aboutsummaryrefslogblamecommitdiff
path: root/dist/netifd/wgconfd.sh
blob: 2f5783f5bbd70962ba98561b658ee6b47e3d4e57 (plain) (tree) 
86969f0

































































60092dd



86969f0








































ff7ea7b

86969f0

ff7ea7b

86969f0

60092dd



86969f0



60092dd



86969f0





































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

66
67
68

69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

109

110

111

112

113
114
115

116
117
118

119
120
121

122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222

































































                                                                 


                                                                         







































                                                                                   
                                      
                               
                                              
 


                                                                   


                                                              


                                                                    




































































































                                                                                                                                    
#!/bin/sh

WG=/usr/bin/wg
if [ ! -x "$WG" ]; then
        logger -t "wgconfd" "error: missing wgconfd (${WG})"
        exit 1
fi

CURL=/usr/bin/curl
if [ ! -x "$CURL" ]; then
        logger -t "wgconfd" "error: missing curl (${CURL})"
        exit 1
fi

WGCONFD=/usr/bin/wgconfd
if [ ! -x "$WGCONFD" ]; then
        logger -t "wgconfd" "error: missing wgconfd (${WGCONFD})"
        exit 1
fi

[ -n "$INCLUDE_ONLY" ] || {
	. /lib/functions.sh
	. ../netifd-proto.sh
	init_proto "$@"
}

proto_wgconfd_init_config() {
	proto_config_add_array 'ipaddr:ipaddr'
	proto_config_add_array 'ip6addr:ip6addr'
	proto_config_add_int 'mtu'

	proto_config_add_string 'private_key'
	proto_config_add_int 'listen_port'
	proto_config_add_string 'fwmark'

	proto_config_add_int 'refresh_sec'
	proto_config_add_int 'min_keepalive'
	proto_config_add_int 'max_keepalive'

	available=1
}

proto_wgconfd_setup__print() {
	local i
	for i; do
		# TODO: escape
		echo -n "$i "
	done
}

proto_wgconfd_setup__source() {
	local name val

	config_get name "$1" name
	[ -z "$name" ] && return
	config_get val "$1" url
	[ -z "$val" ] && return
	proto_wgconfd_setup__print source "$name" "$val"

	config_get val "$1" psk
	[ -n "$val" ] && proto_wgconfd_setup__print psk "$val"

	config_get_bool val "$1" required 0
	[ "$val" -eq 1 ] && proto_wgconfd_setup__print required

	config_get_bool val "$1" allow_road_warriors 1
	[ "$val" -eq 0 ] && proto_wgconfd_setup__print deny_road_warriors

	config_list_foreach "$1" ipv4 proto_wgconfd_setup__source_route ipv4 32

	config_list_foreach "$1" ipv6 proto_wgconfd_setup__source_route ipv6 128
}

proto_wgconfd_setup__source_route() {
	local p="$2"
	local maxlen="$3"
	local route=1
	set -- $1
	local r="$1"
	shift 1
	local i
	for i; do case "$i" in
		no-route)
			route=0
			;;
		*)
			true
			;;
	esac; done
	proto_wgconfd_setup__print "$p" "$r"
	if [ "$route" -eq 1 ]; then
		case "$r" in
			'')
				true
				;;
			*/*)
				echo "${p}_route ${r%/*} ${r##*/}" >> "$dir/update"
				;;
			*)
				echo "${p}_route $r $maxlen" >> "$dir/update"
				;;
		esac
	fi
}

proto_wgconfd_setup__peer() {
	local val

	config_get val "$1" public_key
	[ -z "$val" ] && return
	proto_wgconfd_setup__print peer "$val"

	config_get val "$1" endpoint
	[ -n "$val" ] && proto_wgconfd_setup__print endpoint "$val"

	config_get val "$1" psk
	[ -n "$val" ] && proto_wgconfd_setup__print psk "$val"

	config_get val "$1" keepalive
	[ -n "$val" ] && proto_wgconfd_setup__print keepalive "$val"

	config_get val "$1" source
	[ -n "$val" ] && proto_wgconfd_setup__print source "$val"
}

proto_wgconfd__echo_addr() {
	case "$1" in
		'')
			true
			;;
		*/*)
			echo "${3}_address ${1%/*} ${1##*/}" >> "$dir/update"
			;;
		*)
			echo "${3}_address $1 $4" >> "$dir/update"
			;;
	esac
}

proto_wgconfd_setup() {
	local interface="$1" ifname="$2" i r
	if [ -z "$ifname" ]; then
		ifname="$interface"
	fi

	local mtu
	local private_key listen_port fwmark
	local refresh_sec min_keepalive max_keepalive
	json_get_vars mtu private_key listen_port fwmark refresh_sec min_keepalive max_keepalive

	if [ -z "$private_key" ]; then
		proto_notify_error "$interface" NO_PRIVATE_KEY
		proto_block_restart "$interface"
		exit
	fi

	[ -n "$fwmark" ] && fwmark="fwmark $fwmark"

	dir="/tmp/wgconfd/$interface"
	if [ -d "$dir" ]; then
		rm -rf "$dir"
	fi
	mkdir -p /tmp/wgconfd
	if ! mkdir -m 0700 "$dir" || ! mkdir "$dir/cache" || ! echo "$private_key" > "$dir/private" || ! true > "$dir/update" ; then
		proto_notify_error "$interface" FS_ERROR
		return 1
	fi

	json_for_each_item proto_wgconfd__echo_addr ipaddr ipv4 32
	json_for_each_item proto_wgconfd__echo_addr ip6addr ipv6 128

	wgconfd_command="$(
		proto_wgconfd_setup__print "$WGCONFD" --cmdline "$ifname"
		config_load network
		config_foreach proto_wgconfd_setup__source wgconfd_source_"$interface"
		config_foreach proto_wgconfd_setup__peer wgconfd_peer_"$interface"
	)"

	ip link del dev "$ifname" 2>/dev/null
	if ! ip link add dev "$ifname" mtu "${mtu:-1420}" type wireguard; then
		proto_notify_error "$interface" IFACE_ERROR
		exit
	fi

	"$WG" set "$ifname" private-key "$dir/private" listen-port "${listen_port:-656}" $fwmark
	r="$?"
	rm -f "$dir/private"
	if [ "$r" != 0 ]; then
		ip link del dev "$ifname" 2>/dev/null
		proto_notify_error "$interface" WG_ERROR
		exit
	fi

	proto_init_update "$ifname" 1 0
	proto_set_keep 0
	while read i r; do
		proto_add_"$i" $r
	done < "$dir/update"
	# rm -f "$dir/update"
	proto_send_update "$interface"


	proto_export "WG=$WG"
	proto_export "CURL=$CURL"
	proto_export "RUNTIME_DIRECTORY=$dir"
	proto_export "CACHE_DIRECTORY=$dir/cache"
	proto_run_command "$interface" $wgconfd_command
}

proto_wgconfd_teardown() {
	local interface="$1" ifname="$2" i r
	if [ -z "$ifname" ]; then
		ifname="$interface"
	fi

	proto_kill_command "$interface"
	ip link del dev "$ifname" 2>/dev/null
}

[ -n "$INCLUDE_ONLY" ] || {
        add_protocol wgconfd
}
generated by cgit (git 2.34.1) at 2024-09-28 13:19:32 +0000