nub 0.0.96 → 0.0.103

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a0f201649f1ad4a08b5350321b544e0188141e414cae039f9aa27ba3288ed4bf
-  data.tar.gz: 7bd2ef167e448539838bc5c1040ece7f652b3e3713d55450eeec74a9a2fcec26
+  metadata.gz: e03ab8b435d9eccad62fe0d1a515377dddf39cdd752e6ae643dd4337bb3a606e
+  data.tar.gz: 4795f2c20f7eeaf1da565f41c783d15b20007307f3cd926bbe28860419511cdc
 SHA512:
-  metadata.gz: a50433d69104c80b7fb77ca5ab1ce2402e15aa2d9269b5ee4fbef4e5c070dc337e36d37ce4be1eb4085caaac1bb7a3c606aeac7bde96f68cdecebdcf8ae2be71
-  data.tar.gz: 3653bbcfb850ec55aa6da6773b56bf955ca03503dd7fbbef2b20ac79834f2d8c146eaa7d67a7d243faf7b686626de87cd42d42f92926901f77f65b81d9a64621
+  metadata.gz: 69825e1f9cb11e189c77ab8ca30f9668300759f30f7fa1805153994c5ffb24eb017b7a3f12abd2067cdf1b04110a64b3558c7ff220d1211172060985ea52f7fc
+  data.tar.gz: cbdb16ed3fb4eb6b9f219492d60279d6035c233d1c21802b745079ea3e1d78fe12e0610bcfc0cc9fcfcaf2c18925c2ceff61434df84727f562287e246566da6b

data/README.md

@@ -8,7 +8,7 @@ Collection of ruby utils I've used in several of my projects and wanted re-usabl
 
 ### Table of Contents
 * [Deploy](#deploy)
-* [Commander](#commander)
+* [Commander Module](#commander-module)
   * [Commands](#commands)
     * [Command Parameters ](#command-paramaters)
     * [Chained Commands](#chained-commands)
@@ -24,7 +24,22 @@ Collection of ruby utils I've used in several of my projects and wanted re-usabl
   * [Help](#help)
     * [Examples](#examples)
     * [Indicators](#indicators)
-* [Config](#config)
+* [Config Module](#config-module)
+* [Core Module](#core-module)
+* [FileUtils Extensions](#fileutils-extensions)
+* [Hash Module](#hash-module)
+* [Log Module](#Log-module)
+* [Module Extensions](#module-extensions)
+* [Net Module](#net-module)
+  * [Network Namespaces](#network-namespaces)
+    * [Teamviewer Example](#teamviewer-example)
+    * [PIA VPN Example](#pia-vpn-example)
+  * [Network Proxy](#network-proxy)
+* [Pacman Module](#pacman-module)
+* [Process Module](#process-module)
+* [Sys Module](#sys-module)
+* [ThreadComm Module](#thread-comm-module)
+* [User Module](#user-module)
 * [Ruby Gem Creation](#ruby-gem-creation)
   * [Package Layout](#package-layout)
   * [Build Gem](#build-gem)
@@ -37,7 +52,7 @@ Collection of ruby utils I've used in several of my projects and wanted re-usabl
 ## Deploy <a name="deploy"></a>
 Run: `bundle install --system`
 
-## Commander <a name="commander"></a>
+## Commander Module <a name="commander-module"></a>
 Commander was created mainly because all available options parsers seemed overly complicated and
 overweight and partly because I enjoyed understanding every bit going into it. Commander offers
 ***git*** or ***kubectl*** like command syntax.
@@ -323,7 +338,7 @@ Usage: ./builder build [options]
     -h|--help                           Print command/options help
 ```
 
-## Config <a name="config"></a>
+## Config Module <a name="config-module"></a>
 Config is a simple YAML wrapper with some extra features. Since it implements the ***Singleton***
 pattern you can easily use it through out your app without carrying around instances everywhere.
 It creates config files in memory and saves them to the config ***~/.config*** directory when saved
@@ -334,6 +349,155 @@ Initialize once on entry of your app and leverage throughout:
 Config.init("openvpn.yml")
 ```
 
