igmpproxy: fix creation of firewall rules

[openwrt/openwrt.git] / package / network / services / igmpproxy / files / igmpproxy.init

diff --git a/package/network/services/igmpproxy/files/igmpproxy.init b/package/network/services/igmpproxy/files/igmpproxy.init
index a45978f5b681abd72aa9ea0e4bbdb504f4cdc2ff..009bb5d429c676881519e2c851340239fee55329 100644 (file)
--- a/package/network/services/igmpproxy/files/igmpproxy.init
+++ b/package/network/services/igmpproxy/files/igmpproxy.init
@@ -1,30 +1,18 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2010-2012 OpenWrt.org
+# Copyright (C) 2010-2014 OpenWrt.org
 
 START=99
-STOP=10
-
-SERVICE_DAEMONIZE=1
-SERVICE_WRITE_PID=1
-
-# igmpproxy supports both a debug mode and verbosity, which are very useful
-# when something isn't working.
-#
-# Debug mode will print everything to stdout instead of syslog. Generally
-# verbosity should NOT be set as it will quickly fill your syslog.
-#
-# Put any debug or verbosity options into IGMP_OPTS
-#
-# Examples:
-# OPTIONS="-d -v -v" - debug mode and very verbose, this will land in
-#                        stdout and not in syslog
-# OPTIONS="-v" - be verbose, this will write aditional information to syslog
-
-OPTIONS=""
+USE_PROCD=1
+PROG=/usr/sbin/igmpproxy
+CONFIGFILE=/var/etc/igmpproxy.conf
 
 igmp_header() {
-       local quickleave
+       local quickleave verbose
        config_get_bool quickleave "$1" quickleave 0
+       config_get verbose "$1" verbose 0
+
+       [ $verbose = "1" ] && logopts="-v"
+       [ $verbose = "2" ] && logopts="-v -v"
 
        mkdir -p /var/etc
        rm -f /var/etc/igmpproxy.conf
@@ -34,30 +22,120 @@ igmp_header() {
 }
 
 igmp_add_phyint() {
-        local network direction altnets
+       local network direction altnets device up
+
+       config_get network $1 network
+       config_get direction $1 direction
+       config_get altnets $1 altnet
+
+       local status="$(ubus -S call "network.interface.$network" status)"
+       [ -n "$status" ] || return
+
+       json_load "$status"
+       json_get_var device l3_device
+       json_get_var up up
+
+       [ -n "$device" -a "$up" = "1" ] || {
+               procd_append_param error "$network is not up"
+               return;
+       }
+
+       append netdevs "$device"
+
+       [[ "$direction" = "upstream" ]] && has_upstream=1
+
+       echo -e "\nphyint $device $direction ratelimit 0 threshold 1" >> /var/etc/igmpproxy.conf
+
+       if [ -n "$altnets" ]; then
+               local altnet
+               for altnet in $altnets; do
+                       echo -e "\taltnet $altnet" >> /var/etc/igmpproxy.conf
+               done
+       fi
+}
+
+igmp_add_network() {
+       local network
+
+       config_get network $1 network
+       procd_add_interface_trigger "interface.*" $network /etc/init.d/igmpproxy reload
+}
+
+igmp_add_firewall_routing() {
+       config_get direction $1 direction
+       config_get zone $1 zone
 
-        config_get network $1 network
-        config_get direction $1 direction
-        config_get altnets $1 altnet
+       [[ "$direction" = "downstream" && ! -z "$zone" ]] || return 0
 
-        device=$(uci_get_state network "$network" ifname "$network")
-        echo -e "\nphyint $device $direction ratelimit 0 threshold 1" >> /var/etc/igmpproxy.conf
+       json_add_object ""
+       json_add_string type rule
+       json_add_string src "$upstream"
+       json_add_string dest "$zone"
+       json_add_string family ipv4
+       json_add_string proto udp
+       json_add_string dest_ip "224.0.0.0/4"
+       json_add_string target ACCEPT
+       json_close_object
+}
+
+igmp_add_firewall_network() {
+       config_get direction $1 direction
+       config_get zone $1 zone
+
+       [ ! -z "$zone" ] || return
+
+       json_add_object ""
+       json_add_string type rule
+       json_add_string src "$zone"
+       json_add_string family ipv4
+       json_add_string proto igmp
+       json_add_string target ACCEPT
+       json_close_object
 
-        if [ -n "$altnets" ]; then
-                local altnet
-                for altnet in $altnets; do
-                        echo -e "\taltnet $altnet" >> /var/etc/igmpproxy.conf
-                done
-        fi
+       [[ "$direction" = "upstream" ]] && {
+               upstream="$zone"
+               config_foreach igmp_add_firewall_routing phyint
+       }
 }
 
-start() {
+service_triggers() {
+       procd_add_reload_trigger "igmpproxy"
+       config_foreach igmp_add_network phyint
+}
+
+start_service() {
+       has_upstream=
+       netdevs=
+       logopts=
        config_load igmpproxy
+
        config_foreach igmp_header igmpproxy
        config_foreach igmp_add_phyint phyint
-       service_start /usr/sbin/igmpproxy $OPTIONS /etc/igmpproxy.conf
+       [ -n "$has_upstream" ] || return
+
+       procd_open_instance
+       procd_set_param command $PROG
+       [ -n "$logopts" ] && procd_append_param command $logopts
+       procd_append_param command $CONFIGFILE
+       procd_set_param file $CONFIGFILE
+       procd_set_param netdev $netdevs
+       procd_set_param respawn
+
+       procd_open_data
+
+       json_add_array firewall
+       config_foreach igmp_add_firewall_network phyint
+       json_close_array
+
+       procd_close_data
+
+       procd_close_instance
+}
+
+service_started() {
+       procd_set_config_changed firewall
 }
 
-stop() {
-       service_stop /usr/sbin/igmpproxy
+stop_service() {
+       procd_set_config_changed firewall
 }