Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

coova-chilli: add uci configuration file, init.d and firewall script

Browse source
This commit is contained in:
Imre Kaloz 2015-04-28 15:08:15 +02:00
parent 8e2807532c
commit 45e0e2a0b9
4 changed files with 340 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
net/coova-chilli/Makefile
View file

@ -12,7 +12,7 @@ PKG_VERSION:=1.3.0+20141128
PKG_MAINTAINER:=Imre Kaloz <kaloz@openwrt.org>
PKG_LICENSE:=GPL-2.0+
PKG_LICENSE_FILES:=COPYING
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=git://github.com/coova/coova-chilli
@ -120,7 +120,7 @@ define Build/Configure
endef
define Package/coova-chilli/conffiles
/etc/chilli.conf
/etc/config/chilli
endef
define Package/coova-chilli/install
@ -136,6 +136,12 @@ define Package/coova-chilli/install
$(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so.* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/iptables
$(CP) $(PKG_INSTALL_DIR)/usr/iptables/lib*.so $(1)/usr/lib/iptables
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) files/chilli.init $(1)/etc/init.d/chilli
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DATA) files/chilli.config $(1)/etc/config/chilli
$(INSTALL_DIR) $(1)/lib/firewall
$(CP) files/chilli.firewall $(1)/lib/firewall/chilli.sh
endef
$(eval $(call BuildPackage,coova-chilli))

