[PATCH v12 5/6] vpn-select: Use keyxchangev2data instead of fastd_fff_output

Tim Niemeyer tim at tn-x.org
Mo Okt 2 18:57:42 CEST 2017 

Hi

Am Montag, den 02.10.2017, 18:05 +0200 schrieb Adrian Schmutzler:
> This is a first consolidation step which gets rid of
> /tmp/fastd_fff_output, but still requires /etc/fastd/fff/peers/*
> 
> Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
> ---
>  .../fff/fff-hoods/files/usr/sbin/configurehood     |  27 +----
>  .../fff/fff-vpn-select/files/usr/sbin/vpn-select   | 121 ++++++++++++---------
>  2 files changed, 69 insertions(+), 79 deletions(-)
> 
> diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
> index 5346a90..ac800f4 100755
> --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
> +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
> @@ -176,32 +176,7 @@ if [ -s /tmp/keyxchangev2data ]; then
>  		exit 0
>  	fi
>  	
> -	# and now we read the VPN Data and give this data to fff-vpn
> -	json_select vpn
> -	Index=1
> -	rm /tmp/fastd_fff_output
> -	touch /tmp/fastd_fff_output
> -	while json_select "$Index" > /dev/null
> -	do
> -		json_get_var protocol protocol
> -		if [ "$protocol" == "fastd" ]; then
> -			json_get_var servername name
> -			echo "####${servername}.conf" >> /tmp/fastd_fff_output
> -			echo "#name \"${servername}\";" >> /tmp/fastd_fff_output
> -			json_get_var key key
> -			echo "key \"${key}\";" >> /tmp/fastd_fff_output
> -			json_get_var address address
> -			json_get_var port port
> -			echo "remote ipv4 \"${address}\" port $port float;" >> /tmp/fastd_fff_output
> -		fi
> -		echo "" >> /tmp/fastd_fff_output
> -		json_select ".." # back to vpn
> -		Index=$(( Index + 1 ))
> -	done
> -	echo "###" >> /tmp/fastd_fff_output
> -	json_select ".." # back to root
> -	#this we do every 5 minutes, because it can change the VPN Protocol
> -	#and now we get to vpn-select Script and load VPNs
> +	# and now we get to vpn-select script and load VPNs directly from /tmp/keyxchangev2data
>  	sh /usr/sbin/vpn-select
>  	
>  else
> diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> index bb4c933..32e2ab4 100755
> --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> @@ -2,72 +2,87 @@
>  
>  test -f /tmp/started || exit
>  
> +. /usr/share/libubox/jshn.sh
> +
>  make_config() {
>  # remove old config
>  >/etc/config/tunneldigger
Gut, das ist ein symlink auf ein tmpfs.. Passt.

>  rm /tmp/fastd_fff_peers/*
>  count=0
> +Index=1
> +json_load "$(cat /tmp/keyxchangev2data)"
> +json_select vpn
>  # get fastd peers
> -filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_fff_output)
> -for file in $filecounts; do
> -    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file
> -    echo 'float yes;' >> /etc/fastd/fff/peers/$file
> -
> -    # ask for Broker and select the tunnel
> -    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file)
> -    if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
> -        # Gateway offers l2tp
> -        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/fff/peers/$file)
> -        L2PORT=$((FDPORT + 10000))
> -        UUID=$hostname
> +while json_select "$Index" > /dev/null
> +do
> +	json_get_var protocol protocol
> +	if [ "$protocol" == "fastd" ]; then
> +		json_get_var servername name
> +		filename="/etc/fastd/fff/peers/$servername"
> +		echo "#name \"${servername}\";" > "$filename"
> +		json_get_var key key
> +		echo "key \"${key}\";" >> "$filename"
> +		json_get_var address address
> +		json_get_var port port
> +		echo "remote ipv4 \"${address}\" port ${port};" >> "$filename"
> +		echo "" >> "$filename"
> +		echo "float yes;" >> "$filename"

Hier fänd ich ein 
	else if [ "$protocol" == "l2tpv3" ]; then
besser als das hier:
> +		# ask for Broker and select the tunnel
> +		if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - 2>/dev/null)" ]; then
Aber bisher bin ich wohl der einzige der lieber so will. :(

> +			# Gateway offers l2tp
> +			L2PORT=$((port + 10000))
> +			UUID=$hostname
Nur ne Kleinigkeit, aber es wäre mMn übersichtlicher wenn man hier
einfach _immer_ die MAC nimmt anstatt den hostname. Ist aber im Grunde
auch nicht so wichtig..

