packages/net/pbr/Makefile

# Copyright 2017-2022 Stan Grishin (stangri@melmac.ca)
# This is free software, licensed under the GNU General Public License v3.

include $(TOPDIR)/rules.mk

PKG_NAME:=pbr
PKG_VERSION:=1.0.1
PKG_RELEASE:=4
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>

include $(INCLUDE_DIR)/package.mk

define Package/pbr/default
  SECTION:=net
  CATEGORY:=Network
  SUBMENU:=VPN
  PROVIDES:=pbr
  TITLE:=Policy Based Routing Service
  URL:=https://docs.openwrt.melmac.net/pbr/
  DEPENDS:=+ip-full +jshn +jsonfilter +resolveip
  CONFLICTS:=vpnbypass vpn-policy-routing
  PKGARCH:=all
endef

define Package/pbr
$(call Package/pbr/default)
  TITLE+= with nft/nft set support
  DEPENDS+=+firewall4 +kmod-nft-core +kmod-nft-nat +nftables-json
  PROVIDES:=vpnbypass vpn-policy-routing
endef

define Package/pbr-iptables
$(call Package/pbr/default)
  TITLE+= with iptables/ipset support
  DEPENDS+=+ipset +iptables +kmod-ipt-ipset +iptables-mod-ipopt
  PROVIDES:=pbr vpnbypass vpn-policy-routing
endef

define Package/pbr-netifd
$(call Package/pbr/default)
  TITLE+= with netifd support
  PROVIDES:=pbr vpnbypass vpn-policy-routing
endef

define Package/pbr/description
This service enables policy-based routing for WAN interfaces and various VPN tunnels.
This version supports OpenWrt with both fw3/ipset/iptables and fw4/nft.
endef

define Package/pbr-iptables/description
This service enables policy-based routing for WAN interfaces and various VPN tunnels.
This version supports OpenWrt with fw3/ipset/iptables.
endef

define Package/pbr-netifd/description
This service enables policy-based routing for WAN interfaces and various VPN tunnels.
This version supports OpenWrt with both fw3/ipset/iptables and fw4/nft.
This version uses OpenWrt native netifd/tables to set up interfaces. This is WIP.
endef

define Package/pbr/conffiles
/etc/config/pbr
endef

Package/pbr-iptables/conffiles = $(Package/pbr/conffiles)
Package/pbr-netifd/conffiles = $(Package/pbr/conffiles)

define Build/Configure
endef

define Build/Compile
endef

define Package/pbr/default/install
	$(INSTALL_DIR) $(1)/etc/init.d
	$(INSTALL_BIN) ./files/etc/init.d/pbr.init $(1)/etc/init.d/pbr
	$(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/pbr
	$(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
	$(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
	$(INSTALL_DIR) $(1)/etc/uci-defaults
	$(INSTALL_BIN)  ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
	$(INSTALL_DIR) $(1)/usr/share/pbr
	$(INSTALL_DATA) ./files/usr/share/pbr/pbr.firewall.include $(1)/usr/share/pbr/pbr.firewall.include
	$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws
	$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix
endef

define Package/pbr/install
$(call Package/pbr/default/install,$(1))
	$(INSTALL_DIR) $(1)/etc/config
	$(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
	$(INSTALL_DIR) $(1)/usr/share/nftables.d
	$(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d/
endef

define Package/pbr-iptables/install
$(call Package/pbr/default/install,$(1))
	$(INSTALL_DIR) $(1)/etc/config
	$(INSTALL_CONF) ./files/etc/config/pbr.iptables $(1)/etc/config/pbr
endef

define Package/pbr-netifd/install
$(call Package/pbr/default/install,$(1))
	$(INSTALL_DIR) $(1)/etc/config
	$(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
	$(INSTALL_DIR) $(1)/etc/uci-defaults
	$(INSTALL_BIN)  ./files/etc/uci-defaults/91-pbr $(1)/etc/uci-defaults/91-pbr
endef

define Package/pbr/postinst
	#!/bin/sh
	# check if we are on real system
	if [ -z "$${IPKG_INSTROOT}" ]; then
		chmod -x /etc/init.d/pbr || true
		fw4 -q reload || true
		chmod +x /etc/init.d/pbr || true
		echo -n "Installing rc.d symlink for pbr... "
		/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
	fi
	exit 0
endef

define Package/pbr/prerm
	#!/bin/sh
	# check if we are on real system
	if [ -z "$${IPKG_INSTROOT}" ]; then
		uci -q delete firewall.pbr || true
		echo "Stopping pbr service... "
		/etc/init.d/pbr stop || true
		echo -n "Removing rc.d symlink for pbr... "
		/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
	fi
	exit 0
endef

define Package/pbr/postrm
	#!/bin/sh
	# check if we are on real system
	if [ -z "$${IPKG_INSTROOT}" ]; then
		fw4 -q reload || true
	fi
	exit 0
endef

define Package/pbr-iptables/postinst
	#!/bin/sh
	# check if we are on real system
	if [ -z "$${IPKG_INSTROOT}" ]; then
		echo -n "Installing rc.d symlink for pbr... "
		/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
	fi
	exit 0
endef

define Package/pbr-iptables/prerm
	#!/bin/sh
	# check if we are on real system
	if [ -z "$${IPKG_INSTROOT}" ]; then
		uci -q delete firewall.pbr || true
		echo "Stopping pbr service... "
		/etc/init.d/pbr stop || true
		echo -n "Removing rc.d symlink for pbr... "
		/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
	fi
	exit 0
endef

define Package/pbr-netifd/postinst
	#!/bin/sh
	# check if we are on real system
	if [ -z "$${IPKG_INSTROOT}" ]; then
		echo -n "Installing rc.d symlink for pbr... "
		/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
	#	echo -n "Installing netifd support for pbr... "
	#	/etc/init.d/pbr netifd install && echo "OK" || echo "FAIL"
	#	echo -n "Restarting network... "
	#	/etc/init.d/network restart && echo "OK" || echo "FAIL"
	fi
	exit 0
endef

define Package/pbr-netifd/prerm
	#!/bin/sh
	# check if we are on real system
	if [ -z "$${IPKG_INSTROOT}" ]; then
		uci -q delete firewall.pbr || true
		echo "Stopping pbr service... "
		/etc/init.d/pbr stop || true
	#	echo -n "Removing netifd support for pbr... "
	#	/etc/init.d/pbr netifd remove && echo "OK" || echo "FAIL"
		echo -n "Removing rc.d symlink for pbr... "
		/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
	#	echo -n "Restarting network... "
	#	/etc/init.d/network restart && echo "OK" || echo "FAIL"
	fi
	exit 0
endef

$(eval $(call BuildPackage,pbr))
$(eval $(call BuildPackage,pbr-iptables))
#$(eval $(call BuildPackage,pbr-netifd))