OpenWrt – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | #!/bin/sh /etc/rc.common |
| 2 | # Copyright (C) 2018 OpenWrt.org |
||
| 3 | |||
| 4 | START=99 |
||
| 5 | USE_PROCD=1 |
||
| 6 | PROG=/usr/sbin/omcproxy |
||
| 7 | |||
| 8 | # Uncomment to enable verbosity |
||
| 9 | #OPTIONS="-v" |
||
| 10 | PROXIES="" |
||
| 11 | |||
| 12 | omcproxy_add_proxy() { |
||
| 13 | local proxy scope uplink updevice downlinks |
||
| 14 | |||
| 15 | config_get uplink $1 uplink |
||
| 16 | [ -n "$uplink" ] || return |
||
| 17 | |||
| 18 | network_get_device updevice "$uplink" || { |
||
| 19 | procd_append_param error "$uplink is not up" |
||
| 20 | return; |
||
| 21 | } |
||
| 22 | |||
| 23 | config_get downlinks $1 downlink |
||
| 24 | for downlink in $downlinks; do |
||
| 25 | local device |
||
| 26 | |||
| 27 | network_get_device device "$downlink" || { |
||
| 28 | procd_append_param error "$downlink is not up" |
||
| 29 | continue; |
||
| 30 | } |
||
| 31 | |||
| 32 | proxy="$proxy,$device" |
||
| 33 | |||
| 34 | # Disable in-kernel querier while ours is active, default is 1. |
||
| 35 | [ -f /sys/class/net/$device/bridge/multicast_querier ] && \ |
||
| 36 | echo 0 > /sys/class/net/$device/bridge/multicast_querier |
||
| 37 | done |
||
| 38 | |||
| 39 | [ -n "$proxy" ] || return 0 |
||
| 40 | |||
| 41 | config_get scope $1 scope |
||
| 42 | [ -n "$scope" ] && proxy="$proxy,scope=$scope" |
||
| 43 | |||
| 44 | PROXIES="$PROXIES $updevice$proxy" |
||
| 45 | } |
||
| 46 | |||
| 47 | omcproxy_add_network_triggers() { |
||
| 48 | local uplink downlinks |
||
| 49 | |||
| 50 | config_get uplink $1 uplink |
||
| 51 | config_get downlinks $1 downlink |
||
| 52 | |||
| 53 | for link in $uplink $downlinks; do |
||
| 54 | local duplicate=0 |
||
| 55 | |||
| 56 | for l in $LINKS; do |
||
| 57 | [ "$l" = "$link" ] && duplicate=1 |
||
| 58 | done |
||
| 59 | |||
| 60 | [ "$duplicate" = 0 ] && { |
||
| 61 | LINKS="$LINKS $link" |
||
| 62 | procd_add_interface_trigger "interface.*" $link /etc/init.d/omcproxy restart |
||
| 63 | } |
||
| 64 | done |
||
| 65 | } |
||
| 66 | |||
| 67 | omcproxy_add_firewall_rules() { |
||
| 68 | local uplink downlinks |
||
| 69 | |||
| 70 | config_get uplink $1 uplink |
||
| 71 | config_get downlinks $1 downlink |
||
| 72 | |||
| 73 | upzone=$(fw3 -q network $uplink 2>/dev/null) |
||
| 74 | [ -n "$upzone" ] || return 0 |
||
| 75 | |||
| 76 | json_add_object "" |
||
| 77 | json_add_string type rule |
||
| 78 | json_add_string src "$upzone" |
||
| 79 | json_add_string family ipv4 |
||
| 80 | json_add_string proto igmp |
||
| 81 | json_add_string target ACCEPT |
||
| 82 | json_close_object |
||
| 83 | |||
| 84 | json_add_object "" |
||
| 85 | json_add_string type rule |
||
| 86 | json_add_string family ipv6 |
||
| 87 | json_add_string src "$upzone" |
||
| 88 | json_add_string proto icmp |
||
| 89 | json_add_string src_ip fe80::/10 |
||
| 90 | json_add_array icmp_type |
||
| 91 | json_add_string "" 130/0 |
||
| 92 | json_add_string "" 131/0 |
||
| 93 | json_add_string "" 132/0 |
||
| 94 | json_add_string "" 143/0 |
||
| 95 | json_close_array |
||
| 96 | json_add_string target ACCEPT |
||
| 97 | json_close_object |
||
| 98 | |||
| 99 | for downlink in $downlinks; do |
||
| 100 | downzone=$(fw3 -q network $downlink 2>/dev/null) |
||
| 101 | [ -n "$downzone" ] || continue |
||
| 102 | |||
| 103 | json_add_object "" |
||
| 104 | json_add_string type rule |
||
| 105 | json_add_string src "$upzone" |
||
| 106 | json_add_string dest "$downzone" |
||
| 107 | json_add_string family ipv4 |
||
| 108 | json_add_string proto udp |
||
| 109 | json_add_string dest_ip "224.0.0.0/4" |
||
| 110 | json_add_string target ACCEPT |
||
| 111 | json_close_object |
||
| 112 | |||
| 113 | json_add_object "" |
||
| 114 | json_add_string type rule |
||
| 115 | json_add_string src "$upzone" |
||
| 116 | json_add_string dest "$downzone" |
||
| 117 | json_add_string family ipv6 |
||
| 118 | json_add_string proto udp |
||
| 119 | json_add_string dest_ip "ff00::/8" |
||
| 120 | json_add_string target ACCEPT |
||
| 121 | json_close_object |
||
| 122 | done |
||
| 123 | } |
||
| 124 | |||
| 125 | service_triggers() { |
||
| 126 | LINKS="" |
||
| 127 | |||
| 128 | procd_add_reload_trigger "omcproxy" |
||
| 129 | config_foreach omcproxy_add_network_triggers proxy |
||
| 130 | } |
||
| 131 | |||
| 132 | start_service() { |
||
| 133 | . /lib/functions/network.sh |
||
| 134 | |||
| 135 | config_load omcproxy |
||
| 136 | |||
| 137 | config_foreach omcproxy_add_proxy proxy |
||
| 138 | [ -n "$PROXIES" ] || return 0 |
||
| 139 | |||
| 140 | procd_open_instance |
||
| 141 | procd_set_param command $PROG |
||
| 142 | [ -n "$OPTIONS" ] && procd_append_param command $OPTIONS |
||
| 143 | procd_append_param command $PROXIES |
||
| 144 | procd_set_param respawn |
||
| 145 | |||
| 146 | procd_open_data |
||
| 147 | |||
| 148 | json_add_array firewall |
||
| 149 | config_foreach omcproxy_add_firewall_rules proxy |
||
| 150 | json_close_array |
||
| 151 | |||
| 152 | procd_close_data |
||
| 153 | |||
| 154 | procd_close_instance |
||
| 155 | |||
| 156 | # Increase maximum IPv4 group memberships per socket, default is 100. |
||
| 157 | echo 128 > /proc/sys/net/ipv4/igmp_max_memberships |
||
| 158 | } |
||
| 159 | |||
| 160 | service_started() { |
||
| 161 | procd_set_config_changed firewall |
||
| 162 | } |
||
| 163 | |||
| 164 | stop_service() { |
||
| 165 | procd_set_config_changed firewall |
||
| 166 | } |