From 790753f6a65c1805e6de817fba009aa8fc6402dc Mon Sep 17 00:00:00 2001
From: Stan Grishin <stangri@melmac.ca>
Date: Mon, 18 Mar 2024 01:43:50 +0000
Subject: pbr: update to 1.1.4-5

This update includes the following changes:
1. Makefile
  * update copyright
  * attempt to implement the proper variants to avoid luci-app dependency on both variants
  * quietly stop service on uninstall

2. Config-file
  * add the list of dnsmasq instances to target in supported dnsmasq modes
  * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset`
  * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset`
  * add the `nft_file_support` (disabled by default)
  * introduce `procd_boot_delay` to delay service start on boot
  * introduce the following nft set creation options:
    * nft_set_auto_merge
    * nft_set_counter
    * nft_set_flags_interval
    * nft_set_flags_timeout
    * nft_set_gc_interval
    * nft_set_policy
    * nft_set_timeout
  * add the pbr.user.wg_server_and_client custom user script to allow running wg server and
    client at the same time
  * add the "Ignore Local Requests" sample policy

3. Hotplug firewall/interface scripts
  * better logged messages

4. The pbr and pbr-iptables uci defaults script
  * use functions from the init script
  * improve vpn-policy-routing migration

5. The pbr-netifd uci defaults script
  * use functions from the init script
  * improve uci operations

6. Introduce the firewall.include file

7. Improve pbr.user.aws custom user script

8. Improve pbr.user.netflix custom user script

9. Introduce pbr.user.wg_server_and_client custom user script

10. Update the init file:
  * refactor some code to allow the init script file to be sourced by the uci defaults scripts
    and the luci rpcd script for shared functions
  * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include
    file for faster operations on service reload
  * improve Tor support (nft mode only)
  * implement support for nft set options
  * update validation functions for new options/parameters

Signed-off-by: Stan Grishin <stangri@melmac.ca>
---
 net/pbr/Makefile | 73 +++++++++++++++++++++++++++++++-------------------------
 1 file changed, 41 insertions(+), 32 deletions(-)

(limited to 'net/pbr/Makefile')

diff --git a/net/pbr/Makefile b/net/pbr/Makefile
index 744db6ab6..d5a9503ed 100644
--- a/net/pbr/Makefile
+++ b/net/pbr/Makefile
@@ -1,73 +1,80 @@
-# Copyright 2017-2022 Stan Grishin (stangri@melmac.ca)
+# Copyright 2017-2023 MOSSDeF, Stan Grishin (stangri@melmac.ca)
 # This is free software, licensed under the GNU General Public License v3.
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=pbr
-PKG_VERSION:=1.1.1
-PKG_RELEASE:=7
+PKG_VERSION:=1.1.4
+PKG_RELEASE:=5
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/pbr/Default
+define Package/pbr-service/Default
   SECTION:=net
   CATEGORY:=Network
   SUBMENU:=Routing and Redirection
   TITLE:=Policy Based Routing Service
   URL:=https://docs.openwrt.melmac.net/pbr/
   DEPENDS:=+ip-full +jshn +jsonfilter +resolveip
+	DEPENDS+=+!BUSYBOX_DEFAULT_AWK:gawk
+	DEPENDS+=+!BUSYBOX_DEFAULT_GREP:grep
+	DEPENDS+=+!BUSYBOX_DEFAULT_SED:sed
+  PROVIDES:=pbr-service
   CONFLICTS:=vpnbypass vpn-policy-routing
   PKGARCH:=all
 endef
 
 define Package/pbr
-$(call Package/pbr/Default)
+$(call Package/pbr-service/Default)
   TITLE+= with nft/nft set support
   DEPENDS+=+kmod-nft-core +kmod-nft-nat +nftables-json
-  VARIANT:=nftables
-  PROVIDES:=vpnbypass vpn-policy-routing
   DEFAULT_VARIANT:=1
+  VARIANT:=nftables
+  PROVIDES+=pbr vpnbypass vpn-policy-routing
 endef
 
 define Package/pbr-iptables
-$(call Package/pbr/Default)
+$(call Package/pbr-service/Default)
   TITLE+= with iptables/ipset support
   DEPENDS+=+ipset +iptables +kmod-ipt-ipset +iptables-mod-ipopt
   VARIANT:=iptables
-  PROVIDES:=pbr
 endef
 
 define Package/pbr-netifd
-$(call Package/pbr/Default)
+$(call Package/pbr-service/Default)
   TITLE+= with netifd support
   VARIANT:=netifd
-  PROVIDES:=pbr
+endef
+
+define Package/pbr-service/description
+  This service enables policy-based routing for WAN interfaces and various VPN tunnels.
 endef
 
 define Package/pbr/description
-This service enables policy-based routing for WAN interfaces and various VPN tunnels.
-This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
+  $(call Package/pbr-service/description)
+  This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
 endef
 
