mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-29 18:21:22 +00:00
perm
This commit is contained in:
parent
88c060b579
commit
730de3638d
0
config/etc/sf.conf
Executable file → Normal file
0
config/etc/sf.conf
Executable file → Normal file
0
encfsd/Dockerfile
Executable file → Normal file
0
encfsd/Dockerfile
Executable file → Normal file
@ -154,9 +154,6 @@ cmd_getport()
|
||||
local err
|
||||
lid="$1"
|
||||
|
||||
# Add all LIDs that requested a reverse port fw to global set.
|
||||
redr SADD "portd:req_port" "${lid}" >/dev/null
|
||||
|
||||
# Get a Port
|
||||
# [PROVIDER] [PORT]
|
||||
i=0
|
||||
@ -193,26 +190,41 @@ cmd_getport()
|
||||
|
||||
}
|
||||
|
||||
|
||||
# Calld from cmd_remport
|
||||
# Exec in VPN context to deletion of ports.
|
||||
#
|
||||
# [PROVIDER] [<PORT> ...]
|
||||
# [PROVIDER] [LID] [<IPPORT> ...]
|
||||
remport_provider()
|
||||
{
|
||||
local lid
|
||||
local provider
|
||||
provider="$1"
|
||||
lid="$1"
|
||||
provider="$2"
|
||||
|
||||
shift 1
|
||||
shift 2
|
||||
[[ ${#@} -lt 1 ]] && return
|
||||
|
||||
DEBUGF "PARAM-${#@} $*"
|
||||
# DEBUGF "PARAM-${#@} $*"
|
||||
|
||||
docker exec "sf-${provider,,}" /sf/bin/rportfw.sh delports "$@"
|
||||
# FIXME: Shall we rather queue the ports for deletion and delete them in
|
||||
# bulk when we drop below WM_LOW?
|
||||
# Otherwise curl is called every time an instance exits: An observer
|
||||
# monitoring the VPN Provider _and_ the SF could correlate reverse port
|
||||
# with user's IP.
|
||||
# DELIPPORTS+=($@)
|
||||
docker exec "sf-${provider,,}" /sf/bin/rportfw.sh delipports "$@"
|
||||
|
||||
# Delete from assgned-$provider list the specifuc IPPORT
|
||||
local ipport
|
||||
local members
|
||||
for ipport in "$@"; do
|
||||
members+=("${lid} ${ipport}")
|
||||
done
|
||||
redr SREM "portd:assigned-${provider}" "${members[@]}" >/dev/null
|
||||
}
|
||||
|
||||
# Remove Ports from LID. Typically called when instance is terminated.
|
||||
# We never add ports back to the pool so that the same port
|
||||
# We never add ports back to the pool. This means that the same port
|
||||
# is less likely to be reused.
|
||||
#
|
||||
# The downside is that this causes a CURL request to the VPN provider
|
||||
@ -229,7 +241,6 @@ cmd_remport()
|
||||
local provider
|
||||
|
||||
DEBUGF "CMD_REMPORT lid=$lid"
|
||||
redr SREM "portd:req_port" "${lid}" >/dev/null
|
||||
|
||||
# Remove routing
|
||||
# -> Dont need to. There is no harm leaving it.
|
||||
@ -254,12 +265,9 @@ cmd_remport()
|
||||
done
|
||||
|
||||
# Delete ports for each provider
|
||||
# FIXME: We could queue the ports up and then check every 15 minutes if we need to make
|
||||
# a call to the VPN Provider.
|
||||
# On the other hand we like to get rid of a Port as soon as possible.
|
||||
remport_provider "CryptoStorm" "${c_ipports[@]}"
|
||||
remport_provider "NordVPN" "${n_ipports[@]}"
|
||||
remport_provider "Mullvad" "${m_ipports[@]}"
|
||||
remport_provider "${lid}" "CryptoStorm" "${c_ipports[@]}"
|
||||
remport_provider "${lid}" "NordVPN" "${n_ipports[@]}"
|
||||
remport_provider "${lid}" "Mullvad" "${m_ipports[@]}"
|
||||
}
|
||||
|
||||
# VPN provider goes UP.
|
||||
@ -306,11 +314,13 @@ cmd_vpndown()
|
||||
# port forwards assigned to it.
|
||||
# Remove Lid's key/value for this port forward.
|
||||
red SREM "portd:assigned-${lid}" "${provider} ${ipport}" >/dev/null
|
||||
value+=("${provider}")
|
||||
value+=("${provider} ${ipport}")
|
||||
done
|
||||
|
||||
|
||||
# FIXME-2022: remote from SCARD portd:ports
|
||||
# Remove from portd:ports
|
||||
red SREM "portd:ports" "${value[@]}" >/dev/null
|
||||
|
||||
# Delete container files
|
||||
rm -f "${files[@]}" &>/dev/null
|
||||
|
||||
@ -342,11 +352,13 @@ cmd_fillstock()
|
||||
local good
|
||||
local ret
|
||||
local req_num
|
||||
local max_needed
|
||||
while [[ $in_stock -lt $WM_HIGH ]]; do
|
||||
unset good
|
||||
max_needed=$((WM_HIGH - in_stock))
|
||||
|
||||
req_num=$(( (WM_HIGH - in_stock) / ${#arr[@]} + 1))
|
||||
[[ $req_num -gt $WM_HIGH ]] && req_num="$WM_HIGH"
|
||||
req_num=$(( $max_needed / ${#arr[@]} + 1))
|
||||
[[ $req_num -gt $max_needed ]] && req_num="$max_needed"
|
||||
for provider in "${arr[@]}"; do
|
||||
members=($(docker exec "sf-${provider,,}" /sf/bin/rportfw.sh moreports "${req_num}"))
|
||||
ret=$?
