Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #5897 from oldium/fwknopd-device-fix

Browse source 
fwknopd: More reliable network dependency
This commit is contained in:
Hannu Nyman 2018-05-28 00:37:11 +03:00 committed by GitHub
commit 763dab4eb8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 45 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/fwknop/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=fwknop PKG_NAME:=fwknop
PKG_VERSION:=2.6.9 PKG_VERSION:=2.6.9
PKG_RELEASE:=4 PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download

7
net/fwknop/files/fwknopd
View file

@ -2,7 +2,9 @@ config global
# option uci_enabled '1' # option uci_enabled '1'
config network config network
# option network 'wan' # takes precedence over config.PCAP_INTF # Logical network dependency, fully tracked, fwknopd gets restarted when
# necessary. Specifying network takes precedence over config.PCAP_INTF
# option network 'wan'
config access config access
option SOURCE 'ANY' option SOURCE 'ANY'
@ -10,3 +12,6 @@ config access
option KEY 'CHANGEME' option KEY 'CHANGEME'
config config config config
# Alternative direct physical interface definition, but untracked - you
# are on your own to correctly start/stop the service when needed
# option PCAP_INTF 'eth0'

39
net/fwknop/files/fwknopd.init
View file

@ -14,24 +14,31 @@ start_service()
{ {
generate_configuration generate_configuration
if [ -n "$DEPEND_IFNAME" ] ; then
# We know the interface, so we can start
procd_open_instance procd_open_instance
procd_set_param command "$FWKNOPD_BIN" --foreground --syslog-enable procd_set_param command "$FWKNOPD_BIN" --foreground --syslog-enable
procd_set_param respawn procd_set_param respawn
if [ $UCI_ENABLED -eq 1 ]; then if [ $UCI_ENABLED -eq 1 ]; then
procd_append_param command -c /var/etc/fwknopd.conf procd_append_param command -c /var/etc/fwknopd.conf
procd_append_param command -a /var/etc/access.conf procd_append_param command -a /var/etc/access.conf
fi fi
procd_append_param command -i "$DEPEND_IFNAME" procd_append_param command -i "$DEPEND_IFNAME"
procd_set_param netdev "$DEPEND_IFNAME" procd_set_param netdev "$DEPEND_IFNAME"
procd_close_instance procd_close_instance
else
logger -p daemon.info -t "fwknopd[----]" "Postponing start-up of fwknopd, network $NETWORK is not up"
fi
} }
service_triggers() service_triggers()
{ {
procd_add_reload_trigger "fwknopd" procd_add_reload_trigger "fwknopd"
if [ -n "$NETWORK" ] ; then
logger -p daemon.info -t "fwknopd[----]" "Listening for changes on network $NETWORK"
procd_add_reload_interface_trigger "$NETWORK"
fi
} }
get_bool() get_bool()
@ -51,7 +58,7 @@ generate_configuration()
UCI_ENABLED=0 UCI_ENABLED=0
DEPEND_IFNAME= DEPEND_IFNAME=
local NETWORK= NETWORK=
local PCAP_INTF= local PCAP_INTF=
local USER_CONFIG_PATH=/etc/fwknop/fwknopd.conf local USER_CONFIG_PATH=/etc/fwknop/fwknopd.conf
local DEFAULT_UCI_NETWORK=wan local DEFAULT_UCI_NETWORK=wan
@ -70,6 +77,13 @@ generate_configuration()
chmod 600 /var/etc/fwknopd.conf chmod 600 /var/etc/fwknopd.conf
chmod 600 /var/etc/access.conf chmod 600 /var/etc/access.conf
UCI_ENABLED=1 UCI_ENABLED=1
# Forced defaults
# Do not let fwknopd to shut-down when interface goes down,
# control it from the start-up script instead:
# https://bugs.openwrt.org/index.php?do=details&task_id=1481
echo "EXIT_AT_INTF_DOWN n" >> /var/etc/fwknopd.conf
