OpenWrt
/
packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fwknopd: More reliable network dependency 

Two issues:

  1. The fwknopd init script did not handle unprepared logical networks.
     This is fixed by A) not defining instance for procd when the physical
     interface is unknown, and B) by watching the logical network for
     changes.

  2. When using PPPoE, there are two physical interfaces -- one for raw
     PPPoE communication and one for wrapped communication. The function
     network_get_physdev returns the physical device, while the function
     network_get_device returns the wrapped one -- we shall use the
     wrapped interface. Usually (for non-wrapped interfaces) the physdev
     and device are the same, also other network scripts use the latter
     function.

Both issues found by and thanks are going to @lucize.

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
This commit is contained in:
Oldřich Jedlička 2018-04-09 13:52:39 +02:00
parent 4750b7261e
commit 133274c607
3 changed files with 45 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/fwknop/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=fwknop PKG_NAME:=fwknop
PKG_VERSION:=2.6.9 PKG_VERSION:=2.6.9
PKG_RELEASE:=4 PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download

7
net/fwknop/files/fwknopd
View File

@ -2,7 +2,9 @@ config global
# option uci_enabled '1' # option uci_enabled '1'
config network config network
# option network 'wan' # takes precedence over config.PCAP_INTF # Logical network dependency, fully tracked, fwknopd gets restarted when
# necessary. Specifying network takes precedence over config.PCAP_INTF
# option network 'wan'
config access config access
option SOURCE 'ANY' option SOURCE 'ANY'
@ -10,3 +12,6 @@ config access
option KEY 'CHANGEME' option KEY 'CHANGEME'
config config config config
# Alternative direct physical interface definition, but untracked - you
# are on your own to correctly start/stop the service when needed
# option PCAP_INTF 'eth0'

