diff options
Diffstat (limited to 'packages/openwrt')
-rw-r--r-- | packages/openwrt/README.md | 14 | ||||
-rw-r--r-- | packages/openwrt/net/nDPId-testing/001-enable-in-source-build.patch | 31 | ||||
-rw-r--r-- | packages/openwrt/net/nDPId-testing/Makefile | 168 | ||||
-rw-r--r-- | packages/openwrt/net/nDPId-testing/nDPId-testing.config | 58 | ||||
-rw-r--r-- | packages/openwrt/net/nDPId-testing/nDPId-testing.init | 286 |
5 files changed, 557 insertions, 0 deletions
diff --git a/packages/openwrt/README.md b/packages/openwrt/README.md new file mode 100644 index 000000000..487dcabf7 --- /dev/null +++ b/packages/openwrt/README.md @@ -0,0 +1,14 @@ +Notice +====== + +You should only use this as a feed if you are aware that you will get an unstable `nDPId` version. +To get a more stable `nDPId` experience, use the https://github.com/utoni/my-openwrt-packages feed. + +HowTo use this +============== + +Simply add `src-link ndpid_testing [path-to-this-dir]` to your OpenWrt repository feeds (`feeds.conf`). + +Run `./scripts/feeds update -a && ./scripts/feeds install -a` from the OpenWrt repository directory. + +There should be a new package named `nDPId-testing` available. diff --git a/packages/openwrt/net/nDPId-testing/001-enable-in-source-build.patch b/packages/openwrt/net/nDPId-testing/001-enable-in-source-build.patch new file mode 100644 index 000000000..5a9f81683 --- /dev/null +++ b/packages/openwrt/net/nDPId-testing/001-enable-in-source-build.patch @@ -0,0 +1,31 @@ +From a9e21c707e5edaf1db14b3dd78d5cc397ebc624c Mon Sep 17 00:00:00 2001 +From: Toni Uhlig <matzeton@googlemail.com> +Date: Mon, 12 Jun 2023 19:54:31 +0200 +Subject: [PATCH] Allow in-source builds required for OpenWrt toolchain. + +Signed-off-by: Toni Uhlig <matzeton@googlemail.com> +--- + CMakeLists.txt | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 43f8f31b..b88f0f0c 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -10,13 +10,6 @@ if(CMAKE_COMPILER_IS_GNUCXX) + endif(CMAKE_COMPILER_IS_GNUCXX) + set(CMAKE_C_STANDARD 11) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c11 -D_DEFAULT_SOURCE=1 -D_GNU_SOURCE=1") +-if("${PROJECT_SOURCE_DIR}" STREQUAL "${PROJECT_BINARY_DIR}") +- message(FATAL_ERROR "In-source builds are not allowed.\n" +- "Please remove ${PROJECT_SOURCE_DIR}/CMakeCache.txt\n" +- "and\n" +- "${PROJECT_SOURCE_DIR}/CMakeFiles\n" +- "Create a build directory somewhere and run CMake again.") +-endif() + set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake) + find_package(PkgConfig REQUIRED) + +-- +2.30.2 + diff --git a/packages/openwrt/net/nDPId-testing/Makefile b/packages/openwrt/net/nDPId-testing/Makefile new file mode 100644 index 000000000..995250527 --- /dev/null +++ b/packages/openwrt/net/nDPId-testing/Makefile @@ -0,0 +1,168 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=nDPId-testing +PKG_VERSION:=1.0 +PKG_RELEASE:=$(AUTORELEASE) + +ifneq ($(wildcard /artifacts),) +PKG_DIRECTORY:=/artifacts +else +PKG_DIRECTORY:=../../../.. +endif +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) + +PKG_MAINTAINER:=Toni +PKG_LICENSE:=GPL-3 +PKG_LICENSE_FILES:=COPYING + +CMAKE_INSTALL:=1 + +include $(INCLUDE_DIR)/kernel.mk +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/nDPId-testing + TITLE:=nDPId is a tiny nDPI based daemons / toolkit (nDPId source