[RFC] Add Tunneldigger to WebUI
mayosemmel
mayosemmel at googlemail.com
Mo Apr 4 18:26:00 CEST 2016
Hallo Christian,
vielen Dank für deine Arbeit.
Anmerkungen inline...
Am Montag, den 04.04.2016, 14:57 +0200 schrieb Christian Dresel:
> Signed-off-by: Christian Dresel <fff at chrisi01.de>
>
> new file: .gitignore.orig
> new file: .gitignore.rej
> modified: bsp/default/root_file_system/etc/fastdstart.sh.tpl
> new file: bsp/default/root_file_system/etc/tunneldigger.hook
> modified: buildscript
> modified: src/packages/fff/fff-web/files/www/ssl/cgi-bin/home.html
> modified: src/packages/fff/fff-web/files/www/ssl/cgi-bin/settings.html
> modified: src/packages/fff/fff/Makefile
> ---
> .gitignore.orig | 13 ++
> .gitignore.rej | 9 +
> bsp/default/root_file_system/etc/fastdstart.sh.tpl | 198 +++++++++++++--------
> bsp/default/root_file_system/etc/tunneldigger.hook | 9 +
> buildscript | 7 +-
> .../fff/fff-web/files/www/ssl/cgi-bin/home.html | 7 +-
> .../fff-web/files/www/ssl/cgi-bin/settings.html | 17 ++
> src/packages/fff/fff/Makefile | 4 +-
> 8 files changed, 186 insertions(+), 78 deletions(-)
> create mode 100644 .gitignore.orig
> create mode 100644 .gitignore.rej
> mode change 100755 => 100644 bsp/default/root_file_system/etc/fastdstart.sh.tpl
> create mode 100644 bsp/default/root_file_system/etc/tunneldigger.hook
>
> diff --git a/.gitignore.orig b/.gitignore.orig
> new file mode 100644
> index 0000000..4d83dc3
> --- /dev/null
> +++ b/.gitignore.orig
> @@ -0,0 +1,13 @@
> +/selected_bsp
> +/selected_community
> +/build*
> +/bin*
> +/src/dl
> +/src/openwrt
> +/src/packages/fastd
> +/src/packages/openwrt
> +/src/packages/batman_adv
> +/src/packages/routing
> +/.project
> +/*.patch
> +/.mailmap
Die Datei wolltest du glaube ich nicht drin haben.
> diff --git a/.gitignore.rej b/.gitignore.rej
> new file mode 100644
> index 0000000..eb36f24
> --- /dev/null
> +++ b/.gitignore.rej
> @@ -0,0 +1,9 @@
> +--- .gitignore
> ++++ .gitignore
> +@@ -8,5 +8,6 @@ src/packages/fastd
> + src/packages/openwrt
> + src/packages/batman_adv
> + src/packages/routing
> ++src/packages/wlanslovenija
> + .project
> + ./*.patch
Die vermutlich auch nicht.
> diff --git a/bsp/default/root_file_system/etc/fastdstart.sh.tpl b/bsp/default/root_file_system/etc/fastdstart.sh.tpl
> old mode 100755
> new mode 100644
> index 5bb5165..a4a1dc3
> --- a/bsp/default/root_file_system/etc/fastdstart.sh.tpl
> +++ b/bsp/default/root_file_system/etc/fastdstart.sh.tpl
> @@ -3,93 +3,143 @@
> SERVER="no"
> #SERVERNAME="--servername--"
>
> -project="${VPN_PROJECT}"
> +project="fff"
Das war vermutlich auch nicht beabsichtigt?
