Allow specifying peers via UCI

net/fastd/files/fastd.config

@@ -12,7 +12,7 @@ config fastd sample_config
 
 	# Sets a directory from which peers configurations are read
 	# The peer list can be reloaded without restarting fastd
-	# This is currently the only way to configure the peers
+	# Peer can either be configured via UCI (see example below) or via peer dirs
 	list config_peer_dir '/etc/fastd/sample_config/peers'
 
 	# Sets the log level
@@ -59,3 +59,36 @@ config fastd sample_config
 
 	# command to execute before the tunnel interface is set down; $1 will be the interface name (optional)
 #	option down ''
+
+
+config peer sample_peer
+
+	# Set to 1 to enable this peer:
+        option enabled 0
+
+	# Controls which instance this peer is associated with
+        option net 'sample_config'
+
+	# The peer's public key
+	option key '0000000000000000000000000000000000000000000000000000000000000000'
+
+	# A complete remote specification consists of an address or a hostname, and a port
+	# When a hostname is given, it is recommended to specify an address family to use
+
+	# The address to connect to (optional)
+#	option address '192.0.2.1'
+#	option address '[2001:db8::1]'
+
+	# The hostname to connect to (optional)
+#	option hostname 'example.com'
+
+	# The address family to use to connect to the hostname (optional)
+	# Must be 'ipv4' or 'ipv6'
+	# Has no effect when an address is specified
+#	option address_family 'ipv4'
+
+	# The remote port to connect to (optional)
+#	option port 1337
+
+	# Setting float to 1 allow incoming connections with this key from other addresses/hostnames/ports than the specified remote
+	option float 0

net/fastd/files/fastd.init

@@ -54,6 +54,70 @@ error() {
 	echo "${initscript}:" "$@" 1>&2
 }
 
+create_peer_config() {
+	local s="$2"; local peer="$1"
+
+	config_get net "$peer" net
+	[ "$net" == "$s" ] || return 0
+
+	section_enabled "$peer" || return 0
+
+	config_get key "$peer" key
+	config_get address "$peer" address
+	config_get hostname "$peer" hostname
+	config_get address_family "$peer" address_family
+	config_get port "$peer" port
+	config_get_bool float "$peer" float 0
+
+	if [ -z "$key" ]; then
+		error "peer $peer: key is not set"
+		return 1
+	fi
+
+	local remote=''
+	if [ "$address" -o "$hostname" ]; then
+		if [ "$address" -a "$hostname" ]; then
+			error "peer $peer: both address and hostname given"
+			return 1
+		fi
+
+		if [ "$float" = 0 ]; then
+			float=''
+		else
+			float='float'
+		fi
+
+		if [ "$port" ]; then
+			if [ "$address" ]; then
+				remote="remote $address port $port $float;"
+			else # $hostname
+				if [ "$address_family" -a "$address_family" != 'ipv4' -a "$address_family" != 'ipv6' ]; then
+					error "peer $peer: invalid address family given"
+					return 1
+				fi
+				remote="remote $address_family \"$hostname\" port $port $float;"
+			fi
+		else
+			error "peer $peer: address or hostname, but no port given"
+			return 1
+		fi
+	fi
+
+	cat > "$TMP_FASTD/fastd.$s.peers/$peer" <<EOF
+key "$key";
+$remote
+EOF
+}
+
+update_peers_instance() {
+	local s="$1"
+
+	rm -rf "$TMP_FASTD/fastd.$s.peers"
+	mkdir -p "$TMP_FASTD/fastd.$s.peers"
+
+	config_foreach create_peer_config 'peer' "$s"
+}
+
 get_key_instance() {
 	local s="$1"
 
@@ -123,7 +187,9 @@ start_instance() {
 	append_opts "$s" syslog_level mode interface mtu
 	append_opts_bool "$s" forward
 
-	eval service_start "'$FASTD_COMMAND'" --daemon --pid-file "'$SERVICE_PID_FILE'" --syslog-level info $OPTS --config - <<EOF
+	update_peers_instance "$s"
+
+	eval service_start "'$FASTD_COMMAND'" --daemon --pid-file "'$SERVICE_PID_FILE'" --syslog-level info $OPTS --config-peer-dir "$TMP_FASTD/fastd.$s.peers" --config - <<EOF
 secret "$secret";
 EOF
 
@@ -158,6 +224,8 @@ stop_instance() {
 	[ -n "$down" ] && sh -c "$down" - "$interface"
 
 	service_stop "$FASTD_COMMAND"
+
+	rm -rf "$TMP_FASTD/fastd.$s.peers"
 }
 
 reload_instance() {
@@ -165,6 +233,8 @@ reload_instance() {
 
         section_enabled "$s" || return 1
 
+	update_peers_instance "$s"
+
         SERVICE_PID_FILE="/var/run/fastd.$s.pid"
         service_reload "$FASTD_COMMAND"
 }