fi fi
} }
elif [ "$type" = "network" ]; then elif [ "$type" = "network" ]; then
@ -87,12 +101,13 @@ generate_configuration()
if [ $UCI_ENABLED -eq 1 ] && [ $option = "PCAP_INTF" ]; then if [ $UCI_ENABLED -eq 1 ] && [ $option = "PCAP_INTF" ]; then
PCAP_INTF="$value" PCAP_INTF="$value"
echo "$option $value" >> /var/etc/fwknopd.conf #writing each option to fwknopd.conf echo "$option $value" >> /var/etc/fwknopd.conf #writing each option to fwknopd.conf
elif [ $UCI_ENABLED -eq 1 ] && [ $option = "EXIT_AT_INTF_DOWN" ]; then
logger -p daemon.warn -t "fwknopd[----]" "Ignoring EXIT_AT_INTF_DOWN option, forced to N (no) to work reliably with procd"
elif [ $UCI_ENABLED -eq 1 ]; then elif [ $UCI_ENABLED -eq 1 ]; then
echo "$option $value" >> /var/etc/fwknopd.conf #writing each option to fwknopd.conf echo "$option $value" >> /var/etc/fwknopd.conf #writing each option to fwknopd.conf
fi fi
} }
elif [ "$type" = "access" ] elif [ "$type" = "access" ]; then
then
if [ -f /tmp/access.conf.tmp ] ; then if [ -f /tmp/access.conf.tmp ] ; then
cat /tmp/access.conf.tmp >> /var/etc/access.conf cat /tmp/access.conf.tmp >> /var/etc/access.conf
rm /tmp/access.conf.tmp rm /tmp/access.conf.tmp
@ -108,7 +123,7 @@ generate_configuration()
fi fi
} }
else else
option_cb() { return; } reset_cb
if [ -z "$type" ]; then if [ -z "$type" ]; then
# Finalize reading # Finalize reading
if [ -f /tmp/access.conf.tmp ] ; then if [ -f /tmp/access.conf.tmp ] ; then
@ -125,8 +140,8 @@ generate_configuration()
if [ $UCI_ENABLED -eq 0 ]; then if [ $UCI_ENABLED -eq 0 ]; then
if [ -f $USER_CONFIG_PATH ] ; then if [ -f $USER_CONFIG_PATH ] ; then
# Scan user configuration for PCAP_INTF settings # Scan user configuration for PCAP_INTF settings and fallback to fwknopd's default
DEPEND_IFNAME="$( sed -ne '/^\s*PCAP_INTF\s\+/ { s/^\s*PCAP_INTF\s\+//; s/\s\+$//; p; q; }' /etc/fwknop/fwknopd.conf )" DEPEND_IFNAME="$( sed -ne '/^\s*PCAP_INTF\s\+/ { s/^\s*PCAP_INTF\s\+//; s/\s\+$//; p; q; }' $USER_CONFIG_PATH )"
if [ -n "$DEPEND_IFNAME" ]; then if [ -n "$DEPEND_IFNAME" ]; then
logger -p daemon.debug -t "fwknopd[----]" "Found fwknopd.conf configuration, using PCAP_INTF interface $DEPEND_IFNAME" logger -p daemon.debug -t "fwknopd[----]" "Found fwknopd.conf configuration, using PCAP_INTF interface $DEPEND_IFNAME"
else else
@ -146,14 +161,14 @@ generate_configuration()
NETWORK="$DEFAULT_UCI_NETWORK" NETWORK="$DEFAULT_UCI_NETWORK"
fi fi
# Resolve network if possible
if [ -n "$NETWORK" ]; then if [ -n "$NETWORK" ]; then
. /lib/functions/network.sh . /lib/functions/network.sh
network_get_physdev DEPEND_IFNAME "$NETWORK" network_get_device DEPEND_IFNAME "$NETWORK"
if [ -n "$DEPEND_IFNAME" ]; then if [ -n "$DEPEND_IFNAME" ]; then
logger -p daemon.debug -t "fwknopd[----]" "Resolved network $NETWORK as interface $DEPEND_IFNAME" logger -p daemon.debug -t "fwknopd[----]" "Resolved network $NETWORK as interface $DEPEND_IFNAME"
else else
logger -p daemon.warn -t "fwknopd[----]" "Cannot find interface for network $NETWORK, fwknopd's default $DEFAULT_FWKNOPD_IFNAME will be used" logger -p daemon.warn -t "fwknopd[----]" "Cannot find interface for network $NETWORK, probably the network is not up"
DEPEND_IFNAME="$DEFAULT_FWKNOPD_IFNAME"
fi fi
elif [ -n "$PCAP_INTF" ]; then elif [ -n "$PCAP_INTF" ]; then
DEPEND_IFNAME="$PCAP_INTF" DEPEND_IFNAME="$PCAP_INTF"