From patchwork Fri Aug 19 18:45:19 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [RFC, v4,
 07/10] Added VPN Connectivity to previous added Hood-Management
From: Jan Kraus <mayosemmel@googlemail.com>
X-Patchwork-Id: 208
Message-Id: <1471632322-14960-8-git-send-email-mayosemmel@gmail.com>
To: franken-dev@freifunk.net
Cc: Jan Kraus <mayosemmel@gmail.com>
Date: Fri, 19 Aug 2016 20:45:19 +0200

Signed-off-by: Jan Kraus <mayosemmel@gmail.com>
---
 src/packages/fff/fff-fastd/Makefile                |   3 +-
 .../fff-fastd/files/etc/uci-defaults/55_fff-fastd  |  37 ++++---
 .../fff/fff-fastd/files/usr/lib/micron.d/fff-fastd |   1 -
 .../fff/fff-vpn-select/files/usr/sbin/vpn-select   | 111 +++++++++++++--------
 4 files changed, 92 insertions(+), 60 deletions(-)
 delete mode 100644 src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd

diff --git a/src/packages/fff/fff-fastd/Makefile b/src/packages/fff/fff-fastd/Makefile
index a544e02..f572a39 100644
--- a/src/packages/fff/fff-fastd/Makefile
+++ b/src/packages/fff/fff-fastd/Makefile
@@ -19,7 +19,8 @@ define Package/fff-fastd
              +@FASTD_ENABLE_CIPHER_NULL \
              +@FASTD_WITH_STATUS_SOCKET \
              +fastd \
-             +fff-random
+             +fff-random \
+             +fff-hoods
 endef
 
 define Package/fff-fastd/description
diff --git a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
index 8ce8425..e1871cc 100644
--- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
+++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
@@ -1,28 +1,27 @@
 /etc/init.d/fastd disable
 
-. /etc/community.cfg
 project="$VPN_PROJECT"
 
 >/etc/config/fastd
 
 uci batch <<EOF
-  set fastd.${project}='fastd'
-  set fastd.${project}.enabled='1'
-  set fastd.${project}.config_peer_dir="/etc/fastd/${project}/peers"
-  set fastd.${project}.syslog_level='warn'
-  set fastd.${project}.method='null'
-  set fastd.${project}.mode='tap'
-  set fastd.${project}.interface="${project}VPN"
-  set fastd.${project}.mtu='1426'
-  set fastd.${project}.on_up="/etc/fastd/${project}/up.sh"
-  set fastd.${project}.secure_handshakes='0'
-  set fastd.${project}.secret="generate"
+  set fastd.FFF='fastd'
+  set fastd.FFF.enabled='1'
+  set fastd.FFF.config_peer_dir="/etc/fastd/FFF/peers"
+  set fastd.FFF.syslog_level='warn'
+  set fastd.FFF.method='null'
+  set fastd.FFF.mode='tap'
+  set fastd.FFF.interface="FFFVPN"
+  set fastd.FFF.mtu='1426'
+  set fastd.FFF.on_up="/etc/fastd/FFF/up.sh"
+  set fastd.FFF.secure_handshakes='0'
+  set fastd.FFF.secret="generate"
 EOF
 
-[ ! -d /etc/fastd/${project} ] &&  mkdir -p /etc/fastd/${project}
-ln -s /tmp/fastd_${project}_peers /etc/fastd/${project}/peers
-echo "#!/bin/sh" > /etc/fastd/${project}/up.sh
-echo "ip link set up dev ${project}VPN" >> /etc/fastd/${project}/up.sh
-echo "echo enable > /sys/devices/virtual/net/${project}VPN/batman_adv/no_rebroadcast" >> /etc/fastd/${project}/up.sh
-echo "batctl if add ${project}VPN" >> /etc/fastd/${project}/up.sh
-chmod +x /etc/fastd/${project}/up.sh
+[ ! -d /etc/fastd/FFF ] &&  mkdir -p /etc/fastd/FFF
+ln -s /tmp/fastd_FFF_peers /etc/fastd/FFF/peers
+echo "#!/bin/sh" > /etc/fastd/FFF/up.sh
+echo "ip link set up dev FFFVPN" >> /etc/fastd/FFF/up.sh
+echo "echo enable > /sys/devices/virtual/net/FFFVPN/batman_adv/no_rebroadcast" >> /etc/fastd/FFF/up.sh
+echo "batctl if add FFFVPN" >> /etc/fastd/FFF/up.sh
+chmod +x /etc/fastd/FFF/up.sh
diff --git a/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd b/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
deleted file mode 100644
index 9399c4f..0000000
--- a/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
+++ /dev/null
@@ -1 +0,0 @@
-*/10 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/fastdstart
diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
index c1e64e2..4c1efcb 100755
--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
@@ -1,40 +1,74 @@
 #!/bin/sh
 
