Le Sunday 26 July 2009 10:52:24 Vladimir Voronkov, vous avez écrit : > This patch is for packages branch adds integration of openl2tp-1.6 support. > Startup script "openl2tp.init" has to be changed for common use. > I included it as an example of openl2tp module usage.
Your mailer inserted linebreaks for spaces, so the patch is unusable. Please
resubmit with
your mailer fixed. Also, the current init script has a huge number of
hardcoded values and
this is not acceptable for something meant to be generic.
Create a configuration file in /etc/config/openl2tpd which contains the
following items (you already though of them):
- USER
- IP
- OPTS
- L2TPRT
- LED
Then load your configuration with UCI just like other packages do. I applied
the part which adds openl2tpd to packages so that you can resubmit an
incremental patch adding the init script only.
Thanks !
>
> Signed-off-by: Vladimir Voronkov <voronkovv at mail.ru>
>
> ---
>
> Index: net/openl2tp/files/openl2tpd.init
> ===================================================================
> --- net/openl2tp/files/openl2tpd.init (revision 0)
> +++ net/openl2tp/files/openl2tpd.init (revision 0)
> @@ -0,0 +1,351 @@
> +#!/bin/sh /etc/rc.common
> +
> +START=47
> +
> +USER='username'
> +
> +IP='85.21.0.251'
> +
> +L2TP='openl2tpd'
> +OPTS='-u 1701'
> +CONF='l2tpconfig'
> +RPC='portmap'
> +MOD='pppol2tp'
> +L2TPRT='/var/run/openl2tpd.route'
> +LED='/proc/diag/led/dmz'
> +
> +replace_default_route() {
> + if [ -r $L2TPRT ]; then
> + GW=`cat $L2TPRT | awk '{if ($1 == "GW") print $2}'`
> + else
> + GW=`route -n 2> /dev/null | awk '{if ($1 == "0.0.0.0" && $2 !=
> "0.0.0.0" && $8 ~ "eth") print $2}'`
> + fi
> +
> + if [ -z "$GW" ]; then
> + echo "failed, no default gateway"
> + return 1
> + fi
> +
> + TUNIP=`route -n | awk '{if ($2 == "0.0.0.0" && $4 ~ "H" && $8 ~
> "ppp") print $1}'`
> +
> + if [ -z "$TUNIP" ]; then
> + echo "failed, no tunnel"
> + return 1
> + fi
> +
> + if ! (route del default gw $GW 2> /dev/null) || ! (route add default
> gw $TUNIP 2> /dev/null); then
> + echo "failed"
> + return 1
> + fi
> +
> + echo "done"
> +}
> +
> +restore_default_route() {
> + if [ -r $L2TPRT ]; then
> + GW=`cat $L2TPRT | awk '{if ($1 == "GW") print $2}'`
> + else
> + IP=`nslookup tp.corbina.net 2> /dev/null | awk '{if ($1 ~ "Address"
> && $4 ~ "corbina.net") print $3}'`
> + if [ -z "$IP" ]; then
> + echo "failed"
> + return 1
> + fi
> + GW=`route -n 2> /dev/null | awk -v IP=$IP '{if ($1 == IP && $2 !=
> "0.0.0.0" && $8 ~ "eth") print $2}'`
> + fi
> +
> + TUNIP=`route -n 2> /dev/null | awk '{if ($1 == "0.0.0.0" && $2 !=
> "0.0.0.0" && $4 ~ "G" && $8 ~ "ppp") print $2}'`
> + if [ -n "$TUNIP" ]; then
