mirror of https://github.com/oxen-io/lokinet
Merge pull request #1941 from jagerman/no-shellhooks
Remove dead code, cmake cleanups
This commit is contained in:
commit
193ab47372
|
@ -51,14 +51,11 @@ option(USE_NETNS "enable networking namespace support. Linux only" OFF)
|
|||
option(NATIVE_BUILD "optimise for host system and FPU" ON)
|
||||
option(EMBEDDED_CFG "optimise for older hardware or embedded systems" OFF)
|
||||
option(BUILD_LIBLOKINET "build liblokinet.so" ON)
|
||||
option(SHADOW "use shadow testing framework. linux only" OFF)
|
||||
option(XSAN "use sanitiser, if your system has it (requires -DCMAKE_BUILD_TYPE=Debug)" OFF)
|
||||
option(USE_JEMALLOC "Link to jemalloc for memory allocations, if found" ON)
|
||||
option(TESTNET "testnet build" OFF)
|
||||
option(WITH_COVERAGE "generate coverage data" OFF)
|
||||
option(USE_SHELLHOOKS "enable shell hooks on compile time (dangerous)" OFF)
|
||||
option(WARNINGS_AS_ERRORS "treat all warnings as errors. turn off for development, on for release" OFF)
|
||||
option(TRACY_ROOT "include tracy profiler source" OFF)
|
||||
option(WITH_TESTS "build unit tests" OFF)
|
||||
option(WITH_HIVE "build simulation stubs" OFF)
|
||||
option(BUILD_PACKAGE "builds extra components for making an installer (with 'make package')" OFF)
|
||||
|
@ -107,8 +104,6 @@ if (STATIC_LINK)
|
|||
message(STATUS "setting static library suffix search")
|
||||
endif()
|
||||
|
||||
add_definitions(-D${CMAKE_SYSTEM_NAME})
|
||||
|
||||
include(cmake/solaris.cmake)
|
||||
include(cmake/win32.cmake)
|
||||
|
||||
|
@ -182,10 +177,6 @@ if(NOT APPLE)
|
|||
endif()
|
||||
endif()
|
||||
|
||||
if (NOT CMAKE_SYSTEM_NAME MATCHES "Linux" AND SHADOW)
|
||||
message( FATAL_ERROR "shadow-framework is Linux only" )
|
||||
endif()
|
||||
|
||||
if(XSAN)
|
||||
string(APPEND CMAKE_CXX_FLAGS_DEBUG " -fsanitize=${XSAN} -fno-omit-frame-pointer -fno-sanitize-recover")
|
||||
foreach(type EXE MODULE SHARED STATIC)
|
||||
|
@ -195,16 +186,7 @@ if(XSAN)
|
|||
endif()
|
||||
|
||||
if(CMAKE_BUILD_TYPE MATCHES "[Dd][Ee][Bb][Uu][Gg]")
|
||||
add_definitions(-DLOKINET_DEBUG=1)
|
||||
endif()
|
||||
|
||||
if(WITH_SHELLHOOKS)
|
||||
add_definitions(-DENABLE_SHELLHOOKS)
|
||||
endif()
|
||||
|
||||
if(TRACY_ROOT)
|
||||
include_directories(${TRACY_ROOT})
|
||||
add_definitions(-DTRACY_ENABLE)
|
||||
add_definitions(-DLOKINET_DEBUG)
|
||||
endif()
|
||||
|
||||
|
||||
|
@ -236,22 +218,12 @@ set(CMAKE_THREAD_PREFER_PTHREAD TRUE)
|
|||
set(THREADS_PREFER_PTHREAD_FLAG TRUE)
|
||||
find_package(Threads REQUIRED)
|
||||
|
||||
if(USE_NETNS)
|
||||
add_definitions(-DNETNS=1)
|
||||
else()
|
||||
add_definitions(-DNETNS=0)
|
||||
endif()
|
||||
|
||||
if(TESTNET)
|
||||
add_definitions(-DTESTNET=1)
|
||||
add_definitions(-DTESTNET)
|
||||
# 5 times slower than realtime
|
||||
# add_definitions(-DTESTNET_SPEED=5)
|
||||
endif()
|
||||
|
||||
if(SHADOW)
|
||||
include(cmake/shadow.cmake)
|
||||
endif()
|
||||
|
||||
unset(GIT_VERSION)
