gluon-mesh-vpn-fastd: use gluon-wan-dnsmasq

This commit is contained in:
Matthias Schiffer 2014-07-20 04:03:43 +02:00
parent f389ef925e
commit e9376fc3bd
5 changed files with 20 additions and 105 deletions

View File

@ -11,7 +11,7 @@ define Package/gluon-mesh-vpn-fastd
SECTION:=gluon SECTION:=gluon
CATEGORY:=Gluon CATEGORY:=Gluon
TITLE:=Support for connecting batman-adv meshes via fastd TITLE:=Support for connecting batman-adv meshes via fastd
DEPENDS:=+gluon-core +gluon-mesh-batman-adv +fastd DEPENDS:=+gluon-core +gluon-mesh-batman-adv +gluon-wan-dnsmasq +fastd +iptables-mod-extra
endef endef
define Package/gluon-mesh-vpn-fastd/description define Package/gluon-mesh-vpn-fastd/description

View File

@ -1,3 +0,0 @@
[ "$INTERFACE" = 'wan' ] || exit 0
/lib/gluon/mesh-vpn-fastd/update-dnsmasq

View File

@ -0,0 +1,3 @@
*nat
-I OUTPUT -m owner --gid-owner gluon-fastd -o lo -d 127.0.0.1 -p udp --dport 53 -j DNAT --to-destination :54
COMMIT

View File

@ -1,101 +0,0 @@
#!/bin/sh
. /lib/functions.sh
_json_push() {
export JSON_PATH="${JSON_PATH}/$1"
}
_json_pop() {
export JSON_PATH="${JSON_PATH%/*}"
}
json_init() {
export JSON_PATH=''
}
json_add_object() {
_json_push "$1"
}
json_close_object() {
_json_pop
}
json_add_array() {
_json_push "$1"
}
json_close_array() {
_json_pop
}
json_add_int() {
return
}
json_add_boolean() {
return
}
json_add_double() {
return
}
json_add_string() {
[ "$JSON_PATH" = '/inactive/dns_server' ] || return
echo "$2"
}
get_dns_server() {
eval `jshn -r "$(ubus call network.interface.wan status)"`
}
generate_dnsmasq_conf_remote() {
local remote="$1"; local servers="$2"
local hostname="$(echo "$remote" | awk -F \" '{print $2}')"
[ -n "$hostname" ] || return
for ns in $servers; do
echo "server=/$hostname/$ns"
done
}
generate_dnsmasq_conf_peer() {
local peer="$1"; local servers="$2"
local enabled; local net
config_get_bool enabled "$peer" 'enabled' 0
[ "$enabled" -gt 0 ] || return
config_get net "$peer" 'net'
[ "$net" = 'mesh_vpn' ] || return
config_list_foreach "$peer" 'remote' generate_dnsmasq_conf_remote "$servers"
}
generate_dnsmasq_conf() {
local servers="$1"
config_load fastd
config_foreach generate_dnsmasq_conf_peer 'peer' "$servers"
}
mkdir -p /var/gluon/mesh-vpn-fastd
generate_dnsmasq_conf "$(get_dns_server)" > /var/gluon/mesh-vpn-fastd/dnsmasq.conf.$$
lock /var/gluon/mesh-vpn-fastd/dnsmasq.conf.lock
if cmp -s /var/gluon/mesh-vpn-fastd/dnsmasq.conf.$$ /var/gluon/dnsmasq.d/mesh-vpn-fastd.conf; then
rm /var/gluon/mesh-vpn-fastd/dnsmasq.conf.$$
else
mv -f /var/gluon/mesh-vpn-fastd/dnsmasq.conf.$$ /var/gluon/dnsmasq.d/mesh-vpn-fastd.conf
/etc/init.d/dnsmasq restart
fi
lock -u /var/gluon/mesh-vpn-fastd/dnsmasq.conf.lock

View File

@ -13,9 +13,13 @@ local c = uci.cursor()
-- The previously used user is removed, we need root privileges to use the packet_mark option -- The previously used user is removed, we need root privileges to use the packet_mark option
users.remove_user('gluon-fastd') users.remove_user('gluon-fastd')
-- Group for iptables rule
users.add_group('gluon-fastd', 800)
c:section('fastd', 'fastd', 'mesh_vpn', c:section('fastd', 'fastd', 'mesh_vpn',
{ {
group = 'gluon-fastd',
syslog_level = 'verbose', syslog_level = 'verbose',
interface = 'mesh-vpn', interface = 'mesh-vpn',
mode = 'tap', mode = 'tap',
@ -70,3 +74,15 @@ c:section('network', 'interface', 'mesh_vpn',
c:save('network') c:save('network')
c:commit('network') c:commit('network')
c:section('firewall', 'include', 'mesh_vpn_dns',
{
type = 'restore',
path = '/lib/gluon/mesh-vpn-fastd/iptables.rules',
family = 'ipv4',
}
)
c:save('firewall')
c:commit('firewall')