From 133274c607ad3bb145404a15dc0e19921c481032 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Old=C5=99ich=20Jedli=C4=8Dka?= Date: Mon, 9 Apr 2018 13:52:39 +0200 Subject: [PATCH] fwknopd: More reliable network dependency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two issues: 1. The fwknopd init script did not handle unprepared logical networks. This is fixed by A) not defining instance for procd when the physical interface is unknown, and B) by watching the logical network for changes. 2. When using PPPoE, there are two physical interfaces -- one for raw PPPoE communication and one for wrapped communication. The function network_get_physdev returns the physical device, while the function network_get_device returns the wrapped one -- we shall use the wrapped interface. Usually (for non-wrapped interfaces) the physdev and device are the same, also other network scripts use the latter function. Both issues found by and thanks are going to @lucize. Signed-off-by: Oldřich Jedlička --- net/fwknop/Makefile | 2 +- net/fwknop/files/fwknopd | 7 +++- net/fwknop/files/fwknopd.init | 61 ++++++++++++++++++++++------------- 3 files changed, 45 insertions(+), 25 deletions(-) diff --git a/net/fwknop/Makefile b/net/fwknop/Makefile index 65a1c9416..bbc564308 100644 --- a/net/fwknop/Makefile +++ b/net/fwknop/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fwknop PKG_VERSION:=2.6.9 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=http://www.cipherdyne.org/fwknop/download diff --git a/net/fwknop/files/fwknopd b/net/fwknop/files/fwknopd index 8a2b7599e..e6db76b33 100644 --- a/net/fwknop/files/fwknopd +++ b/net/fwknop/files/fwknopd @@ -2,7 +2,9 @@ config global # option uci_enabled '1' config network -# option network 'wan' # takes precedence over config.PCAP_INTF + # Logical network dependency, fully tracked, fwknopd gets restarted when + # necessary. Specifying network takes precedence over config.PCAP_INTF +# option network 'wan' config access option SOURCE 'ANY' @@ -10,3 +12,6 @@ config access option KEY 'CHANGEME' config config + # Alternative direct physical interface definition, but untracked - you + # are on your own to correctly start/stop the service when needed +# option PCAP_INTF 'eth0' diff --git a/net/fwknop/files/fwknopd.init b/net/fwknop/files/fwknopd.init index f59691151..b77b1439d 100644 --- a/net/fwknop/files/fwknopd.init +++ b/net/fwknop/files/fwknopd.init @@ -14,24 +14,31 @@ start_service() { generate_configuration - procd_open_instance - procd_set_param command "$FWKNOPD_BIN" --foreground --syslog-enable - procd_set_param respawn - - if [ $UCI_ENABLED -eq 1 ]; then - procd_append_param command -c /var/etc/fwknopd.conf - procd_append_param command -a /var/etc/access.conf + if [ -n "$DEPEND_IFNAME" ] ; then + # We know the interface, so we can start + procd_open_instance + procd_set_param command "$FWKNOPD_BIN" --foreground --syslog-enable + procd_set_param respawn + if [ $UCI_ENABLED -eq 1 ]; then + procd_append_param command -c /var/etc/fwknopd.conf + procd_append_param command -a /var/etc/access.conf + fi + procd_append_param command -i "$DEPEND_IFNAME" + procd_set_param netdev "$DEPEND_IFNAME" + procd_close_instance + else + logger -p daemon.info -t "fwknopd[----]" "Postponing start-up of fwknopd, network $NETWORK is not up" fi - - procd_append_param command -i "$DEPEND_IFNAME" - procd_set_param netdev "$DEPEND_IFNAME" - - procd_close_instance } service_triggers() { procd_add_reload_trigger "fwknopd" + + if [ -n "$NETWORK" ] ; then + logger -p daemon.info -t "fwknopd[----]" "Listening for changes on network $NETWORK" + procd_add_reload_interface_trigger "$NETWORK" + fi } get_bool() @@ -51,7 +58,7 @@ generate_configuration() UCI_ENABLED=0 DEPEND_IFNAME= - local NETWORK= + NETWORK= local PCAP_INTF= local USER_CONFIG_PATH=/etc/fwknop/fwknopd.conf local DEFAULT_UCI_NETWORK=wan @@ -67,9 +74,16 @@ generate_configuration() if [ "$option" = "uci_enabled" ] && [ "$(get_bool "$value" 0)" -eq 1 ] ; then > /var/etc/fwknopd.conf > /var/etc/access.conf - chmod 600 /var/etc/fwknopd.conf - chmod 600 /var/etc/access.conf + chmod 600 /var/etc/fwknopd.conf + chmod 600 /var/etc/access.conf UCI_ENABLED=1 + + # Forced defaults + + # Do not let fwknopd to shut-down when interface goes down, + # control it from the start-up script instead: + # https://bugs.openwrt.org/index.php?do=details&task_id=1481 + echo "EXIT_AT_INTF_DOWN n" >> /var/etc/fwknopd.conf fi } elif [ "$type" = "network" ]; then @@ -87,12 +101,13 @@ generate_configuration() if [ $UCI_ENABLED -eq 1 ] && [ $option = "PCAP_INTF" ]; then PCAP_INTF="$value" echo "$option $value" >> /var/etc/fwknopd.conf #writing each option to fwknopd.conf + elif [ $UCI_ENABLED -eq 1 ] && [ $option = "EXIT_AT_INTF_DOWN" ]; then + logger -p daemon.warn -t "fwknopd[----]" "Ignoring EXIT_AT_INTF_DOWN option, forced to N (no) to work reliably with procd" elif [ $UCI_ENABLED -eq 1 ]; then echo "$option $value" >> /var/etc/fwknopd.conf #writing each option to fwknopd.conf fi } - elif [ "$type" = "access" ] - then + elif [ "$type" = "access" ]; then if [ -f /tmp/access.conf.tmp ] ; then cat /tmp/access.conf.tmp >> /var/etc/access.conf rm /tmp/access.conf.tmp @@ -108,7 +123,7 @@ generate_configuration() fi } else - option_cb() { return; } + reset_cb if [ -z "$type" ]; then # Finalize reading if [ -f /tmp/access.conf.tmp ] ; then @@ -125,8 +140,8 @@ generate_configuration() if [ $UCI_ENABLED -eq 0 ]; then if [ -f $USER_CONFIG_PATH ] ; then - # Scan user configuration for PCAP_INTF settings - DEPEND_IFNAME="$( sed -ne '/^\s*PCAP_INTF\s\+/ { s/^\s*PCAP_INTF\s\+//; s/\s\+$//; p; q; }' /etc/fwknop/fwknopd.conf )" + # Scan user configuration for PCAP_INTF settings and fallback to fwknopd's default + DEPEND_IFNAME="$( sed -ne '/^\s*PCAP_INTF\s\+/ { s/^\s*PCAP_INTF\s\+//; s/\s\+$//; p; q; }' $USER_CONFIG_PATH )" if [ -n "$DEPEND_IFNAME" ]; then logger -p daemon.debug -t "fwknopd[----]" "Found fwknopd.conf configuration, using PCAP_INTF interface $DEPEND_IFNAME" else @@ -146,14 +161,14 @@ generate_configuration() NETWORK="$DEFAULT_UCI_NETWORK" fi + # Resolve network if possible if [ -n "$NETWORK" ]; then . /lib/functions/network.sh - network_get_physdev DEPEND_IFNAME "$NETWORK" + network_get_device DEPEND_IFNAME "$NETWORK" if [ -n "$DEPEND_IFNAME" ]; then logger -p daemon.debug -t "fwknopd[----]" "Resolved network $NETWORK as interface $DEPEND_IFNAME" else - logger -p daemon.warn -t "fwknopd[----]" "Cannot find interface for network $NETWORK, fwknopd's default $DEFAULT_FWKNOPD_IFNAME will be used" - DEPEND_IFNAME="$DEFAULT_FWKNOPD_IFNAME" + logger -p daemon.warn -t "fwknopd[----]" "Cannot find interface for network $NETWORK, probably the network is not up" fi elif [ -n "$PCAP_INTF" ]; then DEPEND_IFNAME="$PCAP_INTF"