|
||||
unset(GIT_VERSION_REAL)
|
||||
|
||||
|
@ -306,12 +278,8 @@ if(ANDROID)
|
|||
set(ANDROID_PLATFORM_SRC android/ifaddrs.c)
|
||||
endif()
|
||||
|
||||
if(TRACY_ROOT)
|
||||
target_link_libraries(base_libs INTERFACE dl)
|
||||
endif()
|
||||
|
||||
if(WITH_HIVE)
|
||||
add_definitions(-DLOKINET_HIVE=1)
|
||||
add_definitions(-DLOKINET_HIVE)
|
||||
endif()
|
||||
|
||||
add_subdirectory(crypto)
|
||||
|
@ -323,13 +291,11 @@ endif()
|
|||
if(WITH_HIVE)
|
||||
add_subdirectory(pybind)
|
||||
endif()
|
||||
if (NOT SHADOW)
|
||||
if(WITH_TESTS OR WITH_HIVE)
|
||||
add_subdirectory(test)
|
||||
endif()
|
||||
if(ANDROID)
|
||||
add_subdirectory(jni)
|
||||
endif()
|
||||
if(WITH_TESTS OR WITH_HIVE)
|
||||
add_subdirectory(test)
|
||||
endif()
|
||||
if(ANDROID)
|
||||
add_subdirectory(jni)
|
||||
endif()
|
||||
|
||||
add_subdirectory(docs)
|
||||
|
|
|
@ -1,18 +0,0 @@
|
|||
set(WITH_STATIC OFF)
|
||||
set(WITH_SHARED ON)
|
||||
if("${SHADOW_ROOT}" STREQUAL "")
|
||||
set(SHADOW_ROOT "$ENV{HOME}/.shadow")
|
||||
endif("${SHADOW_ROOT}" STREQUAL "")
|
||||
if(EXISTS "${SHADOW_ROOT}")
|
||||
message(STATUS "SHADOW_ROOT = ${SHADOW_ROOT}")
|
||||
else()
|
||||
message(FATAL_ERROR "SHADOW_ROOT path does not exist: '${SHADOW_ROOT}'")
|
||||
endif(EXISTS "${SHADOW_ROOT}")
|
||||
|
||||
set(CMAKE_MODULE_PATH "${SHADOW_ROOT}/share/cmake/Modules")
|
||||
include_directories(${CMAKE_MODULE_PATH})
|
||||
include(ShadowTools)
|
||||
add_compile_options(-fno-inline -fno-strict-aliasing )
|
||||
add_definitions(-DTESTNET=1)
|
||||
add_definitions(-DLOKINET_SHADOW)
|
||||
include_directories(${SHADOW_ROOT}/include)
|
|
@ -66,8 +66,6 @@ if (ANDROID)
|
|||
endif()
|
||||
|
||||
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
|
||||
target_sources(lokinet-platform PRIVATE linux/netns.cpp)
|
||||
|
||||
if(NON_PC_TARGET)
|
||||
add_import_library(rt)
|
||||
target_link_libraries(lokinet-platform PUBLIC rt)
|
||||
|
@ -139,7 +137,6 @@ add_library(liblokinet
|
|||
exit/session.cpp
|
||||
handlers/exit.cpp
|
||||
handlers/tun.cpp
|
||||
hook/shell.cpp
|
||||
iwp/iwp.cpp
|
||||
iwp/linklayer.cpp
|
||||
iwp/message_buffer.cpp
|
||||
|
@ -230,10 +227,6 @@ if(TRACY_ROOT)
|
|||
target_sources(liblokinet PRIVATE ${TRACY_ROOT}/TracyClient.cpp)
|
||||
endif()
|
||||
|
||||
if(TESTNET)
|
||||
target_sources(liblokinet PRIVATE testnet.c)
|
||||
endif()
|
||||
|
||||
if(WITH_HIVE)
|
||||
target_sources(liblokinet PRIVATE
|
||||
tooling/router_hive.cpp
|
||||
|
|
|
@ -953,10 +953,6 @@ namespace llarp
|
|||
m_LocalResolverAddr.createSockAddr(),
|
||||
false /* just .loki/.snode DNS initially */);
|
||||
|
||||
if (m_OnUp)
|
||||
{
|
||||
m_OnUp->NotifyAsync(NotifyParams());
|
||||
}
|
||||
return HasAddress(ourAddr);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,30 +0,0 @@
|
|||
#pragma once
|
||||
#include <string>
|
||||
#include <unordered_map>
|
||||
#include <memory>
|
||||
|
||||
namespace llarp
|
||||
{
|
||||
namespace hooks
|
||||