|
||||
@ -412,7 +424,7 @@ redis_loop_forever()
|
||||
fi
|
||||
|
||||
# Check the fill stock every 60-70 seconds
|
||||
[[ $((fillstock_last_sec + 6)) -lt $NOW ]] && { fillstock_last_sec="$NOW"; cmd_fillstock; }
|
||||
[[ $((fillstock_last_sec + 60)) -lt $NOW ]] && { fillstock_last_sec="$NOW"; cmd_fillstock; }
|
||||
done
|
||||
}
|
||||
|
||||
|
@ -30,7 +30,7 @@ if [[ -z $IS_VPN_CONNECTED ]]; then
|
||||
else
|
||||
i=0
|
||||
while [[ $i -lt ${#VPN_GEOIP[@]} ]]; do
|
||||
str="${VPN_PROVIDER[$i]} "
|
||||
str="Exit ${VPN_PROVIDER[$i]} "
|
||||
VPN_DST+="${str:0:17} : "
|
||||
str="${VPN_EXIT_IP[$i]} "
|
||||
VPN_DST+="${CDG}${str:0:15}"
|
||||
|
@ -235,7 +235,7 @@ mk_portforward()
|
||||
ipport=$(echo -e "DEL portd:response-${LID}\"\n\
|
||||
RPUSH portd:blcmd \"getport ${LID}\"\n\
|
||||
BLPOP portd:response-${LID} 5" | REDISCLI_AUTH="${SF_REDIS_AUTH}" redis-cli --raw -h sf-redis) || return
|
||||
DEBUGF "ipport='$ipport'"
|
||||
# DEBUGF "ipport='$ipport'"
|
||||
ipport="${ipport##*$'\n'}"
|
||||
[[ ! "${ipport##*:}" -gt 0 ]] && { DEBUGF "Failed to set up Reverse Port Forward (ipport='$ipport')"; return; }
|
||||
|
||||
@ -249,7 +249,7 @@ print_disclaimer()
|
||||
echo 1>&2 -e "\
|
||||
${CR}######################################################################
|
||||
#### ${CY}DISCLAIMER: TO BE USED FOR CREATIVE AND GOOD PURPOSES ONLY.. ${CR}####
|
||||
#### ${CY}USE AT YOUR OWN RISK. ---> DON'T FUCK UP <--- ${CR}####
|
||||
#### ${CY}TO TINKER AND TO EXPLORE. >>>USE AT YOUR OWN RISK<<< ${CR}####
|
||||
######################################################################${CN}"
|
||||
}
|
||||
|
||||
|
@ -66,16 +66,18 @@ fw_del_byip()
|
||||
# Remove the Port Forward & FW rules for a list of ports.
|
||||
# Called from portd.sh when a container exited (by sf-destructor)
|
||||
#
|
||||
# [<PORT>...]
|
||||
cmd_delports()
|
||||
# [<IPPORT>...]
|
||||
cmd_delipports()
|
||||
{
|
||||
local ipport
|
||||
local r_port
|
||||
|
||||
[[ "${PROVIDER,,}" != "cryptostorm" ]] && return
|
||||
|
||||
DEBUGF "cmd_delports ${PROVIDER} '${*}'"
|
||||
DEBUGF "cmd_delipports ${PROVIDER} '${*}'"
|
||||
|
||||
for r_port in "$@"; do
|
||||
for ipport in "$@"; do
|
||||
r_port="${ipport##*:}"
|
||||
curl -fsSL --retry 3 --max-time 10 http://10.31.33.7/fwd "-ddelfwd=${r_port}"
|
||||
fw_del "${r_port}"
|
||||
done
|
||||
@ -167,11 +169,5 @@ shift 1
|
||||
|
||||
[[ "$cmd" == fwport ]] && { cmd_fwport "$@"; exit; }
|
||||
[[ "$cmd" == moreports ]] && { cmd_moreports "$@"; exit; }
|
||||
[[ "$cmd" == delports ]] && { cmd_delports "$@"; exit; } # [<PORT> ...]
|
||||
# [[ "$cmd" == fw_delip ]] && { fw_del_byip "$@"; exit; } # [CONTAINER-IP]
|
||||
[[ "$cmd" == delipports ]] && { cmd_delipports "$@"; exit; } # [<IPPORT> ...]
|
||||
[[ "$cmd" == fw_delall ]] && { fw_del_byip "10.11."; exit; }
|
||||
|
||||
# what happens if multiple segfaultsh logging in and taking ips ... will this replentish
|
||||
# up to trashhold and what if max is reached (=5 on muvald)?
|
||||
|
||||
# FIXME: work on vpn reconnecting and test it.
|
@ -148,7 +148,7 @@ DSTDIR="$(dirname "${LOGFNAME}")"
|
||||
source /check_vpn.sh
|
||||
wait_for_handshake "${DEV}" || { echo -e "Handshake did not complete"; exit 255; }
|
||||
|
||||
check_vpn "${PROVIDER}" || { echo -e "VPN Check failed"; exit 255; }
|
||||
check_vpn "${PROVIDER}" "${DEV}" || { echo -e "VPN Check failed"; exit 255; }
|
||||
|
||||
[[ "$OP" == "up" ]] && { up; exit; }
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user