[PATCH v3 3/3] gateway.d: Add scripts for network configuration
Tim Niemeyer
tim at tn-x.org
Mi Mai 8 21:45:21 CEST 2019
Am Dienstag, den 23.04.2019, 18:09 +0200 schrieb Fabian Bläse:
> This adds scripts to configure vlan and client network.
> This also adds sysctl settings to enable forwarding.
>
> Note:
> Devices specific properties are sourced from fff-network package.
> This creates a dependency on fff-boardname and fff-network.
> These properties should be located elsewhere in the future.
>
> Signed-off-by: Fabian Bläse <fabian at blaese.de>
> ---
> Changes in v3:
> - Rename 10-vlan to 20-vlan
> - Rename 20-network-client to 30-network-client
> - Source necessary uci functions and board properties
> - Add dependency on fff-boardname and fff-network
> ---
> src/packages/fff/fff-gateway/Makefile | 1 +
> .../fff-gateway/files/etc/gateway.d/20-vlan | 47 ++++++++++++
> .../files/etc/gateway.d/30-network-client | 71
> +++++++++++++++++++
> .../files/etc/sysctl.d/60-fff-gateway.conf | 5 ++
> 4 files changed, 124 insertions(+)
> create mode 100644 src/packages/fff/fff-
> gateway/files/etc/gateway.d/20-vlan
> create mode 100644 src/packages/fff/fff-
> gateway/files/etc/gateway.d/30-network-client
> create mode 100644 src/packages/fff/fff-
> gateway/files/etc/sysctl.d/60-fff-gateway.conf
>
> diff --git a/src/packages/fff/fff-gateway/Makefile
> b/src/packages/fff/fff-gateway/Makefile
> index 7c1dd55..f9ef8cc 100644
> --- a/src/packages/fff/fff-gateway/Makefile
> +++ b/src/packages/fff/fff-gateway/Makefile
> @@ -13,6 +13,7 @@ define Package/fff-gateway
> CATEGORY:=Freifunk
> TITLE:= Freifunk-Franken gateway configuration
> URL:=https://www.freifunk-franken.de
> + DEPENDS:=+fff-boardname +fff-network
> endef
>
> define Package/fff-gateway/description
> diff --git a/src/packages/fff/fff-gateway/files/etc/gateway.d/20-vlan
> b/src/packages/fff/fff-gateway/files/etc/gateway.d/20-vlan
> new file mode 100644
> index 0000000..c789df3
> --- /dev/null
> +++ b/src/packages/fff/fff-gateway/files/etc/gateway.d/20-vlan
> @@ -0,0 +1,47 @@
> +#load uci functions
> +. /lib/functions.sh
> +
> +#load board specific properties
> +BOARD="$(uci get board.model.name)"
> +. /etc/network.$BOARD
> +
> +
> +configure() {
> + add_vlan() {
> + local vlan="$1"
> + local ports=$(uci get gateway.$vlan.ports)
> + local name="$SWITCHDEV"_$vlan
> +
> + uci set network.$name='switch_vlan'
> + uci set network.$name.device="$(uci get
> network.$SWITCHDEV.name)"
> + uci set network.$name.vlan="$vlan"
> + uci set network.$name.ports="$CPUPORT $ports"
> + }
> +
> + remove_vlan() {
> + local name="$1"
> +
> + local switchdev=$(echo $name | cut -d_ -f1)
> + local vlan=$(echo $name | cut -d_ -f2)
> +
> + # only remove vlans not present in gateway config
> + if ! uci -q get gateway.$vlan > /dev/null; then
> + # remove switch_vlan
> + uci del network.$name
> + fi
> + }
> +
> + config_load network
> + config_foreach remove_vlan switch_vlan
> +
> + config_load gateway
> + config_foreach add_vlan vlan
> +}
> +
> +apply() {
> + uci commit network
> +}
> +
> +revert() {
> + uci revert network
> +}
> diff --git a/src/packages/fff/fff-gateway/files/etc/gateway.d/30-
> network-client b/src/packages/fff/fff-gateway/files/etc/gateway.d/30-
> network-client
> new file mode 100644
> index 0000000..3ccc14f
> --- /dev/null
> +++ b/src/packages/fff/fff-gateway/files/etc/gateway.d/30-network-
> client
> @@ -0,0 +1,71 @@
> +#load board specific properties
> +BOARD="$(uci get board.model.name)"
> +. /etc/network.$BOARD
> +
> +
> +configure() {
> + # ipaddr
> + #remove old ipaddr
> + uci -q del network.mesh.ipaddr
> + #set new ipaddr
> + if ipaddr=$(uci -q get gateway. at client[0].ipaddr); then
> + for ip in $ipaddr; do
> + uci add_list network.mesh.ipaddr=$ip
> + done
> + else
> + echo "WARNING: No client ipaddr set!"
