node: Make vpn-select modular and add vxlan-vpn #78
|
@ -1,7 +1,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fff-fastd
|
||||
PKG_RELEASE:=3
|
||||
PKG_RELEASE:=4
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
protocol=fastd
|
||||
|
||||
fastd_clear() {
|
||||
rm /tmp/fastd_fff_peers/*
|
||||
}
|
||||
|
||||
fastd_addpeer() {
|
||||
[ -d /tmp/fastd_fff_peers ] || mkdir /tmp/fastd_fff_peers
|
||||
|
||||
# write fastd-config
|
||||
json_get_var servername name
|
||||
filename="/etc/fastd/fff/peers/$servername"
|
||||
echo "#name \"${servername}\";" > "$filename"
|
||||
json_get_var key key
|
||||
echo "key \"${key}\";" >> "$filename"
|
||||
json_get_var address address
|
||||
json_get_var port port
|
||||
echo "remote \"${address}\" port ${port};" >> "$filename"
|
||||
echo "" >> "$filename"
|
||||
echo "float yes;" >> "$filename"
|
||||
}
|
||||
jkimmel marked this conversation as resolved
Outdated
|
||||
|
||||
fastd_start_stop() {
|
||||
/etc/init.d/fastd reload # does nothing if fastd was not running
|
||||
|
||||
# fastd start/stop for various situations
|
||||
# this is needed for first start and if fastd comes up or disappears in hoodfile
|
||||
pidfile="/tmp/run/fastd.fff.pid"
|
||||
if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
|
||||
([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
|
||||
else
|
||||
([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
|
||||
fi
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fff-node
|
||||
PKG_RELEASE:=3
|
||||
PKG_RELEASE:=4
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
|
@ -12,6 +12,7 @@ define Package/fff-node
|
|||
URL:=https://www.freifunk-franken.de
|
||||
DEPENDS:=+fff-batman-adv \
|
||||
+fff-fastd \
|
||||
+fff-vxlan-node-vpn \
|
||||
+fff-firewall \
|
||||
+fff-hoods \
|
||||
+fff-uradvd
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fff-vpn-select
|
||||
PKG_RELEASE:=5
|
||||
PKG_RELEASE:=6
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
|
|
|
@ -1,65 +1,45 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Usage: vpn-select <path-to-hood-file>
|
||||
# To add a new protocol, put a file with three functions to /usr/lib/vpn-select.d/ .
|
||||
# The file must start with protocol=name. It is most important to use the same name here and in hoodfile.
|
||||
# The old config can be cleared in function ${protocol}_clear(). It is called first once per installed protocol.
|
||||
# The function ${protocol}_addpeer() is called for every selected peer in hoodfile.
|
||||
# The function ${protocol}_start_stop() is called at the end once per installed protocol.
|
||||
|
||||
. /usr/share/libubox/jshn.sh
|
||||
|
||||
hoodfile="$1"
|
||||
|
||||
make_config() {
|
||||
# remove old config
|
||||
rm /tmp/fastd_fff_peers/*
|
||||
# source functions
|
||||
for file in /usr/lib/vpn-select.d/*; do
|
||||
[ -f $file ] && . "$file"
|
||||
supported_protocols="$supported_protocols $protocol"
|
||||
done
|
||||
|
||||
# prepare
|
||||
Index=1
|
||||
# clear old config
|
||||
for protocol in $supported_protocols; do
|
||||
"${protocol}_clear"
|
||||
done
|
||||
|
||||
# configure vpn
|
||||
|
||||
if [ -n "$hoodfile" ] && [ -s "$hoodfile" ] ; then
|
||||
json_load "$(cat "$hoodfile")"
|
||||
json_select hood
|
||||
json_get_var id id
|
||||
json_select ".."