> + route del default gw $TUNIP 2> /dev/null
> + fi
> +
> + if [ -z "$GW" ] || ! route add default gw $GW 2> /dev/null; then
> + echo "failed"
> + return 1
> + fi
> +
> + echo "done"
> +}
> +
> +#IPTABLES="echo iptables"
> +IPTABLES=iptables
> +zone='wan'
> +ifname='ppp+'
> +
> +add_iptables_rules() {
> + $IPTABLES -A input -i "$ifname" -j zone_${zone}
> + $IPTABLES -I zone_${zone}_MSSFIX 1 -o "$ifname" -p tcp --tcp-flags
> SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
> + $IPTABLES -I zone_${zone}_ACCEPT 1 -o "$ifname" -j ACCEPT
> + $IPTABLES -I zone_${zone}_DROP 1 -o "$ifname" -j DROP
> + $IPTABLES -I zone_${zone}_REJECT 1 -o "$ifname" -j reject
> + $IPTABLES -I zone_${zone}_ACCEPT 1 -i "$ifname" -j ACCEPT
> + $IPTABLES -I zone_${zone}_DROP 1 -i "$ifname" -j DROP
> + $IPTABLES -I zone_${zone}_REJECT 1 -i "$ifname" -j reject
> + $IPTABLES -I zone_${zone}_nat 1 -t nat -o "$ifname" -j MASQUERADE
> + $IPTABLES -I PREROUTING 1 -t nat -i "$ifname" -j zone_
> ${zone}_prerouting
> + $IPTABLES -A forward -i "$ifname" -j zone_${zone}_forward
> + #iptables -A INPUT -p udp -j ACCEPT --dport 1701 -m state --state NEW
> +
> + echo "done"
> +}
> +
> +del_iptables_rules() {
> + $IPTABLES -D input -i "$ifname" -j zone_${zone}
> + $IPTABLES -D zone_${zone}_MSSFIX -o "$ifname" -p tcp --tcp-flags
> SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
> + $IPTABLES -D zone_${zone}_ACCEPT -o "$ifname" -j ACCEPT
> + $IPTABLES -D zone_${zone}_DROP -o "$ifname" -j DROP
> + $IPTABLES -D zone_${zone}_REJECT -o "$ifname" -j reject
> + $IPTABLES -D zone_${zone}_ACCEPT -i "$ifname" -j ACCEPT
> + $IPTABLES -D zone_${zone}_DROP -i "$ifname" -j DROP
> + $IPTABLES -D zone_${zone}_REJECT -i "$ifname" -j reject
> + $IPTABLES -D zone_${zone}_nat -t nat -o "$ifname" -j MASQUERADE
> + $IPTABLES -D PREROUTING -t nat -i "$ifname" -j zone_
> ${zone}_prerouting
> + $IPTABLES -D forward -i "$ifname" -j zone_${zone}_forward
> +
> + echo "done"
> +}
> +
> +add_l2tp_route() {
> + if [ -r $L2TPRT ]; then
> + rm -f $L2TPRT
> + fi
> + if [ -z "$IP" ]; then
> + IP=`nslookup tp.corbina.net 2> /dev/null | awk '{if ($1 ~ "Address"
> && $4 ~ "corbina.net") print $3}'`
> + if [ -z "$IP" ]; then
> + echo "failed, no IP for L2TP server."
> + return 1
> + fi
> + fi
> +
> + RT=`route -n 2> /dev/null | awk -v IP=$IP '{if ($1 == IP && $2 !=
> "0.0.0.0" && $8 ~ "eth") print $2}'`
> + if [ -n "$RT" ]; then
> + echo "IP $IP" > $L2TPRT
> + echo "GW $RT" >> $L2TPRT
> + echo "ok, route is already created."
> + return
> + fi
> +
> + GW=`route -n 2> /dev/null | awk '{if ($1 == "0.0.0.0" && $2 !=
> "0.0.0.0" && $8 ~ "eth") print $2}'`
> + if [ -z "$GW" ]; then
> + echo "failed, no default gateway."