>
> test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver
> test_ipv4_host2="8.8.8.8" # Google DNS
> test_ipv6_host1="heise.de" # heise Zeitschriftenverlag
>
> if [ "$SERVER" = "no" ]; then
> - test -f /tmp/started || exit
> + test -f /tmp/started || exit
Hier ist nichts verändert worden
> fi
>
> # Only do something with fastd when the router has internet connection
> -if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
> +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
Hier ebenfalls nicht
> ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
> ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
> - mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
> - if [ "$SERVER" = "no" ]; then
> - hostname=$(cat /proc/sys/kernel/hostname)
> -
> - if [ "$hostname" = "OpenWrt" ]; then
> - hostname=""
> - fi
> -
> - if [ "$hostname" = "" ]; then
> - hostname=$mac
> - fi
> - else
> - hostname=$SERVERNAME
> - fi
> -
> - if [ ! -d /etc/fastd ]; then
> - mkdir /etc/fastd
> - fi
> -
> - if [ ! -d /etc/fastd/$project ]; then
> - mkdir /etc/fastd/$project
> -
> - mkdir /tmp/fastd_${project}_peers
> - ln -s /tmp/fastd_${project}_peers /etc/fastd/$project/peers
> - echo "#!/bin/sh" > /etc/fastd/$project/up.sh
> - echo "ip link set up dev ${project}VPN" >> /etc/fastd/$project/up.sh
> - echo "echo enable > /sys/devices/virtual/net/${project}VPN/batman_adv/no_rebroadcast" >> /etc/fastd/$project/up.sh
> - echo "batctl if add ${project}VPN" >> /etc/fastd/$project/up.sh
> - chmod +x /etc/fastd/$project/up.sh
> -
> - secret=$(fastd --generate-key 2>&1 | grep -i secret | awk '{ print $2 }')
> - echo "include peers from \"/etc/fastd/$project/peers\";" >> /etc/fastd/${project}/${project}.conf
> - echo "log to syslog level warn;" >> /etc/fastd/${project}/${project}.conf
> - echo "method \"null\";" >> /etc/fastd/${project}/${project}.conf
> -# http://lists.nord-west.net/pipermail/freifunk-ol-dev/2013-July/000322.html
> -# echo "bind 0.0.0.0:10000;" >> /etc/fastd/${project}/${project}.conf
> - echo "interface \"${project}VPN\";" >> /etc/fastd/${project}/${project}.conf
> - echo "mtu 1426;" >> /etc/fastd/${project}/${project}.conf
> - echo "secret \"$secret\";" >> /etc/fastd/${project}/${project}.conf
> - echo "on up \"/etc/fastd/${project}/up.sh\";" >> /etc/fastd/${project}/${project}.conf
> - echo "secure handshakes no;" >> /etc/fastd/${project}/${project}.conf
> - fi
> -
> - if [ ! -d /tmp/fastd_${project}_peers ]; then
> - mkdir /tmp/fastd_${project}_peers
> - fi
> -
> - pubkey=$(fastd -c /etc/fastd/$project/$project.conf --show-key --machine-readable)
> -# port=666
> - lat=$(uci get system. at system[0].latitude)
> - long=$(uci get system. at system[0].longitude)
> -
> -# fire up
> - if [ "$(/sbin/ifconfig -a | grep -i ethernet | grep $project)" = "" ]; then
> - /bin/rm /var/run/fastd.$project.pid
> - fastd -c /etc/fastd/$project/$project.conf -d --pid-file /var/run/fastd.$project.pid
> - fi
> -
> -# register
> - wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
> -
> - filenames=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
> - for file in $filenames; do
> - awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
> - echo 'float yes;' >> /etc/fastd/$project/peers/$file
> - done
> -
> - #reload
> - kill -HUP $(cat /var/run/fastd.$project.pid)
Hier ist ein großteil auch nicht verändert worden. Weiteres siehe unten
> + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
> + if [ "$SERVER" = "no" ]; then
> + hostname=$(cat /proc/sys/kernel/hostname)
> +
> + if [ "$hostname" = "OpenWrt" ]; then
> + hostname=""
> + fi
> +
> + if [ "$hostname" = "" ]; then
> + hostname=$mac
> + fi
> + else
> + hostname=$SERVERNAME
