2021-01-14 23:06:47 +01:00 · 2021-01-14 23:22:59 +01:00 · 2021-01-14 23:26:56 +01:00 · 2021-01-19 16:37:12 +01:00
9 changed files with 140 additions and 58 deletions
--- a/src/packages/fff/fff-fastd/Makefile
+++ b/src/packages/fff/fff-fastd/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=fff-fastd
-PKG_RELEASE:=3
+PKG_RELEASE:=4

 include $(INCLUDE_DIR)/package.mk

--- a/src/packages/fff/fff-fastd/files/usr/lib/vpn-select.d/fastd
+++ b/src/packages/fff/fff-fastd/files/usr/lib/vpn-select.d/fastd
@ -0,0 +1,34 @@
+protocol=fastd
+
+fastd_clear() {
+	rm /tmp/fastd_fff_peers/*
+}
+
+fastd_addpeer() {
+	[ -d /tmp/fastd_fff_peers ] || mkdir /tmp/fastd_fff_peers
+
+	# write fastd-config
+	json_get_var servername name
+	filename="/etc/fastd/fff/peers/$servername"
+	echo "#name \"${servername}\";" > "$filename"
+	json_get_var key key
+	echo "key \"${key}\";" >> "$filename"
+	json_get_var address address
+	json_get_var port port
+	echo "remote \"${address}\" port ${port};" >> "$filename"
+	echo "" >> "$filename"
+	echo "float yes;" >> "$filename"
+}
+
+fastd_start_stop() {
+	/etc/init.d/fastd reload # does nothing if fastd was not running
+
+	# fastd start/stop for various situations
+	# this is needed for first start and if fastd comes up or disappears in hoodfile
+	pidfile="/tmp/run/fastd.fff.pid"
+	if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
+		([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
+	else
+		([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
+	fi
+}
--- a/src/packages/fff/fff-node/Makefile
+++ b/src/packages/fff/fff-node/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=fff-node
-PKG_RELEASE:=3
+PKG_RELEASE:=4

 include $(INCLUDE_DIR)/package.mk

@ -12,6 +12,7 @@ define Package/fff-node
 	URL:=https://www.freifunk-franken.de
 	DEPENDS:=+fff-batman-adv \
 	         +fff-fastd \
+	         +fff-vxlan-node-vpn \
 	         +fff-firewall \
 	         +fff-hoods \
 	         +fff-uradvd
--- a/src/packages/fff/fff-vpn-select/Makefile
+++ b/src/packages/fff/fff-vpn-select/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=fff-vpn-select
-PKG_RELEASE:=5
+PKG_RELEASE:=6

 include $(INCLUDE_DIR)/package.mk

--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
@ -1,65 +1,45 @@
 #!/bin/sh

 # Usage: vpn-select <path-to-hood-file>
+# To add a new protocol, put a file with three functions to /usr/lib/vpn-select.d/ .
+# The file must start with protocol=name. It is most important to use the same name here and in hoodfile.
+# The old config can be cleared in function ${protocol}_clear(). It is called first once per installed protocol.
+# The function ${protocol}_addpeer() is called for every selected peer in hoodfile.
+# The function ${protocol}_start_stop() is called at the end once per installed protocol.

 . /usr/share/libubox/jshn.sh

 hoodfile="$1"

-make_config() {
-	# remove old config
-	rm /tmp/fastd_fff_peers/*
+# source functions
+for file in /usr/lib/vpn-select.d/*; do
+	[ -f $file ] && . "$file"
+	supported_protocols="$supported_protocols $protocol"
+done

