ip-wrangler 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +16 -0
  3. data/.hound.yml +3 -0
  4. data/.rubocop.yml +9 -0
  5. data/CHANGELOG +4 -0
  6. data/Gemfile +3 -0
  7. data/Gemfile.lock +39 -0
  8. data/LICENSE.txt +22 -0
  9. data/MANUAL.md +14 -0
  10. data/README.md +182 -0
  11. data/Rakefile +1 -0
  12. data/bin/ip-wrangler-clean +6 -0
  13. data/bin/ip-wrangler-clean.sh +18 -0
  14. data/bin/ip-wrangler-configure +6 -0
  15. data/bin/ip-wrangler-configure.sh +78 -0
  16. data/bin/ip-wrangler-start +6 -0
  17. data/bin/ip-wrangler-start.sh +71 -0
  18. data/bin/ip-wrangler-stop +6 -0
  19. data/bin/ip-wrangler-stop.sh +36 -0
  20. data/bin/ip-wrangler-test +6 -0
  21. data/bin/ip-wrangler-test.sh +166 -0
  22. data/ip-wrangler.gemspec +31 -0
  23. data/lib/config.ru +127 -0
  24. data/lib/config.yml.example +20 -0
  25. data/lib/ip_wrangler/db.rb +99 -0
  26. data/lib/ip_wrangler/exec.rb +17 -0
  27. data/lib/ip_wrangler/ip.rb +37 -0
  28. data/lib/ip_wrangler/iptables.rb +222 -0
  29. data/lib/ip_wrangler/main.rb +324 -0
  30. data/lib/ip_wrangler/nat.rb +130 -0
  31. data/lib/ip_wrangler/version.rb +3 -0
  32. data/support/initd.md +22 -0
  33. data/support/initd/ip-wrangler +53 -0
  34. metadata +188 -0
data/lib/ip_wrangler/nat.rb ADDED
@@ -0,0 +1,130 @@
1
+ module IpWrangler
2
+ class NAT
3
+ $lsof_bin_path = '/usr/bin/sudo /usr/bin/lsof'
4
+
5
+ def initialize(config, logger)
6
+ @config = config
7
+ @db = DB.new(config['db_path'], logger)
8
+ @iptables = Iptables.new($config['iptables_chain_name'], logger)
9
+ @logger = logger
10
+
11
+ @db.select_nat_port.each do |nat_port|
12
+ @iptables.append_nat_port(nat_port[:public_ip], nat_port[:public_port],
13
+ nat_port[:private_ip], nat_port[:private_port],
14
+ nat_port[:protocol])
15
+ end
16
+ @db.select_nat_ip.each do |nat_ip|
17
+ @iptables.append_nat_ip(nat_ip[:public_ip], nat_ip[:private_ip])
18
+ end
19
+ end
20
+
21
+ def not_used_port?(public_ip, public_port, protocol)
22
+ command = "#{$lsof_bin_path} -i #{protocol}@#{public_ip}:#{public_port}"
23
+ output = IpWrangler::Exec.execute_command(command)
24
+ output.empty?
25
+ end
26
+
27
+ def not_used_ip?(public_ip)
28
+ command = "#{$lsof_bin_path} -i @#{public_ip}"
29
+ output = IpWrangler::Exec.execute_command(command)
30
+ output.empty?
31
+ end
32
+
33
+ def find_port(private_ip, private_port, protocol)
34
+ port = @db.get_first_empty_nat_port(protocol)
35
+ if port
36
+ public_port = port[:public_port]
37
+ if not_used_port?(@config['port_ip'], public_port, protocol) &&
38
+ @iptables.not_exists_nat_port?(@config['port_ip'], public_port,
39
+ protocol, private_ip, private_port)
40
+ return @config['port_ip'], public_port
41
+ end
42
+ end
43
+ nil
44
+ end
45
+
46
+ def find_ip(private_ip)
47
+ ip = @db.get_first_empty_nat_ip
48
+ if ip
49
+ public_ip = ip[:public_ip]
50
+ if not_used_ip?(public_ip) &&
51
+ @iptables.not_exists_nat_ip?(public_ip, private_ip)
52
+ return public_ip
53
+ end
54
+ end
55
+ nil
56
+ end
57
+
58
+ def get_nat_ports(private_ip = nil)
59
+ @db.select_nat_port(private_ip)
60
+ end
61
+
62
+ def get_nat_ips(private_ip = nil)
63
+ @db.select_nat_ip(private_ip)
64
+ end
65
+
66
+ def lock_port(private_ip, private_port, protocol)
67
+ port = @db.select_nat_port(private_ip, private_port, protocol)
68
+ if port.empty?