> + return 1
> + fi
> +
> + route add $IP gw $GW
> + RT=`route -n 2> /dev/null | awk -v IP=$IP '{if ($1 == IP && $2 !=
> "0.0.0.0" && $8 ~ "eth") print $2}'`
> + if [ -z "$RT" ]; then
> + echo "failed"
> + return 1
> + fi
> +
> + echo "IP $IP" > $L2TPRT
> + echo "GW $GW" >> $L2TPRT
> + echo "done"
> +}
> +
> +del_l2tp_route() {
> + if [ -r $L2TPRT ]; then
> + IP=`cat $L2TPRT | awk '{if ($1 == "IP") print $2}'`
> + GW=`cat $L2TPRT | awk '{if ($1 == "GW") print $2}'`
> + rm -f $L2TPRT
> + else
> + echo -n "using hostname... "
> + if [ -z "$IP" ]; then
> + IP=`nslookup tp.corbina.net 2> /dev/null | awk '{if ($1 ~
> "Address" && $4 ~ "corbina.net") print $3}'`
> + if [ -z "$IP" ]; then
> + echo "failed"
> + return 1
> + fi
> + fi
> + GW=`route -n 2> /dev/null | awk '{if ($1 == "0.0.0.0" && $2 !=
> "0.0.0.0" && $8 ~ "eth") print $2}'`
> + if [ -z "$GW" ]; then
> + echo "failed, no default gateway."
> + return 1
> + fi
> + fi
> +
> + RT=`route -n 2> /dev/null | awk -v IP=$IP -v GW=$GW '{if ($1 == IP &&
> $2 == GW && $8 ~ "eth") print $2}'`
> + if [ -z "$RT" ]; then
> + echo "no tunnel route"
> + return
> + fi
> +
> + route del $IP gw $GW
> + RT=`route -n 2> /dev/null | awk -v IP=$IP -v GW=$GW '{if ($1 == IP &&
> $2 == GW && $8 ~ "eth") print $2}'`
> + if [ -z "$RT" ]; then
> + echo "done"
> + else
> + echo "failed"
> + fi
> +}
> +
> +openl2tpd_start() {
> + echo -n "Checking for $L2TP... "
> + L2TP_PROG=`which $L2TP`
> + if [ -n "$L2TP_PROG" ] && [ -x $L2TP_PROG ]; then
> + echo "yes"
> + else
> + echo "no"
> + return 1
> + fi
> +
> + echo -n "Checking for $CONF... "
> + CONF_PROG=`which $CONF`
> + if [ -n "$CONF_PROG" ] && [ -x $CONF_PROG ]; then
> + echo "yes"
> + else
> + echo "no"
> + return 1
> + fi
> +
> + if ! lsmod | grep $MOD 1> /dev/null 2> /dev/null; then
> + echo -n "Loading $MOD... "
> + if insmod pppol2tp 1> /dev/null 2> /dev/null; then
> + echo "done"
> + else
> + echo "failed"
> + return 1
> + fi
> + fi
> +
> + if ! pidof $RPC 1> /dev/null 2> /dev/null; then
> + echo -n "Starting $RPC... "
> + RPC_PROG=`which $RPC`
> + if [ -n "$RPC_PROG" ] && [ -x $RPC_PROG ] && start-stop-daemon -q
> -S -x $RPC_PROG; then
> + echo "done"
> + else
> + echo "failed"
> + return 1
> + fi
> + fi
> +
> + echo -n "Starting $L2TP... "
> + if ! start-stop-daemon -q -S -x $L2TP_PROG -- $OPTS; then
> + echo "already running"
> + return 1
> + else
> + echo "done"
> + fi
> +
> + echo -n "Creating tunnel route... "
> + if ! add_l2tp_route; then
> + return 1
> + fi
> +
> + echo -n "Establishing tunnel to $IP... "
> + ( echo "system modify deny_remote_tunnel_creates=yes
> tunnel_establish_timeout=120 session_establish_timeout=60 \\"
> + echo "tunnel_persist_pend_timeout=120
> session_persist_pend_timeout=60"
> + echo "peer profile modify profile_name=default lac_lns=lac"
> + echo "ppp profile modify profile_name=default mru=1460 mtu=1460
> auth_pap=no auth_eap=no auth_none=no default_route=no proxy_arp=no"
> + echo "tunnel create tunnel_name=corbina dest_ipaddr=$IP