 define Package/pbr-iptables/description
-This service enables policy-based routing for WAN interfaces and various VPN tunnels.
-This version supports OpenWrt with firewall3/ipset/iptables.
+  $(call Package/pbr-service/description)
+  This version supports OpenWrt with firewall3/ipset/iptables.
 endef
 
 define Package/pbr-netifd/description
-This service enables policy-based routing for WAN interfaces and various VPN tunnels.
-This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
-This version uses OpenWrt native netifd/tables to set up interfaces. This is WIP.
+  $(call Package/pbr-service/description)
+  This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
+  This version uses OpenWrt native netifd/tables to set up interfaces. This is WIP.
 endef
 
-define Package/pbr/conffiles
+define Package/pbr-service/conffiles
 /etc/config/pbr
 endef
 
-Package/pbr-iptables/conffiles = $(Package/pbr/conffiles)
-Package/pbr-netifd/conffiles = $(Package/pbr/conffiles)
+Package/pbr/conffiles = $(Package/pbr-service/conffiles)
+Package/pbr-iptables/conffiles = $(Package/pbr-service/conffiles)
+Package/pbr-netifd/conffiles = $(Package/pbr-service/conffiles)
 
 define Build/Configure
 endef
@@ -75,31 +82,33 @@ endef
 define Build/Compile
 endef
 
-define Package/pbr/default/install
+define Package/pbr-service/install
 	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/etc/init.d/pbr.init $(1)/etc/init.d/pbr
+	$(INSTALL_BIN) ./files/etc/init.d/pbr $(1)/etc/init.d/pbr
 	$(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/pbr
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
-	$(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
 	$(INSTALL_BIN)  ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
 	$(INSTALL_DIR) $(1)/usr/share/pbr
+	$(INSTALL_DATA) ./files/usr/share/pbr/.keep $(1)/usr/share/pbr/.keep
 	$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws
 	$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix
+	$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.wg_server_and_client $(1)/usr/share/pbr/pbr.user.wg_server_and_client
 endef
+#	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+#	$(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
 
 define Package/pbr/install
-$(call Package/pbr/default/install,$(1))
+$(call Package/pbr-service/install,$(1))
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
 	$(INSTALL_DIR) $(1)/usr/share/pbr
-	$(INSTALL_DATA) ./files/usr/share/pbr/pbr.firewall.include $(1)/usr/share/pbr/pbr.firewall.include
+	$(INSTALL_DATA) ./files/usr/share/pbr/firewall.include $(1)/usr/share/pbr/firewall.include
 	$(INSTALL_DIR) $(1)/usr/share/nftables.d
 	$(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d/
 endef
 
 define Package/pbr-iptables/install
-$(call Package/pbr/default/install,$(1))
+$(call Package/pbr-service/install,$(1))
 	$(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
 	$(INSTALL_DATA) ./files/etc/hotplug.d/firewall/70-pbr $(1)/etc/hotplug.d/firewall/70-pbr
 	$(INSTALL_DIR) $(1)/etc/config
@@ -107,7 +116,7 @@ $(call Package/pbr/default/install,$(1))
 endef
 
 define Package/pbr-netifd/install
-$(call Package/pbr/default/install,$(1))
+$(call Package/pbr-service/install,$(1))
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
@@ -133,7 +142,7 @@ define Package/pbr/prerm
 	if [ -z "$${IPKG_INSTROOT}" ]; then
 		uci -q delete firewall.pbr || true
 		echo "Stopping pbr service... "
-		/etc/init.d/pbr stop && echo "OK" || echo "FAIL"
+		/etc/init.d/pbr stop quiet && echo "OK" || echo "FAIL"
 		echo -n "Removing rc.d symlink for pbr... "
 		/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 	fi
@@ -165,7 +174,7 @@ define Package/pbr-iptables/prerm
 	if [ -z "$${IPKG_INSTROOT}" ]; then
 		uci -q delete firewall.pbr || true
 		echo "Stopping pbr-iptables service... "
-		/etc/init.d/pbr stop && echo "OK" || echo "FAIL"
+		/etc/init.d/pbr stop quiet && echo "OK" || echo "FAIL"
 		echo -n "Removing rc.d symlink for pbr-iptables... "
 		/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 	fi
@@ -188,7 +197,7 @@ define Package/pbr-netifd/prerm
 	if [ -z "$${IPKG_INSTROOT}" ]; then
 		uci -q delete firewall.pbr || true
 		echo "Stopping pbr-netifd service... "
-		/etc/init.d/pbr stop && echo "OK" || echo "FAIL"
+		/etc/init.d/pbr stop quiet && echo "OK" || echo "FAIL"
 		echo -n "Removing rc.d symlink for pbr... "
 		/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 	fi
-- 
cgit v1.2.3