4 import { access, basename, dirname, mkstemp, open, writefile, popen } from 'fs';
6 function assert(cond, message) {
15 let unet_tool = "unet-tool";
16 let script_dir = sourcepath(0, true);
18 if (basename(script_dir) == "scripts") {
19 unet_tool = `${dirname(script_dir)}/unet-tool`;
20 assert(access(unet_tool, "x"), "unet-tool missing");
31 const usage_message = `
32 Usage: ${basename(sourcepath())} [<flags>] <file> <command> [<args>] [<option>=<value> ...]
35 - create: Create a new network file
36 - set-config: Change network config parameters
37 - add-host <name>: Add a host
38 - add-ssh-host <name> <host>: Add a remote OpenWrt host via SSH
39 (<host> can contain SSH options as well)
40 - set-host <name>: Change host settings
41 - set-ssh-host <name> <host>: Update local and remote host settings
42 - add-service <name>: Add a service
43 - set-service <name>: Change service settings
44 - sign Sign network data
47 -p: Print modified JSON instead of updating file
50 - config options (create, set-config):
51 port=<val> set tunnel port (default: ${defaults.port})
52 pex_port=<val> set peer-exchange port (default: ${defaults.pex_port}, 0: disabled)
53 keepalive=<val> set keepalive interval (seconds, 0: off, default: ${defaults.keepalive})
54 stun=[+|-]<host:port>[,<host:port>...] set/add/remove STUN servers
55 - host options (add-host, add-ssh-host, set-host):
56 key=<val> set host public key (required for add-host)
57 port=<val> set host tunnel port number
58 pex_port=<val> set host peer-exchange port (default: network pex_port, 0: disabled)
59 groups=[+|-]<val>[,<val>...] set/add/remove groups that the host is a member of
60 ipaddr=[+|-]<val>[,<val>...] set/add/remove host ip addresses
61 subnet=[+|-]<val>[,<val>...] set/add/remove host announced subnets
62 endpoint=<val> set host endpoint address
63 gateway=<name> set host gateway (using name of other host)
64 - ssh host options (add-ssh-host, set-ssh-host)
65 auth_key=<key> use <key> as public auth key on the remote host
66 priv_key=<key> use <key> as private host key on the remote host (default: generate a new key)
67 interface=<name> use <name> as interface in /etc/config/network on the remote host
68 domain=<name> use <name> as hosts file domain on the remote host (default: unet)
69 connect=<val>[,<val>...] set IP addresses that the host will contact for network updates
70 tunnels=<ifname>:<service>[,...] set active tunnel devices
71 dht=0|1 set DHT enabled
72 - service options (add-service, set-service):
73 type=<val> set service type (required for add-service)
74 members=[+|-]<val>[,<val>...] set/add/remove service member hosts/groups
75 - vxlan service options (add-service, set-service):
77 port=<val> set VXLAN port
78 mtu=<val> set VXLAN device MTU
79 forward_ports=[+|-]<val>[,<val>...] set members allowed to receive broadcast/multicast/unknown-unicast
81 upload=<ip>[,<ip>...] upload signed file to hosts
93 let file = shift(ARGV);
94 let command = shift(ARGV);
97 int: function(object, name, val) {
98 object[name] = int(val);
100 string: function(object, name, val) {
103 array: function(object, name, val) {
104 let op = substr(val, 0, 1);
106 if (op == "+" || op == "-") {
107 val = substr(val, 1);
114 let vals = split(val, ",");
116 object[name] = filter(object[name], function(v) {
120 push(object[name], val);
123 if (!length(object[name]))
128 const service_field_types = {
133 forward_ports: "array",
145 if [ -n "$first" ]; then
150 uci $cmd "network.$INTERFACE.$field=$cur"
154 set_interface_attrs() {
155 [ -n "$AUTH_KEY" ] && uci set "network.$INTERFACE.auth_key=$AUTH_KEY"
156 [ -n "$DHT" ] && uci set "network.$INTERFACE.dht=$DHT"
157 set_list connect "$CONNECT"
158 set_list tunnels "$TUNNELS"
159 uci set "network.$INTERFACE.domain=$DOMAIN"
163 [ "$(uci -q get "network.$INTERFACE")" = "interface" -a "$(uci -q get "network.$INTERFACE.proto")" = "unet" ] && return 0
165 set network.$INTERFACE=interface
166 set network.$INTERFACE.proto=unet
167 set network.$INTERFACE.device=$INTERFACE
171 check_interface_key() {
172 key="$(uci -q get "network.$INTERFACE.key" | unet-tool -q -H -K -)"
174 uci set "network.$INTERFACE.key=$(unet-tool -G)"