230
net/coova-chilli/files/chilli.config Normal file
View file

@ -0,0 +1,230 @@
#
# Sample Coova-Chilli configuration file
#
config chilli
# disable to running chilli. remove this option before running.
option disabled 1
# name of TUN device name. required.
option tundev 'tun0'
# Include this flag if process is to run in the foreground
#option fg
# Include this flag to include debug information.
#option debug 9
# Re-read configuration file at this interval. Will also cause new domain
# name lookups to be performed. Value is given in seconds.
#option interval 3600
# File to store information about the process id of the program.
# The program must have write access to this file/directory.
#option pidfile /var/run/chilli.pid
# Directory to use for nonvolatile storage.
# The program must have write access to this directory.
# this option is currently ignored
#option statedir ./
# TUN parameters
# IP network address of external packet data network
# Used to allocate dynamic IP addresses and set up routing.
# Normally you do not need to uncomment this option.
#option net 192.168.182.0/24
# Dynamic IP address pool
# Used to allocate dynamic IP addresses to clients.
# If not set it defaults to the net tag.
# Do not uncomment this option unless you are an experienced user!
#option dynip 192.168.182.0/24
# Static IP address pool
# Used to allocate static IP addresses to clients.
# Do not uncomment this option unless you are an experienced user!
#option statip 192.168.182.0/24
# Primary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this option.
#option dns1 172.16.0.5
# Secondary DNS server.
# Will be suggested to the client.
# If omitted the system default will be used.
# Normally you do not need to uncomment this option.
#option dns2 172.16.0.6
# Domain name
# Will be suggested to the client.
# Normally you do not need to uncomment this option.
#option domain key.chillispot.org
# Script executed after network interface has been brought up.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this option.
#option ipup /etc/chilli.ipup
# Script executed after network interface has been taken down.
# Executed with the following parameters: <devicename> <ip address>
# <mask>
# Normally you do not need to uncomment this option.
#option ipdown /etc/chilli.ipdown
# Radius parameters
# IP address to listen to
# Normally you do not need to uncomment this option.
#option radiuslisten 127.0.0.1
# IP address of radius server 1
# For most installations you need to modify this option.
radiusserver1 rad01.chillispot.org
# IP address of radius server 2
# If you have only one radius server you should set radiusserver2 to the
# same value as radiusserver1.
# For most installations you need to modify this option.
radiusserver2 rad02.chillispot.org
# Radius authentication port
# The UDP port number to use for radius authentication requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this option.
#option radiusauthport 1812
# Radius accounting port
# The UDP port number to use for radius accounting requests.
# The same port number is used for both radiusserver1 and radiusserver2.
# Normally you do not need to uncomment this option.
#option radiusacctport 1813
# Radius shared secret for both servers
# For all installations you should modify this option.
#option radiussecret testing123
# Radius NAS-Identifier
# Normally you do not need to uncomment this option.
#option radiusnasid nas01
# WISPr Location ID. Should be in the format: isocc=<ISO_Country_Code>,
# cc=<E.164_Country_Code>,ac=<E.164_Area_Code>,network=<ssid/ZONE>
# Normally you do not need to uncomment this option.
#option radiuslocationid isocc=us,cc=1,ac=408,network=ACMEWISP_NewarkAirport
# WISPr Location Name. Should be in the format:
# <HOTSPOT_OPERATOR_NAME>,<LOCATION>
# Normally you do not need to uncomment this option.
#option radiuslocationname ACMEWISP,Gate_14_Terminal_C_of_Newark_Airport
# Radius proxy parameters
# IP address to listen to
# Normally you do not need to uncomment this option.
#option proxylisten 10.0.0.1
# UDP port to listen to.
# If not specified a port will be selected by the system
# Normally you do not need to uncomment this option.
#option proxyport 1645
# Client(s) from which we accept radius requests
# Normally you do not need to uncomment this option.
#option proxyclient 10.0.0.1/24
# Radius proxy shared secret for all clients
# If not specified defaults to radiussecret
# Normally you do not need to uncomment this option.
#option proxysecret testing123
# DHCP Parameters
# Ethernet interface to listen to.
# This is the network interface which is connected to the access points.
# In a typical configuration this option should be set to eth1.
dhcpif eth1
# Use specified MAC address.
# An address in the range 00:00:5E:00:02:00 - 00:00:5E:FF:FF:FF falls
# within the IANA range of addresses and is not allocated for other
# purposes.
# Normally you do not need to uncomment this option.
#option dhcpmac 00:00:5E:00:02:00
# Time before DHCP lease expires
# Normally you do not need to uncomment this option.
#option lease 600
# Universal access method (UAM) parameters
# URL of web server handling authentication.
uamserver https://radius.chillispot.org/hotspotlogin
# URL of welcome homepage.
# Unauthenticated users will be redirected to this URL. If not specified
# users will be redirected to the uamserver instead.
# Normally you do not need to uncomment this option.
#option uamhomepage http://192.168.182.1/welcome.html
# Shared between chilli and authentication web server
#option uamsecret ht2eb8ej6s4et3rg1ulp
# IP address to listen to for authentication requests
# Do not uncomment this option unless you are an experienced user!
#option uamlisten 192.168.182.1
# TCP port to listen to for authentication requests
# Do not uncomment this option unless you are an experienced user!
#option uamport 3990
# Comma separated list of domain names, IP addresses or network segments
# the client can access without first authenticating.
# It is possible to specify this option multiple times.
# Normally you do not need to uncomment this option.
#option uamallowed www.chillispot.org,10.11.12.0/24
# Comma separated list of domain names
# the client can access without first authenticating.
# It is possible to specify this option multiple times.
# Normally you do not need to uncomment this option.
#option uamdomain .chillispot.org,.coova.org
# If this flag is given unauthenticated users are allowed to use
# any DNS server.
# Normally you do not need to uncomment this option.
#option uamanydns
# MAC authentication
# If this flag is given users will be authenticated only on their MAC
# address.
# Normally you do not need to uncomment this option.
#option macauth
# List of MAC addresses.
# The MAC addresses specified in this list will be authenticated only on
# their MAC address.
# this option is ignored if the macauth tag is given.
# It is possible to specify this option multiple times.
# Normally you do not need to uncomment this option.
#option macallowed 00-0A-5E-AC-BE-51,00-30-1B-3C-32-E9
# Password to use for MAC authentication.
# Normally you do not need to uncomment this option.
#option macpasswd password
# Suffix to add to MAC address in order to form the username.
# Normally you do not need to uncomment this option.
#option macsuffix suffix