+## Core Module <a name="core-module"></a>
+
+## FileUtils Extensions <a name="fileutils-module"></a>
+
+## Hash Module <a name="hash-module"></a>
+
+## Log Module <a name="log-module"></a>
+
+## Module Extensions <a name="module-extensions"></a>
+
+## Net Module <a name="net-module"></a>
+The network module is a collection of network related helpers and automation to simplify tasks and
+encapsulate functionality into reusable components.
+
+### Network Namespaces <a name="network-namespaces"></a>
+Linux by default shares a single set of network interfaces and routing table entries, such that an
+installed application can bind to all interfaces and has access to all other services currently
+running on the system. Network namespaces implemented in the kernel provide a way to isolate
+networks and services from each other. This is the technology that docker uses to isolate docker
+apps from the host and other docker apps.
+
+Network namespaces provide a way to have different separate virtual interfaces and routing tables
+that operate independent of each other. They can be easily manipulated via the ***ip netns*** command.
+
+```bash
+# Create a new network namespace
+# ip netns add <namespace>
+sudo ip netns add foo
+
+# List network namespaces
+ip netns list
+```
+
+Once a network namespace has been created you need to configure how it connected to the host. This
+can be done by creating a pair of virtual Ethernet ***veth*** interfaces and assigning them to the
+new network namespace as by default they will be assigned to the root namespace. The root namespace
+or global namespace is the default namespace used by the host for regular networking.
+
+```bash
+# Create veth pair veth1 and veth2
+sudo ip link add veth1 type veth peer name veth2
+
+# Verify veth pair creation and view their relationship
+# both are part of the root namespace by default
+ip a
+# veth1@veth2: <BROADCAST,MULTICAST,M-DOWN>
+# veth2@veth1: <BROADCAST,MULTICAST,M-DOWN>
+
+# Connect foo namespace to root namespace by assigning half the veth pair to the foo namespace
+sudo ip link set veth2 netns foo
+
+# Verify that the root namespace listing no longer shows veth2
+# notice also that the relationship of veth1 has changed
+ip a
+# veth1@if4: <BROADCAST,MULTICAST>
+
+# Verify that the foo namespace now owns veth2
+sudo ip netns exec foo ip a
+# lo: <LOOPBACK>
+# veth2@if5: <BROADCAST,MULTICAST>
+
+# Assign IPv4 address to the new veth pair
+sudo ifconfig veth1 192.168.100.1/24 up
+sudo ip netns exec foo ifconfig veth2 192.168.100.2/24 up
+
+# Verify that the assigned ips took
+ip a
+# inet 192.168.100.1/24 brd 192.168.100.255 scope global veth1
+
+sudo ip netns exec foo ip a
+# inet 192.168.100.2/24 brd 192.168.100.255 scope global veth2
+
+# Verify connectivity between veth pair
+sudo ping 192.168.100.2
+# 64 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=0.070 ms
+
+sudo ip netns exec foo ping 192.168.100.1
+# 64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.080 ms
+```
+
+Now we have connectivity between our veth pair across network namespaces. Because
+***192.168.100.0/24*** network, that we configured the veth pair on, is a separate network from the
+host any applications running within the new network namespace will not have connectivity to
+anything else on your host or networks currently including external access to the internet.
+
+```bash
+# Prove out isolation
+sudo ping www.google.com
+# 64 bytes from -----.1e100.net (172.217.1.196): icmp_seq=1 ttl=56 time=13.3 ms
+
+sudo ip netns exec foo ping www.google.com
+# connect: Network is unreachable
+```
+
+In the following sub sections I'll show you how to automated this compliated setup using the
+***Net*** ruby module.
+
+#### TeamViewer Example <a name="teamviewer-example"></a>
+In this example I'll be showing you how to isolate Teamviewer such that Teamviewer is only able to
+bind to the veth2 IPv4 address that we create for it rather than all network interfaces on the host.
+This will allow you to have Teamviewer running and accessible from your network facing IP but also
+to be able to SSH port forward other Teamviewer instances to your loopback interface or other veth
+addresses.
+
+```ruby
+WIP
+```
+
+#### PIA VPN Example <a name="pia-vpn-example"></a>
+```ruby
+WIP
+
+Example1: Network namespace with access only to the 192.168.100.0 network which only has the
+host address 192.168.100.1 available which only has access to the internet via the PIA VPN.
+
+namespace = 'pia'
+host_veth = Veth.new('veth1', '192.168.100.1')
+guest_veth = Veth.new('veth2', '192.168.100.2')
+network = Network.new('192.168.100.0', '24', ['209.222.18.222', '209.222.18.218'])
+```
+
+### Network Proxy <a name="network-proxy"></a>
+The Net module provides simple access to the system proxy environment variables.
+
+```ruby
+Net.proxy.ftp
+Net.proxy.http
+Net.proxy.https
+Net.proxy.no
+Net.proxy.uri
+Net.proxy.port
+
+# Simple way to check if a proxy is set
+Net.proxy?
+
+# Bash compatible string to use to insert proxy into commands
+Net.proxy_export
+```
+
+## Pacman Module <a name="pacman-module"></a>
+
+## Process Module <a name="process-module"></a>
+
+## Sys Module <a name="sys-module"></a>
+
+## ThreadComm Module <a name="threadcomm-module"></a>
+
+## User Module <a name="user-module"></a>
+
 ## Ruby Gem Creation <a name="ruby-gem-creation"></a>
 http://guides.rubygems.org/make-your-own-gem/
 

