projects / openwrt / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
igmpproxy: drop SSDP packets
[openwrt/openwrt.git] / package / network / services / igmpproxy / files / igmpproxy.init
1 #!/bin/sh /etc/rc.common
2 # Copyright (C) 2010-2014 OpenWrt.org
3
4 START=99
5 USE_PROCD=1
6 PROG=/usr/sbin/igmpproxy
7 CONFIGFILE=/var/etc/igmpproxy.conf
8
9 igmp_header() {
10 local quickleave verbose
11 config_get_bool quickleave "$1" quickleave 0
12 config_get verbose "$1" verbose 1
13
14 [ $verbose = "0" ] && logopts="-d"
15 [ $verbose = "2" ] && logopts="-v"
16 [ $verbose = "3" ] && logopts="-v -v"
17
18 mkdir -p /var/etc
19 rm -f /var/etc/igmpproxy.conf
20 [ $quickleave -gt 0 ] && echo "quickleave" >> /var/etc/igmpproxy.conf
21
22 [ -L /etc/igmpproxy.conf ] || ln -nsf /var/etc/igmpproxy.conf /etc/igmpproxy.conf
23 }
24
25 igmp_add_phyint() {
26 local network direction altnets device up
27
28 config_get network $1 network
29 config_get direction $1 direction
30 config_get altnets $1 altnet
31
32 local status="$(ubus -S call "network.interface.$network" status)"
33 [ -n "$status" ] || return
34
35 json_load "$status"
36 json_get_var device l3_device
37 json_get_var up up
38
39 [ -n "$device" -a "$up" = "1" ] || {
40 procd_append_param error "$network is not up"
41 return;
42 }
43
44 append netdevs "$device"
45
46 [[ "$direction" = "upstream" ]] && has_upstream=1
47
48 echo -e "\nphyint $device $direction ratelimit 0 threshold 1" >> /var/etc/igmpproxy.conf
49
50 if [ -n "$altnets" ]; then
51 local altnet
52 for altnet in $altnets; do
53 echo -e "\taltnet $altnet" >> /var/etc/igmpproxy.conf
54 done
55 fi
56 }
57
58 igmp_add_network() {
59 local network
60
61 config_get network $1 network
62 procd_add_interface_trigger "interface.*" $network /etc/init.d/igmpproxy reload
63 }
64
65 igmp_add_firewall_routing() {
66 config_get direction $1 direction
67 config_get zone $1 zone
68
69 [[ "$direction" = "downstream" && ! -z "$zone" ]] || return 0
70
71 # First drop SSDP packets then accept all other multicast
72
73 json_add_object ""
74 json_add_string type rule
75 json_add_string src "$upstream"
76 json_add_string dest "$zone"
77 json_add_string family ipv4
78 json_add_string proto udp
79 json_add_string dest_ip "239.255.255.250"
80 json_add_string target DROP
81 json_close_object
82
83 json_add_object ""
84 json_add_string type rule
85 json_add_string src "$upstream"
86 json_add_string dest "$zone"
87 json_add_string family ipv4
88 json_add_string proto udp
89 json_add_string dest_ip "224.0.0.0/4"
90 json_add_string target ACCEPT
91 json_close_object
92 }
93
94 igmp_add_firewall_network() {
95 config_get direction $1 direction
96 config_get zone $1 zone
97
98 [ ! -z "$zone" ] || return
99
100 json_add_object ""
101 json_add_string type rule
102 json_add_string src "$zone"
103 json_add_string family ipv4
104 json_add_string proto igmp
105 json_add_string target ACCEPT
106 json_close_object
107
108 [[ "$direction" = "upstream" ]] && {
109 upstream="$zone"
110 config_foreach igmp_add_firewall_routing phyint
111 }
112 }
113
114 service_triggers() {
115 procd_add_reload_trigger "igmpproxy"
116 config_foreach igmp_add_network phyint
117 }
118
119 start_service() {
120 has_upstream=
121 netdevs=
122 logopts=
123 config_load igmpproxy
124
125 config_foreach igmp_header igmpproxy
126 config_foreach igmp_add_phyint phyint
127 [ -n "$has_upstream" ] || return
128
129 procd_open_instance
130 procd_set_param command $PROG '-n'
131 [ -n "$logopts" ] && procd_append_param command $logopts
132 procd_append_param command $CONFIGFILE
133 procd_set_param file $CONFIGFILE
134 procd_set_param netdev $netdevs
135 procd_set_param respawn
136
137 procd_open_data
138
139 json_add_array firewall
140 config_foreach igmp_add_firewall_network phyint
141 json_close_array
142
143 procd_close_data
144
145 procd_close_instance
146 }
147
148 service_started() {
149 procd_set_config_changed firewall
150 }
151
152 stop_service() {
153 procd_set_config_changed firewall
154 }
OpenWrt Source Repository