{
|
||||
/// base type for event hook handlers
|
||||
struct IBackend
|
||||
{
|
||||
virtual ~IBackend() = 0;
|
||||
virtual void
|
||||
NotifyAsync(std::unordered_map<std::string, std::string> params) = 0;
|
||||
|
||||
/// start backend
|
||||
virtual bool
|
||||
Start() = 0;
|
||||
|
||||
/// stop backend
|
||||
virtual bool
|
||||
Stop() = 0;
|
||||
};
|
||||
|
||||
using Backend_ptr = std::shared_ptr<IBackend>;
|
||||
|
||||
inline IBackend::~IBackend() = default;
|
||||
} // namespace hooks
|
||||
} // namespace llarp
|
|
@ -1,157 +0,0 @@
|
|||
#include "shell.hpp"
|
||||
|
||||
#if defined(ENABLE_SHELLHOOKS)
|
||||
#include <util/thread_pool.hpp>
|
||||
#include <util/logger.hpp>
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
#if !defined(__linux__) || !defined(_GNU_SOURCE)
|
||||
// Not all systems declare this variable
|
||||
extern char** environ;
|
||||
#endif
|
||||
#if defined(Darwin)
|
||||
#include <crt_externs.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
namespace llarp
|
||||
{
|
||||
namespace hooks
|
||||
{
|
||||
#if defined(ENABLE_SHELLHOOKS)
|
||||
struct ExecShellHookBackend : public IBackend,
|
||||
public std::enable_shared_from_this<ExecShellHookBackend>
|
||||
{
|
||||
thread::ThreadPool m_ThreadPool;
|
||||
|
||||
std::vector<std::string> _args;
|
||||
std::vector<char*> args;
|
||||
|
||||
ExecShellHookBackend(std::string script) : m_ThreadPool(1, 1000, "exechook")
|
||||
{
|
||||
do
|
||||
{
|
||||
const auto idx = script.find_first_of(' ');
|
||||
std::string sub;
|
||||
if (idx == std::string::npos)
|
||||
sub = script;
|
||||
else
|
||||
sub = script.substr(0, idx);
|
||||
_args.emplace_back(std::move(sub));
|
||||
args.push_back((char*)_args.back().c_str());
|
||||
script = script.substr(idx + 1);
|
||||
} while (script.find_first_of(' ') != std::string::npos);
|
||||
args.push_back(nullptr);
|
||||
LogInfo("make hook ", args.size());
|
||||
}
|
||||
|
||||
~ExecShellHookBackend()
|
||||
{
|
||||
m_ThreadPool.shutdown();
|
||||
}
|
||||
|
||||
bool
|
||||
Start() override
|
||||
{
|
||||
m_ThreadPool.start();
|
||||
return true;
|
||||
}
|
||||
|
||||
bool
|
||||
Stop() override
|
||||
{
|
||||
m_ThreadPool.stop();
|
||||
return true;
|
||||
}
|
||||
|
||||
char*
|
||||
Exe() const
|
||||
{
|
||||
return args[0];
|
||||
}
|
||||
|
||||
char* const*
|
||||
Args() const
|
||||
{
|
||||
return args.data();
|
||||
}
|
||||
|
||||
void
|
||||
NotifyAsync(std::unordered_map<std::string, std::string> params) override;
|
||||
};
|
||||
|
||||
struct ExecShellHookJob
|
||||
{
|
||||
std::vector<std::string> m_env;
|
||||
std::vector<char*> _m_env;
|
||||
std::shared_ptr<ExecShellHookBackend> m_Parent;
|
||||
|
||||
ExecShellHookJob(
|
||||
std::shared_ptr<ExecShellHookBackend> b,
|
||||
const std::unordered_map<std::string, std::string> env)
|
||||
: m_Parent(b)
|
||||
{
|
||||
#if defined(Darwin)
|
||||
char** ptr = *_NSGetEnviron();
|
||||
#else
|
||||
char** ptr = environ;