>  
> -        uci set tunneldigger.$count=broker
> -        uci set tunneldigger.$count.address="$IP:$L2PORT"
> -        uci set tunneldigger.$count.uuid="$UUID"
> -        uci set tunneldigger.$count.interface="l2tp$count"
> -        uci set tunneldigger.$count.enabled="1"
> -        uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
> -        uci -c /tmp commit tunneldigger
> -        count=$((count + 1))
> -        # remove this fastd-peer
> -        rm /etc/fastd/fff/peers/$file
> -    fi
> +			uci set tunneldigger.$count=broker
> +			uci set tunneldigger.$count.address="${address}:$L2PORT"
> +			uci set tunneldigger.$count.uuid="$UUID"
> +			uci set tunneldigger.$count.interface="l2tp$count"
> +			uci set tunneldigger.$count.enabled="1"
> +			uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
> +			uci -c /tmp commit tunneldigger
> +			count=$((count + 1))
> +			# remove this fastd-peer
> +			rm "$filename"
> +		fi
> +	fi
> +	json_select ".." # back to vpn
> +	Index=$(( Index + 1 ))
>  done
> +json_select ".." # back to root
>  }
>  
>  # main
>  
>  # Only do something when file is here and greater 0 byte
> -if [ -s /tmp/fastd_fff_output ]; then
> -
> -    # set some vars
> -    hostname=$(cat /proc/sys/kernel/hostname)
> -    mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
> -    [ "$hostname" = "OpenWrt" ] && hostname=""
> -    [ "$hostname" = "" ] &&  hostname="$mac"
> -
> -    if [ ! -d /tmp/fastd_fff_peers ]; then
> -        # first run after reboot
> -        mkdir /tmp/fastd_fff_peers
> -        make_config
> -        # start fastd only if there are some peers left
> -        [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
> -        /etc/init.d/tunneldigger start
> -    else
> -        # check if new tunneldigger conf is different
> -        sumold=$(sha256sum /etc/config/tunneldigger)
> -        make_config
> -        sumnew=$(sha256sum /etc/config/tunneldigger)
> -        [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart
> -        /etc/init.d/fastd reload
> +if [ -s /tmp/keyxchangev2data ]; then
> +	# set some vars
> +	hostname=$(cat /proc/sys/kernel/hostname)
> +	mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
> +	[ "$hostname" = "LEDE" ] && hostname=""
> +	[ "$hostname" = "" ] &&  hostname="$mac"
Das ganze hin und her ge'if'fe könnte man sich durch den obigen
Kommentar sparen.

Wie gesagt, meine Anmerkungen sind entweder nicht so wichtig oder nicht
konsensreif, von daher:

Reviewed-by: Tim Niemeyer <tim at tn-x.org>

Tim

>  
> -        # fastd start/stop for various situations
> -        pidfile="/tmp/run/fastd.fff.pid"
> -        if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
> -            ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
> -        else
> -            ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
> -        fi
> +	if [ ! -d /tmp/fastd_fff_peers ]; then
> +		# first run after reboot
> +		mkdir /tmp/fastd_fff_peers
> +		make_config
> +		# start fastd only if there are some peers left
> +		[ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
> +		/etc/init.d/tunneldigger start
> +	else
> +		# check if new tunneldigger conf is different
> +		sumold=$(sha256sum /etc/config/tunneldigger)
> +		make_config
> +		sumnew=$(sha256sum /etc/config/tunneldigger)
> +		[ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart
> +		/etc/init.d/fastd reload
>  
> -    fi
> +		# fastd start/stop for various situations
> +		pidfile="/tmp/run/fastd.fff.pid"
> +		if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
> +			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
> +		else
> +			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
> +		fi
> +	fi
>  fi
> -- 
> 2.7.4
> 

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 473 bytes
Beschreibung: This is a digitally signed message part
URL         : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20171002/87a838e4/attachment.sig>

Mehr Informationen über die Mailingliste franken-dev