From patchwork Mon Oct 19 21:53:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [v2] Make vpn-select modular From: Robert Langhammer X-Patchwork-Id: 1436 Message-Id: <20201019215354.12892-1-rlanghammer@web.de> To: franken-dev@freifunk.net Date: Mon, 19 Oct 2020 23:53:54 +0200 vpn-select is an old relic and did not reflect the opportunities of our hoodfile. This rewrite makes vpn-select modular to easely add new vpn-protocols. The stuff dependent on the vpn-protocol is outsourced to files in /etc/vpn-select.d and comes in with the respective vpn package. vpn-stop is removed to use the protocol independent start/stop mechanism of vpn-select. Instead, a symlink is used. Signed-off-by: Robert Langhammer --- Changes in v2: - add a symlink vpn-stop -> vpn-select. No changes in configurehood needed. - use json_get_keys instead of index. - use ls instead of fileglob. --- .../fff-fastd/files/etc/vpn-select.d/fastd | 35 +++++++++ .../fff-vpn-select/files/usr/sbin/vpn-select | 77 +++++++------------ .../fff-vpn-select/files/usr/sbin/vpn-stop | 6 +- 3 files changed, 63 insertions(+), 55 deletions(-) create mode 100644 src/packages/fff/fff-fastd/files/etc/vpn-select.d/fastd mode change 100755 => 120000 src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop -- 2.20.1 diff --git a/src/packages/fff/fff-fastd/files/etc/vpn-select.d/fastd b/src/packages/fff/fff-fastd/files/etc/vpn-select.d/fastd new file mode 100644 index 0000000..bd73761 --- /dev/null +++ b/src/packages/fff/fff-fastd/files/etc/vpn-select.d/fastd @@ -0,0 +1,35 @@ +protocol=fastd + +fastd_clear() { + rm /tmp/fastd_fff_peers/* +} + +fastd_addpeer() { + [ -d /tmp/fastd_fff_peers ] || mkdir /tmp/fastd_fff_peers + + # write fastd-config + json_get_var servername name + filename="/etc/fastd/fff/peers/$servername" + echo "#name \"${servername}\";" > "$filename" + json_get_var key key + echo "key \"${key}\";" >> "$filename" + json_get_var address address + json_get_var port port + echo "remote \"${address}\" port ${port};" >> "$filename" + echo "" >> "$filename" + echo "float yes;" >> "$filename" +} + +fastd_start_stop() { + /etc/init.d/fastd reload # does nothing if fastd was not running + + # fastd start/stop for various situations + # this is needed for first start and if fastd comes up or disappears in hoodfile + pidfile="/tmp/run/fastd.fff.pid" + if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start + else + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop + fi +} + diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select index 30883f5..e6c7bb6 100755 --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select @@ -1,65 +1,42 @@ #!/bin/sh -# Usage: vpn-select +# Usage: vpn-select [] +# An empty parameter shuts down all vpn. +# To add a new protocol, put a file with three functions to /etc/vpn-select.d/ . +# The file must start with protocol=name. It is most important to use the same name here and in hoodfile. +# The old config can be cleared in function ${protocol}_clear() . +# The function ${protocol}_addpeer() is called for every peer in hoodfile. +# The function ${protocol}_start_stop() is called at the end once per installed protocol. . /usr/share/libubox/jshn.sh hoodfile="$1" -make_config() { - # remove old config - rm /tmp/fastd_fff_peers/* +for file in $([ -d /etc/vpn-select.d ] && ls /etc/vpn-select.d); do + . "$file" + supported_protocols="$supported_protocols $protocol" +done - # prepare - Index=1 +# clear old config +for protocol in $supported_protocols; do + "${protocol}_clear" +done + +# configure vpn +if [ -n "$hoodfile" ] && [ -s $hoodfile ] ; then json_load "$(cat "$hoodfile")" json_select vpn - - # get fastd peers - while json_select "$Index" > /dev/null - do + json_get_keys vpn_keys + for k in $vpn_keys; do + json_select $k json_get_var protocol protocol - if [ "$protocol" = "fastd" ]; then - # set up fastd - json_get_var servername name - filename="/etc/fastd/fff/peers/$servername" - echo "#name \"${servername}\";" > "$filename" - json_get_var key key - echo "key \"${key}\";" >> "$filename" - json_get_var address address - json_get_var port port - echo "remote \"${address}\" port ${port};" >> "$filename" - echo "" >> "$filename" - echo "float yes;" >> "$filename" - fi + "${protocol}_addpeer" || echo "protocol $protocol unknown" json_select ".." # back to vpn - Index=$(( Index + 1 )) done - json_select ".." # back to root -} +fi -# Only do something if file is there and not empty; otherwise exit 1 -if [ -s "$hoodfile" ]; then - if [ ! -d /tmp/fastd_fff_peers ]; then - # first run after reboot - mkdir /tmp/fastd_fff_peers - make_config - # start fastd only if there are some peers - [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start - else - make_config - /etc/init.d/fastd reload +# start/restart/stop vpnservices +for protocol in $supported_protocols; do + "${protocol}_start_stop" +done - # fastd start/stop for various situations - pidfile="/tmp/run/fastd.fff.pid" - if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start - else - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop - fi - fi - exit 0 -else - echo "vpn-select: Hood file not found or empty!" - exit 1 -fi diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop deleted file mode 100755 index 03a160b..0000000 --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -rm /tmp/fastd_fff_peers/* -/etc/init.d/fastd stop - diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop new file mode 120000 index 0000000..fd632e6 --- /dev/null +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-stop @@ -0,0 +1 @@ +vpn-select \ No newline at end of file