(link.header.index, usable_ip, prefix)
.execute()
.await
}*/
pub fn get_inferfaces() -> Result<(), Error> {
tokio::runtime::Runtime::new().unwrap().handle().block_on( async {
let (connection, handle, _) = new_connection().unwrap();

2
src/manage_interfaces/netlink.rs
View File

@@ -1,4 +1,4 @@
use rtnetlink::{new_connection, Error, Handle};
use rtnetlink::{Error, Handle};
use netlink_packet_route::link::LinkMessage;
use std::net::IpAddr;
use futures::TryStreamExt;

139
src/namespace/bind_interface.rs
View File

@@ -1,139 +0,0 @@
use nix::sched::{CloneFlags, clone, unshare, setns};
use nix::sys::signal::Signal;
use crate::namespace::consts::{
NET_NS_DIR,
STACK_SIZE
};
use futures::TryStreamExt;
use nix::fcntl::{open, OFlag};
use nix::mount::{mount, MsFlags};
use nix::unistd::{fork, ForkResult, Pid};
use nix::sys::wait::{waitpid, WaitStatus};
use nix::sys::stat::Mode;
use nix::sys::statvfs::{statvfs, FsFlags};
use rtnetlink::{new_connection, Error, Handle, NetworkNamespace};
use std::env;
use std::fs::{File, OpenOptions};
use std::path::{Path, PathBuf};
use std::process::exit;
use std::os::unix::io::RawFd;
use std::os::fd::FromRawFd;
pub fn run_in_namespace<F>(f: F,ns_name: &String) -> Result<(), ()> where F:FnMut() + Copy {
// Configure networking in the child namespace:
// Fork a process that is set to the newly created namespace
// Here set the veth ip addr, routing tables etc.
// Unfortunately the NetworkNamespace interface of rtnetlink does
// not offer these functionalities
let mut tmp_stack: [u8; STACK_SIZE] = [0; STACK_SIZE];
let mut flags = CloneFlags::empty();
flags.insert(CloneFlags::CLONE_VM);
flags.insert(CloneFlags::CLONE_VFORK);
unsafe {
match clone(
Box::new(|| run_child(f,&ns_name.clone())),
&mut tmp_stack,
flags,
Some(Signal::SIGCHLD as i32)) {
Ok(_pid) => Ok(()),
Err(_e) => {
return Err(());
}
}
}
}
fn run_child<F>(mut f: F, ns_name: &String) -> isize where F:FnMut() {
let res = prepare_namespace(ns_name);
match res {
Err(_) => {
log::error!("Child process crashed");
return -1;
}
Ok(()) => {
log::debug!("Child exited normally");
f();
return 0;
}
}
}
fn prepare_namespace(ns_name: &String) -> Result<(), ()> {
// First create the network namespace
// NetworkNamespace::add(ns_name.to_string()).await.map_err(|e| {
// log::error!("Can not create namespace {}", e);
// }).unwrap();
// Open NS path
let ns_path = format!("{}/{}", NET_NS_DIR, ns_name);
log::debug!("ns_path:{}", ns_path);
let mut open_flags = OFlag::empty();
open_flags.insert(OFlag::O_RDONLY);
open_flags.insert(OFlag::O_CLOEXEC);
let fd = match open(Path::new(&ns_path), open_flags, Mode::empty()) {
Ok(raw_fd) => unsafe {
File::from_raw_fd(raw_fd)
}
Err(e) => {
log::error!("Can not open network namespace: {}", e);
return Err(());
}
};
// Switch to network namespace with CLONE_NEWNET
if let Err(e) = setns(fd, CloneFlags::CLONE_NEWNET) {
log::error!("Can not set namespace to target {}: {}", ns_name, e);
return Err(());
}
// unshare with CLONE_NEWNS
if let Err(e) = unshare(CloneFlags::CLONE_NEWNS) {
log::error!("Can not unshare: {}", e);
return Err(());
}
// mount blind the fs
// let's avoid that any mount propagates to the parent process
// mount_directory(None, &PathBuf::from("/"), vec![MsFlags::MS_REC, MsFlags::MS_PRIVATE])?;
let mut mount_flags = MsFlags::empty();
mount_flags.insert(MsFlags::MS_REC);
mount_flags.insert(MsFlags::MS_PRIVATE);
if let Err(_e) = mount::<PathBuf, PathBuf, str, PathBuf>(None, &PathBuf::from("/"), None, mount_flags, None) {
log::error!("Can not remount root directory");
()
}
// Now unmount /sys
let sys_path = PathBuf::from("/sys");
mount_flags = MsFlags::empty();
// Needed to respect the trait for NixPath
let ns_name_path = PathBuf::from(ns_name);
// TODO do not exit for EINVAL error
// unmount_path(&sys_path)?;
// consider the case that a sysfs is not present
let stat_sys = match statvfs(&sys_path)
.map_err(|e| {
log::error!("Can not stat sys: {}", e);
}){
Ok(stat) => stat,
Err(_e) => {
log::error!("Error in stat sys");
return Err(());
}
};
if stat_sys.flags().contains(FsFlags::ST_RDONLY) {
mount_flags.insert(MsFlags::MS_RDONLY);
}
// and remount a version of /sys that describes the network namespace
if let Err(e) = mount::<PathBuf, PathBuf, str, PathBuf>(Some(&ns_name_path), &sys_path, Some("sysfs"), mount_flags, None) {
log::error!("Can not remount /sys to namespace: {}", e);
()
}
Ok(())
}

