PyPI - ifstate - Versions diffs - 1.13.7__py3-none-any.whl → 2.0.0rc2__py3-none-any.whl - Mend

ifstate 1.13.7py3-none-any.whl → 2.0.0rc2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

hooks/wrapper.sh +50 -0
ifstate/ifstate.py +9 -2
{ifstate-1.13.7.dist-info → ifstate-2.0.0rc2.dist-info}/METADATA +2 -2
ifstate-2.0.0rc2.dist-info/RECORD +38 -0
libifstate/__init__.py +97 -46
libifstate/hook/__init__.py +195 -0
libifstate/link/__init__.py +0 -1
libifstate/link/base.py +23 -31
libifstate/link/physical.py +2 -2
libifstate/link/tun.py +2 -2
libifstate/link/veth.py +2 -2
libifstate/netns/__init__.py +40 -5
libifstate/parser/base.py +107 -84
libifstate/routing/__init__.py +62 -16
libifstate/util.py +146 -147
libifstate/wireguard/__init__.py +81 -21
schema/2/ifstate.conf.schema.json +4398 -0
ifstate-1.13.7.dist-info/RECORD +0 -37
libifstate/link/dsa.py +0 -10
schema/ifstate.conf.schema.json +0 -4259
{ifstate-1.13.7.dist-info → ifstate-2.0.0rc2.dist-info}/WHEEL +0 -0
{ifstate-1.13.7.dist-info → ifstate-2.0.0rc2.dist-info}/entry_points.txt +0 -0
{ifstate-1.13.7.dist-info → ifstate-2.0.0rc2.dist-info}/licenses/LICENSE +0 -0
{ifstate-1.13.7.dist-info → ifstate-2.0.0rc2.dist-info}/top_level.txt +0 -0

libifstate/util.py CHANGED Viewed

@@ -1,7 +1,9 @@
 import libifstate.exception
 from libifstate.log import logger, IfStateLogging
-from pyroute2 import IPRoute, NetNS, netns
+import pyroute2
+from pyroute2 import IPRoute, IW, NetNS
+from pyroute2.netlink.exceptions import NetlinkError
 from pyroute2.netlink.rtnl.tcmsg import tcmsg
 from pyroute2.netlink.rtnl import RTM_DELTFILTER, RTM_NEWNSID
 from pyroute2.netlink.rtnl.nsidmsg import nsidmsg
@@ -17,33 +19,45 @@ except ModuleNotFoundError:
     # pyroute2 >= 0.6
     from pr2modules.ethtool.ioctl import SIOCETHTOOL
+import atexit
 import socket
 import fcntl
+import re
 import struct
+import subprocess
 import array
 import struct
+import tempfile
 import typing
 import os
+import yaml
-# ethtool helper
-ETHTOOL_GDRVINFO = 0x00000003  # Get driver info
-STRUCT_DRVINFO = struct.Struct(
-    "I" +    # cmd
-    "32s" +  # driver
-    "32s" +  # version
-    "32s" +  # fw_version
-    "32s" +  # bus_info
-    "32s" +  # reserved1
-    "12s" +  # reserved2
-    "I" +    # n_priv_flags
-    "I" +    # n_stats
-    "I" +    # testinfo_len
-    "I" +    # eedump_len
-    "I"      # regdump_len
-)
-ETHTOOL_GPERMADDR = 0x00000020  # Get permanent hardware address
-L2_ADDRLENGTH = 6  # L2 address length
+def _get_of_node(netns, link):
+    if netns.netns is not None:
+        pyroute2.netns.pushns(netns.netns)
+    try:
+        return os.path.relpath(os.path.realpath(f"{netns.ipr.sysfs_path}/class/net/{link.get_attr('IFLA_IFNAME')}/of_node", strict=True), start=f"{netns.ipr.sysfs_path}/firmware/devicetree")
+    except FileNotFoundError:
+        return None
+    finally:
+        if netns.netns is not None:
+            pyroute2.netns.popns()
+IDENTIFY_LOOKUPS = {
+    "perm_address": lambda netns, link: link.get_attr("IFLA_PERM_ADDRESS"),
+    "parent_dev_name": lambda netns, link: link.get_attr("IFLA_PARENT_DEV_NAME"),
+    "parent_dev_bus_name": lambda netns, link: link.get_attr("IFLA_PARENT_DEV_BUS_NAME"),
+    "phys_port_id": lambda netns, link: link.get_attr("IFLA_PHYS_PORT_ID"),
+    "phys_port_name": lambda netns, link: link.get_attr("IFLA_PHYS_PORT_NAME"),
+    "phys_switch_id": lambda netns, link: link.get_attr("IFLA_PHYS_SWITCH_ID"),
+    "of_node": _get_of_node,
+}
+REGEX_ETHER_BYTE = re.compile('[a-f0-9]{2}')
+RUN_BASE_DIR = '/run/libifstate'
 root_ipr = typing.NewType("IPRouteExt", IPRoute)
@@ -59,28 +73,96 @@ def filter_ifla_dump(showall, ifla, defaults, prefix="IFLA"):
     return dump
+def format_ether_address(address):
+    """
+    Formats a ether address string canonical. Accepted formats:
+      xx:xx:xx:xx:xx:xx
+      xx-xx-xx-xx-xx-xx
+      xxxx.xxxx.xxxx
+    The hex digits may be lower and upper case.
+    """
+    return ':'.join(REGEX_ETHER_BYTE.findall(address.lower()))
+def get_run_dir(function, *args):
+    """
+    Returns a deterministic directory under /run/libifstate for saving state
+    informations between ifstate calls. A hierarchy is build from the ifstate
+    function and additional distinguishers (i.e. ifname).
+    The directory will be created if it does not already exists.
+    """
+    run_dir = os.path.join(RUN_BASE_DIR, function, *args)
+    try:
+        os.makedirs(run_dir, mode=0o700)
+    except FileExistsError:
+        pass
+    return run_dir
+def get_netns_run_dir(function, netns, *args):
+    """
+    Returns a deterministic directory under /run/libifstate for saving state
+    informations between ifstate calls. A hierarchy is build from the ifstate
+    function, the netns and optional additional distinguishers (i.e. ifname).
+    The directory will be created if it does not already exists.
+    """
+    if netns.netns is None:
+        run_dir = os.path.join(RUN_BASE_DIR, function, 'root', *args)
+    else:
+        run_dir = os.path.join(RUN_BASE_DIR, function, 'netns', netns.netns, *args)
+    try:
+        os.makedirs(run_dir, mode=0o700)
+    except FileExistsError:
+        pass
+    return run_dir
+def dump_yaml_file(fn, obj, opener=None):
+    """
+    Dump obj to a YaML file, create directories if needed and catch file
+    I/O errors.
+    """
+    try:
+        os.makedirs(os.path.dirname(fn), mode=0o700)
+    except FileExistsError:
+        pass
+    try:
+        with open(fn, "w", opener=opener) as fh:
+            yaml.dump(obj, fh)
+    except OSError as err:
+        logger.error('Writing {} failed: {}'.format(fn, err))
+def slurp_yaml_file(fn, default=None):
+    """
+    Read the content of a YaML file, returns *default* if the file could not be
+    found, read or parsed.
