Message ID | 1507210666-20961-5-git-send-email-freifunk@adrianschmutzler.de |
---|---|
State | Superseded |
Headers | show |
diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood index ab6bd53..0233056 100755 --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood @@ -194,32 +194,7 @@ if [ -s /tmp/keyxchangev2data ]; then exit 0 fi - # and now we read the VPN Data and give this data to fff-vpn - json_select vpn - Index=1 - rm /tmp/fastd_fff_output - touch /tmp/fastd_fff_output - while json_select "$Index" > /dev/null - do - json_get_var protocol protocol - if [ "$protocol" == "fastd" ]; then - json_get_var servername name - echo "####${servername}.conf" >> /tmp/fastd_fff_output - echo "#name \"${servername}\";" >> /tmp/fastd_fff_output - json_get_var key key - echo "key \"${key}\";" >> /tmp/fastd_fff_output - json_get_var address address - json_get_var port port - echo "remote ipv4 \"${address}\" port $port float;" >> /tmp/fastd_fff_output - fi - echo "" >> /tmp/fastd_fff_output - json_select ".." # back to vpn - Index=$(( Index + 1 )) - done - echo "###" >> /tmp/fastd_fff_output - json_select ".." # back to root - #this we do every 5 minutes, because it can change the VPN Protocol - #and now we get to vpn-select Script and load VPNs + # and now we get to vpn-select script and load VPNs directly from /tmp/keyxchangev2data if hasInternet ; then sh /usr/sbin/vpn-select diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select index bbc87cc..150efe2 100755 --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select @@ -1,71 +1,86 @@ #!/bin/sh +. /usr/share/libubox/jshn.sh + make_config() { # remove old config >/etc/config/tunneldigger rm /tmp/fastd_fff_peers/* count=0 +Index=1 +json_load "$(cat /tmp/keyxchangev2data)" +json_select vpn # get fastd peers -filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_fff_output) -for file in $filecounts; do - awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file - echo 'float yes;' >> /etc/fastd/fff/peers/$file - - # ask for Broker and select the tunnel - IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file) - if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then - # Gateway offers l2tp - FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/fff/peers/$file) - L2PORT=$((FDPORT + 10000)) - UUID=$hostname +while json_select "$Index" > /dev/null +do + json_get_var protocol protocol + if [ "$protocol" == "fastd" ]; then + json_get_var servername name + filename="/etc/fastd/fff/peers/$servername" + echo "#name \"${servername}\";" > "$filename" + json_get_var key key + echo "key \"${key}\";" >> "$filename" + json_get_var address address + json_get_var port port + echo "remote ipv4 \"${address}\" port ${port};" >> "$filename" + echo "" >> "$filename" + echo "float yes;" >> "$filename" + + # ask for Broker and select the tunnel + if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - 2>/dev/null)" ]; then + # Gateway offers l2tp + L2PORT=$((port + 10000)) + UUID=$hostname - uci set tunneldigger.$count=broker - uci set tunneldigger.$count.address="$IP:$L2PORT" - uci set tunneldigger.$count.uuid="$UUID" - uci set tunneldigger.$count.interface="l2tp$count" - uci set tunneldigger.$count.enabled="1" - uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' - uci -c /tmp commit tunneldigger - count=$((count + 1)) - # remove this fastd-peer - rm /etc/fastd/fff/peers/$file - fi + uci set tunneldigger.$count=broker + uci set tunneldigger.$count.address="${address}:$L2PORT" + uci set tunneldigger.$count.uuid="$UUID" + uci set tunneldigger.$count.interface="l2tp$count" + uci set tunneldigger.$count.enabled="1" + uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' + uci -c /tmp commit tunneldigger + count=$((count + 1)) + # remove this fastd-peer + rm "$filename" + fi + fi + json_select ".." # back to vpn + Index=$(( Index + 1 )) done +json_select ".." # back to root } # main # Only do something when file is here and greater 0 byte -if [ -s /tmp/fastd_fff_output ]; then - - # set some vars - hostname=$(cat /proc/sys/kernel/hostname) - mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) - [ "$hostname" = "OpenWrt" ] && hostname="" - [ "$hostname" = "" ] && hostname="$mac" - - if [ ! -d /tmp/fastd_fff_peers ]; then - # first run after reboot - mkdir /tmp/fastd_fff_peers - make_config - # start fastd only if there are some peers left - [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start - /etc/init.d/tunneldigger start - else - # check if new tunneldigger