add tool to enter vpn
This commit is contained in:
parent
266bac7e21
commit
243f72c103
12
.clang-format
Normal file
12
.clang-format
Normal file
@ -0,0 +1,12 @@
|
||||
---
|
||||
AccessModifierOffset: 0
|
||||
IndentAccessModifiers: true
|
||||
AlignTrailingComments: true
|
||||
AllowShortFunctionsOnASingleLine: false
|
||||
AllowShortIfStatementsOnASingleLine: true
|
||||
AllowShortLoopsOnASingleLine: true
|
||||
BreakBeforeBinaryOperators: false
|
||||
IndentWidth: 4
|
||||
SortIncludes: false
|
||||
NamespaceIndentation: All
|
||||
...
|
16
Makefile
16
Makefile
@ -1,6 +1,6 @@
|
||||
CFLAGS = -std=gnu99 -pie -fPIC -pedantic -Wno-imports -Wunused -Wno-missing-field-initializers -Wextra -Wunreachable-code -O3
|
||||
|
||||
all: wireguard_mount wireguard_resolve
|
||||
all: wireguard_mount wireguard_resolve enter_vpn
|
||||
|
||||
wireguard_mount: src/wireguard-mount.c
|
||||
mkdir -p bin
|
||||
@ -10,7 +10,16 @@ wireguard_resolve: src/resolve.c src/resolve.s
|
||||
mkdir -p bin
|
||||
gcc -shared -o bin/wireguard-resolve.so -nostdlib -fPIC src/resolve.c src/resolve.s
|
||||
|
||||
install_mount: systemd bin:
|
||||
enter_vpn: src/enter_vpn.c
|
||||
mkdir -p bin
|
||||
gcc $(CFLAGS) -o bin/enter_vpn src/enter_vpn.c
|
||||
|
||||
format: src scripts
|
||||
clang-format -i src/*.c
|
||||
ruff --fix scripts
|
||||
black scripts
|
||||
|
||||
install_mount: systemd bin
|
||||
mkdir -p /snacks/wireguard/bin
|
||||
cp bin/wireguard-mount /snacks/wireguard/bin/wireguard-mount
|
||||
cp systemd/wireguard-mount.service /etc/systemd/system/wireguard-mount.service
|
||||
@ -28,3 +37,6 @@ install_basic: systemd scripts bin
|
||||
cp scripts/inner_basic.sh /snacks/wireguard/scripts/inner_basic.sh
|
||||
chmod -R 755 /snacks/wireguard
|
||||
systemctl daemon-reload
|
||||
|
||||
|
||||
|
||||
|
@ -1,21 +1,26 @@
|
||||
#!/usr/bin/env python3
|
||||
import subprocess,os
|
||||
import subprocess, os
|
||||
|
||||
newenv = os.environ.copy()
|
||||
newenv["LD_PRELOAD"] = "/snacks/wireguard/bin/wireguard-resolve.so"
|
||||
|
||||
|
||||
def default_devices():
|
||||
with open("/proc/1/net/dev", "r") as f:
|
||||
return f.read()
|
||||
|
||||
|
||||
def vpn_devices():
|
||||
with open("/proc/self/net/dev", "r") as f:
|
||||
return f.read()
|
||||
|
||||
|
||||
def wireguard():
|
||||
try:
|
||||
os.mkdir("/run/netns")
|
||||
except FileExistsError:
|
||||
pass
|
||||
|
||||
|
||||
try:
|
||||
os.symlink("/run/vpn/net", "/run/netns/vpn")
|
||||
os.symlink("/proc/1/ns/net", "/run/netns/default")
|
||||
@ -37,19 +42,72 @@ def wireguard():
|
||||
subprocess.run(["ip", "link", "del", "dev", "vpn"])
|
||||
if "mynet0" not in vpn_devices():
|
||||
subprocess.run(["ip", "link", "add", "name", "mynet0", "type", "bridge"])
|
||||
|
||||
|
||||
if "veth-inner" in default_devices():
|
||||
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "veth-inner"])
|
||||
subprocess.run(
|
||||
[
|
||||
"nsenter",
|
||||
"--net=/proc/1/ns/net",
|
||||
"ip",
|
||||
"link",
|
||||
"del",
|
||||
"dev",
|
||||
"veth-inner",
|
||||
]
|
||||
)
|
||||
if "veth-outer" in default_devices():
|
||||
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "veth-outer"])
|
||||
subprocess.run(
|
||||
[
|
||||
"nsenter",
|
||||
"--net=/proc/1/ns/net",
|
||||
"ip",
|
||||
"link",
|
||||
"del",
|
||||
"dev",
|
||||
"veth-outer",
|
||||
]
|
||||
)
|
||||
if "vpn" in default_devices():
|
||||
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "vpn"])
|
||||
subprocess.run(
|
||||
["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "vpn"]
|
||||
