strongswan: add interface uci list

The interface config option allows users to configure logical OpenWRT
interface names in the ipsec section; it allows StrongSwan to listen
and send traffic on specified interface(s). It translates to interfaces_use
StrongSwan option which is a comma sepearted list of network devices
that should be used by charon.
Since StrongSwan can only be started when one of the specified logical
OpenWRT interface is up procd interface triggers are installed to
trigger the reload script.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile
index aff11fdef40b48a1b3f865b2ee972358e5ca011d..1c52175660a61dc71b64babb9cc649ac06972bda 100644 (file)
--- a/net/strongswan/Makefile
+++ b/net/strongswan/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=strongswan
 PKG_VERSION:=5.6.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_HASH:=e0c282d8ad418609c5dfb5e8efa01b28b95ef3678070ed47bf2a229f55f4ab53

diff --git a/net/strongswan/files/ipsec.init b/net/strongswan/files/ipsec.init
index 1e0adfd1141a4855e2c290999ef239a3a90b2be5..07ccffd2e5ac421428a957efee683257131c40a9 100644 (file)
--- a/net/strongswan/files/ipsec.init
+++ b/net/strongswan/files/ipsec.init
@@ -7,6 +7,7 @@ USE_PROCD=1
 PROG=/usr/lib/ipsec/starter
 
 . $IPKG_INSTROOT/lib/functions.sh
+. $IPKG_INSTROOT/lib/functions/network.sh
 
 IPSEC_SECRETS_FILE=/etc/ipsec.secrets
 IPSEC_CONN_FILE=/etc/ipsec.conf
@@ -16,6 +17,8 @@ IPSEC_VAR_SECRETS_FILE=/var/ipsec/ipsec.secrets
 IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf
 STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf
 
+WAIT_FOR_INTF=0
+
 file_reset() {
        : > "$1"
 }
@@ -290,11 +293,23 @@ config_ipsec() {
                [ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id"
        done
 
+       local interface_list=$(config_get "$1" "interface")
+       if [ -z "$interface_list" ]; then
+               WAIT_FOR_INTF=0
+       else
+               for interface in $interface_list; do
+                       network_get_device device $interface
+                       [ -n "$device" ] && append device_list "$device" ","
+               done
+               [ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1
+       fi
+
        swan_xappend "# generated by /etc/init.d/ipsec"
        swan_xappend "charon {"
        swan_xappend "  load_modular = yes"
        swan_xappend "  install_routes = $install_routes"
        [ -n "$routing_tables_ignored" ] && swan_xappend "  ignore_routing_tables = $routing_tables_ignored"
+       [ -n "$device_list" ] && swan_xappend "  interfaces_use = $device_list"
        swan_xappend "    plugins {"
        swan_xappend "      include /etc/strongswan.d/charon/*.conf"
        swan_xappend "    }"
@@ -325,21 +340,35 @@ service_running() {
 reload_service() {
        running && {
                prepare_env
-               ipsec rereadall
-               ipsec reload
-               return
+               [ $WAIT_FOR_INTF -eq 0 ] && {
+                       ipsec rereadall
+                       ipsec reload
+                       return
+               }
        }
 
        start
 }
 
+check_ipsec_interface() {
+       local intf
+
+       for intf in $(config_get "$1" interface); do
+               procd_add_interface_trigger "interface.*" "$intf" /etc/init.d/ipsec reload
+       done
+}
+
 service_triggers() {
        procd_add_reload_trigger "ipsec"
+       config load "ipsec"
+       config_foreach check_ipsec_interface ipsec
 }
 
 start_service() {
        prepare_env
 
+       [ $WAIT_FOR_INTF -eq 1 ] && return
+
        procd_open_instance
 
        procd_set_param command $PROG --daemon charon --nofork