net/pbr/Makefile

   1 # Copyright 2017-2022 Stan Grishin (stangri@melmac.ca)
   2 # This is free software, licensed under the GNU General Public License v3.
   3
   4 include $(TOPDIR)/rules.mk
   5
   6 PKG_NAME:=pbr
   7 PKG_VERSION:=1.1.1
   8 PKG_RELEASE:=7
   9 PKG_LICENSE:=GPL-3.0-or-later
  10 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
  11
  12 include $(INCLUDE_DIR)/package.mk
  13
  14 define Package/pbr/Default
  15   SECTION:=net
  16   CATEGORY:=Network
  17   SUBMENU:=Routing and Redirection
  18   TITLE:=Policy Based Routing Service
  19   URL:=https://docs.openwrt.melmac.net/pbr/
  20   DEPENDS:=+ip-full +jshn +jsonfilter +resolveip
  21   CONFLICTS:=vpnbypass vpn-policy-routing
  22   PKGARCH:=all
  23 endef
  24
  25 define Package/pbr
  26 $(call Package/pbr/Default)
  27   TITLE+= with nft/nft set support
  28   DEPENDS+=+kmod-nft-core +kmod-nft-nat +nftables-json
  29   VARIANT:=nftables
  30   PROVIDES:=vpnbypass vpn-policy-routing
  31   DEFAULT_VARIANT:=1
  32 endef
  33
  34 define Package/pbr-iptables
  35 $(call Package/pbr/Default)
  36   TITLE+= with iptables/ipset support
  37   DEPENDS+=+ipset +iptables +kmod-ipt-ipset +iptables-mod-ipopt
  38   VARIANT:=iptables
  39   PROVIDES:=pbr
  40 endef
  41
  42 define Package/pbr-netifd
  43 $(call Package/pbr/Default)
  44   TITLE+= with netifd support
  45   VARIANT:=netifd
  46   PROVIDES:=pbr
  47 endef
  48
  49 define Package/pbr/description
  50 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  51 This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
  52 endef
  53
  54 define Package/pbr-iptables/description
  55 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  56 This version supports OpenWrt with firewall3/ipset/iptables.
  57 endef
  58
  59 define Package/pbr-netifd/description
  60 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  61 This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
  62 This version uses OpenWrt native netifd/tables to set up interfaces. This is WIP.
  63 endef
  64
  65 define Package/pbr/conffiles
  66 /etc/config/pbr
  67 endef
  68
  69 Package/pbr-iptables/conffiles = $(Package/pbr/conffiles)
  70 Package/pbr-netifd/conffiles = $(Package/pbr/conffiles)
  71
  72 define Build/Configure
  73 endef
  74
  75 define Build/Compile
  76 endef
  77
  78 define Package/pbr/default/install
  79         $(INSTALL_DIR) $(1)/etc/init.d
  80         $(INSTALL_BIN) ./files/etc/init.d/pbr.init $(1)/etc/init.d/pbr
  81         $(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/pbr
  82         $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
  83         $(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
  84         $(INSTALL_DIR) $(1)/etc/uci-defaults
  85         $(INSTALL_BIN)  ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
  86         $(INSTALL_DIR) $(1)/usr/share/pbr
  87         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws
  88         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix
  89 endef
  90
  91 define Package/pbr/install
  92 $(call Package/pbr/default/install,$(1))
  93         $(INSTALL_DIR) $(1)/etc/config
  94         $(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
  95         $(INSTALL_DIR) $(1)/usr/share/pbr
  96         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.firewall.include $(1)/usr/share/pbr/pbr.firewall.include
  97         $(INSTALL_DIR) $(1)/usr/share/nftables.d
  98         $(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d/
  99 endef
 100
 101 define Package/pbr-iptables/install
 102 $(call Package/pbr/default/install,$(1))
 103         $(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
 104         $(INSTALL_DATA) ./files/etc/hotplug.d/firewall/70-pbr $(1)/etc/hotplug.d/firewall/70-pbr
 105         $(INSTALL_DIR) $(1)/etc/config
 106         $(INSTALL_CONF) ./files/etc/config/pbr.iptables $(1)/etc/config/pbr
 107 endef
 108
 109 define Package/pbr-netifd/install
 110 $(call Package/pbr/default/install,$(1))
 111         $(INSTALL_DIR) $(1)/etc/config
 112         $(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
 113         $(INSTALL_DIR) $(1)/etc/uci-defaults
 114         $(INSTALL_BIN)  ./files/etc/uci-defaults/91-pbr $(1)/etc/uci-defaults/91-pbr
 115 endef
 116
 117 define Package/pbr/postinst
 118         #!/bin/sh
 119         # check if we are on real system
 120         if [ -z "$${IPKG_INSTROOT}" ]; then
 121                 chmod -x /etc/init.d/pbr || true
 122                 fw4 -q reload || true
 123                 chmod +x /etc/init.d/pbr || true
 124                 echo -n "Installing rc.d symlink for pbr... "
 125                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 126         fi
 127         exit 0
 128 endef
 129
 130 define Package/pbr/prerm
 131         #!/bin/sh
 132         # check if we are on real system
 133         if [ -z "$${IPKG_INSTROOT}" ]; then
 134                 uci -q delete firewall.pbr || true
 135                 echo "Stopping pbr service... "
 136                 /etc/init.d/pbr stop && echo "OK" || echo "FAIL"
 137                 echo -n "Removing rc.d symlink for pbr... "
 138                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 139         fi
 140         exit 0
 141 endef
 142
 143 define Package/pbr/postrm
 144         #!/bin/sh
 145         # check if we are on real system
 146         if [ -z "$${IPKG_INSTROOT}" ]; then
 147                 fw4 -q reload || true
 148         fi
 149         exit 0
 150 endef
 151
 152 define Package/pbr-iptables/postinst
 153         #!/bin/sh
 154         # check if we are on real system
 155         if [ -z "$${IPKG_INSTROOT}" ]; then
 156                 echo -n "Installing rc.d symlink for pbr-iptables... "
 157                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 158         fi
 159         exit 0
 160 endef
 161
 162 define Package/pbr-iptables/prerm
 163         #!/bin/sh
 164         # check if we are on real system
 165         if [ -z "$${IPKG_INSTROOT}" ]; then
 166                 uci -q delete firewall.pbr || true
 167                 echo "Stopping pbr-iptables service... "
 168                 /etc/init.d/pbr stop && echo "OK" || echo "FAIL"
 169                 echo -n "Removing rc.d symlink for pbr-iptables... "
 170                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 171         fi
 172         exit 0
 173 endef
 174
 175 define Package/pbr-netifd/postinst
 176         #!/bin/sh
 177         # check if we are on real system
 178         if [ -z "$${IPKG_INSTROOT}" ]; then
 179                 echo -n "Installing rc.d symlink for pbr-netifd... "
 180                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 181         fi
 182         exit 0
 183 endef
 184
 185 define Package/pbr-netifd/prerm
 186         #!/bin/sh
 187         # check if we are on real system
 188         if [ -z "$${IPKG_INSTROOT}" ]; then
 189                 uci -q delete firewall.pbr || true
 190                 echo "Stopping pbr-netifd service... "
 191                 /etc/init.d/pbr stop && echo "OK" || echo "FAIL"
 192                 echo -n "Removing rc.d symlink for pbr... "
 193                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 194         fi
 195         exit 0
 196 endef
 197
 198 $(eval $(call BuildPackage,pbr))
 199 $(eval $(call BuildPackage,pbr-iptables))
 200 #$(eval $(call BuildPackage,pbr-netifd))