69
+ public_ip, public_port = find_port(private_ip, private_port, protocol)
70
+ if public_ip && public_port
71
+ @db.insert_nat_port(public_ip, public_port,
72
+ private_ip, private_port, protocol)
73
+ @iptables.append_nat_port(public_ip, public_port,
74
+ private_ip, private_port, protocol)
75
+ { public_ip: public_ip, public_port: public_port,
76
+ private_ip: private_ip, private_port: private_port,
77
+ protocol: protocol }
78
+ end
79
+ else
80
+ port = port.to_a[0]
81
+ { public_ip: port[:public_ip], public_port: port[:public_port],
82
+ private_ip: private_ip, private_port: private_port,
83
+ protocol: port[:protocol] }
84
+ end
85
+ end
86
+
87
+ def lock_ip(private_ip)
88
+ ip = @db.select_nat_ip(private_ip)
89
+ if ip.empty?
90
+ public_ip = find_ip(private_ip)
91
+ if public_ip
92
+ @db.insert_nat_ip(public_ip, private_ip)
93
+ @iptables.append_nat_ip(public_ip, private_ip)
94
+ { public_ip: public_ip,
95
+ private_ip: private_ip }
96
+ end
97
+ else
98
+ ip = ip.to_a[0]
99
+ { public_ip: ip[:public_ip],
100
+ private_ip: private_ip }
101
+ end
102
+ end
103
+
104
+ def release_port(private_ip, private_port = nil, protocol = nil)
105
+ released_port = []
106
+ @db.select_nat_port(private_ip, private_port, protocol).each do |nat_port|
107
+ @iptables.delete_nat_port(nat_port[:public_ip], nat_port[:public_port],
108
+ nat_port[:private_ip], nat_port[:private_port],
109
+ nat_port[:protocol])
110
+ released_port.push({ public_ip: nat_port[:public_ip],
111
+ public_port: nat_port[:public_port],
112
+ private_ip: nat_port[:private_ip],
113
+ private_port: nat_port[:private_port],
114
+ protocol: nat_port[:protocol] })
115
+ end
116
+ @db.delete_nat_port(private_ip, private_port, protocol)
117
+ released_port
118
+ end
119
+
120
+ def release_ip(private_ip, public_ip = nil)
121
+ released_ip = []
122
+ @db.select_nat_ip(private_ip, public_ip).each do |nat_ip|
123
+ @iptables.delete_nat_ip(nat_ip[:public_ip], nat_ip[:private_ip])
124
+ released_ip.push({ public_ip: nat_ip[:public_ip] })
125
+ end
126
+ @db.delete_nat_ip(private_ip, public_ip)
127
+ released_ip
128
+ end
129
+ end
130
+ end
data/lib/ip_wrangler/version.rb ADDED
@@ -0,0 +1,3 @@
1
+ module IpWrangler
2
+ VERSION = '0.1.0'
3
+ end
data/support/initd.md ADDED
@@ -0,0 +1,22 @@
1
+ ## Init.d
2
+
3
+ Download [`ip-wrangler`](https://github.com/dice-cyfronet/ip-wrangler/blob/master/support/initd/ip-wrangler)
4
+ into `/etc/init.d/ip-wrangler`.
5
+
6
+ wget -O /etc/init.d/ip-wrangler https://raw.githubusercontent.com/dice-cyfronet/ip-wrangler/master/support/initd/ip-wrangler
7
+ chmod +x /etc/init.d/ip-wrangler
8
+
9
+ Create directories:
10
+
11
+ mkdir /var/log/ip-wrangler /etc/ip-wrangler
12
+
13
+ Create configuration file in `/etc/ip-wrangler/ip-wrangler.yml` by
14
+
15
+ ip-wrangler-configure /etc/ip-wrangler/ip-wrangler.yml
16
+
17
+ Set values to:
18
+
19
+ * log directory: `/var/log/ip-wrangler`
20
+ * database file: `/etc/ip-wrangler/ip-wrangler.db`
21
+
22
+ Update your `initd` configuration to enable start and stop service. `ip-wrangler` will started by `root`.
data/support/initd/ip-wrangler ADDED
@@ -0,0 +1,53 @@
1
+ #!/bin/sh
2
+ ### BEGIN INIT INFO
3
+ # Provides: ip-wrangler
4
+ # Required-Start: $local_fs $network $named $time $syslog
5
+ # Required-Stop: $local_fs $network $named $time $syslog
6
+ # Default-Start: 2 3 4 5
7
+ # Default-Stop: 0 1 6
8
+ # Description: Manage IP and port mapping.