41
net/coova-chilli/files/chilli.firewall Normal file
View file

@ -0,0 +1,41 @@
#!/bin/sh
chilli_firewall() {
local cfg="$1"
local network ifname tun
config_get network "$cfg" network
. /lib/functions/network.sh
network_get_device ifname ${network:-lan}
if [ "$ifname" = "" ]
then
config_get ifname "$cfg" dhcpif
fi
config_get tun "$cfg" tundev
for n in ACCEPT DROP REJECT
do
iptables -F zone_${network}_${n}
iptables -I zone_${network}_${n} -i $tun -j $n
iptables -I zone_${network}_${n} -o $tun -j $n
done
iptables -D forward -i ${ifname} -j zone_${network}_forward
iptables -A forward -i ${ifname} -j DROP
iptables -A forward -i $tun -j zone_${network}_forward
iptables -D input -i ${ifname} -j zone_${network}
iptables -A input -i $tun -j zone_${network}
iptables -I zone_${network} -p tcp --dport 3990 -j ACCEPT
iptables -I zone_${network} -p tcp --dport 3991 -j ACCEPT
}
chilli_post_core_cb() {
config_load chilli
config_foreach chilli_firewall chilli
}

61
net/coova-chilli/files/chilli.init Normal file
View file

@ -0,0 +1,61 @@
#!/bin/sh /etc/rc.common
START=30
STOP=90
config_cb() {
chilli_inst=$2
if [ "$chilli_inst" != "" ]
then
rm -f /var/run/chilli_${chilli_inst}*
chilli_conf=/var/run/chilli_${chilli_inst}.conf
eval "start_chilli_$chilli_inst=1"
fi
}
option_cb() {
case "$1" in
# UCI settings
network)
. /lib/functions/network.sh
local ifname
network_get_device ifname $2
echo "dhcpif=\"$ifname\"" >> $chilli_conf
;;
disabled)
eval "start_chilli_$chilli_inst=0"
;;
# boolean settings
dhcpbroadcast|nodynip|vlanlocation|locationstopstart|locationcopycalled|locationimmediateupdate|locationopt82|coanoipcheck|noradallow|proxymacaccept|proxyonacct|dhcpmacset|dhcpradius|noc2c|eapolenable|uamanydns|uamanyip|uamnatanyip|nouamsuccess|nowispr1|nowispr2|domaindnslocal|radsec|macauth|macreauth|macauthdeny|macallowlocal|strictmacauth|strictdhcp|ieee8021q|only8021q|radiusoriginalurl|swapoctets|statusfilesave|wpaguests|openidauth|papalwaysok|mschapv2|chillixml|acctupdate|dnsparanoia|seskeepalive|usetap|noarpentries|framedservice|scalewin|redir|injectwispr|redirurl|routeonetone|nousergardendata|uamgardendata|uamotherdata|withunixipc|uamallowpost|redirssl|uamuissl|layer3|patricia|redirdnsreq|dhcpnotidle|ipv6|ipv6only)
[ "$2" = "true" -o "$2" = "1" ] && echo "$1" >> $chilli_conf
;;
*)
echo "$1=\"$2\"" >> $chilli_conf
;;
esac
}
start_chilli() {
local cfg="$1"
local start_chilli=$(eval "echo \$start_chilli_$cfg")
[ "$start_chilli" = "0" ] && return
local base=/var/run/chilli_${cfg}
chilli -c ${base}.conf \
--pidfile ${base}.pid \
--cmdsocket ${base}.sock \
--unixipc ${base}.ipc &
}
start() {
config_load chilli
config_foreach start_chilli chilli
}
stop() {
ls /var/run/chilli*.pid 2>/dev/null && {
kill $(cat /var/run/chilli*.pid)
sleep 1
killall -9 chilli
rm -f /var/run/chilli*
}
}