- daemon/wgctl-conntrack: Go daemon for conntrack DESTROY events - wgctl-conntrack.service: systemd service - core/lib/accept_events.py: accept_events(), accept_aggregate() - ctx::accept_events_log: .wgctl/daemon/accept_events.log - activity: ACCEPT row with bytes in/out and conn count - activity: accept dest rows with ↓/↑ bytes at end - activity: --accept, --drop, --external flags - activity: unified w_count for drop/accept alignment - activity: drop service rows in red - activity: accept dest rows in green - sysctl: nf_conntrack_acct=1 for byte counting - note: --exclude-service/--include-service deferred
101 lines
No EOL
4.4 KiB
Bash
101 lines
No EOL
4.4 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# ============================================
|
|
# Static Context — resolved once at source time
|
|
# ============================================
|
|
|
|
_CTX_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
|
_CTX_WG="/etc/wireguard"
|
|
_CTX_CORE="${_CTX_ROOT}/core"
|
|
_CTX_MODULES="${_CTX_ROOT}/modules"
|
|
_CTX_COMMANDS="${_CTX_ROOT}/commands"
|
|
_CTX_CLIENTS="${_CTX_WG}/clients"
|
|
|
|
# ── Directory layout ──────────────────────────────────
|
|
# .wgctl/
|
|
# config/ ← wgctl.json, display.json
|
|
# data/ ← all persistent data (rules, identities, etc.)
|
|
# daemon/ ← runtime files (logs, caches)
|
|
|
|
_CTX_WGCTL="${_CTX_WG}/.wgctl"
|
|
_CTX_CONFIG="${_CTX_WGCTL}/config"
|
|
_CTX_DATA="${_CTX_WGCTL}/data"
|
|
_CTX_DAEMON="${_CTX_WGCTL}/daemon"
|
|
|
|
# ── Data subdirs ──────────────────────────────────────
|
|
_CTX_RULES="${_CTX_DATA}/rules"
|
|
_CTX_RULES_BASE="${_CTX_RULES}/base"
|
|
_CTX_GROUPS="${_CTX_DATA}/groups"
|
|
_CTX_BLOCKS="${_CTX_DATA}/blocks"
|
|
_CTX_META="${_CTX_DATA}/meta"
|
|
_CTX_IDENTITY="${_CTX_DATA}/identities"
|
|
_CTX_PEER_HISTORY="${_CTX_DATA}/peer-history"
|
|
|
|
# ── Data files ────────────────────────────────────────
|
|
_CTX_NET="${_CTX_DATA}/services.json"
|
|
_CTX_HOSTS="${_CTX_DATA}/hosts.json"
|
|
_CTX_SUBNETS="${_CTX_DATA}/subnets.json"
|
|
_CTX_POLICIES="${_CTX_DATA}/policies.json"
|
|
|
|
# ── Config files ──────────────────────────────────────
|
|
_CTX_CONFIG_FILE="${_CTX_CONFIG}/wgctl.json"
|
|
|
|
# ============================================
|
|
# Accessors
|
|
# ============================================
|
|
|
|
function ctx::root() { echo "$_CTX_ROOT"; }
|
|
function ctx::core() { echo "$_CTX_CORE"; }
|
|
function ctx::modules() { echo "$_CTX_MODULES"; }
|
|
function ctx::commands() { echo "$_CTX_COMMANDS"; }
|
|
function ctx::wg() { echo "$_CTX_WG"; }
|
|
function ctx::clients() { echo "$_CTX_CLIENTS"; }
|
|
|
|
# Top-level dirs
|
|
function ctx::wgctl() { echo "$_CTX_WGCTL"; }
|
|
function ctx::config() { echo "$_CTX_CONFIG"; }
|
|
function ctx::data() { echo "$_CTX_DATA"; }
|
|
function ctx::daemon() { echo "$_CTX_DAEMON"; }
|
|
|
|
# Data subdirs
|
|
function ctx::rules() { echo "$_CTX_RULES"; }
|
|
function ctx::rules::base() { echo "$_CTX_RULES_BASE"; }
|
|
function ctx::groups() { echo "$_CTX_GROUPS"; }
|
|
function ctx::blocks() { echo "$_CTX_BLOCKS"; }
|
|
function ctx::meta() { echo "$_CTX_META"; }
|
|
function ctx::identities() { echo "$_CTX_IDENTITY"; }
|
|
function ctx::peer_history() { echo "$_CTX_PEER_HISTORY"; }
|
|
|
|
# Data files
|
|
function ctx::net() { echo "$_CTX_NET"; }
|
|
function ctx::hosts() { echo "$_CTX_HOSTS"; }
|
|
function ctx::subnets() { echo "$_CTX_SUBNETS"; }
|
|
function ctx::policies() { echo "$_CTX_POLICIES"; }
|
|
|
|
# Config files
|
|
function ctx::config_file() { echo "$_CTX_CONFIG_FILE"; }
|
|
function ctx::display() { echo "${_CTX_CONFIG}/display.json"; }
|
|
|
|
# Daemon files
|
|
function ctx::events_log() { echo "${_CTX_DAEMON}/events.log"; }
|
|
function ctx::fw_events_log() { echo "${_CTX_DAEMON}/fw_events.log"; }
|
|
function ctx::endpoint_cache() { echo "${_CTX_DAEMON}/endpoint_cache.json"; }
|
|
function ctx::accept_events_log() { echo "${_CTX_DAEMON}/accept_events.log"; }
|
|
|
|
# Tool paths
|
|
function ctx::json_helper() { echo "${_CTX_CORE}/json_helper.py"; }
|
|
function ctx::monitor_script() { echo "${_CTX_ROOT}/daemon/wgctl-monitor.py"; }
|
|
function ctx::lib() { echo "${_CTX_CORE}/lib"; }
|
|
|
|
function ctx::block_history() { echo "${_CTX_DATA}/block-history"; }
|
|
|
|
# ============================================
|
|
# Path Helpers
|
|
# ============================================
|
|
|
|
function ctx::client::path() { local IFS="/"; echo "$_CTX_CLIENTS/$*"; }
|
|
function ctx::meta::path() { local IFS="/"; echo "$_CTX_META/$*"; }
|
|
function ctx::identity::path() { local IFS="/"; echo "$_CTX_IDENTITY/$*"; }
|
|
function ctx::block::path() { local IFS="/"; echo "$_CTX_BLOCKS/$*"; }
|
|
function ctx::group::path() { local IFS="/"; echo "$_CTX_GROUPS/$*"; }
|
|
function ctx::rule::path() { local IFS="/"; echo "$_CTX_RULES/$*"; } |