> persist=yes"
> + echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
> + if [ $? -ne 0 ]; then
> + echo "failed"
> + return 1
> + fi
> + sleep 1
> + ( echo "session create tunnel_name=corbina session_name=corbina
> user_name=$USER"
> + echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
> + if [ $? -ne 0 ]; then
> + echo "failed"
> + return 1
> + fi
> + sleep 5
> + echo "done"
> +
> + echo -n "Replacing default route... "
> + if ! replace_default_route; then
> + return 1
> + fi
> +
> + echo -n "Setting up firewall rules... "
> + add_iptables_rules
> +}
> +
> +openl2tpd_stop() {
> + echo -n "Checking for $L2TP... "
> + L2TP_PROG=`which $L2TP`
> + if [ -n "$L2TP_PROG" ] && [ -x $L2TP_PROG ]; then
> + echo "yes"
> + else
> + echo "no"
> + return 1
> + fi
> +
> + echo -n "Checking for $CONF... "
> + CONF_PROG=`which $CONF`
> + if [ -n "$CONF_PROG" ] && [ -x $CONF_PROG ]; then
> + echo "yes"
> + else
> + echo "no"
> + return 1
> + fi
> +
> + echo -n "Removing firewall rules... "
> + del_iptables_rules
> +
> + echo -n "Restoring default route... "
> + restore_default_route
> +
> + echo -n "Deleting tunnel... "
> + ( echo "session delete tunnel_name=corbina session_name=corbina"
> + echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
> + if [ $? -ne 0 ]; then
> + echo "failed"
> + else
> + sleep 3
> + ( echo "tunnel delete tunnel_name=corbina"
> + echo "quit" ) | $CONF_PROG 1> /dev/null 2> /dev/null
> + if [ $? -ne 0 ]; then
> + echo "failed"
> + else
> + sleep 1
> + echo "done"
> + fi
> + fi
> +
> + echo -n "Deleting tunnel route... "
> + del_l2tp_route
> +
> + echo -n "Stopping $L2TP... "
> + if ! start-stop-daemon -q -K -x $L2TP_PROG; then
> + echo "not running"
> + return 1
> + else
> + echo "done"
> + fi
> +}
> +
> +openl2tpd_restart() {
> + openl2tpd_stop
> +
> + if openl2tpd_start; then
> + return 0
> + else
> + return 1
> + fi
> +}
> +
> +start() {
> + echo "f" > $LED
> + if openl2tpd_start; then
> + echo "1" > $LED
> + else
> + echo "0" > $LED
> + fi
> +}
> +
> +stop() {
> + echo "f" > $LED
> + openl2tpd_stop
> + echo "0" > $LED
> +}
> +
> +restart() {
> + echo "f" > $LED
> + if openl2tpd_restart; then
> + echo "1" > $LED
> + else
> + echo "0" > $LED
> + fi
> +}
> +
> Index: net/openl2tp/patches/001-makefile.patch
> ===================================================================
> --- net/openl2tp/patches/001-makefile.patch (revision 0)
> +++ net/openl2tp/patches/001-makefile.patch (revision 0)
> @@ -0,0 +1,64 @@
> +Index: openl2tp-1.6/Makefile
> +===================================================================
> +--- openl2tp-1.6.orig/Makefile
> ++++ openl2tp-1.6/Makefile
> +@@ -8,7 +8,7 @@
> + L2TP_FEATURE_LAOC_SUPPORT= y
> + L2TP_FEATURE_LNIC_SUPPORT= y
> + L2TP_FEATURE_LNOC_SUPPORT= y
> +-L2TP_FEATURE_LOCAL_CONF_FILE= y
> ++#L2TP_FEATURE_LOCAL_CONF_FILE= y
> + #L2TP_FEATURE_LOCAL_STAT_FILE= y
> +
> + # Define USE_DMALLOC to enable dmalloc memory debugging
> +@@ -29,31 +29,31 @@
> + # Build for UML environment?