9
+ ### END INIT INFO
10
+
11
+ PIDFILE=/var/run/ip-wrangler.pid
12
+ CONFIGFILE=/etc/ip-wrangler/ip-wrangler.yml
13
+
14
+ start() {
15
+ if [ -f $PIDFILE ] && kill -0 $(cat $PIDFILE); then
16
+ echo 'Service already running' >&2
17
+ return 1
18
+ fi
19
+ echo 'Starting service...' >&2
20
+ ip-wrangler-start -c $CONFIGFILE -P $PIDFILE
21
+ echo 'Service started' >&2
22
+ }
23
+
24
+ stop() {
25
+ if [ ! -f $PIDFILE ] || ! kill -0 $(cat $PIDFILE); then
26
+ echo 'Service not running' >&2
27
+ return 1
28
+ fi
29
+ echo 'Stopping service...' >&2
30
+ ip-wrangler-stop -P $PIDFILE
31
+ echo 'Service stopped' >&2
32
+ }
33
+
34
+ if [ ! -f $CONFIGFILE ]; then
35
+ echo "Config $CONFIGFILE not found" >&2
36
+ exit 1
37
+ fi
38
+
39
+ case "$1" in
40
+ start)
41
+ start
42
+ ;;
43
+ stop)
44
+ stop
45
+ ;;
46
+ restart)
47
+ stop
48
+ sleep 1
49
+ start
50
+ ;;
51
+ *)
52
+ echo "Usage: $0 {start|stop|restart}"
53
+ esac
metadata ADDED
@@ -0,0 +1,188 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ip-wrangler
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Paweł Suder
8
+ - Jan Meizner
9
+ - Bartosz Wilk
10
+ autorequire:
11
+ bindir: bin
12
+ cert_chain: []
13
+ date: 2015-02-11 00:00:00.000000000 Z
14
+ dependencies:
15
+ - !ruby/object:Gem::Dependency
16
+ name: sinatra
17
+ requirement: !ruby/object:Gem::Requirement
18
+ requirements:
19
+ - - "~>"
20
+ - !ruby/object:Gem::Version
21
+ version: '1.4'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ requirements:
26
+ - - "~>"
27
+ - !ruby/object:Gem::Version
28
+ version: '1.4'
29
+ - !ruby/object:Gem::Dependency
30
+ name: thin
31
+ requirement: !ruby/object:Gem::Requirement
32
+ requirements:
33
+ - - "~>"
34
+ - !ruby/object:Gem::Version
35
+ version: '1.6'
36
+ type: :runtime
37
+ prerelease: false
38
+ version_requirements: !ruby/object:Gem::Requirement
39
+ requirements:
40
+ - - "~>"
41
+ - !ruby/object:Gem::Version
42
+ version: '1.6'
43
+ - !ruby/object:Gem::Dependency
44
+ name: sequel
45
+ requirement: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - "~>"
48
+ - !ruby/object:Gem::Version
49
+ version: '4.19'
50
+ type: :runtime
51
+ prerelease: false
52
+ version_requirements: !ruby/object:Gem::Requirement
53
+ requirements:
54
+ - - "~>"
55
+ - !ruby/object:Gem::Version
56
+ version: '4.19'
57
+ - !ruby/object:Gem::Dependency
58
+ name: sqlite3
59
+ requirement: !ruby/object:Gem::Requirement
60
+ requirements:
61
+ - - "~>"
62
+ - !ruby/object:Gem::Version
63
+ version: '1.3'
64
+ type: :runtime
65
+ prerelease: false
66
+ version_requirements: !ruby/object:Gem::Requirement
67
+ requirements:
68
+ - - "~>"
69
+ - !ruby/object:Gem::Version
70
+ version: '1.3'
71
+ - !ruby/object:Gem::Dependency
72
+ name: json
73
+ requirement: !ruby/object:Gem::Requirement
74
+ requirements:
75
+ - - "~>"
76
+ - !ruby/object:Gem::Version
77
+ version: '1.8'
78
+ type: :runtime
79
+ prerelease: false
80
+ version_requirements: !ruby/object:Gem::Requirement