> + fi
> +
> + if [ ! -d /etc/fastd ]; then
> + mkdir /etc/fastd
> + fi
> +
> + if [ ! -d /etc/fastd/$project ]; then
> + mkdir /etc/fastd/$project
> +
> + mkdir /tmp/fastd_${project}_peers
> + ln -s /tmp/fastd_${project}_peers /etc/fastd/$project/peers
> + echo "#!/bin/sh" > /etc/fastd/$project/up.sh
> + echo "ip link set up dev ${project}VPN" >> /etc/fastd/$project/up.sh
> + echo "echo enable > /sys/devices/virtual/net/${project}VPN/batman_adv/no_rebroadcast" >> /etc/fastd/
das hier ist sogar kaputt gegangen, weil das "$project/up.sh" fehlt
> + echo "batctl if add ${project}VPN" >> /etc/fastd/$project/up.sh
> + chmod +x /etc/fastd/$project/up.sh
> +
> + secret=$(fastd --generate-key 2>&1 | grep -i secret | awk '{ print $2 }')
> + echo "include peers from \"/etc/fastd/$project/peers\";" >> /etc/fastd/${project}/${project}.conf
> + echo "log to syslog level warn;" >> /etc/fastd/${project}/${project}.conf
> + echo "method \"null\";" >> /etc/fastd/${project}/${project}.conf
> +# http://lists.nord-west.net/pipermail/freifunk-ol-dev/2013-July/000322.html
> +# echo "bind 0.0.0.0:10000;" >> /etc/fastd/${project}/${project}.conf
> + echo "interface \"${project}VPN\";" >> /etc/fastd/${project}/${project}.conf
> + echo "mtu 1426;" >> /etc/fastd/${project}/${project}.conf
> + echo "secret \"$secret\";" >> /etc/fastd/${project}/${project}.conf
> + echo "on up \"/etc/fastd/${project}/up.sh\";" >> /etc/fastd/${project}/${project}.conf
> + echo "secure handshakes no;" >> /etc/fastd/${project}/${project}.conf
> + fi
> +
> + if [ ! -d /tmp/fastd_${project}_peers ]; then
> + mkdir /tmp/fastd_${project}_peers
> + fi
> +
> + pubkey=$(fastd -c /etc/fastd/$project/$project.conf --show-key --machine-readable)
> +# port=666
> + lat=$(uci get system. at system[0].latitude)
> + long=$(uci get system. at system[0].longitude)
> +
> + # register
> + wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
> +
> + filenames=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
> + for file in $filenames; do
> + awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
> + echo 'float yes;' >> /etc/fastd/$project/peers/$file
> + done
> +
> + if cat /tmp/l2tp | grep on >/dev/null ; then
> +
> + # fire up l2tp
> +
> + # Wir holen uns die Conf aus den peers des fastd
> + # Dort finden wir die IPs unserer GWs
> + # Die Ports rechnen wir aus den Fastd-ports aus +10000
> +
> + #peers neu holen
> + # sh /usr/sbin/fastdstart //ben..tigen wir nicht mehr wir sind ja bereits im Script!
sollte evtl. raus
> + #erstmal die alte Config weg
> + CONF="/etc/config/tunneldigger"
> + >$CONF
> + count=1
> + PEERS=$(ls /etc/fastd/fff/peers)
> + for peer in $PEERS; do
> + NAME=$(cat /etc/fastd/fff/peers/$peer | grep name | cut -f2 -d "\"")
> + IP=$(cat /etc/fastd/fff/peers/$peer | grep ipv4 | cut -f2 -d "\"")
> + PORT=$(cat /etc/fastd/fff/peers/$peer | grep ipv4 | cut -f5 -d " " | tr -dc 0-9)
> + PORT=$((PORT + 10000))
> + UUID=_$(cat /proc/sys/kernel/hostname)
wollen wir da nicht lieber die mac als uuid nehmen?
> + echo "add broker $NAME adress: $IP:$PORT at dev l2tp$count"
> + echo "config broker
> + list address '$IP:$PORT'
> + option uuid '$UUID'
> + option interface 'l2tp$count'
> + option enabled '0'
> + option hook_script '/etc/tunneldigger.hook'
> + " >> $CONF
> + count=$((count + 1))
> + done
> +
> + sed -i "s/enabled '0'/enabled '1'/g" /etc/config/tunneldigger
> + /etc/init.d/tunneldigger start
> + ip link set dev fffVPN down 2>/dev/null
> + batctl if del fffVPN 2>/dev/null
> + killall fastd 2>/dev/null
willst du den fastd tunnel evtl. erst killen, wenn du sicher bist das
ein l2tp da ist? Sonst hast du im schlechtesten Fall eine downtime
oder ?!