175 key="$(uci get "network.$INTERFACE.key" | unet-tool -H -K -)"
188 let print_only = false;
190 function fetch_args() {
191 for (let arg in ARGV) {
192 let vals = match(arg, /^(.[[:alnum:]_-]*)=(.*)$/);
193 assert(vals, `Invalid argument: ${arg}`);
194 args[vals[1]] = vals[2]
198 function set_field(typename, object, name, val) {
199 if (!field_types[typename]) {
200 warn(`Invalid type ${type}\n`);
204 if (type(val) != "string")
212 field_types[typename](object, name, val);
215 function set_fields(object, list) {
217 set_field(list[f], object, f, args[f]);
220 function set_host(host) {
230 set_field("int", host, "peer-exchange-port", args.pex_port);
233 function set_service(service) {
234 set_fields(service, {
239 if (service_field_types[service.type])
240 set_fields(service.config, service_field_types[service.type]);
243 function sync_ssh_host(host) {
244 let interface = args.interface ?? "unet";
245 let connect = replace(args.connect ?? "", ",", " ");
246 let auth_key = args.auth_key;
247 let tunnels = replace(replace(args.tunnels ?? "", ",", " "), ":", "=");
248 let domain = args.domain ?? "unet";
251 if (args.dht == "1" || args.dht == "0")
258 system(`${unet_tool} -q -P -K ${file}.key >&${fh.fileno()}`);
260 auth_key = fh.read("line");
262 auth_key = replace(auth_key, "\n", "");
263 if (auth_key == "") {
264 warn("Could not read auth key\n");
270 fh.write(`INTERFACE='${interface}'\n`);
271 fh.write(`CONNECT='${connect}'\n`);
272 fh.write(`AUTH_KEY='${auth_key}'\n`);
273 fh.write(`TUNNELS='${tunnels}'\n`);
274 fh.write(`DOMAIN='${domain}'\n`);
275 fh.write(`DHT='${dht}'\n`);
276 fh.write(ssh_script);
281 system(`ssh ${host} sh <&${fh.fileno()} >&${fh2.fileno()}`);
287 while (line = fh2.read("line")) {
288 let vals = match(line, /^(.[[:alnum:]_-]*)=(.*)\n$/);
289 assert(vals, `Invalid argument: ${line}`);
290 data[vals[1]] = vals[2]
294 assert(data.key, "Could not read host key from SSH host");
299 while (substr(ARGV[0], 0, 1) == "-") {
300 let opt = shift(ARGV);
303 else if (opt == "-p")
309 let hostname, ssh_host, servicename;
311 if (command in [ "add-host", "set-host", "add-ssh-host", "set-ssh-host" ]) {
312 hostname = shift(ARGV);
313 assert(hostname, "Missing host name argument");
316 if (command in [ "add-ssh-host", "set-ssh-host" ]) {
317 ssh_host = shift(ARGV);
318 assert(ssh_host, "Missing SSH host/user argument");
321 if (command in [ "add-service", "set-service" ]) {
322 servicename = shift(ARGV);
323 assert(servicename, "Missing service name argument");
328 if (command in [ "add-ssh-host", "set-ssh-host" ]) {
329 sync_ssh_host(ssh_host);
330 command = replace(command, "ssh-", "");
335 if (command == "create") {
343 assert(fh, `Could not open input file ${file}`);
348 assert(false, `Could not parse input file ${file}`);
352 if (command == "create") {
353 for (let key, val in defaults)
354 args[key] ??= `${val}`;
355 if (!access(`${file}.key`))
356 system(`${unet_tool} -G > ${file}.key`);
357 net_data.config.id = trim(popen(`unet-tool -P -K ${file}.key`).read("all"));
360 if (command == "sign") {
361 let ret = system(`${unet_tool} -S -K ${file}.key -o ${file}.bin ${file}`);
366 for (let host in split(args.upload, ",")) {
367 warn(`Uploading ${file}.bin to ${host}\n`);
368 ret = system(`${unet_tool} -U ${host} -K ${file}.key ${file}.bin`);
370 warn("Upload failed\n");
379 set_fields(net_data.config, {
383 set_field("int", net_data.config, "peer-exchange-port", args.pex_port);
384 set_field("array", net_data.config, "stun-servers", args.stun);
388 net_data.hosts[hostname] = {};
389 assert(args.key, "Missing host key");
390 set_host(net_data.hosts[hostname]);
394 assert(net_data.hosts[hostname], `Host '${hostname}' does not exist`);
395 set_host(net_data.hosts[hostname]);
399 net_data.services[servicename] = {
403 assert(args.type, "Missing service type");
404 set_service(net_data.services[servicename]);
408 assert(net_data.services[servicename], `Service '${servicename}' does not exist`);
409 set_service(net_data.services[servicename]);
413 assert(false, "Unknown command");
416 const net_data_json = sprintf("%.J\n", net_data);
419 print(net_data_json);
421 writefile(file, net_data_json);