conf is different - sumold=$(sha256sum /etc/config/tunneldigger) - make_config - sumnew=$(sha256sum /etc/config/tunneldigger) - [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart - /etc/init.d/fastd reload +if [ -s /tmp/keyxchangev2data ]; then + # set some vars + hostname=$(cat /proc/sys/kernel/hostname) + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) + [ "$hostname" = "LEDE" ] && hostname="" + [ "$hostname" = "" ] && hostname="$mac" - # fastd start/stop for various situations - pidfile="/tmp/run/fastd.fff.pid" - if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start - else - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop - fi + if [ ! -d /tmp/fastd_fff_peers ]; then + # first run after reboot + mkdir /tmp/fastd_fff_peers + make_config + # start fastd only if there are some peers left + [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start + /etc/init.d/tunneldigger start + else + # check if new tunneldigger conf is different + sumold=$(sha256sum /etc/config/tunneldigger) + make_config + sumnew=$(sha256sum /etc/config/tunneldigger) + [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart + /etc/init.d/fastd reload - fi + # fastd start/stop for various situations + pidfile="/tmp/run/fastd.fff.pid" + if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start + else + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop + fi + fi fi
Tested on Uplink and Mesh. Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> > -----Original Message----- > From: franken-dev [mailto:franken-dev-bounces@freifunk.net] On Behalf > Of Adrian Schmutzler > Sent: Donnerstag, 5. Oktober 2017 15:38 > To: franken-dev@freifunk.net > Subject: [PATCH v16 5/6] vpn-select: Use keyxchangev2data instead of > fastd_fff_output > > This is a first consolidation step which gets rid of /tmp/fastd_fff_output, but > still requires /etc/fastd/fff/peers/* > > Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> > > Reviewed-by: Tim Niemeyer <tim@tn-x.org> > > Changes: > - No changes since initial version. > --- > .../fff/fff-hoods/files/usr/sbin/configurehood | 27 +---- > .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 121 > ++++++++++++--------- > 2 files changed, 69 insertions(+), 79 deletions(-) > > diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > index ab6bd53..0233056 100755 > --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > @@ -194,32 +194,7 @@ if [ -s /tmp/keyxchangev2data ]; then > exit 0 > fi > > - # and now we read the VPN Data and give this data to fff-vpn > - json_select vpn > - Index=1 > - rm /tmp/fastd_fff_output > - touch /tmp/fastd_fff_output > - while json_select "$Index" > /dev/null > - do > - json_get_var protocol protocol > - if [ "$protocol" == "fastd" ]; then > - json_get_var servername name > - echo "####${servername}.conf" >> > /tmp/fastd_fff_output > - echo "#name \"${servername}\";" >> > /tmp/fastd_fff_output > - json_get_var key key > - echo "key \"${key}\";" >> /tmp/fastd_fff_output > - json_get_var address address > - json_get_var port port > - echo "remote ipv4 \"${address}\" port $port > float;" >> /tmp/fastd_fff_output > - fi > - echo "" >> /tmp/fastd_fff_output > - json_select ".." # back to vpn > - Index=$(( Index + 1 )) > - done > - echo "###" >> /tmp/fastd_fff_output > - json_select ".." # back to root > - #this we do every 5 minutes, because it can change the VPN > Protocol > - #and now we get to vpn-select Script and load VPNs > + # and now we get to vpn-select script and load VPNs directly from > /tmp/keyxchangev2data > > if hasInternet ; then > sh /usr/sbin/vpn-select > diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > index bbc87cc..150efe2 100755 > --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > @@ -1,71 +1,86 @@ > #!/bin/sh > > +. /usr/share/libubox/jshn.sh > + > make_config() { > # remove old config > >/etc/config/tunneldigger > rm /tmp/fastd_fff_peers/* > count=0 > +Index=1 > +json_load "$(cat /tmp/keyxchangev2data)" > +json_select vpn > # get fastd peers > -filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); > print $0; }' /tmp/fastd_fff_output) -for file in $filecounts; do > - awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" > /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file > - echo 'float yes;' >> /etc/fastd/fff/peers/$file > - > - # ask for Broker and select the tunnel > - IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file) > - if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then > - # Gateway