repository) + SECTION:=net + CATEGORY:=Network + DEPENDS:=@!SMALL_FLASH @!LOW_MEMORY_FOOTPRINT +libpcap +zlib +LIBNDPI_GCRYPT:libgcrypt +NDPID_TESTING_INFLUXDB:libcurl +NDPID_TESTING_PFRING:libpfring + URL:=http://github.com/lnslbrty/nDPId +endef + +define Package/nDPId-testing/description + nDPId is a set of daemons and tools to capture, process and classify network flows. + It's only dependencies (besides a half-way modern c library and POSIX threads) are libnDPI (>= 3.6.0 or current github dev branch) and libpcap. +endef + +define Package/nDPId-testing/config +config NDPID_TESTING_COLLECTD_SUPPORT + bool "nDPId collectd support" + depends on PACKAGE_nDPId-testing && PACKAGE_collectd-mod-exec && !CONFIG_NDPID_COLLECTD_SUPPORT + default n + help + This option enables collectd to gather nDPId statistics via plugin-exec. + Disabled by default. + +config NDPID_TESTING_LIBNDPI_COMMIT_HASH + string "libnDPI commit hash" + depends on PACKAGE_nDPId-testing + default "" + help + Set the desired libnDPI git commit hash you want to link nDPId against. + Leave empty to use the dev branch. + Disabled by default. + +config NDPID_TESTING_INFLUXDB + bool "nDPIsrvd-influxdb" + depends on PACKAGE_nDPId-testing + default n + help + An InfluxDB push daemon. It aggregates various statistics gathered from nDPId. + The results are sent to a specified InfluxDB endpoint. + +config NDPID_TESTING_PFRING + bool "PF_RING support" + depends on PACKAGE_nDPId-testing + default n + help + Enable PF_RING support for faster packet capture. +endef + +CMAKE_OPTIONS += -DBUILD_EXAMPLES=ON +CMAKE_OPTIONS += -DBUILD_NDPI=OFF +CMAKE_OPTIONS += -DNDPI_NO_PKGCONFIG=ON +CMAKE_OPTIONS += -DENABLE_ZLIB=ON +CMAKE_OPTIONS += -DENABLE_SANITIZER=OFF +CMAKE_OPTIONS += -DENABLE_MEMORY_PROFILING=OFF +CMAKE_OPTIONS += -DNEED_LINKING_AGAINST_LIBM=ON +CMAKE_OPTIONS += -DSTATIC_LIBNDPI_INSTALLDIR="$(PKG_BUILD_DIR)/libnDPI/install" + +TARGET_CFLAGS += -DLIBNDPI_STATIC=1 +TARGET_CFLAGS += -Werror + +ifneq ($(CONFIG_NDPID_TESTING_PFRING),) +# FIXME: PFRING kernel include directory is hardcoded (not installed to linux header directory). +CMAKE_OPTIONS += -DENABLE_PFRING=ON \ + -DPFRING_KERNEL_INC="$(KERNEL_BUILD_DIR)/PF_RING-8.4.0/kernel" \ + -DPFRING_INSTALLDIR="$(STAGING_DIR)/usr" \ + -DPFRING_LINK_STATIC=OFF +endif + +ifneq ($(CONFIG_NDPID_TESTING_INFLUXDB),) +CMAKE_OPTIONS += -DENABLE_CURL=ON +endif + +ifneq ($(CONFIG_LIBNDPI_GCRYPT),) +CMAKE_OPTIONS += -DNDPI_WIDTH_GCRYPT=ON +endif + +ifdef CONFIG_NDPID_TESTING_COLLECTD_SUPPORT +define Package/nDPId-testing/install-collectd-files + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/nDPIsrvd-collectd $(1)/usr/bin/nDPIsrvd-testing-collectd +endef +endif + +ifdef CONFIG_NDPID_TESTING_LIBNDPI_COMMIT_HASH +define Package/nDPId-testing/get-and-build-libndpi + @echo 'Using commit hash: $(CONFIG_NDPID_TESTING_LIBNDPI_COMMIT_HASH)' + env \ + CC="$(TARGET_CC)" \ + AR="$(TARGET_AR)" \ + RANLIB="$(TARGET_RANLIB)" \ + CFLAGS="$(TARGET_CFLAGS)" \ + CPPFLAGS="$(TARGET_CPPFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + MAKE_PROGRAM="$(MAKE)" \ + NDPI_COMMIT_HASH=$(CONFIG_NDPID_TESTING_LIBNDPI_COMMIT_HASH) \ + $(PKG_BUILD_DIR)/scripts/get-and-build-libndpi.sh +endef +else +define Package/nDPId-testing/get-and-build-libndpi + @echo 'Using dev branch.' + env \ + CC="$(TARGET_CC)" \ + AR="$(TARGET_AR)" \ + RANLIB="$(TARGET_RANLIB)" \ + CFLAGS="$(TARGET_CFLAGS)" \ + CPPFLAGS="$(TARGET_CPPFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + MAKE_PROGRAM="$(MAKE)" \ + $(PKG_BUILD_DIR)/scripts/get-and-build-libndpi.sh +endef +endif + +define Build/Prepare + @rm -f '$(DL_DIR)/$(PKG_SOURCE)' + @rm -rf '$(PKG_BUILD_DIR)/*' + @echo 'tar: $(DL_DIR)/$(PKG_SOURCE)' + @echo 'pwd: $(shell pwd)' + @echo 'PKG_DIRECTORY=$(PKG_DIRECTORY)' + @echo 'PKG_SOURCE_SUBDIR=$(PKG_SOURCE_SUBDIR)' + cd '$(PKG_DIRECTORY)' && git archive --prefix '$(PKG_SOURCE_SUBDIR)/' -o '$(DL_DIR)/new_$(PKG_SOURCE)' HEAD + mv '$(DL_DIR)/new_$(PKG_SOURCE)' '$(DL_DIR)/$(PKG_SOURCE)'; \ + $(PKG_UNPACK) + cd '$(PKG_BUILD_DIR)' && patch -p1 < $(PKG_BUILD_DIR)/packages/openwrt/net/nDPId-testing/001-enable-in-source-build.patch + $(call Package/nDPId-testing/get-and-build-libndpi) +endef + +define Package/nDPId-testing/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/nDPId $(1)/usr/sbin/nDPId-testing + + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/nDPId-test $(1)/usr/bin/nDPId-testing-test + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/nDPIsrvd $(1)/usr/bin/nDPIsrvd-testing + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/nDPIsrvd-analysed $(1)/usr/bin/nDPIsrvd-testing-analysed + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/nDPIsrvd-captured $(1)/usr/bin/nDPIsrvd-testing-captured + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/nDPIsrvd-collectd $(1)/usr/bin/nDPIsrvd-testing-collectd + + $(INSTALL_DIR) $(1)/etc/init.d/ + $(INSTALL_BIN) $(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME) + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) $(PKG_NAME).config $(1)/etc/config/$(PKG_NAME) + + $(call Package/nDPId-testing/install-collectd-files,$(1)) +endef + +$(eval $(call BuildPackage,nDPId-testing)) diff --git a/packages/openwrt/net/nDPId-testing/nDPId-testing.config b/packages/openwrt/net/nDPId-testing/nDPId-testing.config new file mode 100644 index 000000000..2e1871d29 --- /dev/null +++ b/packages/openwrt/net/nDPId-testing/nDPId-testing.config @@ -0,0 +1,58 @@ +config nDPIsrvd + option enabled 0 + option respawn 0 + #option tcp_listen '127.0.0.1:7000' + #option max_remotes 32 + #option max_buffered_json_lines 1024 + +config nDPIsrvd-analysed + option enabled 0 + option respawn 0 + option csv_dir '/mnt/sda1/nDPId-analysed-csv' + +config nDPIsrvd-captured + option enabled 0 + option respawn 0 + option pcap_rotation 86400 + option datadir '/mnt/sda1/nDPId-captured-pcaps' + option capture_guessed 1 + option capture_undetected 1 + option capture_midstream 1 + option ignore_empty_l4 1 + list capture_risk '0' + list capture_risk '~15' + +config nDPId + option enabled 0 + option respawn 0 + # General + #option interface 'br-lan' + #option internal_only 0 + #option external_only 0 + #option bpf_filter 'tcp' + #option udp_connect '127.0.0.1:31337' + #option proto_file '' + #option cat_file '' + #option ja3_file '' + #option ssl_file '' + #option alias '' + #option analysis 0 + #option compression 0 + # Tuning + #option 'max_flows_per_thread' 2048 + #option 'max_idle_flows_per_thread' 64 + #option 'max_reader_threads' 2 + #option 'daemon_status_interval' 600000000 + #option 'compression_scan_interval' 20000000 + #option 