Fix bug causing recreate functionality to fail

fernandoenzo · Dec 25, 2024 · 18ed1f3 · 18ed1f3
1 parent e4907b0
commit 18ed1f3
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 23 deletions.
diff --git a/wirescale/communications/systemd.py b/wirescale/communications/systemd.py
@@ -33,6 +33,8 @@ def __init__(self):
         self.remote_interface: str = None
         self.remote_local_port: int = None
         self.iptables_accept: bool = None
+        self.iptables_forward: bool = None
+        self.iptables_masquerade: bool = None
         self.recover_tries: int = None
         self.recreate_tries: int = None
 
@@ -53,8 +55,10 @@ def create_from_autoremove(cls, unit: str) -> 'Systemd':
         res.remote_interface = args[11]
         res.remote_local_port = int(args[12])
         res.iptables_accept = bool(int(args[13]))
-        res.recover_tries = int(args[14])
-        res.recreate_tries = int(args[15])
+        res.iptables_forward = bool(int(args[14]))
+        res.iptables_masquerade = bool(int(args[15]))
+        res.recover_tries = int(args[16])
+        res.recreate_tries = int(args[17])
         return res
 
     @classmethod
@@ -111,8 +115,8 @@ def launch_autoremove(cls, config: Union['WGConfig', 'RecoverConfig'], pair: 'Co
         running_in_remote: bool = config.running_in_remote if hasattr(config, 'running_in_remote') else pair.running_in_remote
         listen_port: int = config.new_port if hasattr(config, 'new_port') else config.listen_port
         args = [config.interface, str(config.suffix), str(pair.peer_ip), remote_pubkey, str(wg_ip), str(int(running_in_remote)), str(config.start_time), str(listen_port),
-                str(config.listen_ext_port), str(int(config.nat)), config.remote_interface, str(config.remote_local_port), str(int(config.iptables_accept)), str(config.recover_tries),
-                str(config.recreate_tries)]
+                str(config.listen_ext_port), str(int(config.nat)), config.remote_interface, str(config.remote_local_port), str(int(config.iptables_accept)),
+                str(int(config.iptables_forward)), str(int(config.iptables_masquerade)), str(config.recover_tries), str(config.recreate_tries)]
 
         systemd = subprocess.run(['systemd-run', '-u', unit, '/bin/sh', '/run/wirescale/wirescale-autoremove', 'start', *args],
                                  stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True)

diff --git a/wirescale/scripts/wirescale-autoremove b/wirescale/scripts/wirescale-autoremove
@@ -77,7 +77,7 @@ finish() {
   if [ "$recreate_tries" -ne 0 ]; then
     echo "Launching a unit to create a new tunnel with the same settings"
     systemd-run -u recreate-"$interface" /bin/sh /run/wirescale/wirescale-autoremove new_upgrade "$interface" "$suffix" "$ts_ip" \
-      "$remote_interface" "$iptables" "$recover_tries" "$recreate_tries"
+      "$remote_interface" "$iptables_accept" "$iptables_forward" "$iptables_masquerade" "$recover_tries" "$recreate_tries"
   fi
   exit 0
 }
@@ -116,13 +116,15 @@ start() {
   nat=${10}
   remote_interface=${11}
   remote_port=${12}
-  iptables=${13}
-  recover_tries=${14}
-  recreate_tries=${15}
+  iptables_accept=${13}
+  iptables_forward=${14}
+  iptables_masquerade=${15}
+  recover_tries=${16}
+  recreate_tries=${17}
   flag_file_stop="/run/wirescale/control/$interface-stop"
   start_time=$(date +%s)
-  export interface suffix ts_ip remote_pubkey wg_ip running_in_remote local_port remote_interface
-  export remote_port start_time iptables recover_tries recreate_tries flag_file_stop
+  export interface suffix ts_ip remote_pubkey wg_ip running_in_remote local_port remote_interface remote_port
+  export start_time iptables_accept iptables_forward iptables_masquerade recover_tries recreate_tries flag_file_stop
 