> +
> + sleep 10
> + # pr..fen ob ein Interface existiert, wenn keins existiert schalte l2tp wieder aus da kein GW vorhanden
Da ist das Encoding kaputt :-(
> + if ! ifconfig | grep l2tp >/dev/null ; then
> + echo "off" > /tmp/l2tp
> + fi
> + else
> +
> + # fire up
Du hast oben geschrieben "fire up l2tp", da fände ich hier "fire up
fastd" schöner
> + /etc/init.d/tunneldigger stop
> + sed -i "s/enabled '1'/enabled '0'/g" /etc/config/tunneldigger
> + if [ "$(/sbin/ifconfig -a | grep -i ethernet | grep $project)" = "" ]; then
> + /bin/rm /var/run/fastd.$project.pid
> + fastd -c /etc/fastd/$project/$project.conf -d --pid-file /var/run/fastd.$project.pid
> + fi
> +
> + fi
> +
> + #reload
> + kill -HUP $(cat /var/run/fastd.$project.pid)
> else
> - echo "Der Router kann keine Verbindung zum Fastdserver aufbauen"
> - echo "$0 macht nichts!"
> + echo "Der Router kann keine Verbindung zum Fastdserver aufbauen"
> + echo "$0 macht nichts!"
Hier wurde auch nichts verändert. Weiterhin fände ich es toll, wenn du
oben bei l2tp noch einfügst "Der Router kann keine Verbindung zum l2tp
Server aufbauen"
Grüße Jan
> fi
>
> exit 0
> # vim: noexpandtab
> +
> diff --git a/bsp/default/root_file_system/etc/tunneldigger.hook b/bsp/default/root_file_system/etc/tunneldigger.hook
> new file mode 100644
> index 0000000..f70c240
> --- /dev/null
> +++ b/bsp/default/root_file_system/etc/tunneldigger.hook
> @@ -0,0 +1,9 @@
> +#!/bin/sh
> +if [ $1 = session.up ]
> + then
> + logger -t tunneldigger.hook "Received 'session.up' for interface $2"
> + ip l s dev $2 up
> + batctl if add $2
> + #Muss noch getestet werden
> + #echo "enabled" > /sys/devices/virtual/net/$INTERFACE/batman_adv/no_rebroadcast
> +fi
> diff --git a/buildscript b/buildscript
> index 13d773e..973edce 100755
> --- a/buildscript
> +++ b/buildscript
> @@ -39,10 +39,15 @@ ROUTING=(routing
> e870c3373eea80df852d42fac3f40aaffd7a0f58)
> ROUTING_PKGS="alfred"
>
> +WLANSLOVENIJA=(wlanslovenija
> + https://github.com/wlanslovenija/firmware-packages-opkg
> + fec592e0540ef883bc8b27b77e7ff45d93ed3f24)
> +WLANSLOVENIJA_PKGS="tunneldigger"
> +
> FFF=(fff)
> FFF_PKGS="-a"
>
> -FEEDS=(OPENWRT ROUTING BATMAN_ADV FFF)
> +FEEDS=(OPENWRT ROUTING BATMAN_ADV WLANSLOVENIJA FFF)
>
> checkout_git(){
> local DIRECTORY=$1
> diff --git a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/home.html b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/home.html
> index af7841c..7441483 100755
> --- a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/home.html
> +++ b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/home.html
> @@ -30,7 +30,11 @@ if [ -n "$(default_gw 4 $wanif)" -o -n "$(default_gw 6 $wanif)" ]; then
> else
> internet_active="Nein"
> fi
> -
> +if ifconfig | grep l2tp >/dev/null ; then
> + l2tp_active="Ja"
> +else
> + l2tp_active="Nein"
> +fi
> %>
> <table style="width: 100%;">
> <tr><td>
> @@ -43,6 +47,7 @@ fi
> <tr><th>Bekannte Knoten:</th><td><%= $((`cat /sys/kernel/debug/batman_adv/bat0/transtable_global | grep '^ [^ ]' | cut -b 39-55 | sort | uniq | wc -l 2>/dev/null`+1)) %></td></tr>