'compression_flow_inactivity' 30000000 + #option 'flow_scan_interval' 10000000 + #option 'generic_max_idle_time' 600000000 + #option 'icmp_max_idle_time' 120000000 + #option 'udp_max_idle_time' 180000000 + #option 'tcp_max_idle_time' 3145032704 + #option 'tcp_max_post_end_flow_time' 120000000 + #option 'max_packets_per_flow_to_send' 15 + #option 'max_packets_per_flow_to_process' 32 + #option 'max_packets_per_flow_to_analyse' 32 + #option 'error_event_threshold_n' 16 + #option 'error_event_threshold_time' 10000000 diff --git a/packages/openwrt/net/nDPId-testing/nDPId-testing.init b/packages/openwrt/net/nDPId-testing/nDPId-testing.init new file mode 100644 index 000000000..850ec47a8 --- /dev/null +++ b/packages/openwrt/net/nDPId-testing/nDPId-testing.init @@ -0,0 +1,286 @@ +#!/bin/sh /etc/rc.common + +START=99 +STOP=80 + +USE_PROCD=1 + +NDPID_SUFFIX="-testing" +NDPISRVD_NAME="nDPIsrvd${NDPID_SUFFIX}" +NDPISRVD_BIN="/usr/bin/${NDPISRVD_NAME}" +NDPISRVD_ANALYSED_NAME="nDPIsrvd${NDPID_SUFFIX}-analysed" +NDPISRVD_ANALYSED_BIN="/usr/bin/${NDPISRVD_ANALYSED_NAME}" +NDPISRVD_CAPTURED_NAME="nDPIsrvd${NDPID_SUFFIX}-captured" +NDPISRVD_CAPTURED_BIN="/usr/bin/${NDPISRVD_CAPTURED_NAME}" +NDPID_NAME="nDPId${NDPID_SUFFIX}" +NDPID_BIN="/usr/sbin/${NDPID_NAME}" +DISTRIBUTOR_SOCKET="/var/run/${NDPID_NAME}/nDPIsrvd-distributor.sock" + +print_arg_bool() { + local cfg="$1" + local var="$2" + local opt="$3" + local aux + + config_get_bool aux "$cfg" "$var" '0' + if [ $aux -ne 0 ]; then + printf ' %s' "$opt" + fi +} + +print_arg_str() { + local cfg="$1" + local var="$2" + local opt="$3" + local aux + + config_get aux "$cfg" "$var" + if [ ! -z "$aux" ]; then + printf ' %s' "$opt$aux" + fi +} + +start_ndpid_instance() { + local cfg=$1 + local aux + local args + local netif + local sink + + config_get_bool aux "$cfg" 'enabled' '0' + if [ "$aux" -eq 0 ]; then + return 1 + fi + + # General + config_get_bool netif "$cfg" 'interface' + if [ -z "$netif" ]; then + netif='default' + fi + + config_get sink "$cfg" 'udp_connect' + if [ -z "$sink" ]; then + sink="/var/run/${NDPID_NAME}/nDPIsrvd-collector.sock" + fi + + args="$(print_arg_str "$cfg" 'interface' '-i')" + args="$args$(print_arg_bool "$cfg" 'use_pfring' '-r')" + args="$args$(print_arg_bool "$cfg" 'internal_only' '-I')" + args="$args$(print_arg_bool "$cfg" 'external_only' '-E')" + args="$args$(print_arg_str "$cfg" 'bpf_filter' '-B')" + args="$args$(print_arg_bool "$cfg" 'use_poll' '-e')" + args="$args$(print_arg_str "$cfg" 'proto_file' '-P')" + args="$args$(print_arg_str "$cfg" 'cat_file' '-C')" + args="$args$(print_arg_str "$cfg" 'ja3_file' '-J')" + args="$args$(print_arg_str "$cfg" 'ssl_file' '-S')" + args="$args$(print_arg_str "$cfg" 'alias' '-a')" + args="$args$(print_arg_bool "$cfg" 'analysis' '-A')" + args="$args$(print_arg_bool "$cfg" 'compression' '-z')" + + # Tuning + args="$args$(print_arg_str "$cfg" 'max_flows_per_thread' '-omax-flows-per-thread=')" + args="$args$(print_arg_str "$cfg" 'max_idle_flows_per_thread' '-omax-idle-flows-per-thread=')" + args="$args$(print_arg_str "$cfg" 'max_reader_threads' '-omax-reader-threads=')" + args="$args$(print_arg_str "$cfg" 'daemon_status_interval' '-odaemon-status-interval=')" + args="$args$(print_arg_str "$cfg" 'compression_scan_interval' '-ocompression-scan-interval=')" + args="$args$(print_arg_str "$cfg" 'compression_flow_inactivity' '-ocompression-flow-inactivity=')" + args="$args$(print_arg_str "$cfg" 'flow_scan_interval' '-oflow-scan-interval=')" + args="$args$(print_arg_str "$cfg" 'generic_max_idle_time' '-ogeneric-max-idle-time=')" + args="$args$(print_arg_str "$cfg" 'icmp_max_idle_time' '-oicmp-max-idle-time=')" + args="$args$(print_arg_str "$cfg" 'udp_max_idle_time' '-oudp-max-idle-time=')" + args="$args$(print_arg_str "$cfg" 'tcp_max_idle_time' '-otcp-max-idle-time=')" + args="$args$(print_arg_str "$cfg" 'tcp_max_post_end_flow_time' '-otcp-max-post-end-flow-time=')" + args="$args$(print_arg_str "$cfg" 'max_packets_per_flow_to_send' '-omax-packets-per-flow-to-send=')" + args="$args$(print_arg_str "$cfg" 'max_packets_per_flow_to_process' '-omax-packets-per-flow-to-process=')" + args="$args$(print_arg_str "$cfg" 'max_packets_per_flow_to_analyse' '-omax-packets-per-flow-to-analyse=')" + args="$args$(print_arg_str "$cfg" 'error_event_threshold_n' '-oerror-event-threshold-n=')" + args="$args$(print_arg_str "$cfg" 'error_event_threshold_time' '-oerror-event-threshold-time=')" + + procd_open_instance + procd_set_param command ${NDPID_BIN} + procd_set_param pidfile "/var/run/${NDPID_NAME}/nDPId-${netif}.pid" + procd_append_param command -undpi -gndpi -p"/var/run/${NDPID_NAME}/nDPId-${netif}.pid" -c"${sink}" $args + + config_get_bool aux "$cfg" 'respawn' '0' + [ "$aux" = 1 ] && procd_set_param respawn + + procd_close_instance +} + +validate_ndpid_section() { + uci_load_validate ${NDPID_NAME} nDPId "$1" "$2" \ + 'enabled:bool:0' \ + 'respawn:bool:0' \ + 'interface:string' \ + 'internal_only:bool:0' \ + 'external_only:bool:0' \ + 'bpf_filter:string' \ + 'udp_connect:string' \ + 'proto_file:string' \ + 'cat_file:string' \ + 'ja3_file:string' \ + 'ssl_file:string' \ + 'alias:string' \ + 'analysis:bool:0' \ + 'compression:bool:0' \ + 'max_flows_per_thread:uinteger' \ + 'max_idle_flows_per_thread:uinteger' \ + 'max_reader_threads:uinteger' \ + 'daemon_status_interval:uinteger' \ + 'compression_scan_interval:uinteger' \ + 'compression_flow_inactivity:uinteger' \ + 'flow_scan_interval:uinteger' \ + 'generic_max_idle_time:uinteger' \ + 'icmp_max_idle_time:uinteger' \ + 'udp_max_idle_time:uinteger' \ + 'tcp_max_idle_time:uinteger' \ + 'tcp_max_post_end_flow_time:uinteger' \ + 'max_packets_per_flow_to_send:uinteger' \ + 'max_packets_per_flow_to_process:uinteger' \ + 'max_packets_per_flow_to_analyse:uinteger' \ + 'error_event_threshold_n:uinteger' \ + 'error_event_threshold_time:uinteger' +} + +start_ndpisrvd_instance() { + local cfg=$1 + local aux + local args + local collector_sock + + config_get_bool aux "$cfg" 'enabled' '0' + if [ "$aux" -eq 0 ]; then + return 1 + fi + + collector_sock="/var/run/${NDPID_NAME}/nDPIsrvd-collector.sock" + + args="$(print_arg_str "$cfg" 'tcp_listen' '-S')" + args="$args$(print_arg_str "$cfg" 'max_remotes' '-m')" + args="$args$(print_arg_str "$cfg" 'max_buffered_json_lines' '-C')" + + procd_open_instance + procd_set_param command ${NDPISRVD_BIN} + procd_set_param pidfile "/var/run/${NDPID_NAME}/nDPIsrvd.pid" + procd_append_param command -undpi -gndpi -p"/var/run/${NDPID_NAME}/nDPIsrvd.pid" -c"${collector_sock}" -s"${DISTRIBUTOR_SOCKET}" $args + + config_get_bool aux "$cfg" 'respawn' '0' + [ "$aux" = 1 ] && procd_set_param