LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6009 Commits
1 Branch
46 MiB
Tree: 2fe6c4a29e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2fe6c4a29e'
${ noResults }
openwrt-packages-dist/net/ipsec-tools/files/functions.sh

137 lines
2.4 KiB
Raw Normal View History

ipsec-tools: racoon uci integration Signed-Off-By: Vitaly Protsko <villy@sft.ru> --- b/net/ipsec-tools/Makefile | 16 - b/net/ipsec-tools/files/functions.sh | 137 +++++++++ b/net/ipsec-tools/files/p1client-down | 41 ++ b/net/ipsec-tools/files/p1client-up | 41 ++ b/net/ipsec-tools/files/racoon | 109 +++++++ b/net/ipsec-tools/files/racoon.init | 478 +++++++++++++++++++++++++++++++++- b/net/ipsec-tools/files/vpnctl | 19 + net/ipsec-tools/files/racoon.conf | 36 -- 8 files changed, 824 insertions(+), 53 deletions(-)
10 years ago
 
  1. #!/bin/sh

  2. #
  3. # Copyright (C) 2015 Vitaly Protsko <villy@sft.ru>
  4. 

  5. errno=0
  6. 

  7. get_fieldval() {
  8.   local __data="$3"
  9.   local __rest
  10. 

  11.   test -z "$1" && return
  12. 

  13.   while true ; do
  14.     __rest=${__data#* }
  15.     test "$__rest" = "$__data" && break
  16. 

  17.     if [ "${__data/ *}" = "$2" ]; then
  18.       eval "$1=${__rest/ *}"
  19.       break
  20.     fi
  21. 

  22.     __data="$__rest"
  23.   done
  24. }
  25. 

  26. manage_fw() {
  27.   local cmd=/usr/sbin/iptables
  28.   local mode
  29.   local item
  30. 

  31.   if [ -z "$4" ]; then
  32.     $log "Bad usage of manage_fw"
  33.     errno=3; return 3
  34.   fi
  35. 

  36.   case "$1" in
  37.     add|up|1) mode=A ;;
  38.     del|down|0) mode=D ;;
  39.     *) return 3 ;;
  40.   esac
  41. 

  42.   for item in $4 ; do
  43.     $cmd -$mode forwarding_$2_rule -s $item -j ACCEPT
  44.     $cmd -$mode output_$3_rule -d $item -j ACCEPT
  45.     $cmd -$mode forwarding_$3_rule -d $item -j ACCEPT
  46.     $cmd -t nat -$mode postrouting_$3_rule -d $item -j ACCEPT
  47.   done
  48. }
  49. 

  50. manage_sa() {
  51.   local spdcmd
  52.   local rtcmd
  53.   local gate
  54.   local litem
  55.   local ritem
  56. 

  57.   if [ -z "$4" ]; then
  58.     $log "Bad usage of manage_sa"
  59.     errno=3; return 3
  60.   fi
  61. 

  62.   case "$1" in
  63.     add|up|1) spdcmd=add; rtcmd=add ;;
  64.     del|down|0) spdcmd=delete; rtcmd=del ;;
  65.     *) errno=3; return 3 ;;
  66.   esac
  67. 

  68.   get_fieldval gate src "$(/usr/sbin/ip route get $4)"
  69.   if [ -z "$gate" ]; then
  70.     $log "Can not find outbound IP for $4"
  71.     errno=3; return 3
  72.   fi
  73. 

  74. 

  75.   for litem in $2 ; do
  76.     for ritem in $3 ; do
  77.       echo "

  78. spd$spdcmd $litem $ritem any -P out ipsec esp/tunnel/$gate-$4/require;
  79. spd$spdcmd $ritem $litem any -P in ipsec esp/tunnel/$4-$gate/require;
  80. " | /usr/sbin/setkey -c 1>&2

  81.     done
  82.   done
  83. 

  84.   test -n "$5" && gate=$5
  85. 

  86.   for ritem in $3 ; do
  87.     (sleep 3; /usr/sbin/ip route $rtcmd $ritem via $gate) &
  88.   done
  89. }
  90. 

  91. 

  92. . /lib/functions/network.sh
  93. 

  94. get_zoneiflist() {
  95.   local item
  96.   local data
  97.   local addr
  98. 

  99.   item=0
  100.   data=$(uci get firewall.@zone[0].name)
  101.   while [ -n "$data" ]; do
  102.     test "$data" = "$1" && break
  103.     let "item=$item+1"
  104.     data=$(uci get firewall.@zone[$item].name)
  105.   done
  106. 

  107.   if [ -z "$data" ]; then
  108.     errno=1
  109.     return $errno
  110.   fi
  111.   data=$(uci get firewall.@zone[$item].network)
  112. 

  113.   echo "$data"
  114. }
  115. 

  116. get_zoneiplist() {
  117.   local item
  118.   local addr
  119.   local data
  120.   local result
  121. 

  122.   data=$(get_zoneiflist $1)
  123.   test $? -gt 0 -o $errno -gt 0 -o -z "$data" && return $errno
  124. 

  125.   for item in $data ; do
  126.     if network_is_up $item ; then
  127.       network_get_ipaddrs addr $item
  128.       test $? -eq 0 && result="$result $addr"
  129.     fi
  130.   done
  131. 

  132.   result=$(echo $result)
  133.   echo "$result"
  134. }
  135. 

  136. 

  137. # EOF /etc/racoon/functions.sh