[PATCH v14 5/6] vpn-select: Use keyxchangev2data instead of fastd_fff_output
Adrian Schmutzler
freifunk at adrianschmutzler.de
Di Okt 3 15:18:35 CEST 2017
This is a first consolidation step which gets rid of
/tmp/fastd_fff_output, but still requires /etc/fastd/fff/peers/*
Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
---
.../fff/fff-hoods/files/usr/sbin/configurehood | 27 +----
.../fff/fff-vpn-select/files/usr/sbin/vpn-select | 121 ++++++++++++---------
2 files changed, 69 insertions(+), 79 deletions(-)
diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
index 8d6ebde..ce96b6e 100755
--- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
+++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
@@ -188,32 +188,7 @@ if [ -s /tmp/keyxchangev2data ]; then
exit 0
fi
- # and now we read the VPN Data and give this data to fff-vpn
- json_select vpn
- Index=1
- rm /tmp/fastd_fff_output
- touch /tmp/fastd_fff_output
- while json_select "$Index" > /dev/null
- do
- json_get_var protocol protocol
- if [ "$protocol" == "fastd" ]; then
- json_get_var servername name
- echo "####${servername}.conf" >> /tmp/fastd_fff_output
- echo "#name \"${servername}\";" >> /tmp/fastd_fff_output
- json_get_var key key
- echo "key \"${key}\";" >> /tmp/fastd_fff_output
- json_get_var address address
- json_get_var port port
- echo "remote ipv4 \"${address}\" port $port float;" >> /tmp/fastd_fff_output
- fi
- echo "" >> /tmp/fastd_fff_output
- json_select ".." # back to vpn
- Index=$(( Index + 1 ))
- done
- echo "###" >> /tmp/fastd_fff_output
- json_select ".." # back to root
- #this we do every 5 minutes, because it can change the VPN Protocol
- #and now we get to vpn-select Script and load VPNs
+ # and now we get to vpn-select script and load VPNs directly from /tmp/keyxchangev2data
sh /usr/sbin/vpn-select
else
diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
index bbc87cc..150efe2 100755
--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
@@ -1,71 +1,86 @@
#!/bin/sh
+. /usr/share/libubox/jshn.sh
+
make_config() {
# remove old config
>/etc/config/tunneldigger
rm /tmp/fastd_fff_peers/*
count=0
+Index=1
+json_load "$(cat /tmp/keyxchangev2data)"
+json_select vpn
# get fastd peers
-filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_fff_output)
-for file in $filecounts; do
- awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file
- echo 'float yes;' >> /etc/fastd/fff/peers/$file
-
- # ask for Broker and select the tunnel
- IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file)
- if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
- # Gateway offers l2tp
- FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/fff/peers/$file)
- L2PORT=$((FDPORT + 10000))
- UUID=$hostname
+while json_select "$Index" > /dev/null
+do
+ json_get_var protocol protocol
+ if [ "$protocol" == "fastd" ]; then
+ json_get_var servername name
+ filename="/etc/fastd/fff/peers/$servername"
+ echo "#name \"${servername}\";" > "$filename"
+ json_get_var key key
+ echo "key \"${key}\";" >> "$filename"
+ json_get_var address address
+ json_get_var port port
+ echo "remote ipv4 \"${address}\" port ${port};" >> "$filename"
+ echo "" >> "$filename"
+ echo "float yes;" >> "$filename"
+
+ # ask for Broker and select the tunnel
+ if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - 2>/dev/null)" ]; then
+ # Gateway offers l2tp
+ L2PORT=$((port + 10000))
+ UUID=$hostname
- uci set tunneldigger.$count=broker
- uci set tunneldigger.$count.address="$IP:$L2PORT"
- uci set tunneldigger.$count.uuid="$UUID"
- uci set tunneldigger.$count.interface="l2tp$count"
- uci set tunneldigger.$count.enabled="1"
- uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
- uci -c /tmp commit tunneldigger
- count=$((count + 1))
- # remove this fastd-peer
- rm /etc/fastd/fff/peers/$file
- fi
+ uci set tunneldigger.$count=broker
+ uci set tunneldigger.$count.address="${address}:$L2PORT"
+ uci set tunneldigger.$count.uuid="$UUID"
+ uci set tunneldigger.$count.interface="l2tp$count"
+ uci set tunneldigger.$count.enabled="1"
+ uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
+ uci -c /tmp commit tunneldigger
+ count=$((count + 1))
+ # remove this fastd-peer
+ rm "$filename"
+ fi
+ fi
+ json_select ".." # back to vpn
+ Index=$(( Index + 1 ))
done
+json_select ".." # back to root
}
# main
# Only do something when file is here and greater 0 byte
-if [ -s /tmp/fastd_fff_output ]; then
-
- # set some vars
- hostname=$(cat /proc/sys/kernel/hostname)
- mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
- [ "$hostname" = "OpenWrt" ] && hostname=""
- [ "$hostname" = "" ] && hostname="$mac"
-
- if [ ! -d /tmp/fastd_fff_peers ]; then
- # first run after reboot
- mkdir /tmp/fastd_fff_peers
- make_config
- # start fastd only if there are some peers left
- [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
- /etc/init.d/tunneldigger start
- else
- # check if new tunneldigger conf is different
- sumold=$(sha256sum /etc/config/tunneldigger)
- make_config
- sumnew=$(sha256sum /etc/config/tunneldigger)
- [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart
- /etc/init.d/fastd reload
+if [ -s /tmp/keyxchangev2data ]; then
+ # set some vars
+ hostname=$(cat /proc/sys/kernel/hostname)
+ mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
+ [ "$hostname" = "LEDE" ] && hostname=""
+ [ "$hostname" = "" ] && hostname="$mac"
- # fastd start/stop for various situations
- pidfile="/tmp/run/fastd.fff.pid"
- if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
- ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
- else
- ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
- fi
+ if [ ! -d /tmp/fastd_fff_peers ]; then
+ # first run after reboot
+ mkdir /tmp/fastd_fff_peers
+ make_config
+ # start fastd only if there are some peers left
+ [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
+ /etc/init.d/tunneldigger start
+ else
+ # check if new tunneldigger conf is different
+ sumold=$(sha256sum /etc/config/tunneldigger)
+ make_config
+ sumnew=$(sha256sum /etc/config/tunneldigger)
+ [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart
+ /etc/init.d/fastd reload
- fi
+ # fastd start/stop for various situations
+ pidfile="/tmp/run/fastd.fff.pid"
+ if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
+ ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
+ else
+ ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
+ fi
+ fi
fi
--
2.7.4
Mehr Informationen über die Mailingliste franken-dev