|
||||
#endif
|
||||
do
|
||||
{
|
||||
m_env.emplace_back(*ptr);
|
||||
++ptr;
|
||||
} while (ptr && *ptr);
|
||||
for (const auto& item : env)
|
||||
m_env.emplace_back(item.first + "=" + item.second);
|
||||
for (const auto& item : m_env)
|
||||
_m_env.push_back((char*)item.c_str());
|
||||
_m_env.push_back(nullptr);
|
||||
}
|
||||
|
||||
char* const*
|
||||
Env()
|
||||
{
|
||||
return _m_env.data();
|
||||
}
|
||||
|
||||
void
|
||||
Exec()
|
||||
{
|
||||
std::thread t([&]() {
|
||||
int result = 0;
|
||||
const pid_t child = ::fork();
|
||||
if (child == -1)
|
||||
return;
|
||||
if (child)
|
||||
::waitpid(child, &result, 0);
|
||||
else
|
||||
::execve(m_Parent->Exe(), m_Parent->Args(), Env());
|
||||
});
|
||||
t.join();
|
||||
}
|
||||
};
|
||||
|
||||
void
|
||||
ExecShellHookBackend::NotifyAsync(std::unordered_map<std::string, std::string> params)
|
||||
{
|
||||
auto job = std::make_shared<ExecShellHookJob>(shared_from_this(), std::move(params));
|
||||
|
||||
m_ThreadPool.addJob([job = std::move(job)] { job->Exec(); });
|
||||
}
|
||||
|
||||
Backend_ptr
|
||||
ExecShellBackend(std::string execFilePath)
|
||||
{
|
||||
Backend_ptr ptr = std::make_shared<ExecShellHookBackend>(execFilePath);
|
||||
if (!ptr->Start())
|
||||
return nullptr;
|
||||
return ptr;
|
||||
}
|
||||
#else
|
||||
Backend_ptr ExecShellBackend(std::string)
|
||||
{
|
||||
return nullptr;
|
||||
}
|
||||
#endif
|
||||
} // namespace hooks
|
||||
} // namespace llarp
|
|
@ -1,13 +0,0 @@
|
|||
#pragma once
|
||||
|
||||
#include "ihook.hpp"
|
||||
|
||||
namespace llarp
|
||||
{
|
||||
namespace hooks
|
||||
{
|
||||
/// exec file based hook notifier
|
||||
Backend_ptr
|
||||
ExecShellBackend(std::string execFilePath);
|
||||
} // namespace hooks
|
||||
} // namespace llarp
|
|
@ -1,319 +0,0 @@
|
|||
#if defined(ANDROID) || NETNS == 0
|
||||
|
||||
#else
|
||||
#include <asm/types.h>
|
||||
#include <fcntl.h>
|
||||
#include <limits.h>
|
||||
#include <sys/capability.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/statvfs.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
#include <cstdlib>
|
||||
#include <cstring>
|
||||
#include <fstream>
|
||||
#include "netns.hpp"
|
||||
#include <util/logger.hpp>
|
||||
#ifndef MS_REC
|
||||
#define MS_REC (16384)
|
||||
#endif
|
||||
#include <llarp/util/fs.hpp>
|
||||
|
||||
namespace llarp
|
||||
{
|
||||
namespace GNULinux
|
||||
{
|
||||
static const char netns_rundir[] = "/var/run/netns";
|
||||
static const char netns_etcdir[] = "/etc/netns";
|
||||
|
||||
static bool
|
||||
GetCGroups2MountPoint(fs::path& cgroups2_mount)
|
||||
{
|
||||
std::string mountpoint;
|
||||
std::ifstream inf;
|
||||
inf.open("/proc/mounts");
|
||||
if (!inf.is_open())
|
||||
{
|
||||
llarp::LogError("failed to open /proc/mounts");
|
||||
return false;
|
||||
}
|
||||
std::string line;
|
||||
while (std::getline(inf, line))
|
||||
{
|
||||
std::string part;
|
||||
std::stringstream parts;
|
||||
