From 7c9e0484e9842bb9b0e7a63a0a0857cc3d59bb21 Mon Sep 17 00:00:00 2001 From: Manuel Munz Date: Sun, 2 Jun 2013 23:53:23 +0000 Subject: contrib/freifunk-policyrouting: Make it work with firewall3 and make use of the new ip rule support in /etc/config/network --- .../files/etc/hotplug.d/iface/30-policyrouting | 6 +- .../files/etc/init.d/freifunk-policyrouting | 107 ++++++++++----------- 2 files changed, 57 insertions(+), 56 deletions(-) (limited to 'contrib/package/freifunk-policyrouting/files/etc') diff --git a/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting b/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting index 5c4eb38e98..327e8793be 100644 --- a/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting +++ b/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting @@ -9,9 +9,9 @@ proto="4" config_load freifunk-policyrouting config_get enable pr enable config_get fallback pr fallback +config_get strict pr strict config_get zones pr zones - if [ "$ACTION" = "ifup" ] && [ "$enable" = "1" ]; then network_get_subnet net $INTERFACE network_get_subnet6 net6 $INTERFACE @@ -54,6 +54,9 @@ if [ "$ACTION" = "ifup" ] && [ "$enable" = "1" ]; then for p in $proto; do if [ ! "$(ip -$p ru s | grep "from all iif $dev lookup olsr-default")" ]; then ip -$p rule add dev "$dev" lookup olsr-default prio 20000 + if [ "$strict" != 0 ]; then + ip -$p rule add dev "$dev" unreachable prio 20001 + fi if [ "$?" = 0 ]; then logger -s -t policyrouting "Use mesh gateway for interface $dev (IPv$p)" if [ -z "$(uci -P /var/state get freifunk-policyrouting.${INTERFACE})" ]; then @@ -87,6 +90,7 @@ if [ "$ACTION" = "ifdown" ]; then for p in $proto; do if [ "$(ip -$p ru s | grep "from all iif $dev lookup olsr-default")" ]; then ip -$p rule del dev "$dev" lookup olsr-default prio 20000 + ip -$p rule del dev "$dev" unreachable prio 20001 if [ "$?" = 0 ]; then logger -s -t policyrouting "Remove rule: dev "$dev" lookup olsr-default prio 20000 (IPv$p)" else diff --git a/contrib/package/freifunk-policyrouting/files/etc/init.d/freifunk-policyrouting b/contrib/package/freifunk-policyrouting/files/etc/init.d/freifunk-policyrouting index f31821a240..df98c982b8 100755 --- a/contrib/package/freifunk-policyrouting/files/etc/init.d/freifunk-policyrouting +++ b/contrib/package/freifunk-policyrouting/files/etc/init.d/freifunk-policyrouting @@ -26,11 +26,10 @@ olsrd_intalltables() { uci set olsrd.@olsrd[0].RtTable='111' uci set olsrd.@olsrd[0].RtTableDefault='112' uci commit olsrd - /etc/init.d/olsrd restart + /etc/init.d/olsrd restart 2&> /dev/null fi } - rt_tables() { tables="/etc/iproute2/rt_tables" if [ -z "`grep "110" $tables`" ]; then @@ -60,20 +59,52 @@ disable_dyngw() { } restart_services() { - wifi - /etc/init.d/network restart - /etc/init.d/olsrd restart + logger -s -t policyrouting -p info "Restarting services" + /etc/init.d/network restart 2&> /dev/null + /etc/init.d/olsrd restart 2&> /dev/null } boot() { if [ "$enable" = "1" ]; then [ -d /var/state ] || mkdir -p /var/state touch /var/state/freifunk-policyrouting - start + start noservicerestart else olsrd_rmtables fi } + +add_lookup_rule() { + name=${1/-/_} + lookup=$2 + prio=$3 + + if [ -z "$name" -o -z "$lookup" -o -z "$prio" ]; then + logger -s -t policyrouting "Missing parameters for add_rule!" + else + for p in $proto; do + if [ "$p" = "6" ]; then + rule="rule6" + else + rule="rule" + fi + + uci batch <<- EOF + set network.${name}ipv${p}="$rule" + set network.${name}ipv${p}.lookup="$lookup" + set network.${name}ipv${p}.priority="$prio" + EOF + done + fi +} + +del_lookup_rule() { + name=${1/-/_} + for p in $proto; do + uci -q delete network.${name}ipv${p} + done +} + start() { if [ $enable = "1" ]; then logger -s -t policyrouting "Starting policy routing." @@ -81,58 +112,26 @@ start() { olsrd_intalltables disable_dyngw - for p in $proto; do - if [ ! "$(ip -$p ru s | grep "1000: from all lookup olsr")" ]; then - ip -$p rule add lookup olsr prio 1000 - # add table for routes to local networks - ip -$p rule add lookup localnets prio 2000 - - if [ "$?" = "0" ]; then - logger -s -t policyrouting "Added rule: lookup olsr prio 1000 (IPv$p)" - else - logger -s -t policyrouting "Error! Could not add rule: lookup olsr prio 1000 (IPv$p)" - fi - fi - done - - # add unreachable with high metric so packets stop here if they find no gateway - # in table olsr-default - if [ "$strict" != 0 ]; then - for p in $proto; do - [ ! "$(ip -$p r s t olsr-default |grep "unreachable default")" ] && { - ip -$p route add unreachable default table olsr-default metric 65535 - if [ "$?" = "0" ]; then - logger -s -t policyrouting "Added route: unreachable default table olsr-default metric 65535 (IPv$p)" - else - logger -s -t policyrouting "Error! Could not add route: unreachable default table olsr-default metric 65535 (IPv$p)" - fi - } - done + add_lookup_rule olsr olsr 1000 + add_lookup_rule localnets localnets 2000 - fi if [ "$fallback" = 1 ]; then - for p in $proto; do - [ ! "$(ip -$p ru s |grep "from all lookup olsr-default")" ] && { - ip -$p rule add lookup olsr-default prio 33000 - if [ "$?" = "0" ]; then - logger -s -t policyrouting "Added rule: olsr-default prio 33000 (IPv$p)" - else - logger -s -t policyrouting "Error! Could not add rule: olsr-default prio 33000 (IPv$p)" - fi - } - done + add_lookup_rule olsr-default olsr-default 33000 fi fi + uci commit network + if [ ! "$1" = "noservicerestart" ]; then + restart_services + fi } stop() { logger -s -t policyrouting "Stopping policy routing" olsrd_rmtables - for p in $proto; do - ip -$p route flush table olsr-default - ip -$p rule del lookup olsr-default > /dev/null 2>&1 - ip -$p rule del lookup olsr > /dev/null 2>&1 - done + del_lookup_rule olsr-default + del_lookup_rule olsr + del_lookup_rule localnets + uci commit network restart_services echo "Hint: To completely disable freifunk-policyrouting set enable=0 in /etc/config/freifunk-policyrouting." } @@ -140,11 +139,9 @@ stop() { restart() { logger -s -t policyrouting "Restarting policy routing" olsrd_rmtables - for p in $proto; do - ip -$p route flush table olsr-default - ip -$p rule del lookup olsr-default > /dev/null 2>&1 - ip -$p rule del lookup olsr > /dev/null 2>&1 - done + del_lookup_rule olsr-default + del_lookup_rule olsr + del_lookup_rule localnets + uci commit network start - restart_services } -- cgit v1.2.3