+    """
+    try:
+        with open(fn) as fh:
+            return yaml.load(fh, Loader=yaml.SafeLoader)
+    except OSError as err:
+        logger.debug('Reading {} failed: {}'.format(fn, err))
+    except yaml.YAMLError as err:
+        logger.warning('Parsing {} failed: {}'.format(fn, err))
+    return default
 class IPRouteExt(IPRoute):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.__sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
-    # def fork_before():
-    #     import sys
-    #     print(f"FORK[{os.getpid()}] before", file=sys.stderr)
-    # def fork_parent():
-    #     import sys
-    #     print(f"FORK[{os.getpid()}] parent", file=sys.stderr)
-    # def fork_child():
-    #     import sys
-    #     print(f"FORK[{os.getpid()}] after", file=sys.stderr)
-    # os.register_at_fork(before=fork_before, after_in_parent=fork_parent, after_in_child=fork_child)
+        self.sysfs_path = "/sys"
     def del_filter_by_info(self, index=0, handle=0, info=0, parent=0):
         msg = tcmsg()
@@ -97,60 +179,6 @@ class IPRouteExt(IPRoute):
             NLM_F_ACK
         ))
-    def get_businfo(self, ifname):
-        data = array.array("B", struct.pack(
-            "I", ETHTOOL_GDRVINFO))
-        data.extend(b'\x00' * (STRUCT_DRVINFO.size - len(data)))
-        ifr = struct.pack('16sP', ifname.encode(
-            "utf-8"), data.buffer_info()[0])
-        try:
-            r = fcntl.ioctl(self.__sock.fileno(), SIOCETHTOOL, ifr)
-        except OSError:
-            return None
-        drvinfo = STRUCT_DRVINFO.unpack(data)
-        return drvinfo[4].decode('ascii').split('\x00')[0]
-    def get_permaddr(self, ifname):
-        data = array.array("B", struct.pack(
-            "II", ETHTOOL_GPERMADDR, L2_ADDRLENGTH))
-        data.extend(b'\x00' * L2_ADDRLENGTH)
-        ifr = struct.pack('16sP', ifname.encode(
-            "utf-8"), data.buffer_info()[0])
-        try:
-            r = fcntl.ioctl(self.__sock.fileno(), SIOCETHTOOL, ifr)
-        except OSError:
-            return None
-        l2addr = ":".join(format(x, "02x") for x in data[8:])
-        if l2addr == "00:00:00:00:00:00":
-            return None
-        return l2addr
-    def get_iface_by_businfo(self, businfo):
-        for iface in iter(self.get_links()):
-            ifname = iface.get_attr('IFLA_IFNAME')
-            bi = self.get_businfo(ifname)
-            if bi and bi == businfo:
-                return iface['index']
-    def get_iface_by_permaddr(self, permaddr):
-        for iface in iter(self.get_links()):
-            ifname = iface.get_attr('IFLA_IFNAME')
-            addr = self.get_permaddr(ifname)
-            if addr and addr == permaddr:
-                return iface['index']
-        return None
     def get_ifname_by_index(self, index):
         link = next(iter(self.get_links(index)), None)
@@ -207,10 +235,31 @@ class NetNSExt(NetNS):
             self.netns = self.status["netns"]
         try:
-            netns.pushns(self.netns)
+            pyroute2.netns.pushns(self.netns)
             self.__sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+            os.makedirs("/run/libifstate/sysfs", exist_ok=True)
+            self.sysfs_path = tempfile.mkdtemp(prefix=self.netns, dir="/run/libifstate/sysfs")
+            rc = subprocess.run(['mount', '', self.sysfs_path, '-t', 'sysfs', '-o', 'ro,nosuid,nodev,noexec,noatime'])
+            if rc.returncode != 0:
+                logger.warning("Could not mount netns sysfs: {rc.stderr}")
+            else:
+                logger.debug('mounted sysfs for {} at {}'.format(self.netns, self.sysfs_path), extra={'netns': self.netns})
+                atexit.register(self.umount_sysfs)
         finally:
-            netns.popns()
+            pyroute2.netns.popns()
+    def umount_sysfs(self):
+            rc = subprocess.run(['umount', self.sysfs_path, '-t', 'sysfs'])
+            if rc.returncode != 0:
+                logger.warning("Could not umount netns sysfs: {rc.stderr}")
+            else:
+                logger.debug('umounted sysfs for {} at {}'.format(self.netns, self.sysfs_path), extra={'netns': self.netns})
+            try:
+                os.rmdir(self.sysfs_path)
+            except OSError:
+                pass
     def del_filter_by_info(self, index=0, handle=0, info=0, parent=0):
         msg = tcmsg()
@@ -227,60 +276,6 @@ class NetNSExt(NetNS):
             NLM_F_ACK
         ))
-    def get_businfo(self, ifname):
-        data = array.array("B", struct.pack(