data/lib/nub/log.rb

@@ -25,6 +25,7 @@ require 'ostruct'
 require 'colorize'
 require_relative 'sys'
 require_relative 'core'
+require_relative 'module'
 
 LogLevel = OpenStruct.new({
   error: 0,
@@ -38,34 +39,32 @@ LogLevel = OpenStruct.new({
 # Uses Mutex.synchronize where required to provide thread safety.
 module Log
   extend self
-  @@_level = 3
+  mattr_accessor(:id, :path, :level)
+
+  @@level = 3
+  @@path = nil
   @@_queue = nil
   @@_stdout = true
   @@_monitor = Monitor.new
 
-  # Public properties
-  class << self
-    attr_reader(:id, :path)
-  end
-
   # Singleton's init method can be called multiple times to reset.
   # @param path [String] path to log file
   # @param queue [Bool] use a queue as well
   # @param stdout [Bool] turn on or off stdout
   # @param level [LogLevel] level at which to log
   def init(path:nil, level:LogLevel.debug, queue:false, stdout:true)
-    @id ||= 'singleton'.object_id
+    self.id ||= 'singleton'.object_id
+    self.path = path ? File.expand_path(path) : nil
+    self.level = level
 
-    @path = path ? File.expand_path(path) : nil
-    @@_level = level
     @@_queue = queue ? Queue.new : nil
     @@_stdout = stdout
     $stdout.sync = true
 
     # Open log file creating as needed
-    if @path
-      FileUtils.mkdir_p(File.dirname(@path)) if !File.exist?(File.dirname(@path))
-      @file = File.open(@path, 'a')
+    if self.path
+      FileUtils.mkdir_p(File.dirname(self.path)) if !File.exist?(File.dirname(self.path))
+      @file = File.open(self.path, 'a')
       @file.sync = true
     end
   end
@@ -74,7 +73,7 @@ module Log
   def call_details
     @@_monitor.synchronize{
 
-      # Skip first 3 on stack (i.e. 0 = block in call_details, 1 = synchronize, 2 = call_detail) 
+      # Skip first 3 on stack (i.e. 0 = block in call_details, 1 = synchronize, 2 = call_detail)
       stack = caller_locations(3, 20)
 
       # Skip past any calls in 'log.rb' or 'monitor.rb'
@@ -124,7 +123,7 @@ module Log
 
       # Handle output
       if !str.empty?
-        @file << str.strip_color if @path
+        @file << str.strip_color if self.path
         @@_queue << str if @@_queue
         $stdout.print(str) if @@_stdout
       end
@@ -154,7 +153,7 @@ module Log
       end
 