respawn + + procd_close_instance +} + +validate_ndpisrvd_section() { + uci_load_validate ${NDPID_NAME} nDPId "$1" "$2" \ + 'enabled:bool:0' \ + 'respawn:bool:0' \ + 'tcp_listen:string' \ + 'max_remotes:uinteger' \ + 'max_buffered_json_lines:uinteger' +} + +start_ndpisrvd_analysed_instance() { + local cfg="$1" + local csv_dir + + config_get_bool aux "$cfg" 'enabled' '0' + if [ "$aux" -eq 0 ]; then + return 1 + fi + + config_get aux "$cfg" 'csv_dir' + if [ -z "$aux" ]; then + return 1 + fi + mkdir -p "$aux" + chown ndpi:ndpi "$aux" + + csv_dir="$(print_arg_str "$cfg" 'csv_dir' '')" + csv_dir="-o${csv_dir}/nDPId-analyse.csv" + + procd_open_instance + procd_set_param command ${NDPISRVD_ANALYSED_BIN} + procd_set_param pidfile "/var/run/${NDPID_NAME}/nDPIsrvd-analysed.pid" + procd_append_param command -undpi -gndpi -p"/var/run/${NDPID_NAME}/nDPIsrvd-analysed.pid" -s"${DISTRIBUTOR_SOCKET}" ${csv_dir} + + config_get_bool aux "$cfg" 'respawn' '0' + [ "$aux" = 1 ] && procd_set_param respawn + + procd_close_instance +} + +validate_ndpisrvd_analysed_section() { + uci_load_validate ${NDPID_NAME} nDPId "$1" "$2" \ + 'enabled:bool:0' \ + 'respawn:bool:0' \ + 'csv_dir:string' +} + +start_ndpisrvd_captured_instance() { + local cfg="$1" + local args + local risk_args + + config_get_bool aux "$cfg" 'enabled' '0' + if [ "$aux" -eq 0 ]; then + return 1 + fi + + config_get aux "$cfg" 'datadir' + if [ -z "$aux" ]; then + return 1 + fi + mkdir -p "$aux" + chown ndpi:ndpi "$aux" + + handle_capture_risks() { + local risk=" -R$1" + printf '%s' "$risk" + } + risk_args="$(config_list_foreach "$cfg" capture_risk handle_capture_risks)" + + args="$(print_arg_str "$cfg" 'pcap_rotation' '-r')" + args="$args$(print_arg_str "$cfg" 'datadir' '-D')" + args="$args$(print_arg_bool "$cfg" 'capture_guessed' '-G')" + args="$args$(print_arg_bool "$cfg" 'capture_undetected' '-U')" + args="$args$(print_arg_bool "$cfg" 'capture_midstream' '-M')" + args="$args$(print_arg_bool "$cfg" 'ignore_empty_l4' '-E')" + + procd_open_instance + procd_set_param command ${NDPISRVD_CAPTURED_BIN} + procd_set_param pidfile "/var/run/${NDPID_NAME}/nDPIsrvd-captured.pid" + procd_append_param command -undpi -gndpi -p"/var/run/${NDPID_NAME}/nDPIsrvd-captured.pid" -s"${DISTRIBUTOR_SOCKET}" $args ${risk_args} + + config_get_bool aux "$cfg" 'respawn' '0' + [ "$aux" = 1 ] && procd_set_param respawn + + procd_close_instance +} + +validate_ndpisrvd_captured_section() { + uci_load_validate ${NDPID_NAME} nDPId "$1" "$2" \ + 'enabled:bool:0' \ + 'respawn:bool:0' \ + 'pcap_rotation:uinteger' \ + 'datadir:string' \ + 'capture_guessed:bool:1' \ + 'capture_undetected:bool:1' \ + 'capture_midstream:bool:1' \ + 'ignore_empty_l4:bool:1' \ + 'capture_risk:list(string)' +} + +start_service() { + config_load ${NDPID_NAME} + + user_exists ndpi 6543 || user_add ndpi 6543 + group_exists ndpi 6543 || group_add ndpi 6543 + + mkdir -p "/var/run/${NDPID_NAME}" + chown ndpi:ndpi "/var/run/${NDPID_NAME}" + + config_foreach validate_ndpisrvd_section nDPIsrvd start_ndpisrvd_instance + config_foreach validate_ndpisrvd_analysed_section nDPIsrvd-analysed start_ndpisrvd_analysed_instance + config_foreach validate_ndpisrvd_captured_section nDPIsrvd-captured start_ndpisrvd_captured_instance + config_foreach validate_ndpid_section nDPId start_ndpid_instance +} |