parts.str(line);
|
||||
// discard
|
||||
std::getline(parts, part);
|
||||
// mount point
|
||||
std::getline(parts, part);
|
||||
mountpoint = part;
|
||||
// type
|
||||
std::getline(parts, part);
|
||||
if (part == "cgroup2")
|
||||
{
|
||||
// found cgroup2 mountpoint
|
||||
cgroups2_mount = mountpoint;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
llarp::LogError("cannot find cgroups2 in /proc/mounts");
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool
|
||||
GetNetNS(std::string& netns)
|
||||
{
|
||||
auto nfd = open("/proc/self/ns/net", O_RDONLY);
|
||||
if (nfd < 0)
|
||||
{
|
||||
llarp::LogError("Failed to get our own netns, could not open /proc/self/ns/net");
|
||||
return false;
|
||||
}
|
||||
struct stat netst;
|
||||
if (::fstat(nfd, &netst) < 0)
|
||||
{
|
||||
close(nfd);
|
||||
llarp::LogError("stat of netns failed: ", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
close(nfd);
|
||||
fs::path run_dir = netns_rundir;
|
||||
bool foundIt = false;
|
||||
// find corrosponding file for netns
|
||||
llarp::util::IterDir(run_dir, [&](const fs::path& f) -> bool {
|
||||
struct stat fst;
|
||||
if (::stat(f.string().c_str(), &fst) >= 0)
|
||||
{
|
||||
if (fst.st_dev == netst.st_dev && fst.st_ino == netst.st_ino)
|
||||
{
|
||||
// found it
|
||||
foundIt = true;
|
||||
netns = f.filename().string();
|
||||
// break iteration
|
||||
return false;
|
||||
}
|
||||
}
|
||||
// continue iteration
|
||||
return true;
|
||||
});
|
||||
return foundIt;
|
||||
}
|
||||
|
||||
static bool
|
||||
GetVRFPath(std::string& path)
|
||||
{
|
||||
char p[256] = {0};
|
||||
snprintf(p, sizeof(p), "/proc/%d/cgroup", getpid());
|
||||
std::ifstream inf;
|
||||
inf.open(p);
|
||||
if (!inf.is_open())
|
||||
{
|
||||
llarp::LogError("could not open '", p, "': ", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
path = "";
|
||||
std::string line;
|
||||
while (std::getline(inf, line))
|
||||
{
|
||||
auto pos = line.find("::/");
|
||||
if (pos != std::string::npos)
|
||||
{
|
||||
line = line.substr(pos + 2);
|
||||
pos = line.find("/vrf");
|
||||
if (pos != std::string::npos)
|
||||
{
|
||||
path = line.substr(pos);
|
||||
if (path == "/")
|
||||
path = "";
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool
|
||||
ResetVRF()
|
||||
{
|
||||
fs::path cgroups2_mount;
|
||||
if (!GetCGroups2MountPoint(cgroups2_mount))
|
||||
{
|
||||
llarp::LogError("could not find cgroup2 mount point, is it mounted?");
|
||||
return false;
|
||||
}
|
||||
std::string netns;
|
||||
if (!GetNetNS(netns))
|
||||
{
|
||||
llarp::LogError("could not get our netns: ", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
std::string vrfpath;
|
||||
if (!GetVRFPath(vrfpath))
|
||||
{
|
||||
llarp::LogError("could not determine vrf cgroup path: ", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
fs::path cgroup_path = cgroups2_mount / vrfpath / netns / "vrf" / "default";
|
||||
std::error_code ec;
|
||||
if (!fs::exists(cgroup_path, ec))