       # Handle output
-      @file.puts(str.strip_color) if @path
+      @file.puts(str.strip_color) if self.path
       @@_queue << "#{str}\n" if @@_queue
       $stdout.puts(str) if @@_stdout
 
@@ -167,18 +166,19 @@ module Log
       opts = args.find{|x| x.is_a?(Hash)}
       opts[:loc] = true and opts[:type] = 'E' if opts
       args << {:loc => true, :type => 'E'} if !opts
-
-      return self.puts(*args)
+      newline = (opts && opts.key?(:newline)) ? opts[:newline] : true
+      return newline ? self.puts(*args) : self.print(*args)
     }
   end
 
   def warn(*args)
     @@_monitor.synchronize{
-      if LogLevel.warn <= @@_level
+      if LogLevel.warn <= self.level
         opts = args.find{|x| x.is_a?(Hash)}
         opts[:type] = 'W' if opts
         args << {:type => 'W'} if !opts
-        return self.puts(*args)
+        newline = (opts && opts.key?(:newline)) ? opts[:newline] : true
+        return newline ? self.puts(*args) : self.print(*args)
       end
       return true
     }
@@ -186,11 +186,12 @@ module Log
 
   def info(*args)
     @@_monitor.synchronize{
-      if LogLevel.info <= @@_level
+      if LogLevel.info <= self.level
         opts = args.find{|x| x.is_a?(Hash)}
         opts[:type] = 'I' if opts
         args << {:type => 'I'} if !opts
-        return self.puts(*args)
+        newline = (opts && opts.key?(:newline)) ? opts[:newline] : true
+        return newline ? self.puts(*args) : self.print(*args)
       end
       return true
     }
@@ -198,11 +199,12 @@ module Log
 
   def debug(*args)
     @@_monitor.synchronize{
-      if LogLevel.debug <= @@_level
+      if LogLevel.debug <= self.level
         opts = args.find{|x| x.is_a?(Hash)}
         opts[:type] = 'D' if opts
         args << {:type => 'D'} if !opts
-        return self.puts(*args)
+        newline = (opts && opts.key?(:newline)) ? opts[:newline] : true
+        return newline ? self.puts(*args) : self.print(*args)
       end
       return true
     }

data/lib/nub/net.rb

@@ -19,12 +19,18 @@
 #LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 #OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 #SOFTWARE.
+
 require 'ostruct'
+require_relative 'log'
+require_relative 'sys'
+require_relative 'module'
+
+# Collection of network related helpers
+module Net
+  extend self
+  mattr_accessor(:agents)
 
-# Collection of simply network related helpers
-module Net 
-  @@_proxy = nil
-  @@_agents = OpenStruct.new({
+  @@agents = OpenStruct.new({
     windows_ie_6: 'Windows IE 6',
     windows_ie_7: 'Windows IE 7',
     windows_mozilla: 'Windows Mozilla',
@@ -37,40 +43,195 @@ module Net
     iphone: 'iPhone'
   })
 
-  # Accessors
-  def self.agents; @@_agents; end
-  def self.proxy_uri; http_proxy ? http_proxy.split(':')[1][2..-1] : nil; end
-  def self.proxy_port; http_proxy ? http_proxy.split(':').last : nil; end
-  def self.ftp_proxy; get_proxy if @@_proxy.nil?; @@_proxy['ftp_proxy']; end
-  def self.http_proxy; get_proxy if @@_proxy.nil?; @@_proxy['http_proxy']; end
-  def self.https_proxy; get_proxy if @@_proxy.nil?; @@_proxy['https_proxy']; end
-  def self.no_proxy; get_proxy if @@_proxy.nil?; @@_proxy['no_proxy']; end
-
-  # Get the system proxy variables
-  def self.get_proxy
-    @@_proxy = {
-      'ftp_proxy' => ENV['ftp_proxy'],
-      'http_proxy' => ENV['http_proxy'],
-      'https_proxy' => ENV['https_proxy'],
-      'no_proxy' => ENV['no_proxy']
-    }
+  # Get fresh proxy from environment
+  def proxy
+    return OpenStruct.new({
+      ftp: ENV['ftp_proxy'],
+      http: ENV['http_proxy'],
+      https: ENV['https_proxy'],
+      no: ENV['no_proxy'],
+      uri: ENV['http_proxy'] ? ENV['http_proxy'].split(':')[0..-2] * ":" : nil,
+      port: ENV['http_proxy'] ? ENV['http_proxy'].split(':').last : nil
+    })
   end
 
