diff options
| author | André Valentin <avalentin@marcant.net> | 2019-06-08 13:48:08 +0200 |
|---|---|---|
| committer | Hans Dedecker <dedeckeh@gmail.com> | 2019-06-10 10:07:24 +0200 |
| commit | 452d88e8f798c550151cd1e1d204a528fb00db08 (patch) | |
| tree | e39de1ce23fafd86446fb07a3df01552e0bad426 /package/network/config/xfrm | |
| parent | cc092a285afa419711024fc72884e49d4983e14a (diff) | |
| download | upstream-452d88e8f798c550151cd1e1d204a528fb00db08.tar.gz upstream-452d88e8f798c550151cd1e1d204a528fb00db08.tar.bz2 upstream-452d88e8f798c550151cd1e1d204a528fb00db08.zip | |
config: add xfrm interface support scripts
This package adds scripts for xfrm interfaces support.
Example configuration via /etc/config/network:
config interface 'xfrm0'
option proto 'xfrm'
option mtu '1300'
option zone 'VPN'
option tunlink 'wan'
option ifid 30
config interface 'xfrm0_static'
option proto 'static'
option ifname '@xfrm0'
option ip6addr 'fe80::1/64'
option ipaddr '10.0.0.1/30'
Now set in strongswan IPsec policy:
if_id_in = 30
if_id_out = 30
Signed-off-by: André Valentin <avalentin@marcant.net>
Diffstat (limited to 'package/network/config/xfrm')
| -rw-r--r-- | package/network/config/xfrm/Makefile | 38 | ||||
| -rwxr-xr-x | package/network/config/xfrm/files/xfrm.sh | 65 |
2 files changed, 103 insertions, 0 deletions
diff --git a/package/network/config/xfrm/Makefile b/package/network/config/xfrm/Makefile new file mode 100644 index 0000000000..efc90cf318 --- /dev/null +++ b/package/network/config/xfrm/Makefile @@ -0,0 +1,38 @@ + +include $(TOPDIR)/rules.mk + +PKG_NAME:=xfrm +PKG_VERSION:=1 +PKG_RELEASE:=1 +PKG_LICENSE:=GPL-2.0 + +include $(INCLUDE_DIR)/package.mk + +define Package/xfrm/Default + SECTION:=net + CATEGORY:=Network + MAINTAINER:=Andre Valentin <avalentin@marcant.net> +endef + +define Package/xfrm +$(call Package/xfrm/Default) + TITLE:=XFRM IPsec Tunnel Interface config support + DEPENDS:=+kmod-xfrm-interface +endef + +define Package/xfrm/description + XFRM IPsec Tunnel Interface config support (IPv4 and IPv6) in /etc/config/network. +endef + +define Build/Compile +endef + +define Build/Configure +endef + +define Package/xfrm/install + $(INSTALL_DIR) $(1)/lib/netifd/proto + $(INSTALL_BIN) ./files/xfrm.sh $(1)/lib/netifd/proto/xfrm.sh +endef + +$(eval $(call BuildPackage,xfrm)) diff --git a/package/network/config/xfrm/files/xfrm.sh b/package/network/config/xfrm/files/xfrm.sh new file mode 100755 index 0000000000..df28d38613 --- /dev/null +++ b/package/network/config/xfrm/files/xfrm.sh @@ -0,0 +1,65 @@ +#!/bin/sh + +[ -n "$INCLUDE_ONLY" ] || { + . /lib/functions.sh + . /lib/functions/network.sh + . ../netifd-proto.sh + init_proto "$@" +} + +proto_xfrm_setup() { + local cfg="$1" + local mode="xfrm" + + local tunlink ifid mtu zone + json_get_vars tunlink ifid mtu zone + + proto_init_update "$cfg" 1 + + proto_add_tunnel + json_add_string mode "$mode" + json_add_int mtu "${mtu:-1280}" + + [ -z "$tunlink" ] && { + proto_notify_error "$cfg" NO_TUNLINK + proto_block_restart "$cfg" + exit + } + json_add_string link "$tunlink" + + [ -z "$ifid" ] && { + proto_notify_error "$cfg" NO_IFID + proto_block_restart "$cfg" + exit + } + json_add_object 'data' + [ -n "$ifid" ] && json_add_int ifid "$ifid" + json_close_object + + proto_close_tunnel + + proto_add_data + [ -n "$zone" ] && json_add_string zone "$zone" + proto_close_data + + proto_send_update "$cfg" +} + +proto_xfrm_teardown() { + local cfg="$1" +} + +proto_xfrm_init_config() { + no_device=1 + available=1 + + proto_config_add_int "mtu" + proto_config_add_string "tunlink" + proto_config_add_string "zone" + proto_config_add_int "ifid" +} + + +[ -n "$INCLUDE_ONLY" ] || { + [ -f /lib/modules/$(uname -r)/xfrm_interface.ko -o -d /sys/module/xfrm_interface ] && add_protocol xfrm +} |