|
||||
{
|
||||
if (!fs::create_directories(cgroup_path, ec))
|
||||
{
|
||||
llarp::LogError("could not create '", cgroup_path.string(), "': ", ec);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else if (ec)
|
||||
{
|
||||
llarp::LogError("Could not check '", cgroup_path.string(), "': ", ec);
|
||||
return false;
|
||||
}
|
||||
cgroup_path /= "cgroup.procs";
|
||||
auto fd = open(cgroup_path.string().c_str(), O_RDWR | O_APPEND);
|
||||
if (fd < 0)
|
||||
{
|
||||
llarp::LogError("could not open '", cgroup_path.string(), "': ", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
bool success = true;
|
||||
std::string pid = std::to_string(getpid());
|
||||
if (write(fd, pid.c_str(), pid.size()) < 0)
|
||||
{
|
||||
llarp::LogError("failed to join cgroup");
|
||||
success = false;
|
||||
}
|
||||
close(fd);
|
||||
return success;
|
||||
}
|
||||
|
||||
/// bind network namespace paths into /etc/
|
||||
static bool
|
||||
BindNetworkNS(const char* name)
|
||||
{
|
||||
fs::path etc_dir = netns_etcdir;
|
||||
etc_dir /= name;
|
||||
std::error_code ec;
|
||||
if (!fs::exists(etc_dir, ec))
|
||||
{
|
||||
errno = 0;
|
||||
llarp::LogInfo(etc_dir, " does not exist, skipping");
|
||||
return true;
|
||||
}
|
||||
bool didFail = false;
|
||||
llarp::util::IterDir(etc_dir, [&](const fs::path& f) -> bool {
|
||||
if (fs::is_regular_file(f))
|
||||
{
|
||||
fs::path netns_path = "/etc";
|
||||
netns_path /= f.filename();
|
||||
if (mount(f.string().c_str(), netns_path.string().c_str(), "none", MS_BIND, nullptr) < 0)
|
||||
{
|
||||
llarp::LogError(
|
||||
"failed to bind '",
|
||||
f.string(),
|
||||
"' to '",
|
||||
netns_path.string(),
|
||||
"': ",
|
||||
strerror(errno));
|
||||
didFail = true;
|
||||
}
|
||||
}
|
||||
// continue iteration
|
||||
return true;
|
||||
});
|
||||
return !didFail;
|
||||
}
|
||||
|
||||
static void
|
||||
DropCap()
|
||||
{
|
||||
if (getuid() != 0 && geteuid() != 0)
|
||||
{
|
||||
cap_t capabilities;
|
||||
cap_value_t net_admin = CAP_NET_ADMIN;
|
||||
cap_flag_t inheritable = CAP_INHERITABLE;
|
||||
cap_flag_value_t is_set;
|
||||
|
||||
capabilities = cap_get_proc();
|
||||
if (!capabilities)
|
||||
exit(EXIT_FAILURE);
|
||||
if (cap_get_flag(capabilities, net_admin, inheritable, &is_set) != 0)
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
if (is_set == CAP_CLEAR)
|
||||
{
|
||||
if (cap_clear(capabilities) != 0)
|
||||
exit(EXIT_FAILURE);
|
||||
if (cap_set_proc(capabilities) != 0)
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
cap_free(capabilities);
|
||||
}
|
||||
}
|
||||
|
||||
bool
|
||||
NetNSSwitch(const char* name)
|
||||
{
|
||||
fs::path netns_path = netns_rundir;
|
||||
netns_path /= name;
|
||||
auto nsfd = open(netns_path.string().c_str(), O_RDONLY | O_CLOEXEC);
|
||||
if (nsfd < 0)
|
||||
{
|
||||
llarp::LogError("Failed to open network namespace '", name, "': ", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
if (setns(nsfd, CLONE_NEWNET) < 0)