-  # Get a shell export string for proxies
-  def self.proxy_export
-    get_proxy if @@_proxy.nil?
-    return proxy_exist? ? (@@_proxy.map{|k,v| "export #{k}=#{v}"} * ';') + ";" : nil
+  # Check if a proxy is set
+  def proxy?
+    return !self.proxy.http.nil?
   end
 
-  # Check if a proxy is set
-  def self.proxy_exist?
-    get_proxy if @@_proxy.nil?
-    return !@@_proxy['http_proxy'].nil?
+  # Get a shell export string for proxies
+  # @param proxy [String] to use rather than default
+  def proxy_export(proxy:nil)
+    if proxy
+      ({'ftp_proxy' => proxy,
+       'http_proxy' => proxy,
+       'https_proxy' => proxy
+      }.map{|k,v| "export #{k}=#{v}"} * ';') + ";"
+    elsif self.proxy?
+      (self.proxy.to_h.map{|k,v| (![:uri, :port].include?(k) && v) ? "export #{k}_proxy=#{v}" : nil}.compact * ';') + ";"
+    else
+      return nil
+    end
   end
 
   # Check if the system is configured for the kernel to forward ip traffic
-  def self.ip_forward?
-    return `cat /proc/sys/net/ipv4/ip_forward`.include?('1')
+  def ip_forward?
+    return File.read('/proc/sys/net/ipv4/ip_forward').include?('1')
+  end
+
+  # ----------------------------------------------------------------------------
+  # Namespace related helpers
+  # ----------------------------------------------------------------------------
+
+  # Virtual Ethernet NIC object
+  # @param name [String] of the veth
+  # @param ip [String] of the veth
+  # @param nic [String] pattern matching nic e.g. en+
+  Veth = Struct.new(:name, :ip, :nic)
+
+  # Network object
+  # @param ip [String] of the network
+  # @param cidr [String] of the network
+  # @param nameservers [Array[String]] to use for new network
+  Network = Struct.new(:ip, :cidr, :nameservers)
+
+  # Check that the namespace has connectivity to the outside world
+  # using a simple curl on google
+  # @param namespace [String] name to use when creating it
+  # @param proxy [String] to use rather than default
+  def namespace_connectivity?(namespace, proxy:nil)
+    success = false
+    Log.info("Checking namespace #{namespace.colorize(:cyan)} for connectivity to google.com", newline:false)
+
+    if File.exists?(File.join("/var/run/netns", namespace))
+      ping = 'curl -sL -w "%{http_code}" http://www.google.com -o /dev/null'
+      return Sys.exec_status("ip netns exec #{namespace} bash -c '#{self.proxy_export(proxy)}#{ping}'", die:false, check:"200")
+    else
+      Sys.exec_status(":", die:false, check:"200")
+      Log.warn("Namespace #{namespace} doesn't exist!")
+    end
+  end
+
+  # Create a network namespace with the given name
+  # @param namespace [String] name to use when creating it
+  # @param host_veth [Veth] describes the veth to create for the host side
+  # @param guest_veth [Veth] describes the veth to create for the guest side
+  # @param network [Network] describes the network to share
+  def create_namespace(namespace, host_veth, guest_veth, network)
+    namespace_conf = File.join("/etc/netns", namespace)
+
+    # Ensure namespace i.e. /var/run/netns/<namespace> exists
+    if !File.exists?(File.join("/var/run/netns", namespace))
+      Log.info("Creating VPN Namespace #{namespace.colorize(:cyan)}", newline:false)
+      Sys.exec_status("ip netns add #{namespace}")
+    end
+
+    # Ensure loopback device is running inside the pnamespace
+    if `ip netns exec #{namespace} ip a`.include?("state DOWN")
