summaryrefslogtreecommitdiff
path: root/pkg/linux/bitmask-root
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2014-06-02 17:27:47 -0500
committerKali Kaneko <kali@leap.se>2014-06-04 14:01:46 -0500
commitaeb89d2c64f8925d5063149e718ec2d97248b7c4 (patch)
treeb95e0a1ea4890b7a17603af1e1482530b3b3bdc8 /pkg/linux/bitmask-root
parent687e1a87da9321b27ad966907db0f58f1c25b157 (diff)
add null checks, fix error on get_default_device. Closes: #5732
Also: -make firewall aware of restarts, and not tear down the fw if an error happens while a restart is going on. -notify errors to syslog.
Diffstat (limited to 'pkg/linux/bitmask-root')
-rwxr-xr-xpkg/linux/bitmask-root26
1 files changed, 18 insertions, 8 deletions
diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root
index 82e8799f..d1bf656e 100755
--- a/pkg/linux/bitmask-root
+++ b/pkg/linux/bitmask-root
@@ -22,14 +22,15 @@ It should only be called by the Bitmask application.
USAGE:
bitmask-root firewall stop
- bitmask-root firewall start GATEWAY1 GATEWAY2 ...
+ bitmask-root firewall start [restart] GATEWAY1 GATEWAY2 ...
bitmask-root openvpn stop
bitmask-root openvpn start CONFIG1 CONFIG1 ...
All actions return exit code 0 for success, non-zero otherwise.
The `openvpn start` action is special: it calls exec on openvpn and replaces
-the current process.
+the current process. If the `restart` parameter is passed, the firewall will
+not be teared down in the case of an error during launch.
"""
# TODO should be tested with python3, which can be the default on some distro.
from __future__ import print_function
@@ -38,12 +39,12 @@ import os
import re
import signal
import socket
+import syslog
import subprocess
import sys
import time
import traceback
-
cmdcheck = subprocess.check_output
##
@@ -129,6 +130,8 @@ if DEBUG:
logger.setLevel(logging.DEBUG)
logger.addHandler(ch)
+syslog.openlog(SCRIPT)
+
##
## UTILITY
##
@@ -413,6 +416,7 @@ def bail(msg=None, exception=None):
"""
if msg is not None:
print("%s: %s" % (SCRIPT, msg))
+ syslog.syslog(syslog.LOG_ERR, msg)
if exception is not None:
traceback.print_exc()
exit(1)
@@ -614,7 +618,7 @@ def get_default_device():
"""
routes = subprocess.check_output([IP, "route", "show"])
match = re.search("^default .*dev ([^\s]*) .*$", routes, flags=re.M)
- if match.groups():
+ if match and match.groups():
return match.group(1)
else:
bail("Could not find default device")
@@ -629,7 +633,7 @@ def get_local_network_ipv4(device):
"""
addresses = cmdcheck([IP, "-o", "address", "show", "dev", device])
match = re.search("^.*inet ([^ ]*) .*$", addresses, flags=re.M)
- if match.groups():
+ if match and match.groups():
return match.group(1)
else:
return None
@@ -644,7 +648,7 @@ def get_local_network_ipv6(device):
"""
addresses = cmdcheck([IP, "-o", "address", "show", "dev", device])
match = re.search("^.*inet6 ([^ ]*) .*$", addresses, flags=re.M)
- if match.groups():
+ if match and match.groups():
return match.group(1)
else:
return None
@@ -819,6 +823,11 @@ def main():
command = "_".join(sys.argv[1:3])
args = sys.argv[3:]
+ is_restart = False
+ if args and args[0] == "restart":
+ is_restart = True
+ args.remove('restart')
+
if command == "openvpn_start":
openvpn_start(args)
@@ -830,8 +839,9 @@ def main():
firewall_start(args)
nameserver_setter.start(NAMESERVER)
except Exception as ex:
- nameserver_restorer.start()
- firewall_stop()
+ if not is_restart:
+ nameserver_restorer.start()
+ firewall_stop()
bail("ERROR: could not start firewall", ex)
elif command == "firewall_stop":