omcproxy: fix installation of interface triggers (FS#1972)

omcproxy will not start up if either the downlink or uplink interface is not up at boottime as the interface triggers are not correctly installed. Further rework omcproxy init to make use of network functions defined in network.sh; set proper family and proto options in procd firewall rules. Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-11 20:50:21 +01:00 · 2018-12-11 20:50:21 +01:00 · df8f8bad08
commit df8f8bad08
parent 5580a9dd31
2 changed files with 51 additions and 39 deletions
--- a/package/network/services/omcproxy/Makefile
+++ b/package/network/services/omcproxy/Makefile
@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=omcproxy
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/omcproxy.git
--- a/package/network/services/omcproxy/files/omcproxy.init
+++ b/package/network/services/omcproxy/files/omcproxy.init
@ -1,5 +1,5 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2010-2014 OpenWrt.org
+# Copyright (C) 2018 OpenWrt.org
 START=99
 USE_PROCD=1
@ -9,47 +9,57 @@ PROG=/usr/sbin/omcproxy
 #OPTIONS="-v"
 PROXIES=""
 omcproxy_add_proxy() {
-	local uplink downlink scope proxy
+	local proxy scope uplink updevice downlinks
 	config_get uplink $1 uplink
-	config_get downlink $1 downlink
+	[ -n "$uplink" ] || return
 	config_get scope $1 scope
-	proxy=""
+	network_get_device updevice "$uplink" || {
 		procd_append_param error "$uplink is not up"
 		return;
 	}
-	network_get_device updev $uplink
+	config_get downlinks $1 downlink
-	[ -n "$updev" ] || return 0
+	for downlink in $downlinks; do
 		local device
-	for network in $downlink; do
+		network_get_device device "$downlink" || {
-		network_get_device downdev $network
+			procd_append_param error "$downlink is not up"
-		[ -n "$downdev" ] && proxy="$proxy,$downdev"
+			continue;
 		}
-		# Disable in-kernel querier while ours is active
+		proxy="$proxy,$device"
-		[ -f /sys/class/net/$downdev/bridge/multicast_querier ] && \
+
-			echo 0 > /sys/class/net/$downdev/bridge/multicast_querier
+		# Disable in-kernel querier while ours is active, default is 1.
 		[ -f /sys/class/net/$device/bridge/multicast_querier ] && \
 			echo 0 > /sys/class/net/$device/bridge/multicast_querier
 	done
 	[ -n "$proxy" ] || return 0
 	config_get scope $1 scope
 	[ -n "$scope" ] && proxy="$proxy,scope=$scope"
-	PROXIES="$PROXIES $updev$proxy"
+	PROXIES="$PROXIES $updevice$proxy"
 }
-omcproxy_add_trigger() {
+omcproxy_add_network_triggers() {
-	local uplink downlink
+	local uplink downlinks
 	config_get uplink $1 uplink
 	config_get downlink $1 downlink
-	for network in $uplink $downlink; do
+	config_get uplink $1 uplink
-		procd_add_interface_trigger "interface.*" $network /etc/init.d/omcproxy restart
+	config_get downlinks $1 downlink
 	for link in $uplink $downlinks; do
 		procd_add_interface_trigger "interface.*" $link /etc/init.d/omcproxy restart
 	done
 }
-omcproxy_add_firewall() {
+omcproxy_add_firewall_rules() {
 	local uplink downlinks
 	config_get uplink $1 uplink
-	config_get downlink $1 downlink
+	config_get downlinks $1 downlink
 	upzone=$(fw3 -q network $uplink 2>/dev/null)
 	[ -n "$upzone" ] || return 0
@ -57,6 +67,7 @@ omcproxy_add_firewall() {
 	json_add_object ""
 	json_add_string type rule
 	json_add_string src "$upzone"
 	json_add_string family ipv4
 	json_add_string proto igmp
 	json_add_string target ACCEPT
 	json_close_object
@ -76,8 +87,8 @@ omcproxy_add_firewall() {
 	json_add_string target ACCEPT
 	json_close_object
-	for network in $downlink; do
+	for downlink in $downlinks; do
-		downzone=$(fw3 -q network $network 2>/dev/null)
+		downzone=$(fw3 -q network $downlink 2>/dev/null)
 		[ -n "$downzone" ] || continue
 		json_add_object ""
@ -85,7 +96,7 @@ omcproxy_add_firewall() {
 		json_add_string src "$upzone"
 		json_add_string dest "$downzone"
 		json_add_string family ipv4
-		json_add_string proto any
+		json_add_string proto udp
 		json_add_string dest_ip "224.0.0.0/4"
 		json_add_string target ACCEPT
 		json_close_object
@ -95,7 +106,7 @@ omcproxy_add_firewall() {
 		json_add_string src "$upzone"
 		json_add_string dest "$downzone"
 		json_add_string family ipv6
-		json_add_string proto any
+		json_add_string proto udp
 		json_add_string dest_ip "ff00::/8"
 		json_add_string target ACCEPT
 		json_close_object
@ -104,14 +115,15 @@ omcproxy_add_firewall() {
 service_triggers() {
 	procd_add_reload_trigger "omcproxy"
 	config_foreach omcproxy_add_network_triggers proxy
 }
 start_service() {
-	include /lib/functions
+	. /lib/functions/network.sh
 	config_load omcproxy
 	config_foreach omcproxy_add_proxy proxy
 	config_foreach omcproxy_add_proxy proxy
 	[ -n "$PROXIES" ] || return 0
 	procd_open_instance
@ -120,24 +132,24 @@ start_service() {
 	procd_append_param command $PROXIES
 	procd_set_param respawn
 	procd_open_trigger
 	config_foreach omcproxy_add_trigger proxy
 	procd_close_trigger
 	procd_open_data
 	json_add_array firewall
-	config_foreach omcproxy_add_firewall proxy
+	config_foreach omcproxy_add_firewall_rules proxy
 	json_close_array
 	procd_close_data
 	procd_close_instance
-	# Increase maximum IPv4 group memberships per socket
+	# Increase maximum IPv4 group memberships per socket, default is 100.
 	echo 128 > /proc/sys/net/ipv4/igmp_max_memberships
 }
 service_started() {
 	procd_set_config_changed firewall
 }
 stop_service() {
 	procd_set_config_changed firewall
 }