[PATCH v12 5/6] vpn-select: Use keyxchangev2data instead of fastd_fff_output

Robert Langhammer rlanghammer at web.de
Mo Okt 2 22:44:07 CEST 2017



Hi,  
Am 2. Oktober 2017 18:57:42 MESZ schrieb Tim Niemeyer <tim at tn-x.org>:
>Hi
>
>Am Montag, den 02.10.2017, 18:05 +0200 schrieb Adrian Schmutzler:
>> This is a first consolidation step which gets rid of
>> /tmp/fastd_fff_output, but still requires /etc/fastd/fff/peers/*
>> 
>> Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
>> ---
>>  .../fff/fff-hoods/files/usr/sbin/configurehood     |  27 +----
>>  .../fff/fff-vpn-select/files/usr/sbin/vpn-select   | 121
>++++++++++++---------
>>  2 files changed, 69 insertions(+), 79 deletions(-)
>> 
>> diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
>b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
>> index 5346a90..ac800f4 100755
>> --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
>> +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
>> @@ -176,32 +176,7 @@ if [ -s /tmp/keyxchangev2data ]; then
>>  		exit 0
>>  	fi
>>  	
>> -	# and now we read the VPN Data and give this data to fff-vpn
>> -	json_select vpn
>> -	Index=1
>> -	rm /tmp/fastd_fff_output
>> -	touch /tmp/fastd_fff_output
>> -	while json_select "$Index" > /dev/null
>> -	do
>> -		json_get_var protocol protocol
>> -		if [ "$protocol" == "fastd" ]; then
>> -			json_get_var servername name
>> -			echo "####${servername}.conf" >> /tmp/fastd_fff_output
>> -			echo "#name \"${servername}\";" >> /tmp/fastd_fff_output
>> -			json_get_var key key
>> -			echo "key \"${key}\";" >> /tmp/fastd_fff_output
>> -			json_get_var address address
>> -			json_get_var port port
>> -			echo "remote ipv4 \"${address}\" port $port float;" >>
>/tmp/fastd_fff_output
>> -		fi
>> -		echo "" >> /tmp/fastd_fff_output
>> -		json_select ".." # back to vpn
>> -		Index=$(( Index + 1 ))
>> -	done
>> -	echo "###" >> /tmp/fastd_fff_output
>> -	json_select ".." # back to root
>> -	#this we do every 5 minutes, because it can change the VPN Protocol
>> -	#and now we get to vpn-select Script and load VPNs
>> +	# and now we get to vpn-select script and load VPNs directly from
>/tmp/keyxchangev2data
>>  	sh /usr/sbin/vpn-select
>>  	
>>  else
>> diff --git
>a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
>b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
>> index bb4c933..32e2ab4 100755
>> --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
>> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
>> @@ -2,72 +2,87 @@
>>  
>>  test -f /tmp/started || exit
>>  
>> +. /usr/share/libubox/jshn.sh
>> +
>>  make_config() {
>>  # remove old config
>>  >/etc/config/tunneldigger
>Gut, das ist ein symlink auf ein tmpfs.. Passt.
>
>>  rm /tmp/fastd_fff_peers/*
>>  count=0
>> +Index=1
>> +json_load "$(cat /tmp/keyxchangev2data)"
>> +json_select vpn
>>  # get fastd peers
>> -filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "",
>$0); print $0; }' /tmp/fastd_fff_output)
>> -for file in $filecounts; do
>> -    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};"
>/tmp/fastd_fff_output | sed 's/ float;/;/g' >
>/etc/fastd/fff/peers/$file
>> -    echo 'float yes;' >> /etc/fastd/fff/peers/$file
>> -
>> -    # ask for Broker and select the tunnel
>> -    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file)
>> -    if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ];
>then
>> -        # Gateway offers l2tp
>> -        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}'
>/etc/fastd/fff/peers/$file)
>> -        L2PORT=$((FDPORT + 10000))
>> -        UUID=$hostname
>> +while json_select "$Index" > /dev/null
>> +do
>> +	json_get_var protocol protocol
>> +	if [ "$protocol" == "fastd" ]; then
>> +		json_get_var servername name
>> +		filename="/etc/fastd/fff/peers/$servername"
>> +		echo "#name \"${servername}\";" > "$filename"
>> +		json_get_var key key
>> +		echo "key \"${key}\";" >> "$filename"
>> +		json_get_var address address
>> +		json_get_var port port
>> +		echo "remote ipv4 \"${address}\" port ${port};" >> "$filename"
>> +		echo "" >> "$filename"
>> +		echo "float yes;" >> "$filename"
>
>Hier fänd ich ein 
>	else if [ "$protocol" == "l2tpv3" ]; then
>besser als das hier:
>> +		# ask for Broker and select the tunnel
>> +		if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - 2>/dev/null)"
>]; then
>Aber bisher bin ich wohl der einzige der lieber so will. :(
Nein, da bist du nicht alleine. Ich hab diese Krücken damals blos eingebaut, weil man nichts am KeyXchange ändern wollte. 