+. /usr/share/libubox/jshn.sh
+. /usr/lib/validate_ip
+
 test -f /tmp/started || exit
 
+hood="$(uci get system.@system[0].hood)"
+
 make_config() {
-# remove old config
->/etc/config/tunneldigger
-rm /tmp/fastd_${project}_peers/*
-count=0
-# get fastd peers
-pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
-wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
-filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
-for file in $filecounts; do
-    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
-    echo 'float yes;' >> /etc/fastd/$project/peers/$file
+    # remove old config
+    >/etc/config/tunneldigger
+    rm -f /tmp/fastd_FFF_peers/*
+    rm -f /etc/fastd/FFF/peers/*
 
-    # ask for Broker and select the tunnel
-    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
-    if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
-        # Gateway offers l2tp
-        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
-        L2PORT=$((FDPORT + 10000))
-        UUID=$hostname
+    json_load "$(cat /etc/hoods/$hood.hood)"
+    json_select vpn
+    local Index="1"
+    while json_select $Index > /dev/null
+    do
+        json_get_var protocol protocol
+        if [ "$protocol" == "fastd" ]
+        then
+            json_get_var servername name
+            echo "#name \"$servername\";" > /etc/fastd/FFF/peers/$servername
+            json_get_var key key
+            echo "key \"$key\";" >> /etc/fastd/FFF/peers/$servername
+            json_get_var address address
+            json_get_var port port
+            if valid_ip4 "$address"
+            then
+                echo "remote ipv4 \"$address\" port $port;" >> /etc/fastd/FFF/peers/$servername
+            elif valid_ip6 "$address"
+            then
+                echo "remote ipv6 \"$address\" port $port;" >> /etc/fastd/FFF/peers/$servername
+            else
+                echo "Invalid IP-Address provided!"
+                rm -f "/etc/fastd/FFF/peers/$servername"
+                json_select ".."
+                Index=$((Index+1))
+                continue
+            fi
+            echo "float yes;" >> /etc/fastd/FFF/peers/$servername
+        elif [ "$protocol" == "$fastd"]
+        then
+            json_get_var address address
+            if ! valid_ip4 "$address" && ! valid_ip6 "$address"
+            then
+                json_select ".."
+                Index=$((Index+1))
+                continue
+            fi
 
-        uci set tunneldigger.$count=broker
-        uci set tunneldigger.$count.address="$IP:$L2PORT"
-        uci set tunneldigger.$count.uuid="$UUID"
-        uci set tunneldigger.$count.interface="l2tp$count"
-        uci set tunneldigger.$count.enabled="1"
-        uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
-        uci commit tunneldigger
-        count=$((count + 1))
-        # remove this fastd-peer
-        rm /etc/fastd/${project}/peers/$file
-    fi
-done
+            json_get_var port port
+
+            uci set tunneldigger.$Index=broker
+            uci set tunneldigger.$Index.address="$address:$port"
+            uci set tunneldigger.$Index.uuid="$hostname"
+            uci set tunneldigger.$Index.interface="l2tp$Index"
+            uci set tunneldigger.$Index.enabled="1"
+            uci set tunneldigger.$Index.hook_script='/etc/tunneldigger/tunneldigger.hook'
+            uci commit tunneldigger
+        else
+            echo "protocol $protocol is not supported by this script"
+            json_select ".."
+            Index=$((Index+1))
+            continue
+        fi
+        json_select ".."
+        Index=$((Index+1))
+    done
 }
 
 # main
@@ -48,22 +82,18 @@ if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
    ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
 
     # set some vars
-    . /etc/community.cfg
-    project="$VPN_PROJECT"
     mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
-    lat=$(uci get system.@system[0].latitude)
-    long=$(uci get system.@system[0].longitude)
     hostname=$(cat /proc/sys/kernel/hostname)
     [ "$hostname" = "OpenWrt" ] && hostname=""
     [ "$hostname" = "" ] &&  hostname="$mac"
 
-    if [ ! -d /tmp/fastd_${project}_peers ]; then
+    if [ ! -d /tmp/fastd_FFF_peers ]; then
         # first run after reboot
-        mkdir /tmp/fastd_${project}_peers
+        mkdir /tmp/fastd_FFF_peers
         # do we have a fastd secret
-        if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>dev/null; then
+        if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>/dev/null; then
             secret=$(fastd --generate-key 2>&1 |  awk '/[Ss]ecret/ { print $2 }')
-            uci set fastd.${project}.secret="$secret"
+            uci set fastd.FFF.secret="$secret"
             uci commit fastd
         fi
         make_config
@@ -77,4 +107,7 @@ if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
         [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart
         /etc/init.d/fastd reload
     fi
-fi
+else
+    echo "Der Router kann keine Verbindung zum VPN-Server aufbauen"
+    echo "$0 macht nichts!"
+fi
\ No newline at end of file