-	# prepare
-	Index=1
+# clear old config
+for protocol in $supported_protocols; do
+	"${protocol}_clear"
+done
+
+# configure vpn
+
+if [ -n "$hoodfile" ] && [ -s "$hoodfile" ] ; then
 	json_load "$(cat "$hoodfile")"
+	json_select hood
+	json_get_var id id
+	json_select ".."
 	json_select vpn
-
-	# get fastd peers
-	while json_select "$Index" > /dev/null
-	do
+	json_get_keys vpn_keys
+	for key in $vpn_keys; do
+		json_select $key
 		json_get_var protocol protocol
-		if [ "$protocol" = "fastd" ]; then
-			# set up fastd
-			json_get_var servername name
-			filename="/etc/fastd/fff/peers/$servername"
-			echo "#name \"${servername}\";" > "$filename"
-			json_get_var key key
-			echo "key \"${key}\";" >> "$filename"
-			json_get_var address address
-			json_get_var port port
-			echo "remote \"${address}\" port ${port};" >> "$filename"
-			echo "" >> "$filename"
-			echo "float yes;" >> "$filename"
-		fi
+		[[ "$supported_protocols" = *$protocol* ]]  &&	"${protocol}_addpeer"
 		json_select ".." # back to vpn
-		Index=$(( Index + 1 ))
 	done
-	json_select ".." # back to root
-}
-
-# Only do something if file is there and not empty; otherwise exit 1
-if [ -s "$hoodfile" ]; then
-	if [ ! -d /tmp/fastd_fff_peers ]; then
-		# first run after reboot
-		mkdir /tmp/fastd_fff_peers
-		make_config
-		# start fastd only if there are some peers
-		[ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
-	else
-		make_config
-		/etc/init.d/fastd reload
-
-		# fastd start/stop for various situations
-		pidfile="/tmp/run/fastd.fff.pid"
-		if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
-			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
-		else
-			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
-		fi
-	fi
-	exit 0
-else
-	echo "vpn-select: Hood file not found or empty!"
-	exit 1
 fi
+
+# start/restart/stop vpnservices
+for protocol in $supported_protocols; do
+	"${protocol}_start_stop"
+done
--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop
@ -1,5 +0,0 @@
-#!/bin/sh
-
-rm /tmp/fastd_fff_peers/*
-/etc/init.d/fastd stop
-
--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop
@ -0,0 +1 @@
+vpn-select
--- a/src/packages/fff/fff-vxlan-node-vpn/Makefile
+++ b/src/packages/fff/fff-vxlan-node-vpn/Makefile
@ -0,0 +1,29 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-vxlan-node-vpn
+PKG_RELEASE:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/$(PKG_NAME)
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken vxlan-node
+	URL:=http://www.freifunk-franken.de
+	DEPENDS:=+vxlan
+endef
+
+define Package/$(PKG_NAME)/description
+	This is the vxlan-node-vpn package for the Freifunk Franken Firmware
+	This will configure and set up the VPN via vxlan
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/$(PKG_NAME)/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,$(PKG_NAME)))
--- a/src/packages/fff/fff-vxlan-node-vpn/files/etc/uci-defaults/53-vxlan-node
+++ b/src/packages/fff/fff-vxlan-node-vpn/files/etc/uci-defaults/53-vxlan-node
@ -0,0 +1,15 @@
+uci batch <<EOF
+ set network.vxlan0=interface
+ set network.vxlan0.proto=vxlan6
+ set network.vxlan0.port=8472
+ set network.vxlan0.ip6addr=auto
+ set network.vxlan0.srcportmin=8472
+ set network.vxlan0.srcportmax=8473
+ set network.vxlan0.ageing=30
+ set network.vxlan0.mtu=1422
+
+ set network.vxbat=interface
+ set network.vxbat.proto=batadv_hardif
+ set network.vxbat.master=bat0
+ set network.vxbat.ifname=vxlan0
+EOF
--- a/src/packages/fff/fff-vxlan-node-vpn/files/usr/lib/vpn-select.d/vxlan
+++ b/src/packages/fff/fff-vxlan-node-vpn/files/usr/lib/vpn-select.d/vxlan
@ -0,0 +1,27 @@
+protocol=vxlan
+
+vxlan_clear() {
+	while uci -q delete network.@vxlan_peer[0]; do :; done
+}
+
+vxlan_addpeer() {
+	uci set network.vxlan0.vid="$id"
+	json_get_var address address
+	address=$(ping6 -w1 -c1 "$address" | awk '/from/ {print substr($4, 1, length($4)-1); exit}')
+	[ -z $address ] && return ## address not reachable
+	uci add network vxlan_peer
+	uci set network.@vxlan_peer[-1].vxlan="vxlan0"
+	uci set network.@vxlan_peer[-1].dst="$address"
+}
+
+vxlan_start_stop() {
+	uci commit network
+	# reload_config will not add new peers. A ifup is needed
+	ifup vxlan0
+
+	# this workaround is cleaning up old fdb entries
+	# and can be removed if someday netifd will do that
+	bridge fdb show dev vxlan0 state permanent | while read mac dst ip rest ; do
+		grep -q "$ip" /etc/config/network || bridge fdb del $mac dev vxlan0 dst $ip
+	done
+}