|
||||
{
|
||||
llarp::LogError("Failed to enter network namespace '", name, "': ", strerror(errno));
|
||||
close(nsfd);
|
||||
return false;
|
||||
}
|
||||
close(nsfd);
|
||||
if (unshare(CLONE_NEWNS) < 0)
|
||||
{
|
||||
llarp::LogError("unshare failed: ", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
// dont let any mount points prop back to parent
|
||||
// iproute2 source does this
|
||||
if (mount("", "/", "none", MS_SLAVE | MS_REC, nullptr))
|
||||
{
|
||||
llarp::LogError("mount --make-rslave failed: ", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
unsigned long mountflags = 0;
|
||||
// ensaure /sys not mounted
|
||||
if (umount2("/sys", MNT_DETACH) < 0)
|
||||
{
|
||||
struct statvfs fsstat;
|
||||
if (statvfs("/sys", &fsstat) == 0)
|
||||
{
|
||||
if (fsstat.f_flag & ST_RDONLY)
|
||||
mountflags = MS_RDONLY;
|
||||
}
|
||||
}
|
||||
// mount sysfs for our namespace
|
||||
if (mount(name, "/sys", "sysfs", mountflags, nullptr) < 0)
|
||||
{
|
||||
llarp::LogError("failed to mount sysfs: ", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
if (!BindNetworkNS(name))
|
||||
{
|
||||
llarp::LogError("failed to bind namespace directories");
|
||||
return false;
|
||||
}
|
||||
if (!ResetVRF())
|
||||
{
|
||||
llarp::LogError("failed to reset vrf");
|
||||
return false;
|
||||
}
|
||||
DropCap();
|
||||
return true;
|
||||
}
|
||||
} // namespace GNULinux
|
||||
} // namespace llarp
|
||||
|
||||
#endif
|
|
@ -1,15 +0,0 @@
|
|||
#pragma once
|
||||
#ifdef __linux__
|
||||
namespace llarp
|
||||
{
|
||||
namespace GNULinux
|
||||
{
|
||||
/// switch current process to use network namepsace by name
|
||||
/// returns true if successfully switched otherwise returns false
|
||||
bool
|
||||
NetNSSwitch(const char* name);
|
||||
} // namespace GNULinux
|
||||
} // namespace llarp
|
||||
#else
|
||||
#error "Don't include this file"
|
||||
#endif
|
|
@ -27,7 +27,6 @@
|
|||
#include <llarp/util/str.hpp>
|
||||
#include <llarp/util/buffer.hpp>
|
||||
#include <llarp/util/meta/memfn.hpp>
|
||||
#include <llarp/hook/shell.hpp>
|
||||
#include <llarp/link/link_manager.hpp>
|
||||
#include <llarp/tooling/dht_event.hpp>
|
||||
#include <llarp/quic/tunnel.hpp>
|
||||
|
@ -341,8 +340,6 @@ namespace llarp
|
|||
EndpointUtil::StopRemoteSessions(m_state->m_RemoteSessions);
|
||||
// stop snode sessions
|
||||
EndpointUtil::StopSnodeSessions(m_state->m_SNodeSessions);
|
||||
if (m_OnDown)
|
||||
m_OnDown->NotifyAsync(NotifyParams());
|
||||
return path::Builder::Stop();
|
||||
}
|
||||
|
||||
|
@ -590,15 +587,9 @@ namespace llarp
|
|||
return true;
|
||||
}
|
||||
|
||||
Endpoint::~Endpoint()
|
||||
{
|
||||
if (m_OnUp)
|
||||
m_OnUp->Stop();
|
||||
if (m_OnDown)
|
||||
m_OnDown->Stop();
|
||||
if (m_OnReady)
|
||||
m_OnReady->Stop();
|
||||
}
|
||||
// Keep this here (rather than the header) so that we don't need to include endpoint_state.hpp
|
||||
// in endpoint.hpp for the unique_ptr member destructor.
