Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #5272 from dedeckeh/pr-strongswan-1

Browse source 
Fix ipsec reload and extend uci
This commit is contained in:
Stijn Tintel 2018-02-02 18:48:02 +01:00 committed by GitHub
commit 8941bd7869
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 42 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/strongswan/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan PKG_NAME:=strongswan
PKG_VERSION:=5.6.1 PKG_VERSION:=5.6.1
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_HASH:=e0c282d8ad418609c5dfb5e8efa01b28b95ef3678070ed47bf2a229f55f4ab53 PKG_HASH:=e0c282d8ad418609c5dfb5e8efa01b28b95ef3678070ed47bf2a229f55f4ab53

42
net/strongswan/files/ipsec.init
View file

@ -7,6 +7,7 @@ USE_PROCD=1
PROG=/usr/lib/ipsec/starter PROG=/usr/lib/ipsec/starter
. $IPKG_INSTROOT/lib/functions.sh . $IPKG_INSTROOT/lib/functions.sh
. $IPKG_INSTROOT/lib/functions/network.sh
IPSEC_SECRETS_FILE=/etc/ipsec.secrets IPSEC_SECRETS_FILE=/etc/ipsec.secrets
IPSEC_CONN_FILE=/etc/ipsec.conf IPSEC_CONN_FILE=/etc/ipsec.conf
@ -16,6 +17,8 @@ IPSEC_VAR_SECRETS_FILE=/var/ipsec/ipsec.secrets
IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf
STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf
WAIT_FOR_INTF=0
file_reset() { file_reset() {
: > "$1" : > "$1"
} }
@ -290,11 +293,23 @@ config_ipsec() {
[ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id" [ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id"
done done
local interface_list=$(config_get "$1" "interface")
if [ -z "$interface_list" ]; then
WAIT_FOR_INTF=0
else
for interface in $interface_list; do
network_get_device device $interface
[ -n "$device" ] && append device_list "$device" ","
done
[ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1
fi
swan_xappend "# generated by /etc/init.d/ipsec" swan_xappend "# generated by /etc/init.d/ipsec"
swan_xappend "charon {" swan_xappend "charon {"
swan_xappend " load_modular = yes" swan_xappend " load_modular = yes"
swan_xappend " install_routes = $install_routes" swan_xappend " install_routes = $install_routes"
[ -n "$routing_tables_ignored" ] && swan_xappend " ignore_routing_tables = $routing_tables_ignored" [ -n "$routing_tables_ignored" ] && swan_xappend " ignore_routing_tables = $routing_tables_ignored"
[ -n "$device_list" ] && swan_xappend " interfaces_use = $device_list"
swan_xappend " plugins {" swan_xappend " plugins {"
swan_xappend " include /etc/strongswan.d/charon/*.conf" swan_xappend " include /etc/strongswan.d/charon/*.conf"
swan_xappend " }" swan_xappend " }"
@ -318,23 +333,42 @@ prepare_env() {
config_foreach config_remote remote config_foreach config_remote remote
} }
service_running() {
ipsec status > /dev/null 2>&1
}
reload_service() { reload_service() {
running && {
prepare_env prepare_env
if ipsec status > /dev/null 2>&1; then [ $WAIT_FOR_INTF -eq 0 ] && {
ipsec rereadall ipsec rereadall
ipsec reload ipsec reload
else return
ipsec start }
fi }
start
}
check_ipsec_interface() {
local intf
for intf in $(config_get "$1" interface); do
procd_add_interface_trigger "interface.*" "$intf" /etc/init.d/ipsec reload
done
} }
service_triggers() { service_triggers() {
procd_add_reload_trigger "ipsec" procd_add_reload_trigger "ipsec"
config load "ipsec"
config_foreach check_ipsec_interface ipsec
} }
start_service() { start_service() {
prepare_env prepare_env
[ $WAIT_FOR_INTF -eq 1 ] && return
procd_open_instance procd_open_instance
procd_set_param command $PROG --daemon charon --nofork procd_set_param command $PROG --daemon charon --nofork