|
||||
json_select vpn
|
||||
|
||||
# get fastd peers
|
||||
while json_select "$Index" > /dev/null
|
||||
do
|
||||
json_get_keys vpn_keys
|
||||
for key in $vpn_keys; do
|
||||
json_select $key
|
||||
json_get_var protocol protocol
|
||||
if [ "$protocol" = "fastd" ]; then
|
||||
# set up fastd
|
||||
json_get_var servername name
|
||||
filename="/etc/fastd/fff/peers/$servername"
|
||||
echo "#name \"${servername}\";" > "$filename"
|
||||
json_get_var key key
|
||||
echo "key \"${key}\";" >> "$filename"
|
||||
json_get_var address address
|
||||
json_get_var port port
|
||||
echo "remote \"${address}\" port ${port};" >> "$filename"
|
||||
echo "" >> "$filename"
|
||||
echo "float yes;" >> "$filename"
|
||||
fi
|
||||
[[ "$supported_protocols" = *$protocol* ]] && "${protocol}_addpeer"
|
||||
json_select ".." # back to vpn
|
||||
Index=$(( Index + 1 ))
|
||||
done
|
||||
json_select ".." # back to root
|
||||
}
|
||||
|
||||
# Only do something if file is there and not empty; otherwise exit 1
|
||||
if [ -s "$hoodfile" ]; then
|
||||
if [ ! -d /tmp/fastd_fff_peers ]; then
|
||||
# first run after reboot
|
||||
mkdir /tmp/fastd_fff_peers
|
||||
make_config
|
||||
# start fastd only if there are some peers
|
||||
[ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
|
||||
else
|
||||
make_config
|
||||
/etc/init.d/fastd reload
|
||||
|
||||
# fastd start/stop for various situations
|
||||
pidfile="/tmp/run/fastd.fff.pid"
|
||||
if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
|
||||
([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
|
||||
else
|
||||
([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
|
||||
fi
|
||||
fi
|
||||
exit 0
|
||||
else
|
||||
echo "vpn-select: Hood file not found or empty!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# start/restart/stop vpnservices
|
||||
for protocol in $supported_protocols; do
|
||||
"${protocol}_start_stop"
|
||||
done
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
rm /tmp/fastd_fff_peers/*
|
||||
/etc/init.d/fastd stop
|
||||
|
|
@ -0,0 +1 @@
|
|||
vpn-select
|
|
@ -0,0 +1,29 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fff-vxlan-node-vpn
|
||||
PKG_RELEASE:=1
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
rohammer marked this conversation as resolved
Outdated
adschm
commented
This line can be dropped. This line can be dropped.
|
||||
|
||||
define Package/$(PKG_NAME)
|
||||
SECTION:=base
|
||||
CATEGORY:=Freifunk
|
||||
TITLE:=Freifunk-Franken vxlan-node
|
||||
URL:=http://www.freifunk-franken.de
|
||||
DEPENDS:=+vxlan
|
||||
endef
|
||||
|
||||
define Package/$(PKG_NAME)/description
|
||||
This is the vxlan-node-vpn package for the Freifunk Franken Firmware
|
||||
This will configure and set up the VPN via vxlan
|
||||
endef
|
||||
|
||||
define Build/Compile
|
||||
# nothing
|
||||
endef
|
||||
|
||||
define Package/$(PKG_NAME)/install
|
||||
$(CP) ./files/* $(1)/
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,$(PKG_NAME)))
|
|
@ -0,0 +1,15 @@
|
|||
uci batch <<EOF
|
||||
set network.vxlan0=interface
|
||||
set network.vxlan0.proto=vxlan6
|
||||
set network.vxlan0.port=8472
|
||||
set network.vxlan0.ip6addr=auto
|
||||
set network.vxlan0.srcportmin=8472
|
||||
set network.vxlan0.srcportmax=8473
|
||||
set network.vxlan0.ageing=30
|
||||
set network.vxlan0.mtu=1422
|
||||
|
||||
set network.vxbat=interface
|
||||
set network.vxbat.proto=batadv_hardif
|
||||
set network.vxbat.master=bat0
|
||||
set network.vxbat.ifname=vxlan0
|
||||
EOF
|
|
@ -0,0 +1,27 @@
|
|||
protocol=vxlan
|
||||
|
||||
vxlan_clear() {
|
||||
while uci -q delete network.@vxlan_peer[0]; do :; done
|
||||
}
|
||||
|
||||
vxlan_addpeer() {
|
||||
uci set network.vxlan0.vid="$id"
|
||||
json_get_var address address
|
||||
address=$(ping6 -w1 -c1 "$address" | awk '/from/ {print substr($4, 1, length($4)-1); exit}')
|
||||
[ -z $address ] && return ## address not reachable
|
||||
uci add network vxlan_peer
|
||||
uci set network.@vxlan_peer[-1].vxlan="vxlan0"
|
||||
uci set network.@vxlan_peer[-1].dst="$address"
|
||||
}
|
||||
|
||||
vxlan_start_stop() {
|
||||
uci commit network
|
||||
# reload_config will not add new peers. A ifup is needed
|
||||
ifup vxlan0
|
||||
|
||||
# this workaround is cleaning up old fdb entries
|
||||
# and can be removed if someday netifd will do that
|
||||
bridge fdb show dev vxlan0 state permanent | while read mac dst ip rest ; do
|
||||
grep -q "$ip" /etc/config/network || bridge fdb del $mac dev vxlan0 dst $ip
|
||||
done
|
||||
}
|
Loading…
Reference in New Issue
Also ich finde ja erst mal alle Daten zusammensuchen und dann die Datei schreiben etwas übersichtlicher
Und anstatt der Wand aus
echo
s, bietet sich nenhere-document
an:Das ist erst mal nur 1:1 das alte fastd Geraffel. Da kam auch schon ein PR #13 von Adrian um das schoener zu machen. Das ist dann etwas fuer eigene Patches. Entweder hier oder in der alten vpn-select.
Ja, habs dann auch gemerkt, dass das aus dem alten kopiert war und mich erinnert, dass da die Vorschläge kamen.
Also das gehoert verbessert, kann aber freilich später passieren.
Alternativ könnte man auch schnell den alten Code verbessern und dann den kopieren :)