[PATCH v6 3/4] Reconfigure vpn-select for keyxchangev2

Tim Niemeyer tim at tn-x.org
Sa Sep 16 19:27:57 CEST 2017 

Hi

Am Samstag, den 16.09.2017, 16:47 +0200 schrieb Christian Dresel:
> we need some little changes and copy some things to fff-hood later
> 
> > Signed-off-by: Christian Dresel <fff at chrisi01.de>
> 
> Update in v6:
>  - remove /etc/community.cfg variables
>  - remove load lat/lon from uci system
> ---
>  .../files/etc/hotplug.d/iface/50-vpn-select        |  6 ---
>  .../files/usr/lib/micron.d/vpn-select              |  1 -
>  .../fff/fff-vpn-select/files/usr/sbin/vpn-select   | 47 +++++++++-------------
>  3 files changed, 20 insertions(+), 34 deletions(-)
>  delete mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
>  delete mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> 
> diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> deleted file mode 100755
> index 16d9853..0000000
> --- a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -#!/bin/sh 
> -[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
> -       sleep 3
> -       /usr/sbin/vpn-select
> -}
> -
> diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> deleted file mode 100644
> index dc20486..0000000
> --- a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> +++ /dev/null
> @@ -1 +0,0 @@
> -*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select
> diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> index c3d003f..8f411cb 100755
> --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> @@ -5,21 +5,20 @@ test -f /tmp/started || exit
>  make_config() {
>  # remove old config
>  >/etc/config/tunneldigger
> -rm /tmp/fastd_${project}_peers/*
> +rm /tmp/fastd_fff_peers/*
>  count=0
>  # get fastd peers
>  pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
> -wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
> -filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
> +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_fff_output)
>  for file in $filecounts; do
> -    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
> -    echo 'float yes;' >> /etc/fastd/$project/peers/$file
> +    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file
> +    echo 'float yes;' >> /etc/fastd/fff/peers/$file
>  
>      # ask for Broker and select the tunnel
> -    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
> +    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file)
>      if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
>          # Gateway offers l2tp
> -        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
> +        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/fff/peers/$file)
>          L2PORT=$((FDPORT + 10000))
>          UUID=$hostname
>  
> @@ -32,7 +31,7 @@ for file in $filecounts; do
>          uci -c /tmp commit tunneldigger
>          count=$((count + 1))
>          # remove this fastd-peer
> -        rm /etc/fastd/${project}/peers/$file
> +        rm /etc/fastd/fff/peers/$file
>      fi
>  done
>  }
> @@ -42,33 +41,27 @@ test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver
>  test_ipv4_host2="8.8.8.8"        # Google DNS
>  test_ipv6_host1="heise.de"       # heise Zeitschriftenverlag
>  
> +# need this here because the next if need this variable
Hö?

> +
> +
> +
>  # Only do something when the router has internet connection
> -if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
> +if (ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
>     ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
> -   ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
> +   ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null) &&
> +   [ -n /tmp/fastd_fff_output ]; then
Hier nur prüfen, ob die Eingabe-Datei da und nicht leer ist. Der Ping
wird im fff-hoods bereits gemacht, und nur wenn der Erfolgreich war
wird dieses Script aufgerufen.

Wenn der Ping im fff-hoods nicht erfolgreich war, könnte sich auch ein
fastd/tunneldigger nicht ändern.

Tim

>  
>      # set some vars
> -    . /etc/community.cfg
> -    project="$VPN_PROJECT"
> -    mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
> > -    lat=$(uci get system. at system[0].latitude)
> > -    long=$(uci get system. at system[0].longitude)
>      hostname=$(cat /proc/sys/kernel/hostname)
>      [ "$hostname" = "OpenWrt" ] && hostname=""
>      [ "$hostname" = "" ] &&  hostname="$mac"
>  
> -    if [ ! -d /tmp/fastd_${project}_peers ]; then
> +    if [ ! -d /tmp/fastd_fff_peers ]; then
>          # first run after reboot
> -        mkdir /tmp/fastd_${project}_peers
> -        # do we have a fastd secret
> -        if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>/dev/null; then
> -            secret=$(fastd --generate-key 2>&1 |  awk '/[Ss]ecret/ { print $2 }')
> -            uci set fastd.${project}.secret="$secret"
> -            uci commit fastd
> -        fi
> +        mkdir /tmp/fastd_fff_peers
>          make_config
>          # start fastd only if there are some peers left
> -        [ "$(ls /etc/fastd/${project}/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
> +        [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
>          /etc/init.d/tunneldigger start
>      else
>          # check if new tunneldigger conf is different
> @@ -79,10 +72,10 @@ if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
>          /etc/init.d/fastd reload
>  
>          # fastd start/stop for various situations
> -        if [ "$(ls /etc/fastd/${project}/peers/* 2>/dev/null)" ]; then
> -            [ -d /proc/$(cat /tmp/run/fastd.${project}.pid) ] || /etc/init.d/fastd start
> +        if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
> +            [ -d /proc/$(cat /tmp/run/fastd.fff.pid) ] || /etc/init.d/fastd start
>          else
> -            [ -d /proc/$(cat /tmp/run/fastd.${project}.pid) ] && /etc/init.d/fastd stop
> +            [ -d /proc/$(cat /tmp/run/fastd.fff.pid) ] && /etc/init.d/fastd stop
>          fi
>  
>      fi
> -- 
> 2.1.4
> 
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 488 bytes
Beschreibung: This is a digitally signed message part
URL         : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20170916/9083ccf5/attachment.sig>

Mehr Informationen über die Mailingliste franken-dev