blob: de3cd38e02c7b48fbf293d16711ce1295229da30 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
#!/bin/sh /etc/rc.common
#
# Fwknop is developed primarily by the people listed in the file 'AUTHORS'.
# Copyright (C) 2009-2014 fwknop developers and contributors. For a full
# list of contributors, see the file 'CREDITS'.
#
USE_PROCD=1
START=95
. "${IPKG_INSTROOT}/lib/functions/network.sh"
FWKNOPD_BIN=/usr/sbin/fwknopd
FWKNOPD_CFGDIR=/var/etc/fwknop
start_service()
{
generate_configuration
if [ -n "${DEPEND_IFNAME}" ] ; then
# We know the interface, so we can start
procd_open_instance
procd_set_param command "${FWKNOPD_BIN}" --foreground --syslog-enable
procd_set_param respawn
if [ "${UCI_ENABLED}" -eq 1 ]; then
procd_append_param command -c "${FWKNOPD_CFGDIR}/fwknopd.conf"
procd_append_param command -a "${FWKNOPD_CFGDIR}/access.conf"
fi
procd_append_param command -i "${DEPEND_IFNAME}"
procd_set_param netdev "${DEPEND_IFNAME}"
procd_close_instance
else
logger -p daemon.info -t "fwknopd[$$]" "Postponing start-up of fwknopd, network ${NETWORK} is not up"
fi
}
service_triggers()
{
procd_add_reload_trigger "fwknopd"
if [ -n "${NETWORK}" ] ; then
logger -p daemon.info -t "fwknopd[$$]" "Listening for changes on network ${NETWORK}"
procd_add_reload_interface_trigger "${NETWORK}"
fi
}
generate_configuration()
{
[ -f /tmp/access.conf.tmp ] && rm /tmp/access.conf.tmp
UCI_ENABLED=0
DEPEND_IFNAME=
NETWORK=
local PCAP_INTF=
local USER_CONFIG_PATH=/etc/fwknop/fwknopd.conf
local DEFAULT_UCI_NETWORK=wan
local DEFAULT_FWKNOPD_IFNAME=
network_get_device DEFAULT_FWKNOPD_IFNAME "${DEFAULT_UCI_NETWORK}"
config_cb() {
local type="${1}"
local name="${2}"
if [ "${type}" = "global" ]; then
option_cb() {
local option="${1}"
local value="${2}"
if [ "${option}" = "uci_enabled" ] && [ "$(get_bool "${value}" 0)" -eq 1 ] ; then
mkdir -p "${FWKNOPD_CFGDIR}"
> "${FWKNOPD_CFGDIR}/fwknopd.conf"
> "${FWKNOPD_CFGDIR}/access.conf"
chmod 600 "${FWKNOPD_CFGDIR}/fwknopd.conf"
chmod 600 "${FWKNOPD_CFGDIR}/access.conf"
UCI_ENABLED=1
fi
}
elif [ "${type}" = "network" ]; then
option_cb() {
local option="${1}"
local value="${2}"
if [ "${UCI_ENABLED}" -eq 1 ] && [ "${option}" = "network" ]; then
NETWORK="${value}"
fi
}
elif [ "${type}" = "config" ]; then
option_cb() {
local option="${1}"
local value="${2}"
if [ "${UCI_ENABLED}" -eq 1 ]; then
if [ "${option}" = "PCAP_INTF" ]; then
PCAP_INTF="${value}"
fi
echo "${option} ${value}" >> "${FWKNOPD_CFGDIR}/fwknopd.conf" #writing each option to fwknopd.conf
fi
}
elif [ "${type}" = "access" ]; then
if [ -f /tmp/access.conf.tmp ] ; then
cat /tmp/access.conf.tmp >> "${FWKNOPD_CFGDIR}/access.conf"
rm /tmp/access.conf.tmp
fi
option_cb() {
local option="${1}"
local value="${2}"
if [ "${UCI_ENABLED}" -eq 1 ]; then
if [ "${option}" = "SOURCE" ]; then
echo "${option} ${value}" >> "${FWKNOPD_CFGDIR}/access.conf" #writing each option to access.conf
else
echo "${option} ${value}" >> /tmp/access.conf.tmp #writing each option to access.conf
fi
fi
}
else
reset_cb
if [ -z "${type}" ]; then
# Finalize reading
if [ -f /tmp/access.conf.tmp ] ; then
cat /tmp/access.conf.tmp >> "${FWKNOPD_CFGDIR}/access.conf"
rm /tmp/access.conf.tmp
fi
fi
fi
}
if [ -f /etc/config/fwknopd ]; then
config_load fwknopd
fi
if [ "${UCI_ENABLED}" -eq 0 ]; then
if [ -f "${USER_CONFIG_PATH}" ] ; then
# Scan user configuration for PCAP_INTF settings and fallback to fwknopd's default
DEPEND_IFNAME="$( sed -ne '/^\s*PCAP_INTF\s\+/ { s/^\s*PCAP_INTF\s\+//; s/\s\+$//; p; q; }' ${USER_CONFIG_PATH} )"
if [ -n "${DEPEND_IFNAME}" ]; then
logger -p daemon.debug -t "fwknopd[$$]" "Found fwknopd.conf configuration, using PCAP_INTF interface ${DEPEND_IFNAME}"
else
logger -p daemon.info -t "fwknopd[$$]" "No PCAP_INTF interface specified in fwknopd.conf, fwknopd's default ${DEFAULT_FWKNOPD_IFNAME} will be used"
DEPEND_IFNAME="${DEFAULT_FWKNOPD_IFNAME}"
fi
else
logger -p daemon.error -t "fwknopd[$$]" "No ${USER_CONFIG_PATH} found, not starting"
exit 1
fi
elif [ "${UCI_ENABLED}" -eq 1 ]; then
if [ -n "${NETWORK}" ] && [ -n "${PCAP_INTF}" ]; then
logger -p daemon.warn -t "fwknopd[$$]" "Specified both network and PCAP_INTF. Ignoring PCAP_INTF"
elif [ -z "${NETWORK}" ] && [ -z "${PCAP_INTF}" ]; then
# Fallback - compatibility with old script, which used wan interface by default
logger -p daemon.info -t "fwknopd[$$]" "Neither network, nor PCAP_INTF interface specified, trying network ${DEFAULT_UCI_NETWORK}"
NETWORK="${DEFAULT_UCI_NETWORK}"
fi
# Resolve network if possible
if [ -n "${NETWORK}" ]; then
network_get_device DEPEND_IFNAME "${NETWORK}"
if [ -n "${DEPEND_IFNAME}" ]; then
logger -p daemon.debug -t "fwknopd[$$]" "Resolved network ${NETWORK} as interface ${DEPEND_IFNAME}"
else
logger -p daemon.warn -t "fwknopd[$$]" "Cannot find interface for network ${NETWORK}, probably the network is not up"
fi
elif [ -n "${PCAP_INTF}" ]; then
DEPEND_IFNAME="${PCAP_INTF}"
logger -p daemon.debug -t "fwknopd[$$]" "Using configured PCAP_INTF interface ${DEPEND_IFNAME}"
fi
fi
}
|