> <tr><th>Nachbarknoten:</th><td><%= $(cat /sys/kernel/debug/batman_adv/bat0/originators | grep '^[0-9a-f]' | cut -b 37-53 | sort | uniq | wc -l 2>/dev/null) %></td></tr>
> <tr><th>VPN Aktiv:</th><td><%= ${vpn_active} %></td></tr>
> + <tr><th>l2tp Aktiv:</th><td><%= ${l2tp_active} %></td></tr>
> <tr><th>Laufzeit:</th><td><%= ${uptime} %></td></tr>
> <tr><th>Auslastung:</th><td><%= ${load} %></td></tr>
> <tr><th>Uhrzeit:</th><td><% date %></td></tr>
> diff --git a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/settings.html b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/settings.html
> index 859cf94..f8701bc 100755
> --- a/src/packages/fff/fff-web/files/www/ssl/cgi-bin/settings.html
> +++ b/src/packages/fff/fff-web/files/www/ssl/cgi-bin/settings.html
> @@ -32,6 +32,17 @@ if [ "$REQUEST_METHOD" == "POST" ] ; then
> uci set -q "simple-tc.example.limit_egress=${POST_limit_egress}"
>
> uci commit
> +
> + if [ "$POST_l2tp" == "on" ] ; then
> +
> + echo "on" > /tmp/l2tp
> +
> + else
> +
> + echo "off" > /tmp/l2tp
> +
> + fi
> +
> MSG='<span class="green">Daten gespeichert! - Bitte Router neustarten.</span>'
> fi
> fi
> @@ -45,6 +56,11 @@ if [ "$(uci get -q 'simple-tc.example.enabled')" == "1" ] ; then
> else
> traffic_checked=""
> fi
> +if cat /tmp/l2tp | grep on >/dev/null ; then
> + l2tp_checked="checked"
> +else
> + l2tp_checked=""
> +fi
> %>
> <% show_msg %>
> <form method="POST">
> @@ -64,6 +80,7 @@ fi
> <tr><th>GPS Längengrad:</th><td><input type="text" name="longitude" value="<%= $(uci get -q 'system. at system[0].longitude') %>" /></td></tr>
> <tr><th>Standortbeschreibung:</th><td><input type="text" name="position_comment" value="<%= $(uci get -q 'system. at system[0].position_comment') %>" /></td></tr>
> <tr><th>E-Mail Adresse:</th><td><input type="email" name="contact" value="<%= $(uci get -q 'system. at system[0].contact') %>" /></td></tr>
> + <tr><th>l2tp verwenden (experiementell):</th><td><input type="checkbox" name="l2tp" <%= ${l2tp_checked} %>></td></tr>
> </table>
> </fieldset>
> </td><td>
> diff --git a/src/packages/fff/fff/Makefile b/src/packages/fff/fff/Makefile
> index f480031..2ca416a 100644
> --- a/src/packages/fff/fff/Makefile
> +++ b/src/packages/fff/fff/Makefile
> @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
>
> PKG_NAME:=fff
> PKG_VERSION:=0.0.1
> -PKG_RELEASE:=5
> +PKG_RELEASE:=6
>
> PKG_BUILD_DIR:=$(BUILD_DIR)/fff
>
> @@ -14,7 +14,7 @@ define Package/fff-base
> DEFAULT:=y
> TITLE:= Freifunk-Franken Base
> URL:=http://www.freifunk-franken.de
> - DEPENDS:=+micrond +fff-nodewatcher +fff-web +fff-uradvd
> + DEPENDS:=+micrond +fff-nodewatcher +fff-web +fff-uradvd +fff-tunneldigger
> endef
>
> define Package/fff-base/description
> --
> 2.1.4
>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 473 bytes
Beschreibung: This is a digitally signed message part
URL : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20160404/0fabe3fc/attachment-0002.sig>
Mehr Informationen über die Mailingliste franken-dev