You've already forked isolationRunner
tomFlowee
c0f579ff6d
This allows a jail to have a VPN config associated and as a result we start a new net namespace, completely isolating the jails networking. We then start an openVPN client to route between the main network and the jails' network. The main limitation here is that we don't setup DNS, which basically means that the VPN will route DNS calls to the other side, but since we don't remount resolv.conf this depends on the vpn provider actually mapping the nameserver we use. For people that use a nameserver like 192.168.100.1, this most of the time works just fine. Improvement is possible.
86 lines
2.1 KiB
C++
86 lines
2.1 KiB
C++
#include "RemoteRunner.h"
|
|
#include "Message.h"
|
|
|
|
#include <QCoreApplication>
|
|
|
|
#include <unistd.h>
|
|
|
|
RemoteRunner::RemoteRunner(int inputId, int outputId)
|
|
: m_thread(inputId),
|
|
m_outputId(outputId)
|
|
{
|
|
connect (&m_thread, SIGNAL(receivedMessage(QByteArray)),
|
|
this, SIGNAL(receivedMessage(QByteArray)), Qt::QueuedConnection);
|
|
|
|
m_thread.start();
|
|
}
|
|
|
|
RemoteRunner::~RemoteRunner()
|
|
{
|
|
m_thread.closeConnection();
|
|
m_thread.wait();
|
|
}
|
|
|
|
void RemoteRunner::runRemote(const Message &message) const
|
|
{
|
|
assert(message.size() > 0);
|
|
assert(message.size() < 0x7FFF);
|
|
char sizeIndicator[2];
|
|
uint32_t messageSize = message.size();
|
|
sizeIndicator[0] = messageSize;
|
|
sizeIndicator[1] = messageSize >> 8;
|
|
write(m_outputId, sizeIndicator, 2);
|
|
write(m_outputId, message.begin(), message.size());
|
|
}
|
|
|
|
|
|
// ///////////////////////////////////////////
|
|
|
|
RemoteRunnerPrivate::RemoteRunnerPrivate(int inputId)
|
|
: m_inputId(inputId)
|
|
{
|
|
}
|
|
|
|
void RemoteRunnerPrivate::closeConnection()
|
|
{
|
|
close (m_inputId);
|
|
}
|
|
|
|
void RemoteRunnerPrivate::run()
|
|
{
|
|
char buf[1000];
|
|
char *start = buf;
|
|
size_t offset = 0;
|
|
while (true) {
|
|
ssize_t amount = read(m_inputId, buf + offset, sizeof(buf) - offset);
|
|
if (amount <= 0) {
|
|
// printf("remote runner private got read: %ld, closing down\n", amount);
|
|
QCoreApplication::quit();
|
|
return;
|
|
}
|
|
offset += amount;
|
|
const char *end = buf + offset;
|
|
for (char *i = start; i < end; ++i) {
|
|
if (*i == 0) {
|
|
QByteArray bytes(start, i - start);
|
|
emit receivedMessage(bytes);
|
|
start = i + 1;
|
|
}
|
|
}
|
|
|
|
if (start >= end) {
|
|
start = buf;
|
|
offset = 0;
|
|
}
|
|
else if (start > buf) {
|
|
// compact: move unconsumed data to beginning
|
|
assert(end >= start); // don't let offset get negative
|
|
offset = end - start;
|
|
memmove(buf, start, offset);
|
|
start = buf;
|
|
}
|
|
else if (offset >= sizeof(buf))
|
|
throw std::runtime_error("Too long message on Pipe");
|
|
}
|
|
}
|