2
src/namespace/consts.rs
View File

@@ -1,3 +1 @@
pub const NET_NS_DIR:&str = "/var/run/netns";
pub const PROC_NS_DIR:&str = "/proc/self/ns/net";
pub const STACK_SIZE: usize = 1024 * 1024;

5
src/namespace/create_ns.rs
View File

@@ -7,11 +7,10 @@ use nix::unistd::{fork, ForkResult, Pid};
use nix::sys::wait::{waitpid, WaitStatus};
use nix::sys::stat::Mode;
use nix::sys::statvfs::{statvfs, FsFlags};
use std::os::unix::io::RawFd;
use std::path::{Path, PathBuf};
use std::process::exit;
use std::fs::{File, OpenOptions};
use std::fs::File;
use std::os::fd::FromRawFd;
pub fn run_in_namespace<F>(f: F,ns_name: &String) -> Result<(), ()> where F:FnMut() + Copy {
@@ -53,7 +52,7 @@ fn run_parent(child: Pid) -> Result<(), ()> {
return Err(());
}
}
WaitStatus::Signaled(_, signal, coredump) => {
WaitStatus::Signaled(_, _signal, _coredump) => {
log::error!("Child process killed by signal");
return Err(());
}

1
src/namespace/mod.rs
View File

@@ -1,3 +1,2 @@
pub mod create_ns;
pub mod bind_interface;
mod consts;

10
src/wireguard_manager/add_properties.rs
View File

@@ -28,18 +28,10 @@ pub fn set_params(mut wg_pub_key: [u8; 32],
CString::new(interface_name).unwrap().into_raw(),
51820, peer);
//let status_add_device = wireguard_wrapper::wg_add_device(device.name.as_ptr());
let status_set_device = wireguard_wrapper::wg_set_device(&mut device);
//println!("dispositivo: {}", CString::from_raw(device.name.as_mut_ptr()).to_str().unwrap());
/*if ret {
println!("añade el dispositivo");
//println!("dispositivo: {}", CString::from_raw(device.name.as_mut_ptr()).to_str().unwrap());
ret = ret && (wireguard_wrapper::wg_set_device(&mut device) < 0);
}*/
//ret = status_add_device >= 0 && status_set_device >= 0;
ret = status_set_device >= 0;
log::debug!("Status: {}", ret);
wireguard_wrapper::clean_device(&mut peer);
}
ret
}

