bubblev
/
bubble
9
0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 130 Wiki 活動
The main Bubble source repository. Contains the Bubble API server, the web UI, documentation and utilities. https://getbubblenow.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
798 提交
10 分支
66 MiB
目錄樹: bbea6c4451
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 'bbea6c4451'
${ noResults }
bubble/automation/roles/firewall/files/bubble_peer_manager.py

bubble_peer_manager.py 5.9 KiB
原始文件 Normal View 歷史記錄

first commit
4 年之前
add copyright headers to python files
4 年之前
update license url
4 年之前
add copyright headers to python files
4 年之前
first commit
4 年之前
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 
  1. #!/usr/bin/python3

  2. #

  3. # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/

  4. #

  5. import json

  6. import logging

  7. import os

  8. import sys

  9. import time

  10. import subprocess

  11. 

  12. logger = logging.getLogger(__name__)

  13. logger.setLevel(logging.INFO)

  14. 

  15. EMPTY_PEERS = {'peers': [], 'ports': []}

  16. 

  17. 

  18. class PeerPort(object):

  19.     def __init__(self, port):

  20.         if ':' in port:

  21.             self.proto = port[0:port.index(':')]

  22.             self.port = port[port.index(':') + 1:]

  23.         else:

  24.             self.proto = 'tcp'

  25.             self.port = port

  26. 

  27.     def __str__(self):

  28.         return self.proto + ':' + self.port

  29. 

  30. 

  31. def find_peers(port):

  32.     out = subprocess.run(['iptables', '-vnL', 'INPUT'],

  33.                          stdout=subprocess.PIPE,

  34.                          stderr=subprocess.PIPE)

  35.     peers = []

  36.     for line in out.stdout.decode('utf-8').split('\n'):

  37.         line = line.strip()

  38.         if len(line) == 0 or line.startswith('Chain ') or line.startswith('pkts '):

  39.             continue

  40.         for parts in line.split(' '):

  41.             packets = parts[0]

  42.             bytes = parts[1]

  43.             target = parts[2]

  44.             proto = parts[3]

  45.             if proto != port.proto:

  46.                 continue

  47.             opt = parts[4]

  48.             iface_in = parts[5]

  49.             iface_out = parts[6]

  50.             source = parts[7]

  51.             if source == '0.0.0.0/0':

  52.                 continue

  53.             dest = parts[8]

  54.             if parts[9] != port.proto:

  55.                 continue

  56.             if parts[10].startswith('dpt:'):

  57.                 dest_port = int(parts[10][len('dpt:'):])

  58.                 if dest_port == port.port:

  59.                     peers.append(source)

  60.     return peers

  61. 

  62. 

  63. def add_peers(peers, port):

  64.     out = subprocess.run(['iptables', '-vnL', 'INPUT'],

  65.                          stdout=subprocess.PIPE,

  66.                          stderr=subprocess.PIPE)

  67.     lines = out.stdout.decode('utf-8').split('\n')

  68.     insert_at = len(lines) - 2

  69.     if insert_at < 2:

  70.         raise ValueError('add_peers: insert_at was < 2: '+str(insert_at))

  71.     for peer in peers:

  72.         logger.info("add_peers: alllowing peer: " + peer + " on port " + port)

  73.         out = subprocess.run(['iptables', '-I', 'INPUT', str(insert_at),

  74.                               '-p', port.proto, '-s', peer + '/32',

  75.                               '--dport', port.port, '-j', 'ACCEPT'])

  76.         logger.info("add_peers: allowed peer: " + peer + " on port " + port)

  77. 

  78. 

  79. def remove_peers(peers, port):

  80.     for peer in peers:

  81.         remove_peer(peer, port)

  82. 

  83. 

  84. def remove_peer(peer, port):

  85.     out = subprocess.run(['iptables', '-vnL', 'INPUT'],

  86.                          stdout=subprocess.PIPE,

  87.                          stderr=subprocess.PIPE)

  88.     index = 0

  89.     for line in out.stdout.decode('utf-8').split('\n'):

  90.         line = line.strip()

  91.         if len(line) == 0 or line.startswith('Chain ') or line.startswith('pkts '):

  92.             continue

  93.         index = index + 1

  94.         for parts in line.split(' '):

  95.             packets = parts[0]

  96.             bytes = parts[1]

  97.             target = parts[2]

  98.             proto = parts[3]

  99.             if proto != port.proto:

  100.                 continue

  101.             opt = parts[4]

  102.             iface_in = parts[5]

  103.             iface_out = parts[6]

  104.             source = parts[7]

  105.             if not source.startswith(peer+'/32'):

  106.                 continue

  107.             dest = parts[8]

  108.             if parts[9] != port.proto:

  109.                 continue

  110.             if parts[10].startswith('dpt:'):

  111.                 dest_port = int(parts[10][len('dpt:'):])

  112.                 if dest_port == port.port:

  113.                     logger.info("remove_peer: removing peer: " + peer + " on port " + port)

  114.                     out = subprocess.run(['iptables', '-D', 'INPUT', str(index)],

  115.                                          stdout=subprocess.PIPE,

  116.                                          stderr=subprocess.PIPE)

  117.                     return True

  118.     return False

  119. 

  120. 

  121. class BubblePeers(object):

  122. 

  123.     def __init__(self, peer_path, self_path):

  124.         self.peer_path = peer_path

  125.         if os.path.exists(peer_path):

  126.             self.last_modified = os.path.getmtime(self.peer_path)

  127.         else:

  128.             self.last_modified = 0

  129. 

  130.         self.last_update = None

  131.         self.peers = []

  132.         self.ports = []

  133. 

  134.         self.self_path = self_path

  135.         self.self_node = {}

  136. 

  137.     def load_peers(self):

  138.         if os.path.exists(self.peer_path):

  139.             with open(self.peer_path) as f:

  140.                 val = json.load(f)

  141.         else:

  142.             val = EMPTY_PEERS

  143.         self.peers = val['peers']

  144.         self.ports = []

  145.         for port in val['ports']:

  146.             self.ports.append(PeerPort(port))

  147. 

  148.     def load_self(self):

  149.         if os.path.exists(self.self_path):

  150.             with open(self.self_path) as f:

  151.                 self.self_node = json.load(f)

  152. 

  153.     def monitor(self):

  154.         self.load_peers()

  155.         self.load_self()

  156.         if os.path.exists(self.peer_path):

  157.             self.last_modified = os.path.getmtime(self.peer_path)

  158.             if self.last_update is None or self.last_update < self.last_modified:

  159.                 self.load_peers()

  160.                 for port in self.ports:

  161.                     peers_on_port = find_peers(port)

  162.                     peers_to_remove = []

  163.                     peers_to_add = []

  164.                     for peer in peers_on_port:

  165.                         if peer not in self.peers:

  166.                             peers_to_remove.append(peer)

  167.                     for peer in self.peers:

  168.                         if peer not in peers_on_port:

  169.                             peers_to_add.append(peer)

  170.                     remove_peers(peers_to_remove, port)

  171.                     add_peers(peers_to_add, port)

  172. 

  173. 

  174. if __name__ == "__main__":

  175.     peers = BubblePeers(sys.argv[1], sys.argv[2])

  176.     interval = int(sys.argv[3])

  177.     try:

  178.         while True:

  179.             peers.monitor()

  180.             time.sleep(interval)

  181.     except Exception as e:

  182.         logger.error("Unexpected error: " + repr(e))