Gitiles
Code Review Sign In
gerrit.cesnet.cz / CzechLight / velia / 2ad10be484893c41f1257f9a641de02df3aa15fd / . / src / main-firewall.cpp
blob: 82a0ff65668a44e59156b0394a5f6d362dc6c9a9 [file] [log] [blame]
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]1#include <boost/process.hpp>
2#include <docopt.h>
3#include <spdlog/sinks/ansicolor_sink.h>
4#include <spdlog/spdlog.h>
5#include <sysrepo-cpp/Session.hpp>
6#include <unistd.h>
7#include "VELIA_VERSION.h"
8#include "firewall/Firewall.h"
Václav Kubernátde0e4e62021-02-08 17:46:14 +0100[diff] [blame]9#include "system_vars.h"
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]10#include "utils/exceptions.h"
Václav Kubernát6d9357e2021-01-28 15:38:24 +0100[diff] [blame]11#include "utils/exec.h"
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]12#include "utils/journal.h"
13#include "utils/log-init.h"
Václav Kubernát6018f082021-02-11 01:32:18 +0100[diff] [blame]14#include "utils/log.h"
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]15#include "utils/waitUntilSignalled.h"
16
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]17static const char usage[] =
18 R"(Bridge between sysrepo and nftables.
19
20Usage:
21 veliad-firewall
22 [--sysrepo-log-level=<Level>]
23 [--firewall-log-level=<Level>]
24 veliad-firewall (-h | --help)
25 veliad-firewall --version
26
27Options:
28 -h --help Show this screen.
29 --version Show version.
30 --firewall-log-level=<N> Log level for the firewall [default: 3]
31 --sysrepo-log-level=<N> Log level for the sysrepo library [default: 3]
32)";
33
34int main(int argc, char* argv[])
35{
36 std::shared_ptr<spdlog::sinks::sink> loggingSink;
37 if (velia::utils::isJournaldActive()) {
38 loggingSink = velia::utils::create_journald_sink();
39 } else {
40 loggingSink = std::make_shared<spdlog::sinks::ansicolor_stderr_sink_mt>();
41 }
42
Tomáš Peckac50ec9e2021-01-27 12:22:42 +0100[diff] [blame]43 auto args = docopt::docopt(usage, {argv + 1, argv + argc}, true, "veliad-firewall " VELIA_VERSION, true);
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]44
45 velia::utils::initLogs(loggingSink);
46 spdlog::set_level(spdlog::level::info);
47
48 try {
49 spdlog::get("firewall")->set_level(parseLogLevel("Firewall logging", args["--firewall-log-level"]));
50 spdlog::get("sysrepo")->set_level(parseLogLevel("Sysrepo library", args["--sysrepo-log-level"]));
51
52 spdlog::get("main")->debug("Opening Sysrepo connection");
53 auto srConn = std::make_shared<sysrepo::Connection>();
54 auto srSess = std::make_shared<sysrepo::Session>(srConn);
55 velia::firewall::SysrepoFirewall firewall(srSess, [] (const auto& config) {
56 spdlog::get("firewall")->debug("running nft...");
Václav Kubernátde0e4e62021-02-08 17:46:14 +0100[diff] [blame]57 velia::utils::execAndWait(spdlog::get("firewall"), NFT_EXECUTABLE, {"-f", "-"}, config);
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]58
Václav Kubernátd386aba2021-01-19 10:03:28 +0100[diff] [blame]59 spdlog::get("firewall")->debug("nft config applied.");
60 });
61
62 waitUntilSignaled();
63
64 spdlog::get("main")->info("Exiting.");
65
66 return 0;
67 } catch (std::exception& e) {
68 velia::utils::fatalException(spdlog::get("main"), e, "main");
69 }
70}