config: add xfrm interface support scripts

This package adds scripts for xfrm interfaces support.
Example configuration via /etc/config/network:

config interface 'xfrm0'
        option proto 'xfrm'
        option mtu '1300'
        option zone 'VPN'
        option tunlink 'wan'
        option ifid 30

config interface 'xfrm0_static'
        option proto 'static'
        option ifname '@xfrm0'
        option ip6addr 'fe80::1/64'
        option ipaddr '10.0.0.1/30'

Now set in strongswan IPsec policy:
 	if_id_in = 30
	if_id_out = 30

Signed-off-by: André Valentin <avalentin@marcant.net>

diff --git a/package/network/config/xfrm/Makefile b/package/network/config/xfrm/Makefile
new file mode 100644 (file)
index 0000000..efc90cf
--- /dev/null
+++ b/package/network/config/xfrm/Makefile
@@ -0,0 +1,38 @@
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=xfrm
+PKG_VERSION:=1
+PKG_RELEASE:=1
+PKG_LICENSE:=GPL-2.0
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/xfrm/Default
+  SECTION:=net
+  CATEGORY:=Network
+  MAINTAINER:=Andre Valentin <avalentin@marcant.net>
+endef
+
+define Package/xfrm
+$(call Package/xfrm/Default)
+  TITLE:=XFRM IPsec Tunnel Interface config support
+  DEPENDS:=+kmod-xfrm-interface
+endef
+
+define Package/xfrm/description
+ XFRM IPsec Tunnel Interface config support (IPv4 and IPv6) in /etc/config/network.
+endef
+
+define Build/Compile
+endef
+
+define Build/Configure
+endef
+
+define Package/xfrm/install
+       $(INSTALL_DIR) $(1)/lib/netifd/proto
+       $(INSTALL_BIN) ./files/xfrm.sh $(1)/lib/netifd/proto/xfrm.sh
+endef
+
+$(eval $(call BuildPackage,xfrm))

diff --git a/package/network/config/xfrm/files/xfrm.sh b/package/network/config/xfrm/files/xfrm.sh
new file mode 100755 (executable)
index 0000000..df28d38
--- /dev/null
+++ b/package/network/config/xfrm/files/xfrm.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+[ -n "$INCLUDE_ONLY" ] || {
+       . /lib/functions.sh
+       . /lib/functions/network.sh
+       . ../netifd-proto.sh
+       init_proto "$@"
+}
+
+proto_xfrm_setup() {
+       local cfg="$1"
+       local mode="xfrm"
+
+       local tunlink ifid mtu zone
+       json_get_vars tunlink ifid mtu zone
+
+       proto_init_update "$cfg" 1
+
+       proto_add_tunnel
+       json_add_string mode "$mode"
+       json_add_int mtu "${mtu:-1280}"
+
+       [ -z "$tunlink" ] && {
+               proto_notify_error "$cfg" NO_TUNLINK
+               proto_block_restart "$cfg"
+               exit
+       }
+       json_add_string link "$tunlink"
+
+       [ -z "$ifid" ] && {
+               proto_notify_error "$cfg" NO_IFID
+               proto_block_restart "$cfg"
+               exit
+       }
+       json_add_object 'data'
+       [ -n "$ifid" ] && json_add_int ifid "$ifid"
+       json_close_object
+
+       proto_close_tunnel
+
+       proto_add_data
+       [ -n "$zone" ] && json_add_string zone "$zone"
+       proto_close_data
+
+       proto_send_update "$cfg"
+}
+
+proto_xfrm_teardown() {
+       local cfg="$1"
+}
+
+proto_xfrm_init_config() {
+       no_device=1
+       available=1
+
+       proto_config_add_int "mtu"
+       proto_config_add_string "tunlink"
+       proto_config_add_string "zone"
+       proto_config_add_int "ifid"
+}
+
+
+[ -n "$INCLUDE_ONLY" ] || {
+       [ -f /lib/modules/$(uname -r)/xfrm_interface.ko -o -d /sys/module/xfrm_interface ] && add_protocol xfrm
+}