Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
packages/net/cni-protocol/files/cni.sh
Oskari Rauta 278a6617a0 cni-protocol: new package 
simple protocol support script for netifd.

netifd protocol support for cni networks makes
defining network for podman and other similar
systems using cni networking much easier and simpler.

with cni protocol support, on a cni network, where firewall
and portmapper is disabled, you may control firewalling
with openwrt's standard firewall configuration.

for example, create a container that hosts web content on
port 80 with static ip on your cni network, if your
network is 10.88.0.0/16, use for eg. 10.88.0.101 as
your containers static ip address. Create a zone, cni
to your firewall and add your interface to it.

Now you can easily set up redirectiong to 10.88.0.101:80
to expose it's port 80 to wan for serving your website.

Protocol has only one setting: device, on podman this
often is cni-podman0. This protocol may also be used
on other equillavents, such as netavark (cni replacement
in podman), where device as default is podman0.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
2023-03-09 18:13:16 +08:00

52 lines
1.3 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
[ -n "$INCLUDE_ONLY" ] || {
. /lib/functions.sh
. ../netifd-proto.sh
init_proto "$@"
}
proto_cni_init_config() {
no_device=0
available=0
no_proto_task=1
teardown_on_l3_link_down=1
proto_config_add_string "device:device"
}
proto_cni_setup() {
local cfg="$1"
local device ipaddr netmask broadcast route routemask routesrc
json_get_var device device
ipaddr=$(ip -4 -o a show "$device" | awk '{ print $4 }' | cut -d '/' -f1)
netmask=$(ip -4 -o a show "$device" | awk '{ print $4 }' | cut -d '/' -f2)
broadcast=$(ip -4 -o a show "$device" | awk '{ print $6 }')
route=$(ip -4 -o r show dev "$device" | awk '{ print $1 }' | cut -d '/' -f1)
routemask=$(ip -4 -o r show dev "$device" | awk '{ print $1 }' | cut -d '/' -f2)
routesrc=$(ip -4 -o r show dev "$device" | awk '{ print $7 }')
[ -z "$ipaddr" ] && {
echo "cni network $cfg does not have ip address"
proto_notify_error "$cfg" NO_IPADDRESS
return 1
}
proto_init_update "$device" 1
[ -n "$ipaddr" ] && proto_add_ipv4_address "$ipaddr" "$netmask" "$broadcast" ""
[ -n "$route" ] && proto_add_ipv4_route "$route" "$routemask" "" "$routesrc" ""
proto_send_update "$cfg"
}
proto_cni_teardown() {
local cfg="$1"
#proto_set_available "$cfg" 0
return 0
}
[ -n "$INCLUDE_ONLY" ] || {
add_protocol cni
}
Reference in a new issue View git blame Copy permalink