)
|
||||
|
||||
subprocess.run(["modprobe", "wireguard"])
|
||||
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "add", "dev", "vpn", "type", "wireguard"])
|
||||
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "set", "dev", "vpn", "netns", "vpn"])
|
||||
subprocess.run(["nsenter", "--net=/run/vpn/net", "/snacks/wireguard/scripts/inner.sh"], env=newenv)
|
||||
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "/snacks/wireguard/scripts/outer.sh"], env=newenv)
|
||||
subprocess.run(
|
||||
[
|
||||
"nsenter",
|
||||
"--net=/proc/1/ns/net",
|
||||
"ip",
|
||||
"link",
|
||||
"add",
|
||||
"dev",
|
||||
"vpn",
|
||||
"type",
|
||||
"wireguard",
|
||||
]
|
||||
)
|
||||
subprocess.run(
|
||||
[
|
||||
"nsenter",
|
||||
"--net=/proc/1/ns/net",
|
||||
"ip",
|
||||
"link",
|
||||
"set",
|
||||
"dev",
|
||||
"vpn",
|
||||
"netns",
|
||||
"vpn",
|
||||
]
|
||||
)
|
||||
subprocess.run(
|
||||
["nsenter", "--net=/run/vpn/net", "/snacks/wireguard/scripts/inner.sh"],
|
||||
env=newenv,
|
||||
)
|
||||
subprocess.run(
|
||||
["nsenter", "--net=/proc/1/ns/net", "/snacks/wireguard/scripts/outer.sh"],
|
||||
env=newenv,
|
||||
)
|
||||
|
||||
|
||||
try:
|
||||
self_ns = os.readlink("/proc/self/ns/net")
|
||||
@ -61,4 +119,3 @@ else:
|
||||
wireguard()
|
||||
else:
|
||||
print("This script should be called from the VPN network namespace.")
|
||||
|
||||
|
@ -1,21 +1,26 @@
|
||||
#!/usr/bin/env python3
|
||||
import subprocess,os
|
||||
import subprocess, os
|
||||
|
||||
newenv = os.environ.copy()
|
||||
newenv["LD_PRELOAD"] = "/snacks/wireguard/bin/wireguard-resolve.so"
|
||||
|
||||
|
||||
def default_devices():
|
||||
with open("/proc/1/net/dev", "r") as f:
|
||||
return f.read()
|
||||
|
||||
|
||||
def vpn_devices():
|
||||
with open("/proc/self/net/dev", "r") as f:
|
||||
return f.read()
|
||||
|
||||
|
||||
def wireguard():
|
||||
try:
|
||||
os.mkdir("/run/netns")
|
||||
except FileExistsError:
|
||||
pass
|
||||
|
||||
|
||||
try:
|
||||
os.symlink("/run/vpn/net", "/run/netns/vpn")
|
||||
os.symlink("/proc/1/ns/net", "/run/netns/default")
|
||||
@ -32,12 +37,42 @@ def wireguard():
|
||||
if "vpn" in vpn_devices():
|
||||
subprocess.run(["ip", "link", "del", "dev", "vpn"])
|
||||
if "vpn" in default_devices():
|
||||
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "vpn"])
|
||||
subprocess.run(
|
||||
["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "vpn"]
|
||||
)
|
||||
|
||||
subprocess.run(["modprobe", "wireguard"])
|
||||
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "add", "dev", "vpn", "type", "wireguard"])
|
||||
subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "set", "dev", "vpn", "netns", "vpn"])
|
||||
subprocess.run(["nsenter", "--net=/run/vpn/net", "/snacks/wireguard/scripts/inner_basic.sh"], env=newenv)
|
||||
subprocess.run(
|
||||
[
|
||||
"nsenter",
|
||||
"--net=/proc/1/ns/net",
|
||||
"ip",
|
||||
"link",
|
||||
"add",
|
||||
"dev",
|
||||
"vpn",
|
||||
"type",
|
||||
"wireguard",
|
||||
]
|
||||
)
|
||||
subprocess.run(
|
||||
[
|
||||
"nsenter",
|
||||
"--net=/proc/1/ns/net",
|
||||
"ip",
|
||||
"link",
|
||||
"set",
|
||||
"dev",
|
||||
"vpn",
|
||||
"netns",
|
||||
"vpn",
|
||||
]
|
||||
)
|
||||
subprocess.run(
|
||||
["nsenter", "--net=/run/vpn/net", "/snacks/wireguard/scripts/inner_basic.sh"],
|
||||
env=newenv,
|
||||
)
|
||||
|
||||
|
||||
try:
|
||||
self_ns = os.readlink("/proc/self/ns/net")
|
||||
@ -49,4 +84,3 @@ else:
|
||||
wireguard()
|
||||
else:
|
||||
print("This script should be called from the VPN network namespace.")