   rm -rf "$flag_file_stop"
   ping_wg_periodic &
@@ -137,20 +139,32 @@ new_upgrade() {
   interface=$(echo "$1" | sed "s/$suffix\$//")
   ts_ip=$3
   remote_interface=$4
-  iptables=$5
-  recover_tries=$6
-  recreate_tries=$7
+  iptables_accept=$5
+  iptables_forward=$6
+  iptables_masquerade=$7
+  recover_tries=$8
+  recreate_tries=$9
   status=1
   tries="$recreate_tries"
   call="wirescale upgrade --no-suffix --interface $interface --remote-interface $remote_interface \
         --recover-tries $recover_tries --recreate-tries $recreate_tries"
   if [ "$suffix" -ne 0 ]; then
     call="$call --suffix-number $suffix"
   fi
-  if [ "$iptables" -eq 0 ]; then
-    call="$call --no-iptables"
+  if [ "$iptables_accept" -eq 0 ]; then
+    call="$call --no-iptables-accept"
   else
-    call="$call --iptables"
+    call="$call --iptables-accept"
+  fi
+  if [ "$iptables_forward" -eq 0 ]; then
+    call="$call --no-iptables-forward"
+  else
+    call="$call --iptables-forward"
+  fi
+  if [ "$iptables_masquerade" -eq 0 ]; then
+    call="$call --no-iptables-masquerade"
+  else
+    call="$call --iptables-masquerade"
   fi
   call="$call $ts_ip"
   while [ "$status" -ne 0 ] && [ "$tries" -ne 0 ]; do

diff --git a/wirescale/version.py b/wirescale/version.py
@@ -2,8 +2,8 @@
 # encoding:utf-8
 
 
-VERSION = '1.0'
-DATE = '2024 Dec 6'
+VERSION = '1.0.1'
+DATE = '2024 Dec 25'
 
 version_msg = f'''wirescale {VERSION} ({DATE})
 Copyright © 2024 Fernando Enzo Guarini

diff --git a/wirescale/vpn/recover.py b/wirescale/vpn/recover.py
@@ -30,15 +30,17 @@
 
 class RecoverConfig:
 
-    def __init__(self, interface: str, iptables_accept: bool, running_in_remote: bool, latest_handshake: int, current_port: int, recover_tries: int,
-                 recreate_tries: int, remote_interface: str, remote_local_port: int, suffix: int, wg_ip: IPv4Address):
+    def __init__(self, interface: str, iptables_accept: bool, iptables_forward: bool, iptables_masquerade: bool, running_in_remote: bool, latest_handshake: int,
+                 current_port: int, recover_tries: int, recreate_tries: int, remote_interface: str, remote_local_port: int, suffix: int, wg_ip: IPv4Address):
         self.current_port: int = current_port
         self.derived_key: bytes = None
         self.endpoint: Tuple[IPv4Address, int] = None
         self.chacha: ChaCha20Poly1305 = None
         self.config_file: Path = None
         self.interface: str = interface
         self.iptables_accept: bool = iptables_accept
+        self.iptables_forward: bool = iptables_forward
+        self.iptables_masquerade: bool = iptables_masquerade
         self.running_in_remote: bool = running_in_remote
         self.latest_handshake: int = latest_handshake
         self.nat: bool = None
@@ -72,9 +74,10 @@ def create_from_autoremove(cls, interface: str, latest_handshake: int):
             error = ErrorMessages.IP_MISMATCH.format(peer_name=pair.peer_name, peer_ip=pair.peer_ip, interface=interface, autoremove_ip=systemd.ts_ip)
             error_remote = ErrorMessages.REMOTE_IP_MISMATCH.format(my_name=pair.my_name, my_ip=pair.my_ip, peer_ip=pair.peer_ip, interface=interface)
             ErrorMessages.send_error_message(local_message=error, remote_message=error_remote)
-        recover = RecoverConfig(interface=interface, latest_handshake=latest_handshake, running_in_remote=systemd.running_in_remote, iptables_accept=systemd.iptables_accept, wg_ip=systemd.wg_ip,
-                                current_port=systemd.local_port, recover_tries=systemd.recover_tries, recreate_tries=systemd.recreate_tries, remote_interface=systemd.remote_interface,
-                                remote_local_port=systemd.remote_local_port, suffix=systemd.suffix)
+        recover = RecoverConfig(interface=interface, latest_handshake=latest_handshake, running_in_remote=systemd.running_in_remote, iptables_accept=systemd.iptables_accept,
+                                iptables_forward=systemd.iptables_forward, iptables_masquerade=systemd.iptables_masquerade, wg_ip=systemd.wg_ip, current_port=systemd.local_port,
+                                recover_tries=systemd.recover_tries, recreate_tries=systemd.recreate_tries, remote_interface=systemd.remote_interface, remote_local_port=systemd.remote_local_port,
+                                suffix=systemd.suffix)
         recover.config_file = check_configfile()
         recover.load_keys()
         with file_locker():