Robert 
>
>> +			# Gateway offers l2tp
>> +			L2PORT=$((port + 10000))
>> +			UUID=$hostname
>Nur ne Kleinigkeit, aber es wäre mMn übersichtlicher wenn man hier
>einfach _immer_ die MAC nimmt anstatt den hostname. Ist aber im Grunde
>auch nicht so wichtig..
>
>>  
>> -        uci set tunneldigger.$count=broker
>> -        uci set tunneldigger.$count.address="$IP:$L2PORT"
>> -        uci set tunneldigger.$count.uuid="$UUID"
>> -        uci set tunneldigger.$count.interface="l2tp$count"
>> -        uci set tunneldigger.$count.enabled="1"
>> -        uci set
>tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
>> -        uci -c /tmp commit tunneldigger
>> -        count=$((count + 1))
>> -        # remove this fastd-peer
>> -        rm /etc/fastd/fff/peers/$file
>> -    fi
>> +			uci set tunneldigger.$count=broker
>> +			uci set tunneldigger.$count.address="${address}:$L2PORT"
>> +			uci set tunneldigger.$count.uuid="$UUID"
>> +			uci set tunneldigger.$count.interface="l2tp$count"
>> +			uci set tunneldigger.$count.enabled="1"
>> +			uci set
>tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
>> +			uci -c /tmp commit tunneldigger
>> +			count=$((count + 1))
>> +			# remove this fastd-peer
>> +			rm "$filename"
>> +		fi
>> +	fi
>> +	json_select ".." # back to vpn
>> +	Index=$(( Index + 1 ))
>>  done
>> +json_select ".." # back to root
>>  }
>>  
>>  # main
>>  
>>  # Only do something when file is here and greater 0 byte
>> -if [ -s /tmp/fastd_fff_output ]; then
>> -
>> -    # set some vars
>> -    hostname=$(cat /proc/sys/kernel/hostname)
>> -    mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }'
>/sys/class/net/br-mesh/address 2>/dev/null)
>> -    [ "$hostname" = "OpenWrt" ] && hostname=""
>> -    [ "$hostname" = "" ] &&  hostname="$mac"
>> -
>> -    if [ ! -d /tmp/fastd_fff_peers ]; then
>> -        # first run after reboot
>> -        mkdir /tmp/fastd_fff_peers
>> -        make_config
>> -        # start fastd only if there are some peers left
>> -        [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] &&
>/etc/init.d/fastd start
>> -        /etc/init.d/tunneldigger start
>> -    else
>> -        # check if new tunneldigger conf is different
>> -        sumold=$(sha256sum /etc/config/tunneldigger)
>> -        make_config
>> -        sumnew=$(sha256sum /etc/config/tunneldigger)
>> -        [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger
>restart
>> -        /etc/init.d/fastd reload
>> +if [ -s /tmp/keyxchangev2data ]; then
>> +	# set some vars
>> +	hostname=$(cat /proc/sys/kernel/hostname)
>> +	mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }'
>/sys/class/net/br-mesh/address 2>/dev/null)
>> +	[ "$hostname" = "LEDE" ] && hostname=""
>> +	[ "$hostname" = "" ] &&  hostname="$mac"
>Das ganze hin und her ge'if'fe könnte man sich durch den obigen
>Kommentar sparen.
>
>Wie gesagt, meine Anmerkungen sind entweder nicht so wichtig oder nicht
>konsensreif, von daher:
>
>Reviewed-by: Tim Niemeyer <tim at tn-x.org>
>
>Tim
>
>>  
>> -        # fastd start/stop for various situations
>> -        pidfile="/tmp/run/fastd.fff.pid"
>> -        if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
>> -            ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ])
>|| /etc/init.d/fastd start
>> -        else
>> -            ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ])
>&& /etc/init.d/fastd stop
>> -        fi
>> +	if [ ! -d /tmp/fastd_fff_peers ]; then
>> +		# first run after reboot
>> +		mkdir /tmp/fastd_fff_peers
>> +		make_config
>> +		# start fastd only if there are some peers left
>> +		[ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] &&
>/etc/init.d/fastd start
>> +		/etc/init.d/tunneldigger start
>> +	else
>> +		# check if new tunneldigger conf is different
>> +		sumold=$(sha256sum /etc/config/tunneldigger)
>> +		make_config
>> +		sumnew=$(sha256sum /etc/config/tunneldigger)
>> +		[ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart
>> +		/etc/init.d/fastd reload
>>  
>> -    fi
>> +		# fastd start/stop for various situations
>> +		pidfile="/tmp/run/fastd.fff.pid"
>> +		if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
>> +			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) ||
>/etc/init.d/fastd start
>> +		else
>> +			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) &&
>/etc/init.d/fastd stop
>> +		fi
>> +	fi
>>  fi
>> -- 
>> 2.7.4
>> 


Mehr Informationen über die Mailingliste franken-dev