-            "I", ETHTOOL_GDRVINFO))
-        data.extend(b'\x00' * (STRUCT_DRVINFO.size - len(data)))
-        ifr = struct.pack('16sP', ifname.encode(
-            "utf-8"), data.buffer_info()[0])
-        try:
-            r = fcntl.ioctl(self.__sock.fileno(), SIOCETHTOOL, ifr)
-        except OSError:
-            return None
-        drvinfo = STRUCT_DRVINFO.unpack(data)
-        return drvinfo[4].decode('ascii').split('\x00')[0]
-    def get_permaddr(self, ifname):
-        data = array.array("B", struct.pack(
-            "II", ETHTOOL_GPERMADDR, L2_ADDRLENGTH))
-        data.extend(b'\x00' * L2_ADDRLENGTH)
-        ifr = struct.pack('16sP', ifname.encode(
-            "utf-8"), data.buffer_info()[0])
-        try:
-            r = fcntl.ioctl(self.__sock.fileno(), SIOCETHTOOL, ifr)
-        except OSError:
-            return None
-        l2addr = ":".join(format(x, "02x") for x in data[8:])
-        if l2addr == "00:00:00:00:00:00":
-            return None
-        return l2addr
-    def get_iface_by_businfo(self, businfo):
-        for iface in iter(self.get_links()):
-            ifname = iface.get_attr('IFLA_IFNAME')
-            bi = self.get_businfo(ifname)
-            if bi and bi == businfo:
-                return iface['index']
-    def get_iface_by_permaddr(self, permaddr):
-        for iface in iter(self.get_links()):
-            ifname = iface.get_attr('IFLA_IFNAME')
-            addr = self.get_permaddr(ifname)
-            if addr and addr == permaddr:
-                return iface['index']
-        return None
     def get_ifname_by_index(self, index):
         link = next(iter(self.get_links(index)), None)
@@ -369,3 +364,7 @@ class LinkDependency:
 root_ipr = IPRouteExt()
+try:
+    root_iw = IW()
+except NetlinkError:
+    root_iw = None

libifstate/wireguard/__init__.py CHANGED Viewed

@@ -1,12 +1,14 @@
 from libifstate.util import logger, IfStateLogging
 from libifstate.exception import netlinkerror_classes, FeatureMissingError
-from wgnlpy import WireGuard as WG
-from ipaddress import ip_network
+import wgnlpy
+import ipaddress
 import collections
 from copy import deepcopy
 import pyroute2.netns
 import socket
+SECRET_SETTINGS = ['private_key', 'preshared_key']
 class WireGuard():
     def __init__(self, netns, iface, wireguard):
         self.netns = netns
@@ -17,7 +19,7 @@ class WireGuard():
             pyroute2.netns.pushns(self.netns.netns)
         try:
-            self.wg = WG()
+            self.wg = wgnlpy.WireGuard()
         finally:
             if self.netns.netns is not None:
                 pyroute2.netns.popns()
@@ -28,7 +30,7 @@ class WireGuard():
             for i, peer in enumerate(self.wireguard['peers']):
                 if 'allowedips' in peer:
                     self.wireguard['peers'][i]['allowedips'] = set(
-                        [ip_network(x) for x in self.wireguard['peers'][i]['allowedips']])
+                        [ipaddress.ip_network(x) for x in self.wireguard['peers'][i]['allowedips']])
     def __deepcopy__(self, memo):
         '''
@@ -43,7 +45,7 @@ class WireGuard():
                     pyroute2.netns.pushns(self.netns.netns)
                 try:
-                    setattr(result, k, WG())
+                    setattr(result, k, wgnlpy.WireGuard())
                 finally:
                     if self.netns.netns is not None:
                         pyroute2.netns.popns()
@@ -94,15 +96,15 @@ class WireGuard():
             has_pchanges = False
             avail = []
-            for peer in self.wireguard['peers']:
-                avail.append(peer['public_key'])
+            for public_key, opts in self.wireguard['peers'].items():
+                avail.append(public_key)
                 pubkey = next(
-                    iter([x for x in peers.keys() if x == peer['public_key']]), None)
+                    iter([x for x in peers.keys() if x == public_key]), None)
                 if pubkey is None:
                     has_pchanges = True
                     if do_apply:
                         try:
-                            self.safe_set_peer(peer)
+                            self.safe_set_peer(public_key, opts)
                         except Exception as err:
                             if not isinstance(err, netlinkerror_classes):
                                 raise
@@ -110,23 +112,23 @@ class WireGuard():
                                 self.iface, err.args[1]))
                 else:
                     pchange = False
-                    for setting in peer.keys():
+                    for setting in opts.keys():
                         attr = getattr(peers[pubkey], setting)
                         if setting == 'allowedips':
-                            attr = set(attr)
+                            attr = [str(ip) for ip in attr]
                         logger.debug('  peer.%s: %s => %s', setting, attr,
-                                     peer[setting], extra={'iface': self.iface})
-                        if type(attr) == set:
-                            pchange |= not (attr == peer[setting])
+                                     opts[setting], extra={'iface': self.iface})
+                        if type(attr) == list:
+                            pchange |= not (attr == opts[setting])
                         else:
-                            pchange |= str(peer[setting]) != str(getattr(
+                            pchange |= str(opts[setting]) != str(getattr(
                                 peers[pubkey], setting))
                     if pchange:
                         has_pchanges = True
                         if do_apply:
                             try:
-                                self.safe_set_peer(peer)
+                                self.safe_set_peer(public_key, opts)
                             except Exception as err:
                                 if not isinstance(err, netlinkerror_classes):
                                     raise
@@ -149,11 +151,69 @@ class WireGuard():
             else:
                 logger.log_ok('wg.peers')
-    def safe_set_peer(self, peer):
+    def safe_set_peer(self, public_key, opts):
         try:
-            self.wg.set_peer(self.iface, **peer)
+            self.wg.set_peer(self.iface, public_key=public_key, **opts)
         except (socket.gaierror, ValueError) as err:
-            logger.warning('failed to set wireguard endpoint at {}: {}'.format(self.iface, err))
+            logger.warning('failed to set wireguard endpoint for peer {} at {}: {}'.format(public_key, self.iface, err))
+            del(opts['endpoint'])
+            self.wg.set_peer(self.iface, public_key=public_key, **opts)
+    def show(netns, show_all, show_secrets, name, config):
+        if netns.netns is not None:
+            pyroute2.netns.pushns(self.netns.netns)
+        try:
+            wg = wgnlpy.WireGuard()
+        finally:
+            if netns.netns is not None:
+                pyroute2.netns.popns()
+        state = wg.get_interface(
+            name, spill_private_key=show_secrets, spill_preshared_keys=show_secrets)
+        config['wireguard'] = {
+            'peers': {},
+        }
+        def _dump_value(value):
+            if isinstance(value, (ipaddress.IPv4Network, ipaddress.IPv6Network, wgnlpy.sockaddr_in.sockaddr_in)):
+                return str(value)
+            elif type(value) is list:
+                result = []
+                for v in value:
+                    result.append(_dump_value(v))
+                return result
+            else:
+                return value
+        def _dump_values(cfg, key, value):
+            if show_all:
+                if value is None:
+                    return
+            else:
+                if not value:
+                    return
+            if key in SECRET_SETTINGS:
+                if show_secrets:
+                    cfg[key] = str(value)
+                else:
+                    cfg[key] = f"# VALUE IS HIDDEN - USE --show-secrets TO REVEAL"
+            else:
+                cfg[key] = _dump_value(value)
+        for key in ['private_key', 'listen_port', 'fwmark']:
+            value = getattr(state, key)
+            print("{} => {}".format(key, value))
+            _dump_values(config['wireguard'], key, value)
-            del(peer['endpoint'])
-            self.wg.set_peer(self.iface, **peer)
+        for peer in state.peers:
+            config['wireguard']['peers'][str(peer)] = {}
+            print(state.peers[peer].endpoint)
+            print(type(state.peers[peer].endpoint))
+            print("---")
+            for key in ['preshared_key', 'endpoint', 'persistent_keepalive_interval', 'allowedips']:
+                value = getattr(state.peers[peer], key)
+                _dump_values(config['wireguard']['peers'][str(peer)], key, value)

ifstate 1.13.7__py3-none-any.whl → 2.0.0rc2__py3-none-any.whl

ifstate 1.13.7py3-none-any.whl → 2.0.0rc2py3-none-any.whl