[PATCH v14 5/6] vpn-select: Use keyxchangev2data instead of fastd_fff_output

Adrian Schmutzler freifunk at adrianschmutzler.de
Di Okt 3 15:18:35 CEST 2017


This is a first consolidation step which gets rid of
/tmp/fastd_fff_output, but still requires /etc/fastd/fff/peers/*

Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>

Tested-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>
---
 .../fff/fff-hoods/files/usr/sbin/configurehood     |  27 +----
 .../fff/fff-vpn-select/files/usr/sbin/vpn-select   | 121 ++++++++++++---------
 2 files changed, 69 insertions(+), 79 deletions(-)

diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
index 8d6ebde..ce96b6e 100755
--- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
+++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood
@@ -188,32 +188,7 @@ if [ -s /tmp/keyxchangev2data ]; then
 		exit 0
 	fi
 	
-	# and now we read the VPN Data and give this data to fff-vpn
-	json_select vpn
-	Index=1
-	rm /tmp/fastd_fff_output
-	touch /tmp/fastd_fff_output
-	while json_select "$Index" > /dev/null
-	do
-		json_get_var protocol protocol
-		if [ "$protocol" == "fastd" ]; then
-			json_get_var servername name
-			echo "####${servername}.conf" >> /tmp/fastd_fff_output
-			echo "#name \"${servername}\";" >> /tmp/fastd_fff_output
-			json_get_var key key
-			echo "key \"${key}\";" >> /tmp/fastd_fff_output
-			json_get_var address address
-			json_get_var port port
-			echo "remote ipv4 \"${address}\" port $port float;" >> /tmp/fastd_fff_output
-		fi
-		echo "" >> /tmp/fastd_fff_output
-		json_select ".." # back to vpn
-		Index=$(( Index + 1 ))
-	done
-	echo "###" >> /tmp/fastd_fff_output
-	json_select ".." # back to root
-	#this we do every 5 minutes, because it can change the VPN Protocol
-	#and now we get to vpn-select Script and load VPNs
+	# and now we get to vpn-select script and load VPNs directly from /tmp/keyxchangev2data
 	sh /usr/sbin/vpn-select
 	
 else
diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
index bbc87cc..150efe2 100755
--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
@@ -1,71 +1,86 @@
 #!/bin/sh
 
+. /usr/share/libubox/jshn.sh
+
 make_config() {
 # remove old config
 >/etc/config/tunneldigger
 rm /tmp/fastd_fff_peers/*
 count=0
+Index=1
+json_load "$(cat /tmp/keyxchangev2data)"
+json_select vpn
 # get fastd peers
-filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_fff_output)
-for file in $filecounts; do
-    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file
-    echo 'float yes;' >> /etc/fastd/fff/peers/$file
-
-    # ask for Broker and select the tunnel
-    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file)
-    if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
-        # Gateway offers l2tp
-        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/fff/peers/$file)
-        L2PORT=$((FDPORT + 10000))
-        UUID=$hostname
+while json_select "$Index" > /dev/null
+do
+	json_get_var protocol protocol
+	if [ "$protocol" == "fastd" ]; then
+		json_get_var servername name
+		filename="/etc/fastd/fff/peers/$servername"
+		echo "#name \"${servername}\";" > "$filename"
+		json_get_var key key
+		echo "key \"${key}\";" >> "$filename"
+		json_get_var address address
+		json_get_var port port
+		echo "remote ipv4 \"${address}\" port ${port};" >> "$filename"
+		echo "" >> "$filename"
+		echo "float yes;" >> "$filename"
+		
+		# ask for Broker and select the tunnel
+		if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - 2>/dev/null)" ]; then
+			# Gateway offers l2tp
+			L2PORT=$((port + 10000))
+			UUID=$hostname
 
-        uci set tunneldigger.$count=broker
-        uci set tunneldigger.$count.address="$IP:$L2PORT"
-        uci set tunneldigger.$count.uuid="$UUID"
-        uci set tunneldigger.$count.interface="l2tp$count"
-        uci set tunneldigger.$count.enabled="1"
-        uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
-        uci -c /tmp commit tunneldigger
-        count=$((count + 1))
-        # remove this fastd-peer
-        rm /etc/fastd/fff/peers/$file
-    fi
+			uci set tunneldigger.$count=broker
+			uci set tunneldigger.$count.address="${address}:$L2PORT"
+			uci set tunneldigger.$count.uuid="$UUID"
+			uci set tunneldigger.$count.interface="l2tp$count"
+			uci set tunneldigger.$count.enabled="1"
+			uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
+			uci -c /tmp commit tunneldigger
+			count=$((count + 1))
+			# remove this fastd-peer
+			rm "$filename"
+		fi
+	fi
+	json_select ".." # back to vpn
+	Index=$(( Index + 1 ))
 done
+json_select ".." # back to root
 }
 
 # main
 
 # Only do something when file is here and greater 0 byte
-if [ -s /tmp/fastd_fff_output ]; then
-
-    # set some vars
-    hostname=$(cat /proc/sys/kernel/hostname)
-    mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
-    [ "$hostname" = "OpenWrt" ] && hostname=""
-    [ "$hostname" = "" ] &&  hostname="$mac"
-
-    if [ ! -d /tmp/fastd_fff_peers ]; then
-        # first run after reboot
-        mkdir /tmp/fastd_fff_peers
-        make_config
-        # start fastd only if there are some peers left
-        [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
-        /etc/init.d/tunneldigger start
-    else
-        # check if new tunneldigger conf is different
-        sumold=$(sha256sum /etc/config/tunneldigger)
-        make_config
-        sumnew=$(sha256sum /etc/config/tunneldigger)
-        [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart
-        /etc/init.d/fastd reload
+if [ -s /tmp/keyxchangev2data ]; then
+	# set some vars
+	hostname=$(cat /proc/sys/kernel/hostname)
+	mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
+	[ "$hostname" = "LEDE" ] && hostname=""
+	[ "$hostname" = "" ] &&  hostname="$mac"
 
-        # fastd start/stop for various situations
-        pidfile="/tmp/run/fastd.fff.pid"
-        if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
-            ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
-        else
-            ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
-        fi
+	if [ ! -d /tmp/fastd_fff_peers ]; then
+		# first run after reboot
+		mkdir /tmp/fastd_fff_peers
+		make_config
+		# start fastd only if there are some peers left
+		[ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
+		/etc/init.d/tunneldigger start
+	else
+		# check if new tunneldigger conf is different
+		sumold=$(sha256sum /etc/config/tunneldigger)
+		make_config
+		sumnew=$(sha256sum /etc/config/tunneldigger)
+		[ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart
+		/etc/init.d/fastd reload
 
-    fi
+		# fastd start/stop for various situations
+		pidfile="/tmp/run/fastd.fff.pid"
+		if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
+			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
+		else
+			([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
+		fi
+	fi
 fi
-- 
2.7.4



Mehr Informationen über die Mailingliste franken-dev