[PATCH 3/4] Add package fff-vpn-select

mayosemmel mayosemmel at googlemail.com
Mo Jun 27 18:44:57 CEST 2016 

Am Sonntag, den 26.06.2016, 23:23 +0200 schrieb Robert Langhammer:
> Signed-off-by: Robert Langhammer <rlanghammer at web.de>
> ---
>  src/packages/fff/fff-vpn-select/Makefile           | 41 +++++++++++
>  .../files/etc/hotplug.d/iface/50-vpn-select        |  6 ++
>  .../files/usr/lib/micron.d/vpn-select              |  1 +
>  .../fff/fff-vpn-select/files/usr/sbin/vpn-select   | 80 ++++++++++++++++++++++
>  4 files changed, 128 insertions(+)
>  create mode 100644 src/packages/fff/fff-vpn-select/Makefile
>  create mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
>  create mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
>  create mode 100755 src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> 
> diff --git a/src/packages/fff/fff-vpn-select/Makefile b/src/packages/fff/fff-vpn-select/Makefile
> new file mode 100644
> index 0000000..30d9cc1
> --- /dev/null
> +++ b/src/packages/fff/fff-vpn-select/Makefile
> @@ -0,0 +1,41 @@
> +include $(TOPDIR)/rules.mk
> +
> +PKG_NAME:=fff-vpn-select
> +PKG_VERSION:=1
> +PKG_RELEASE:=1
> +
> +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-vpn-select
> +
> +include $(INCLUDE_DIR)/package.mk
> +
> +define Package/fff-vpn-select
> +    SECTION:=base
> +    CATEGORY:=Freifunk
> +    TITLE:= Freifunk-Franken vpn-select
> +    URL:=http://www.freifunk-franken.de
> +    DEPENDS:=+fff-tunneldigger \
> +             +fff-fastd
> +endef
> +
> +define Package/fff-vpn-select/description
> +    Thie package selects and starts the VPN 
> +    In this version fastd and l2tp via tunneldigger
> +endef
> +
> +define Build/Prepare
> +       echo "all: " > $(PKG_BUILD_DIR)/Makefile
> +endef
> +
> +define Build/Configure
> +       # nothing
> +endef
> +
> +define Build/Compile
> +       # nothing
> +endef
> +
> +define Package/fff-vpn-select/install
> +       $(CP) ./files/* $(1)/
> +endef
> +
> +$(eval $(call BuildPackage,fff-vpn-select))
> diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> new file mode 100755
> index 0000000..16d9853
> --- /dev/null
> +++ b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> @@ -0,0 +1,6 @@
> +#!/bin/sh 
> +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
> +       sleep 3
> +       /usr/sbin/vpn-select
> +}
> +
> diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> new file mode 100644
> index 0000000..dc20486
> --- /dev/null
> +++ b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> @@ -0,0 +1 @@
> +*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select
> diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> new file mode 100755
> index 0000000..165c584
> --- /dev/null
> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> @@ -0,0 +1,80 @@
> +#!/bin/sh
> +
> +test -f /tmp/started || exit
> +
> +make_config() {
> +# remove old config
> +>etc/config/tunneldigger
Hier nochmal das selbe. Wenn wir es unten per uci konfigurieren, sollten
wir es hier auch per uci löschen.
> +rm /tmp/fastd_${project}_peers/*
> +count=0
> +# get fastd peers
> +pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
> +wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
> +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
> +for file in $filecounts; do
> +    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
> +    echo 'float yes;' >> /etc/fastd/$project/peers/$file
> +
> +    # ask for Broker and select the tunnel
> +    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
> +    if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
> +        # Gateway offers l2tp
> +        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
> +        L2PORT=$((FDPORT + 10000))
> +        UUID=_$hostname
> +
> +        uci set tunneldigger.$count=broker
> +        uci set tunneldigger.$count.address="$IP:$L2PORT"
> +        uci set tunneldigger.$count.uuid="$UUID"
> +        uci set tunneldigger.$count.interface="l2tp$count"
> +        uci set tunneldigger.$count.enabled="1"
> +        uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
> +        uci commit tunneldigger
> +        count=$((count + 1))
> +        # remove this fastd-peer
> +        rm /etc/fastd/${project}/peers/$file
> +    fi
> +done
> +}
> +
> +# main
> +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver
> +test_ipv4_host2="8.8.8.8"        # Google DNS
> +test_ipv6_host1="heise.de"       # heise Zeitschriftenverlag
> +
> +# Only do something when the router has internet connection
> +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
> +   ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
> +   ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
> +
> +    #set some vars
> +    . /etc/community.cfg
> +    project="$VPN_PROJECT"
> +    mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
> +    lat=$(uci get system. at system[0].latitude)
> +    long=$(uci get system. at system[0].longitude)
> +    hostname=$(cat /proc/sys/kernel/hostname)
> +    [ "$hostname" = "OpenWrt" ] && hostname=""
> +    [ "$hostname" = "" ] &&  hostname="$mac"
> +
> +    if [ ! -d /tmp/fastd_${project}_peers ]; then
> +        # first run after reboot
> +        mkdir /tmp/fastd_${project}_peers
> +        # do we have a fastd secret
> +        if [ "$(uci get fastd.${project}.secret)" = "generate" -o -z "$(uci get fastd.${project}.secret)" ]; then
> +            secret=$(fastd --generate-key 2>&1 |  awk '/[Ss]ecret/ { print $2 }')
> +            uci set fastd.${project}.secret="$secret"
> +            uci commit fastd
> +        fi
> +        make_config
> +        /etc/init.d/fastd start
> +        /etc/init.d/tunneldigger start
> +    else
> +        # check if new tunneldigger conf is different
> +        md5old=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ")
> +        make_config
> +        md5new=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ")
Da wir ja mittlerweile auch SHA256 haben, sollten wir das hier eventuell
benutzen. Dann können wir md5 irgendwann rausschmeißen.
> +        [ "$md5new" != "$md5old" ] && /etc/init.d/tunneldigger restart
Gibt es an der Stelle einen Verbindungsabbruch?

Grüße Jan
> +        /etc/init.d/fastd reload
> +    fi
> +fi
> -- 
> 2.8.0.rc3
> 

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 473 bytes
Beschreibung: This is a digitally signed message part
URL         : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20160627/e9ceaf89/attachment.sig>

Mehr Informationen über die Mailingliste franken-dev