[OpenWrt-Devel] [PATCH v3 2/3] network/config: add xfrm interface support scripts

Hans Dedecker dedeckeh at gmail.com
Sun Jun 9 15:27:15 EDT 2019 

On Sat, Jun 8, 2019 at 1:48 PM André Valentin <avalentin at marcant.net> wrote:
>
> This package adds scripts for xfrm interfaces support.
> Example configuration via /etc/config/network:
>
> config interface 'xfrm0'
>         option proto 'xfrm'
>         option mtu '1300'
>         option zone 'VPN'
>         option tunlink 'wan'
>         option ifid 30
>
> config interface 'xfrm0_static'
>         option proto 'static'
>         option ifname '@xfrm0'
>         option ip6addr 'fe80::1/64'
>         option ipaddr '10.0.0.1/30'
>
> Now set in strongswan IPsec policy:
>         if_id_in = 30
>         if_id_out = 30
> ---
>  package/network/config/xfrm/Makefile      | 38 ++++++++++++++++++
>  package/network/config/xfrm/files/xfrm.sh | 65 +++++++++++++++++++++++++++++++
>  2 files changed, 103 insertions(+)
>  create mode 100644 package/network/config/xfrm/Makefile
>  create mode 100755 package/network/config/xfrm/files/xfrm.sh
>
> diff --git a/package/network/config/xfrm/Makefile b/package/network/config/xfrm/Makefile
> new file mode 100644
> index 0000000000..efc90cf318
> --- /dev/null
> +++ b/package/network/config/xfrm/Makefile
> @@ -0,0 +1,38 @@
> +
> +include $(TOPDIR)/rules.mk
> +
> +PKG_NAME:=xfrm
> +PKG_VERSION:=1
> +PKG_RELEASE:=1
> +PKG_LICENSE:=GPL-2.0
> +
> +include $(INCLUDE_DIR)/package.mk
> +
> +define Package/xfrm/Default
> +  SECTION:=net
> +  CATEGORY:=Network
> +  MAINTAINER:=Andre Valentin <avalentin at marcant.net>
> +endef
> +
> +define Package/xfrm
> +$(call Package/xfrm/Default)
> +  TITLE:=XFRM IPsec Tunnel Interface config support
> +  DEPENDS:=+kmod-xfrm-interface
> +endef
> +
> +define Package/xfrm/description
> + XFRM IPsec Tunnel Interface config support (IPv4 and IPv6) in /etc/config/network.
> +endef
> +
> +define Build/Compile
> +endef
> +
> +define Build/Configure
> +endef
> +
> +define Package/xfrm/install
> +       $(INSTALL_DIR) $(1)/lib/netifd/proto
> +       $(INSTALL_BIN) ./files/xfrm.sh $(1)/lib/netifd/proto/xfrm.sh
> +endef
> +
> +$(eval $(call BuildPackage,xfrm))
> diff --git a/package/network/config/xfrm/files/xfrm.sh b/package/network/config/xfrm/files/xfrm.sh
> new file mode 100755
> index 0000000000..df28d38613
> --- /dev/null
> +++ b/package/network/config/xfrm/files/xfrm.sh
> @@ -0,0 +1,65 @@
> +#!/bin/sh
> +
> +[ -n "$INCLUDE_ONLY" ] || {
> +       . /lib/functions.sh
> +       . /lib/functions/network.sh
> +       . ../netifd-proto.sh
> +       init_proto "$@"
> +}
> +
> +proto_xfrm_setup() {
> +       local cfg="$1"
> +       local mode="xfrm"
> +
> +       local tunlink ifid mtu zone
> +       json_get_vars tunlink ifid mtu zone
> +
> +       proto_init_update "$cfg" 1
> +
> +       proto_add_tunnel
> +       json_add_string mode "$mode"
> +       json_add_int mtu "${mtu:-1280}"
> +
> +       [ -z "$tunlink" ] && {
> +               proto_notify_error "$cfg" NO_TUNLINK
> +               proto_block_restart "$cfg"
> +               exit
> +       }
> +       json_add_string link "$tunlink"
> +
> +       [ -z "$ifid" ] && {
> +               proto_notify_error "$cfg" NO_IFID
> +               proto_block_restart "$cfg"
> +               exit
> +       }
> +       json_add_object 'data'
> +       [ -n "$ifid" ] && json_add_int ifid "$ifid"
> +       json_close_object
> +
> +       proto_close_tunnel
> +
> +       proto_add_data
> +       [ -n "$zone" ] && json_add_string zone "$zone"
> +       proto_close_data
> +
> +       proto_send_update "$cfg"
> +}
> +
> +proto_xfrm_teardown() {
> +       local cfg="$1"
> +}
> +
> +proto_xfrm_init_config() {
> +       no_device=1
> +       available=1
> +
> +       proto_config_add_int "mtu"
> +       proto_config_add_string "tunlink"
> +       proto_config_add_string "zone"
> +       proto_config_add_int "ifid"
> +}
> +
> +
> +[ -n "$INCLUDE_ONLY" ] || {
> +       [ -f /lib/modules/$(uname -r)/xfrm_interface.ko -o -d /sys/module/xfrm_interface ] && add_protocol xfrm
I missed the check for /sys/module/xfrm_interface in my initial
review; is there any specific reason for this additional check beside
the xfrm_interface.ko check ?

Hans
> +}
> --
> 2.11.0
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list