|
||||
|
||||
|
@ -1,11 +1,11 @@
|
||||
#define _GNU_SOURCE
|
||||
|
||||
#include <sched.h>
|
||||
#include <fcntl.h>
|
||||
#include <pwd.h>
|
||||
#include <sched.h>
|
||||
#include <stdio.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main() {
|
||||
char shell[128] = {0};
|
||||
@ -17,20 +17,20 @@ int main() {
|
||||
|
||||
int fd = open("/run/vpn/net", 0);
|
||||
|
||||
if(fd > 0) {
|
||||
if (fd > 0) {
|
||||
int failure = setns(fd, CLONE_NEWNET);
|
||||
if(failure) {
|
||||
if (failure) {
|
||||
perror("setns /run/vpn/net");
|
||||
}
|
||||
close(fd);
|
||||
if(failure) {
|
||||
if (failure) {
|
||||
return 1;
|
||||
}
|
||||
} else {
|
||||
perror("open /run/vpn/net");
|
||||
return 1;
|
||||
}
|
||||
execl(shell, shell, NULL);
|
||||
execl("csshell", "bshell", NULL);
|
||||
perror(NULL);
|
||||
return 0;
|
||||
}
|
||||
|
@ -4,21 +4,21 @@ extern int override_socket(int domain, int type, int protocol);
|
||||
extern int override_setns(int fd, int nstype);
|
||||
|
||||
int socket(int domain, int type, int protocol) {
|
||||
if(domain > 15) {
|
||||
if (domain > 15) {
|
||||
return override_socket(domain, type, protocol);
|
||||
}
|
||||
int fda = override_open("/proc/1/ns/net", 0);
|
||||
int fdb = override_open("/run/netns/vpn", 0);
|
||||
int retval = 0;
|
||||
|
||||
if(fda > 0) {
|
||||
if (fda > 0) {
|
||||
override_setns(fda, 0);
|
||||
override_close(fda);
|
||||
}
|
||||
|
||||
retval = override_socket(domain, type, protocol);
|
||||
|
||||
if(fdb > 0) {
|
||||
if (fdb > 0) {
|
||||
override_setns(fdb, 0);
|
||||
override_close(fdb);
|
||||
}
|
||||
|
@ -1,19 +1,19 @@
|
||||
#include <sys/mount.h>
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/mount.h>
|
||||
#include <systemd/sd-daemon.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main() {
|
||||
char mount_path[32] = {0};
|
||||
snprintf(mount_path, sizeof(mount_path), "/proc/%d/ns", getpid());
|
||||
|
||||
int err = mount(mount_path, "/run/vpn", NULL, MS_BIND, NULL);
|
||||
if(err) {
|
||||
if (err) {
|
||||
perror("Error");
|
||||
return 1;
|
||||
}
|
||||
sd_notify(0, "READY=1");
|
||||
while(1) {
|
||||
while (1) {
|
||||
sleep(10);
|
||||
}
|
||||
return 1;
|
||||
|
Loading…
Reference in New Issue
Block a user