> + # UML_TARGET= y
> +
> +-ARCH=$(shell uname -p)
> +-ifeq ($(ARCH),x86_64)
> +-SYS_LIBDIR=/usr/lib64
> +-else
> ++#ARCH=$(shell uname -p)
> ++#ifeq ($(ARCH),x86_64)
> ++#SYS_LIBDIR=/usr/lib64
> ++#else
> + SYS_LIBDIR=/usr/lib
> +-endif
> ++#endif
> +
> + # Point to kernel source tree
> +-KERNEL_SRCDIR= /lib/modules/$(shell uname -r)/source
> +-KERNEL_BLDDIR= /lib/modules/$(shell uname -r)/build
> ++#KERNEL_SRCDIR= /lib/modules/$(shell uname -r)/source
> ++#KERNEL_BLDDIR= /lib/modules/$(shell uname -r)/build
> +
> + # Points to pppd install.
> + # By default, pppd headers are assumed to be in /usr/include/pppd.
> but
> + # can be pointed to a local pppd source tree if desired.
> +-PPPD_VERSION= 2.4.4
> ++#PPPD_VERSION= 2.4.4
> + # PPPD_SRCDIR= /usr/local/src/ppp-2.4.4
> + # PPPD_LIBDIR= /usr/lib/pppd/2.4.4
> +
> + # Points to readline install root. READLINE_DIR should have lib/ &
> include/ subdirs
> + # If not defined, readline is assumed to be installed in the standard
> places that
> + # the compiler looks.
> +-READLINE_DIR=
> ++#READLINE_DIR=
> +
> + # For cross-compiling
> +-CROSS_COMPILE=
> ++#CROSS_COMPILE=
> +
> + # END CONFIGURABLE SETTINGS
> +
> +@@ -137,7 +137,7 @@
> + CFLAGS= -I. -Iusl -Icli -isystem
> $(KERNEL_BLDDIR)/include \
> + -isystem $(KERNEL_SRCDIR)/include -MMD -Wall
> -Werror $(CPPFLAGS)
> $(CPPFLAGS.dmalloc) -DSYS_LIBDIR=$(SYS_LIBDIR)
> + LDFLAGS.l2tpd= -Wl,-E -L. -Lusl -lusl -ldl $(LIBS.dmalloc) -lc
> +-LDFLAGS.l2tpconfig= -Lcli -lcli -lreadline $(LIBS.dmalloc)
> $(READLINE_LDFLAGS) -lc
> ++LDFLAGS.l2tpconfig= -Lcli -lcli -lreadline -lncurses $(LIBS.dmalloc)
> $(READLINE_LDFLAGS) -lc
> +
> + OPT_CFLAGS?= -O
> +
> Index: net/openl2tp/patches/010-ppp_unix.patch
> ===================================================================
> --- net/openl2tp/patches/010-ppp_unix.patch (revision 0)
> +++ net/openl2tp/patches/010-ppp_unix.patch (revision 0)
> @@ -0,0 +1,13 @@
> +Index: openl2tp-1.6/plugins/ppp_unix.c
> +===================================================================
> +--- openl2tp-1.6.orig/plugins/ppp_unix.c
> ++++ openl2tp-1.6/plugins/ppp_unix.c
> +@@ -643,6 +643,8 @@
> +
> + if (ppp->ppp_profile_data->proxy_arp) {
> + argv[arg++] = "proxyarp";
> ++ } else {
> ++ argv[arg++] = "noproxyarp";
> + }
> +
> + argv[arg++] = "plugin";
> Index: net/openl2tp/Makefile
> ===================================================================
> --- net/openl2tp/Makefile (revision 0)
> +++ net/openl2tp/Makefile (revision 0)
> @@ -0,0 +1,67 @@
> +#
> +# Copyright (C) 2006 OpenWrt.org
> +#
> +# This is free software, licensed under the GNU General Public License
> v2.