+      Log.info("Start loopback interface in namespace", newline:false)
+      Sys.exec_status("ip netns exec #{namespace} ip link set lo up")
+    end
+
+    # Create a virtual ethernet pair to communicate across namespaces
+    # by default they will both be in the root namespace until one is assigned to another
+    # e.g. host:192.168.100.1 and guest:192.168.100.2 communicating in network:192.168.100.0
+    if !`ip a`.include?(host_veth.name)
+      Log.info("Create vpn veths #{host_veth.name.colorize(:cyan)} for #{'root'.colorize(:cyan)}
+       and #{guest_veth.name.colorize(:cyan)} for #{namespace.colorize(:cyan)}", newline:false)
+      Sys.exec_status("ip link add #{host_veth.name} type veth peer name #{guest_veth.name}")
+      Log.info("Assign veth #{guest_veth.name.colorize(:cyan)} to namespace #{namespace.colorize(:cyan)}", newline:false)
+      Sys.exec_status("ip link set #{guest_veth.name} netns #{namespace}")
+    end
+
+    # Assign IPv4 addresses and start up the new veth interfaces
+    # sudo ping #{host_veth.ip} and sudo netns exec #{namespace} ping #{guest_veth.ip} should work now
+    if !`ip a`.include?(host_veth.ip)
+      Log.info("Assign ip #{host_veth.ip.colorize(:cyan)} and start #{host_veth.ip.colorize(:cyan)}", newline:false)
+      Sys.exec_status("ifconfig #{host_veth.name} #{File.join(host_veth.ip, nework.cidr)} up")
+    end
+    if !`ip netns exec #{namespace} ip a`.include?(guest_veth.ip)
+      Log.info("Assign ip #{guest_veth.ip.colorize(:cyan)} and start #{guest_veth.ip.colorize(:cyan)}", newline:false)
+      Sys.exec_status("ip netns exec #{namespace} ifconfig #{guest_veth.name} #{File.join(guest_veth.ip, nework.cidr)} up")
+    end
+
+    # Share internet access on host with namespace
+    # Note: to see current forward rules use: iptables -S
+    if !`ip netns exec #{namespace} ip route`.include?('default')
+      Log.info("Set default route for traffic leaving namespace to #{host_veth.ip.colorize(:cyan)}", newline:false)
+      Sys.exec_status("ip netns exec #{namespace} ip route add default via #{host_veth.ip} dev #{guest_veth.name}")
+    end
+    if !`iptables -t nat -S`.include?(File.join(nework.ip, nework.cidr))
+      Log.info("Enable NAT on host for vpn net #{File.join(nework.ip, nework.cidr).colorize(:cyan)}", newline:false)
+      Sys.exec_status("iptables -t nat -A POSTROUTING -s #{File.join(nework.ip, nework.cidr)} -o #{host_veth.nic} -j MASQUERADE")
+    end
+    if !`iptables -S`.include?("-A FORWARD -i #{host_veth.nic}")
+      Log.info("Allow forwarding to #{namespace.colorize(:cyan)}", newline:false)
+      Sys.exec_status("iptables -A FORWARD -i #{host_veth.nic} -o #{host_veth.name} -j ACCEPT")
+    end
+    if !`iptables -S`.include?("-A FORWARD -i #{host_veth.name}")
+      Log.info("Allow forwarding from #{namespace.colorize(:cyan)}", newline:false)
+      Sys.exec_status("iptables -A FORWARD -i #{host_veth.name} -o #{host_veth.nic} -j ACCEPT")
+    end
+
+    # Configure nameserver to use in VPN namespace
+    namespace_conf = File.join("/etc/netns", namespace)
+    if !File.exists?(namespace_conf) && network.nameservers
+      Log.info("Creating nameserver config #{namespace_conf}", newline:false)
+      Sys.exec_status("mkdir -p #{namespace_conf}")
+      network.nameservers.each{|x|
+        Log.info("Adding nameserver #{x.colorize(:cyan)} to config", newline:false)
+        Sys.exec_status("echo 'nameserver #{x}' >> /etc/netns/#{namespace}/resolv.conf")