> + fi
> + #put interface routes from set addresses into fff table
> + uci set network.mesh.ip4table='fff'
> +
> + # ip6addr
> + #remove old ip6addr
> + for ip in $(uci get network.mesh.ip6addr); do
> + if echo "$ip" | grep -v -e "fdff:" -e "fe80::1/64" >
> /dev/null; then
> + uci del_list network.mesh.ip6addr="$ip"
> + fi
> + done
> + #set new ip6addr
> + if ip6addr=$(uci -q get gateway. at client[0].ip6addr); then
> + for ip in $ip6addr; do
> + uci add_list network.mesh.ip6addr=$ip
> + done
> + else
> + echo "WARNING: No client ip6addr set!"
> + fi
> + #put interface routes from set addresses into fff table
> + uci set network.mesh.ip6table='fff'
> +
> + # dhcp
> + uci -q del dhcp.mesh.start
> + uci -q del dhcp.mesh.limit
> + if dhcp_start=$(uci -q get gateway. at client[0].dhcp_start);
> then
> + uci set dhcp.mesh=dhcp
> + uci set dhcp.mesh.interface=mesh
> + uci set dhcp.mesh.start=$dhcp_start
> + uci set dhcp.mesh.limit=$(uci -q get gateway. at client
> [0].dhcp_limit)
> + else
> + echo "WARNING: No DHCP range start and/or limit
> set!"
> + fi
> +
> + # set interface
> + #remove all eth interfaces
> + ifaces=$(uci get network.mesh.ifname | sed -e "s/
> *eth\d\.\d//g" -e "s/ *eth\d//g" -e "s/^ //")
> + if vlan=$(uci -q get gateway. at client[0].vlan); then
> + uci set network.mesh.ifname="${SWITCHDEV}.$vlan
> $ifaces"
> + elif iface=$(uci -q get gateway. at client[0].iface); then
> + uci set network.mesh.ifname="$iface $ifaces"
> + else
> + echo "WARNING: No Interface for client specified"
> + fi
Mit diesem Abschnitt bin ich noch nicht ganz glücklich, da es z.B.
nicht möglich ist ein Client-Netz auf ein VLAN raus zu schicken und
gleichzeitig auf ein hartes Interface.
Kurz noch Verständnisfragen:
- Wenn das Client-Netz tagged raus soll, dann kann ich bei den Geräten
mit Switch in dem vlan einfach das 't' hinzufügen?
- Wenn das Client-Netz tagged raus soll, ich aber kein Switch im Gerät
habe, geht es nicht?
Ich denke meine Anmerkung oben, sowie die Verständnisfragen sind
erstmal nur Corner-Cases, die bei Bedarf ggfs anderweitig gepatch
werden können. In dem Sinne, wäre es nett, wenn du noch kurz meine
Fragen beantwortest und ansonsten:
Reviewed-by: Tim Niemeyer <tim at tn-x.org>
Tim
> +}
> +
> +apply() {
> + uci commit network
> + uci commit dhcp
> +}
> +
> +revert() {
> + uci revert network
> + uci revert dhcp
> +}
> diff --git a/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-
> gateway.conf b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-
> fff-gateway.conf
> new file mode 100644
> index 0000000..62bda1b
> --- /dev/null
> +++ b/src/packages/fff/fff-gateway/files/etc/sysctl.d/60-fff-
> gateway.conf
> @@ -0,0 +1,5 @@
> +# Enable forwarding
> +net.ipv4.conf.all.forwarding=1
> +net.ipv4.ip_forward=1
> +net.ipv6.conf.all.forwarding=1
> +net.ipv6.conf.default.forwarding=1
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 833 bytes
Beschreibung: This is a digitally signed message part
URL : <https://{'listname': 'franken-dev-freifunk.net', 'hostname': 'lists.freifunk.net'}/pipermail/franken-dev-freifunk.net/attachments/20190508/b6de54b5/attachment.sig>
Mehr Informationen über die Mailingliste franken-dev