1
src/wireguard_manager/mod.rs
View File

@@ -1,2 +1,3 @@
#[allow(warnings)]
mod wireguard_wrapper;
pub mod add_properties;

2437
src/wireguard_manager/wireguard.rs
View File

File diff suppressed because it is too large Load Diff

13
src/wireguard_manager/wireguard_wrapper.rs
View File

@@ -1,5 +1,4 @@
/* automatically generated by rust-bindgen 0.70.1 */
#![allow(warnings)]
#[repr(C)]
#[derive(Default)]
@@ -41,7 +40,7 @@ pub const __STDC_ISO_10646__: u32 = 201706;
pub const _NET_IF_H: u32 = 1;
pub const _FEATURES_H: u32 = 1;
pub const _DEFAULT_SOURCE: u32 = 1;
pub const __GLIBC_USE_ISOC2X: u32 = 0;
pub const __GLIBC_USE_ISOC23: u32 = 0;
pub const __USE_ISOC11: u32 = 1;
pub const __USE_ISOC99: u32 = 1;
pub const __USE_ISOC95: u32 = 1;
@@ -59,15 +58,16 @@ pub const __WORDSIZE: u32 = 64;
pub const __WORDSIZE_TIME64_COMPAT32: u32 = 1;
pub const __SYSCALL_WORDSIZE: u32 = 64;
pub const __TIMESIZE: u32 = 64;
pub const __USE_TIME_BITS64: u32 = 1;
pub const __USE_MISC: u32 = 1;
pub const __USE_ATFILE: u32 = 1;
pub const __USE_FORTIFY_LEVEL: u32 = 0;
pub const __GLIBC_USE_DEPRECATED_GETS: u32 = 0;
pub const __GLIBC_USE_DEPRECATED_SCANF: u32 = 0;
pub const __GLIBC_USE_C2X_STRTOL: u32 = 0;
pub const __GLIBC_USE_C23_STRTOL: u32 = 0;
pub const __GNU_LIBRARY__: u32 = 6;
pub const __GLIBC__: u32 = 2;
pub const __GLIBC_MINOR__: u32 = 39;
pub const __GLIBC_MINOR__: u32 = 40;
pub const _SYS_CDEFS_H: u32 = 1;
pub const __glibc_c99_flexarr_available: u32 = 1;
pub const __LDOUBLE_REDIRECTS_TO_FLOAT128_ABI: u32 = 0;
@@ -251,6 +251,7 @@ pub const SOL_XDP: u32 = 283;
pub const SOL_MPTCP: u32 = 284;
pub const SOL_MCTP: u32 = 285;
pub const SOL_SMC: u32 = 286;
pub const SOL_VSOCK: u32 = 287;
pub const SOMAXCONN: u32 = 4096;
pub const _BITS_SOCKADDR_H: u32 = 1;
pub const _SS_SIZE: u32 = 128;
@@ -526,10 +527,10 @@ pub const TIME_UTC: u32 = 1;
pub const _STDINT_H: u32 = 1;
pub const __GLIBC_USE_LIB_EXT2: u32 = 0;
pub const __GLIBC_USE_IEC_60559_BFP_EXT: u32 = 0;
pub const __GLIBC_USE_IEC_60559_BFP_EXT_C2X: u32 = 0;
pub const __GLIBC_USE_IEC_60559_BFP_EXT_C23: u32 = 0;
pub const __GLIBC_USE_IEC_60559_EXT: u32 = 0;
pub const __GLIBC_USE_IEC_60559_FUNCS_EXT: u32 = 0;
pub const __GLIBC_USE_IEC_60559_FUNCS_EXT_C2X: u32 = 0;
pub const __GLIBC_USE_IEC_60559_FUNCS_EXT_C23: u32 = 0;
pub const __GLIBC_USE_IEC_60559_TYPES_EXT: u32 = 0;
pub const _BITS_WCHAR_H: u32 = 1;
pub const _BITS_STDINT_LEAST_H: u32 = 1;