diff options
| -rwxr-xr-x | pkg/linux/bitmask-root | 26 | 
1 files changed, 18 insertions, 8 deletions
| diff --git a/pkg/linux/bitmask-root b/pkg/linux/bitmask-root index 82e8799f..d1bf656e 100755 --- a/pkg/linux/bitmask-root +++ b/pkg/linux/bitmask-root @@ -22,14 +22,15 @@ It should only be called by the Bitmask application.  USAGE:    bitmask-root firewall stop -  bitmask-root firewall start GATEWAY1 GATEWAY2 ... +  bitmask-root firewall start [restart] GATEWAY1 GATEWAY2 ...    bitmask-root openvpn stop    bitmask-root openvpn start CONFIG1 CONFIG1 ...  All actions return exit code 0 for success, non-zero otherwise.  The `openvpn start` action is special: it calls exec on openvpn and replaces -the current process. +the current process. If the `restart` parameter is passed, the firewall will +not be teared down in the case of an error during launch.  """  # TODO should be tested with python3, which can be the default on some distro.  from __future__ import print_function @@ -38,12 +39,12 @@ import os  import re  import signal  import socket +import syslog  import subprocess  import sys  import time  import traceback -  cmdcheck = subprocess.check_output  ## @@ -129,6 +130,8 @@ if DEBUG:      logger.setLevel(logging.DEBUG)      logger.addHandler(ch) +syslog.openlog(SCRIPT) +  ##  ## UTILITY  ## @@ -413,6 +416,7 @@ def bail(msg=None, exception=None):      """      if msg is not None:          print("%s: %s" % (SCRIPT, msg)) +        syslog.syslog(syslog.LOG_ERR, msg)      if exception is not None:          traceback.print_exc()      exit(1) @@ -614,7 +618,7 @@ def get_default_device():      """      routes = subprocess.check_output([IP, "route", "show"])      match = re.search("^default .*dev ([^\s]*) .*$", routes, flags=re.M) -    if match.groups(): +    if match and match.groups():          return match.group(1)      else:          bail("Could not find default device") @@ -629,7 +633,7 @@ def get_local_network_ipv4(device):      """      addresses = cmdcheck([IP, "-o", "address", "show", "dev", device])      match = re.search("^.*inet ([^ ]*) .*$", addresses, flags=re.M) -    if match.groups(): +    if match and match.groups():          return match.group(1)      else:          return None @@ -644,7 +648,7 @@ def get_local_network_ipv6(device):      """      addresses = cmdcheck([IP, "-o", "address", "show", "dev", device])      match = re.search("^.*inet6 ([^ ]*) .*$", addresses, flags=re.M) -    if match.groups(): +    if match and match.groups():          return match.group(1)      else:          return None @@ -819,6 +823,11 @@ def main():          command = "_".join(sys.argv[1:3])          args = sys.argv[3:] +        is_restart = False +        if args and args[0] == "restart": +            is_restart = True +            args.remove('restart') +          if command == "openvpn_start":              openvpn_start(args) @@ -830,8 +839,9 @@ def main():                  firewall_start(args)                  nameserver_setter.start(NAMESERVER)              except Exception as ex: -                nameserver_restorer.start() -                firewall_stop() +                if not is_restart: +		    nameserver_restorer.start() +		    firewall_stop()                  bail("ERROR: could not start firewall", ex)          elif command == "firewall_stop": | 
