[packages] tinc: contribution from linus.luessing@web.de - configuration via uci...
[openwrt/svn-archive/archive.git] / net / tinc / files / tinc.init
1 #!/bin/sh /etc/rc.common
2 # Tinc init script
3 # Copyright (C) 2011 Linus L├╝ssing
4 # Based on Jo-Philipp Wich's OpenVPN init script
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7
8 START=42
9 BIN=/usr/sbin/tincd
10 SSD=start-stop-daemon
11 EXTRA_COMMANDS="up down"
12
13 LIST_SEP="
14 "
15 TMP_TINC="/tmp/tinc"
16
17 append_param() {
18 local v="$1"
19 case "$v" in
20 *_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
21 *_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
22 *_*) v=${v%%_*}-${v#*_} ;;
23 esac
24 ARGS="$ARGS --$v"
25 return 0
26 }
27
28 append_conf_bools() {
29 local p; local v; local s="$1"; local f="$2"; shift; shift
30 for p in $*; do
31 config_get_bool v "$s" "$p"
32 [ "$v" == 1 ] && echo "$p = yes" >> "$f"
33 [ "$v" == 0 ] && echo "$p = no" >> "$f"
34 done
35 }
36
37 append_params() {
38 local p; local v; local s="$1"; shift
39 for p in $*; do
40 config_get v "$s" "$p"
41 IFS="$LIST_SEP"
42 for v in $v; do
43 [ -n "$v" ] && append_param "$p" && ARGS="$ARGS $v"
44 done
45 unset IFS
46 done
47 }
48
49 append_conf_params() {
50 local p; local v; local s="$1"; local f="$2"; shift; shift
51 for p in $*; do
52 config_get v "$s" "$p"
53 IFS="$LIST_SEP"
54 for v in $v; do
55 # Look up OpenWRT interface names
56 [ "$p" = "BindToInterface" ] && {
57 local ifname=$(uci -P /var/state get network.$v.ifname 2>&-)
58 [ -n "$ifname" ] && v="$ifname"
59 }
60
61 [ -n "$v" ] && echo "$p = $v" >> "$f"
62 done
63 unset IFS
64 done
65 }
66
67 prepare_host() {
68 local s="$1"; local n
69 local disabled=0
70
71 # net disabled?
72 config_get n "$s" net
73 config_get_bool disabled "$n" disabled 0
74 [ "$disabled" == 1 ] && return 0
75
76 if [ "$#" = "2" ]; then
77 [ "$2" != "$n" ] && return 0
78 fi
79
80 # host disabled?
81 config_get_bool disabled "$s" disabled 0
82 [ "$disabled" == 1 ] && {
83 [ -f "$TMP_TINC/$n/hosts/$s" ] && rm "$TMP_TINC/$n/hosts/$s"
84 return 0
85 }
86
87 [ ! -f "/etc/tinc/$n/hosts/$s" ] && {
88 echo -n "tinc: Warning, public key for $s for network $n "
89 echo -n "missing in /etc/tinc/$n/hosts/$s, "
90 echo "skipping configuration of $s"
91 return 0
92 }
93
94 # append flags
95 append_conf_bools "$s" "$TMP_TINC/$n/hosts/$s" \
96 ClampMSS IndirectData PMTUDiscovery
97
98 # append params
99 append_conf_params "$s" "$TMP_TINC/$n/hosts/$s" \
100 Address Cipher Compression Digest MACLength PMTU Port Subnet
101 }
102
103 check_gen_own_key() {
104 local s="$1"; local n; local k
105
106 config_get n "$s" Name
107 config_get_bool k "$s" generate_keys 0
108 [ "$k" == 0 ] && return 0
109
110 ([ -z "$n" ] || [ -f "$TMP_TINC/$s/hosts/$n" ] || [ -f "$TMP_TINC/$s/rsa_key.priv" ]) && \
111 return 0
112 [ ! -d "$TMP_TINC/$s/hosts" ] && mkdir -p "$TMP_TINC/$s/hosts"
113
114 config_get k "$s" key_size
115 if [ -z "$k" ]; then
116 $BIN -c "$TMP_TINC/$s" --generate-keys </dev/null
117 else
118 $BIN -c "$TMP_TINC/$s" "--generate-keys=$k" </dev/null
119 fi
120
121 [ ! -d "/etc/tinc/$s/hosts" ] && mkdir -p "/etc/tinc/$s/hosts"
122 cp "$TMP_TINC/$s/rsa_key.priv" "/etc/tinc/$s/"
123 [ -n "$n" ] && cp "$TMP_TINC/$s/hosts/$n" "/etc/tinc/$s/hosts/"
124 }
125
126 prepare_net() {
127 local s="$1"
128 local disabled=0
129 local n
130
131 # disabled?