> +# See /LICENSE for more information.
> +#
> +# $Id: Makefile 11654 2008-07-05 13:02:13Z florian $
> +
> +include $(TOPDIR)/rules.mk
> +include $(INCLUDE_DIR)/kernel.mk
> +
> +PKG_NAME:=openl2tp
> +PKG_VERSION:=1.6
> +PKG_RELEASE:=1
> +
> +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
> +PKG_SOURCE_URL:=...@sf/openl2tp
> +PKG_MD5SUM:=87f035ca5ddf7c61e720f422cdc997cf
> +
> +PKG_BUILD_DEPENDS:=libreadline libncurses
> +PKG_PPPD_VERSION:=2.4.4
> +
> +include $(INCLUDE_DIR)/package.mk
> +
> +define Package/openl2tp
> + SECTION:=net
> + CATEGORY:=Network
> + DEPENDS:=+kmod-pppol2tp +ppp +portmap +libreadline +libncurses
> + TITLE:=An L2TP (Layer 2 Tunneling Protocol) daemon
> + URL:=http://opensource.katalix.com/openl2tp
> + SUBMENU:=VPN
> +endef
> +
> +define Package/openl2tp/description
> + OpenL2TP is an open source L2TP client/server, written by Katalix
> Systems
> + specifically for Linux. It has been designed for use as an enterprise
> + L2TP VPN server or in commercial, Linux-based, embedded networking
> + products and is able to support hundreds of sessions, each with
> different
> + configuration.
> +endef
> +
> +MAKE_FLAGS+= \
> + KERNEL_SRCDIR="$(LINUX_DIR)" \
> + KERNEL_BLDDIR="$(LINUX_DIR)" \
> + PPPD_VERSION="$(PKG_PPPD_VERSION)" \
> + READLINE_DIR="$(STAGING_DIR)/usr" \
> + PPPD_SRCDIR="$(STAGING_DIR)/usr/include" \
> + PPPD_LIBDIR="$(STAGING_DIR)/usr/lib"
> +
> +define Package/openl2tp/install
> + $(INSTALL_DIR) $(1)/usr/bin
> + $(INSTALL_BIN) $(PKG_BUILD_DIR)/l2tpconfig $(1)/usr/bin/
> + $(INSTALL_DIR) $(1)/usr/sbin
> + $(INSTALL_BIN) $(PKG_BUILD_DIR)/openl2tpd $(1)/usr/sbin/
> + $(INSTALL_DIR) $(1)/etc/init.d
> + $(INSTALL_BIN) ./files/openl2tpd.init $(1)/etc/init.d/openl2tpd
> + $(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_PPPD_VERSION)
> + $(INSTALL_BIN) $(PKG_BUILD_DIR)/pppd/openl2tp.so
> $(1)/usr/lib/pppd/$(PKG_PPPD_VERSION)/
> + $(INSTALL_BIN) $(PKG_BUILD_DIR)/pppd/pppol2tp.so
> $(1)/usr/lib/pppd/$(PKG_PPPD_VERSION)/
> + $(INSTALL_DIR) $(1)/usr/lib/openl2tp
> + $(INSTALL_BIN) $(PKG_BUILD_DIR)/plugins/event_sock.so
> $(1)/usr/lib/openl2tp/
> + $(INSTALL_BIN) $(PKG_BUILD_DIR)/plugins/ipsec.so
> $(1)/usr/lib/openl2tp/
> + $(INSTALL_BIN) $(PKG_BUILD_DIR)/plugins/ppp_null.so
> $(1)/usr/lib/openl2tp/
> + $(INSTALL_BIN) $(PKG_BUILD_DIR)/plugins/ppp_unix.so
> $(1)/usr/lib/openl2tp/
> +endef
> +
> +$(eval $(call BuildPackage,openl2tp))
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
--
Best regards, Florian Fainelli
Email: flor...@openwrt.org
Web: http://openwrt.org
IRC: [florian] on irc.freenode.net
-------------------------------
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