61
net/fwknop/files/fwknopd.init
View File

@ -14,24 +14,31 @@ start_service()
{ {
generate_configuration generate_configuration
procd_open_instance if [ -n "$DEPEND_IFNAME" ] ; then
procd_set_param command "$FWKNOPD_BIN" --foreground --syslog-enable # We know the interface, so we can start
procd_set_param respawn procd_open_instance
procd_set_param command "$FWKNOPD_BIN" --foreground --syslog-enable
if [ $UCI_ENABLED -eq 1 ]; then procd_set_param respawn
procd_append_param command -c /var/etc/fwknopd.conf if [ $UCI_ENABLED -eq 1 ]; then
procd_append_param command -a /var/etc/access.conf procd_append_param command -c /var/etc/fwknopd.conf
procd_append_param command -a /var/etc/access.conf
fi
procd_append_param command -i "$DEPEND_IFNAME"
procd_set_param netdev "$DEPEND_IFNAME"
procd_close_instance
else
logger -p daemon.info -t "fwknopd[----]" "Postponing start-up of fwknopd, network $NETWORK is not up"
fi fi
procd_append_param command -i "$DEPEND_IFNAME"
procd_set_param netdev "$DEPEND_IFNAME"
procd_close_instance
} }
service_triggers() service_triggers()
{ {
procd_add_reload_trigger "fwknopd" procd_add_reload_trigger "fwknopd"
if [ -n "$NETWORK" ] ; then
logger -p daemon.info -t "fwknopd[----]" "Listening for changes on network $NETWORK"
procd_add_reload_interface_trigger "$NETWORK"
fi
} }
get_bool() get_bool()
@ -51,7 +58,7 @@ generate_configuration()
UCI_ENABLED=0 UCI_ENABLED=0
DEPEND_IFNAME= DEPEND_IFNAME=
local NETWORK= NETWORK=
local PCAP_INTF= local PCAP_INTF=
local USER_CONFIG_PATH=/etc/fwknop/fwknopd.conf local USER_CONFIG_PATH=/etc/fwknop/fwknopd.conf
local DEFAULT_UCI_NETWORK=wan local DEFAULT_UCI_NETWORK=wan
@ -67,9 +74,16 @@ generate_configuration()
if [ "$option" = "uci_enabled" ] && [ "$(get_bool "$value" 0)" -eq 1 ] ; then if [ "$option" = "uci_enabled" ] && [ "$(get_bool "$value" 0)" -eq 1 ] ; then
> /var/etc/fwknopd.conf > /var/etc/fwknopd.conf
> /var/etc/access.conf > /var/etc/access.conf
chmod 600 /var/etc/fwknopd.conf chmod 600 /var/etc/fwknopd.conf
chmod 600 /var/etc/access.conf chmod 600 /var/etc/access.conf
UCI_ENABLED=1 UCI_ENABLED=1
# Forced defaults
# Do not let fwknopd to shut-down when interface goes down,
# control it from the start-up script instead:
# https://bugs.openwrt.org/index.php?do=details&task_id=1481
echo "EXIT_AT_INTF_DOWN n" >> /var/etc/fwknopd.conf
fi fi
} }
elif [ "$type" = "network" ]; then elif [ "$type" = "network" ]; then
@ -87,12 +101,13 @@ generate_configuration()
if [ $UCI_ENABLED -eq 1 ] && [ $option = "PCAP_INTF" ]; then if [ $UCI_ENABLED -eq 1 ] && [ $option = "PCAP_INTF" ]; then
PCAP_INTF="$value" PCAP_INTF="$value"
echo "$option $value" >> /var/etc/fwknopd.conf #writing each option to fwknopd.conf echo "$option $value" >> /var/etc/fwknopd.conf #writing each option to fwknopd.conf
elif [ $UCI_ENABLED -eq 1 ] && [ $option = "EXIT_AT_INTF_DOWN" ]; then
logger -p daemon.warn -t "fwknopd[----]" "Ignoring EXIT_AT_INTF_DOWN option, forced to N (no) to work reliably with procd"
elif [ $UCI_ENABLED -eq 1 ]; then elif [ $UCI_ENABLED -eq 1 ]; then
echo "$option $value" >> /var/etc/fwknopd.conf #writing each option to fwknopd.conf echo "$option $value" >> /var/etc/fwknopd.conf #writing each option to fwknopd.conf
fi fi
} }
elif [ "$type" = "access" ] elif [ "$type" = "access" ]; then
then
if [ -f /tmp/access.conf.tmp ] ; then if [ -f /tmp/access.conf.tmp ] ; then
cat /tmp/access.conf.tmp >> /var/etc/access.conf cat /tmp/access.conf.tmp >> /var/etc/access.conf
rm /tmp/access.conf.tmp rm /tmp/access.conf.tmp
@ -108,7 +123,7 @@ generate_configuration()
fi fi
} }
else else
option_cb() { return; } reset_cb
if [ -z "$type" ]; then if [ -z "$type" ]; then
# Finalize reading # Finalize reading
if [ -f /tmp/access.conf.tmp ] ; then if [ -f /tmp/access.conf.tmp ] ; then
@ -125,8 +140,8 @@ generate_configuration()
if [ $UCI_ENABLED -eq 0 ]; then if [ $UCI_ENABLED -eq 0 ]; then
if [ -f $USER_CONFIG_PATH ] ; then if [ -f $USER_CONFIG_PATH ] ; then
# Scan user configuration for PCAP_INTF settings # Scan user configuration for PCAP_INTF settings and fallback to fwknopd's default
DEPEND_IFNAME="$( sed -ne '/^\s*PCAP_INTF\s\+/ { s/^\s*PCAP_INTF\s\+//; s/\s\+$//; p; q; }' /etc/fwknop/fwknopd.conf )" DEPEND_IFNAME="$( sed -ne '/^\s*PCAP_INTF\s\+/ { s/^\s*PCAP_INTF\s\+//; s/\s\+$//; p; q; }' $USER_CONFIG_PATH )"
if [ -n "$DEPEND_IFNAME" ]; then if [ -n "$DEPEND_IFNAME" ]; then
logger -p daemon.debug -t "fwknopd[----]" "Found fwknopd.conf configuration, using PCAP_INTF interface $DEPEND_IFNAME" logger -p daemon.debug -t "fwknopd[----]" "Found fwknopd.conf configuration, using PCAP_INTF interface $DEPEND_IFNAME"
else else
@ -146,14 +161,14 @@ generate_configuration()
NETWORK="$DEFAULT_UCI_NETWORK" NETWORK="$DEFAULT_UCI_NETWORK"
fi fi
# Resolve network if possible
if [ -n "$NETWORK" ]; then if [ -n "$NETWORK" ]; then
. /lib/functions/network.sh . /lib/functions/network.sh
network_get_physdev DEPEND_IFNAME "$NETWORK" network_get_device DEPEND_IFNAME "$NETWORK"
if [ -n "$DEPEND_IFNAME" ]; then if [ -n "$DEPEND_IFNAME" ]; then
logger -p daemon.debug -t "fwknopd[----]" "Resolved network $NETWORK as interface $DEPEND_IFNAME" logger -p daemon.debug -t "fwknopd[----]" "Resolved network $NETWORK as interface $DEPEND_IFNAME"
else else
logger -p daemon.warn -t "fwknopd[----]" "Cannot find interface for network $NETWORK, fwknopd's default $DEFAULT_FWKNOPD_IFNAME will be used" logger -p daemon.warn -t "fwknopd[----]" "Cannot find interface for network $NETWORK, probably the network is not up"
DEPEND_IFNAME="$DEFAULT_FWKNOPD_IFNAME"
fi fi
elif [ -n "$PCAP_INTF" ]; then elif [ -n "$PCAP_INTF" ]; then
DEPEND_IFNAME="$PCAP_INTF" DEPEND_IFNAME="$PCAP_INTF"