132 config_get_bool disabled "$s" disabled 0
133 [ "$disabled" == 1 ] && return 0
134
135 [ ! -d "$TMP_TINC/$s" ] && mkdir -p "$TMP_TINC/$s"
136 [ -d "/etc/tinc/$s" ] && cp -r "/etc/tinc/$s" "$TMP_TINC/"
137
138 # append flags
139 append_conf_bools "$s" "$TMP_TINC/$s/tinc.conf" \
140 DirectOnly Hostnames IffOneQueue PriorityInheritance \
141 StrictSubnets TunnelServer \
142 ClampMSS IndirectData PMTUDiscovery
143
144 # append params
145 append_conf_params "$s" "$TMP_TINC/$s/tinc.conf" \
146 AddressFamily BindToAddress ConnectTo BindToInterface \
147 Forwarding GraphDumpFile Interface KeyExpire MACExpire \
148 MaxTimeout Mode Name PingInterval PingTimeout PrivateKeyFile \
149 ProcessPriority ReplayWindow UDPRcvBuf UDPSndBuf \
150 Address Cipher Compression Digest MACLength PMTU Port Subnet
151
152 check_gen_own_key "$s" && return 0
153 }
154
155 start_net() {
156 local s="$1"
157 local disabled=0
158
159 # disabled?
160 config_get_bool disabled "$s" disabled 0
161 [ "$disabled" == 1 ] && return 0
162
163 PID="/var/run/tinc.$s.pid"
164 ARGS=""
165
166 # append params
167 append_params "$s" \
168 log debug
169
170 $BIN -c "$TMP_TINC/$s" -n $s $ARGS --pidfile="$PID"
171 }
172
173 kill_net() {
174 local s="$1"
175 local S="${2:-TERM}"
176 local disabled=0
177
178 # disabled?
179 config_get_bool disabled "$s" disabled 0
180 [ "$disabled" == 0 ] || [ "$S" == "TERM" ] || return 0
181
182 PID="/var/run/tinc.$s.pid"
183
184 $SSD -q -p $PID -x $BIN -K -s $S
185 [ "$S" == "TERM" ] && {
186 rm -f "$PID"
187 [ -n "$s" ] && rm -rf "$TMP_TINC/$s"
188 }
189 }
190
191 hup_net() { kill_net "$1" HUP; }
192 stop_net() { kill_net "$1" TERM; }
193
194 start() {
195 config_load tinc
196
197 config_foreach prepare_net tinc-net
198 config_foreach prepare_host tinc-host
199
200 config_foreach start_net tinc-net
201 }
202
203 stop() {
204 config_load tinc
205 config_foreach stop_net tinc-net
206 }
207
208 reload() {
209 config_load tinc
210 config_foreach hup_net tinc-net
211 }
212
213 restart() {
214 stop; sleep 5; start
215 }
216
217 up() {
218 local exists
219 local INSTANCE
220 config_load tinc
221 for INSTANCE in "$@"; do
222 config_get exists "$INSTANCE" TYPE
223 if [ "$exists" == "tinc-net" ]; then
224 prepare_net "$INSTANCE"
225 config_foreach prepare_host tinc-host "$INSTANCE"
226 start_net "$INSTANCE"
227 fi
228 done
229 }
230
231 down() {
232 local exists
233 local INSTANCE
234 config_load tinc
235 for INSTANCE in "$@"; do
236 config_get exists "$INSTANCE" TYPE
237 if [ "$exists" == "tinc-net" ]; then
238 stop_net "$INSTANCE"
239 fi
240 done
241 }