|
||||
Endpoint::~Endpoint() = default;
|
||||
|
||||
bool
|
||||
Endpoint::PublishIntroSet(const EncryptedIntroSet& introset, AbstractRouter* r)
|
||||
|
@ -762,9 +753,6 @@ namespace llarp
|
|||
LogDebug(Name(), " Additional IntroSet publish confirmed");
|
||||
|
||||
m_state->m_LastPublish = now;
|
||||
if (m_OnReady)
|
||||
m_OnReady->NotifyAsync(NotifyParams());
|
||||
m_OnReady = nullptr;
|
||||
}
|
||||
|
||||
std::optional<std::vector<RouterContact>>
|
||||
|
|
|
@ -15,7 +15,6 @@
|
|||
#include "service/protocol_type.hpp"
|
||||
#include "session.hpp"
|
||||
#include "lookup.hpp"
|
||||
#include <llarp/hook/ihook.hpp>
|
||||
#include <llarp/util/compare_ptr.hpp>
|
||||
#include <optional>
|
||||
#include <unordered_map>
|
||||
|
@ -516,9 +515,6 @@ namespace llarp
|
|||
IDataHandler* m_DataHandler = nullptr;
|
||||
Identity m_Identity;
|
||||
net::IPRangeMap<service::Address> m_ExitMap;
|
||||
hooks::Backend_ptr m_OnUp;
|
||||
hooks::Backend_ptr m_OnDown;
|
||||
hooks::Backend_ptr m_OnReady;
|
||||
bool m_PublishIntroSet = true;
|
||||
std::unique_ptr<EndpointState> m_state;
|
||||
std::shared_ptr<IAuthPolicy> m_AuthPolicy;
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
#include "endpoint_state.hpp"
|
||||
|
||||
#include <llarp/exit/session.hpp>
|
||||
#include <llarp/hook/shell.hpp>
|
||||
#include "endpoint.hpp"
|
||||
#include "outbound_context.hpp"
|
||||
#include <llarp/util/str.hpp>
|
||||
|
@ -23,33 +22,6 @@ namespace llarp
|
|||
m_IntroSet.SRVs.push_back(record.toTuple());
|
||||
}
|
||||
|
||||
// TODO:
|
||||
/*
|
||||
if (k == "on-up")
|
||||
{
|
||||
m_OnUp = hooks::ExecShellBackend(v);
|
||||
if (m_OnUp)
|
||||
LogInfo(name, " added on up script: ", v);
|
||||
else
|
||||
LogError(name, " failed to add on up script");
|
||||
}
|
||||
if (k == "on-down")
|
||||
{
|
||||
m_OnDown = hooks::ExecShellBackend(v);
|
||||
if (m_OnDown)
|
||||
LogInfo(name, " added on down script: ", v);
|
||||
else
|
||||
LogError(name, " failed to add on down script");
|
||||
}
|
||||
if (k == "on-ready")
|
||||
{
|
||||
m_OnReady = hooks::ExecShellBackend(v);
|
||||
if (m_OnReady)
|
||||
LogInfo(name, " added on ready script: ", v);
|
||||
else
|
||||
LogError(name, " failed to add on ready script");
|
||||
}
|
||||
*/
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
#pragma once
|
||||
|
||||
#include <llarp/hook/ihook.hpp>
|
||||
#include <llarp/router_id.hpp>
|
||||
#include "address.hpp"
|
||||
#include "pendingbuffer.hpp"
|
||||
|
@ -25,10 +24,6 @@ namespace llarp
|
|||
{
|
||||
struct EndpointState
|
||||
{
|
||||
hooks::Backend_ptr m_OnUp;
|
||||
hooks::Backend_ptr m_OnDown;
|
||||
hooks::Backend_ptr m_OnReady;
|
||||
|
||||
std::set<RouterID> m_SnodeBlacklist;
|
||||
|
||||
AbstractRouter* m_Router;
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
#ifdef LOKINET_SHADOW
|
||||
#include <llarp.h>
|
||||
|
||||
/** insert shadow test network specific code here */
|
||||
|
||||
#endif
|
Loading…
Reference in New Issue