offers l2tp > - FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' > /etc/fastd/fff/peers/$file) > - L2PORT=$((FDPORT + 10000)) > - UUID=$hostname > +while json_select "$Index" > /dev/null > +do > + json_get_var protocol protocol > + if [ "$protocol" == "fastd" ]; then > + json_get_var servername name > + filename="/etc/fastd/fff/peers/$servername" > + echo "#name \"${servername}\";" > "$filename" > + json_get_var key key > + echo "key \"${key}\";" >> "$filename" > + json_get_var address address > + json_get_var port port > + echo "remote ipv4 \"${address}\" port ${port};" >> > "$filename" > + echo "" >> "$filename" > + echo "float yes;" >> "$filename" > + > + # ask for Broker and select the tunnel > + if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - > 2>/dev/null)" ]; then > + # Gateway offers l2tp > + L2PORT=$((port + 10000)) > + UUID=$hostname > > - uci set tunneldigger.$count=broker > - uci set tunneldigger.$count.address="$IP:$L2PORT" > - uci set tunneldigger.$count.uuid="$UUID" > - uci set tunneldigger.$count.interface="l2tp$count" > - uci set tunneldigger.$count.enabled="1" > - uci set > tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' > - uci -c /tmp commit tunneldigger > - count=$((count + 1)) > - # remove this fastd-peer > - rm /etc/fastd/fff/peers/$file > - fi > + uci set tunneldigger.$count=broker > + uci set > tunneldigger.$count.address="${address}:$L2PORT" > + uci set tunneldigger.$count.uuid="$UUID" > + uci set tunneldigger.$count.interface="l2tp$count" > + uci set tunneldigger.$count.enabled="1" > + uci set > tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' > + uci -c /tmp commit tunneldigger > + count=$((count + 1)) > + # remove this fastd-peer > + rm "$filename" > + fi > + fi > + json_select ".." # back to vpn > + Index=$(( Index + 1 )) > done > +json_select ".." # back to root > } > > # main > > # Only do something when file is here and greater 0 byte -if [ -s > /tmp/fastd_fff_output ]; then > - > - # set some vars > - hostname=$(cat /proc/sys/kernel/hostname) > - mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' > /sys/class/net/br-mesh/address 2>/dev/null) > - [ "$hostname" = "OpenWrt" ] && hostname="" > - [ "$hostname" = "" ] && hostname="$mac" > - > - if [ ! -d /tmp/fastd_fff_peers ]; then > - # first run after reboot > - mkdir /tmp/fastd_fff_peers > - make_config > - # start fastd only if there are some peers left > - [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && > /etc/init.d/fastd start > - /etc/init.d/tunneldigger start > - else > - # check if new tunneldigger conf is different > - sumold=$(sha256sum /etc/config/tunneldigger) > - make_config > - sumnew=$(sha256sum /etc/config/tunneldigger) > - [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart > - /etc/init.d/fastd reload > +if [ -s /tmp/keyxchangev2data ]; then > + # set some vars > + hostname=$(cat /proc/sys/kernel/hostname) > + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' > /sys/class/net/br-mesh/address 2>/dev/null) > + [ "$hostname" = "LEDE" ] && hostname="" > + [ "$hostname" = "" ] && hostname="$mac" > > - # fastd start/stop for various situations > - pidfile="/tmp/run/fastd.fff.pid" > - if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then > - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || > /etc/init.d/fastd start > - else > - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && > /etc/init.d/fastd stop > - fi > + if [ ! -d /tmp/fastd_fff_peers ]; then > + # first run after reboot > + mkdir /tmp/fastd_fff_peers > + make_config > + # start fastd only if there are some peers left > + [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && > /etc/init.d/fastd start > + /etc/init.d/tunneldigger start > + else > + # check if new tunneldigger conf is different > + sumold=$(sha256sum /etc/config/tunneldigger) > + make_config > + sumnew=$(sha256sum /etc/config/tunneldigger) > + [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger > restart > + /etc/init.d/fastd reload > > - fi > + # fastd start/stop for various situations > + pidfile="/tmp/run/fastd.fff.pid" > + if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then > + ([ -s "$pidfile" ] && [ -d "/proc/$(cat > "$pidfile")" ]) || /etc/init.d/fastd start > + else > + ([ -s "$pidfile" ] && [ -d "/proc/$(cat > "$pidfile")" ]) && /etc/init.d/fastd stop > + fi > + fi > fi > -- > 2.7.4 > > -- > franken-dev mailing list > franken-dev@freifunk.net > http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net