81
+ requirements:
82
+ - - "~>"
83
+ - !ruby/object:Gem::Version
84
+ version: '1.8'
85
+ - !ruby/object:Gem::Dependency
86
+ name: bundler
87
+ requirement: !ruby/object:Gem::Requirement
88
+ requirements:
89
+ - - "~>"
90
+ - !ruby/object:Gem::Version
91
+ version: '1.6'
92
+ type: :development
93
+ prerelease: false
94
+ version_requirements: !ruby/object:Gem::Requirement
95
+ requirements:
96
+ - - "~>"
97
+ - !ruby/object:Gem::Version
98
+ version: '1.6'
99
+ - !ruby/object:Gem::Dependency
100
+ name: rake
101
+ requirement: !ruby/object:Gem::Requirement
102
+ requirements:
103
+ - - "~>"
104
+ - !ruby/object:Gem::Version
105
+ version: '10.4'
106
+ type: :development
107
+ prerelease: false
108
+ version_requirements: !ruby/object:Gem::Requirement
109
+ requirements:
110
+ - - "~>"
111
+ - !ruby/object:Gem::Version
112
+ version: '10.4'
113
+ description: Iptables DNAT manager
114
+ email:
115
+ - pawel@suder.info
116
+ - j.meizner@cyfronet.pl
117
+ - b.wilk@cyfronet.pl
118
+ executables:
119
+ - ip-wrangler-clean
120
+ - ip-wrangler-clean.sh
121
+ - ip-wrangler-configure
122
+ - ip-wrangler-configure.sh
123
+ - ip-wrangler-start
124
+ - ip-wrangler-start.sh
125
+ - ip-wrangler-stop
126
+ - ip-wrangler-stop.sh
127
+ - ip-wrangler-test
128
+ - ip-wrangler-test.sh
129
+ extensions: []
130
+ extra_rdoc_files: []
131
+ files:
132
+ - ".gitignore"
133
+ - ".hound.yml"
134
+ - ".rubocop.yml"
135
+ - CHANGELOG
136
+ - Gemfile
137
+ - Gemfile.lock
138
+ - LICENSE.txt
139
+ - MANUAL.md
140
+ - README.md
141
+ - Rakefile
142
+ - bin/ip-wrangler-clean
143
+ - bin/ip-wrangler-clean.sh
144
+ - bin/ip-wrangler-configure
145
+ - bin/ip-wrangler-configure.sh
146
+ - bin/ip-wrangler-start
147
+ - bin/ip-wrangler-start.sh
148
+ - bin/ip-wrangler-stop
149
+ - bin/ip-wrangler-stop.sh
150
+ - bin/ip-wrangler-test
151
+ - bin/ip-wrangler-test.sh
152
+ - ip-wrangler.gemspec
153
+ - lib/config.ru
154
+ - lib/config.yml.example
155
+ - lib/ip_wrangler/db.rb
156
+ - lib/ip_wrangler/exec.rb
157
+ - lib/ip_wrangler/ip.rb
158
+ - lib/ip_wrangler/iptables.rb
159
+ - lib/ip_wrangler/main.rb
160
+ - lib/ip_wrangler/nat.rb
161
+ - lib/ip_wrangler/version.rb
162
+ - support/initd.md
163
+ - support/initd/ip-wrangler
164
+ homepage: https://github.com/dice-cyfronet/ip-wrangler
165
+ licenses:
166
+ - MIT
167
+ metadata: {}
168
+ post_install_message:
169
+ rdoc_options: []
170
+ require_paths:
171
+ - lib
172
+ required_ruby_version: !ruby/object:Gem::Requirement
173
+ requirements:
174
+ - - ">="
175
+ - !ruby/object:Gem::Version
176
+ version: '0'
177
+ required_rubygems_version: !ruby/object:Gem::Requirement
178
+ requirements:
179
+ - - ">="
180
+ - !ruby/object:Gem::Version
181
+ version: '0'
182
+ requirements: []
183
+ rubyforge_project:
184
+ rubygems_version: 2.2.2
185
+ signing_key:
186
+ specification_version: 4
187
+ summary: Service is responsible for managing DNAT rules in iptables nat table
188
+ test_files: []