+      }
+    end
+  end
+
+  # Delete the given network namespace
+  # @param namespace [String] name to use when creating it
+  # @param host_veth [Veth] describes the veth to create for the host side
+  # @param network [Network] describes the network to share
+  def delete_namespace(namespace, host_veth, network)
+
+    # Remove nameserver config for vpn
+    namespace_conf = File.join("/etc/netns", namespace)
+    if File.exists?(namespace_conf)
+      Log.info("Removing nameserver config #{namespace_conf}", newline:false)
+      Sys.exec_status("rm -rf #{namespace_conf}")
+    end
+
+    # Remove NAT and iptables forwarding allowances
+    if `iptables -t nat -S`.include?(File.join(network.ip, network.cidr))
+      Log.info("Removing NAT on host for vpn net #{File.join(network.ip, network.cidr).colorize(:cyan)}", newline:false)
+      Sys.exec_status("iptables -t nat -D POSTROUTING -s #{File.join(network.ip, network.cidr)} -o #{host_veth.nic} -j MASQUERADE")
+    end
+    if `iptables -S`.include?("-A FORWARD -i #{host_veth.nic}")
+      Log.info("Allow forwarding to #{namespace.colorize(:cyan)}", newline:false)
+      Sys.exec_status("iptables -D FORWARD -i #{host_veth.nic} -o #{host_veth.name} -j ACCEPT")
+    end
+    if `iptables -S`.include?("-A FORWARD -i #{host_veth.name}")
+      Log.info("Allow forwarding from #{namespace.colorize(:cyan)}", newline:false)
+      Sys.exec_status("iptables -D FORWARD -i #{host_veth.name} -o #{host_veth.nic} -j ACCEPT")
+    end
+
+    # Remove virtual ethernet interfaces
+    if `ip a`.include?(host_veth.name)
+      Log.info("Removing veth interface #{host_veth.name.colorize(:cyan)} for vpn", newline:false)
+      Sys.exec_status("ip link delete #{host_veth.name}")
+    end
+
+    # Remove namespace for vpn
+    if File.exists?(File.join("/var/run/netns", namespace))
+      Log.info("Removing namespace #{namespace.colorize(:cyan)}", newline:false)
+      Sys.exec_status("ip netns delete #{namespace}")
+    end
+  end
+
+  # Execute in the namespace
+  # @param namespace [String] to execut within
+  # @param cmd [String] command to execute
+  # @param proxy [String] to use rather than default
+  def namespace_exec(namespace, cmd, proxy:nil)
+    return `ip netns exec #{namespace} bash -c '#{self.proxy_export(proxy)}#{cmd}'`
   end
 end
 

data/lib/nub/sys.rb

@@ -98,6 +98,27 @@ module Sys
     return result
   end
 
+  # Execute the shell command and print status
+  # @param cmd [String] command to execute
+  # @param die [bool] exit on true
+  # @result status [bool] true on success else false
+  def exec_status(cmd, die:true, check:nil)
+    out = `#{cmd}`
+    status = true
+    status = check == out if !check.nil?
+    status = $?.exitstatus == 0 if check.nil?
+
+    #if status
+    if status
+      Log.puts("...success!".colorize(:green), stamp:false)
+    else
+      Log.puts("...failed!".colorize(:red), stamp:false)
+      Log.puts(out.colorize(:red)) and exit if die
+    end
+
+    return status
+  end
+
   # Read a password from stdin without echoing
   # @returns pass [String] the password read in
   def getpass

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nub
 version: !ruby/object:Gem::Version
-  version: 0.0.96
+  version: 0.0.103
 platform: ruby
 authors:
 - Patrick Crummett
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-23 00:00:00.000000000 Z
+date: 2018-08-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize