initial commit of file from CVS for smeserver-bridge-interface on Sat Sep 7 20:11:17 AEST 2024

2024-09-07 20:11:17 +10:00
parent 0eb5db4833
commit ed0be2fd72
16 changed files with 530 additions and 2 deletions
--- a/root/etc/e-smith/db/configuration/defaults/bridge/bridgeInterface
+++ b/root/etc/e-smith/db/configuration/defaults/bridge/bridgeInterface
@@ -0,0 +1 @@
+br0
--- a/root/etc/e-smith/db/configuration/defaults/bridge/status
+++ b/root/etc/e-smith/db/configuration/defaults/bridge/status
@@ -0,0 +1 @@
+enabled
--- a/root/etc/e-smith/db/configuration/defaults/bridge/tapInterface
+++ b/root/etc/e-smith/db/configuration/defaults/bridge/tapInterface
@@ -0,0 +1 @@
+tap0
--- a/root/etc/e-smith/db/configuration/defaults/bridge/type
+++ b/root/etc/e-smith/db/configuration/defaults/bridge/type
@@ -0,0 +1 @@
+service
--- a/root/etc/e-smith/db/configuration/migrate/50bridge-interface
+++ b/root/etc/e-smith/db/configuration/migrate/50bridge-interface
@@ -0,0 +1,21 @@
+{
+    my $bridge = $DB->get('bridge') || $DB->new_record('bridge', {type => 'service'});
+    my $brStatus = $bridge->prop('status') || 'enabled';
+
+    # Return nothing if bridge is disabled
+    return "" if ($brStatus eq 'disabled');
+
+    my $br = $bridge->prop('bridgeInterface') || 'br0';
+    my $IntIfConf = $DB->get('InternalInterface');
+    my $IntIfName = $IntIfConf->prop('Name');
+
+    # If the InternalInterface Name is the same as the bridge, there's nothing to do
+    return "" if ($IntIfName eq $br);
+
+    # else, we store the old InternalInterface Name in ethernetInterface
+    # and we set the InternalInterface to be the bridge
+
+    $bridge->set_prop('ethernetInterface',$IntIfName);
+    $IntIfConf->set_prop('Name',$br);
+}
+
--- a/root/etc/e-smith/events/actions/bridge-disable
+++ b/root/etc/e-smith/events/actions/bridge-disable
@@ -0,0 +1,35 @@
+#!/usr/bin/perl -w
+#----------------------------------------------------------------------
+# copyright (C) 2011 Firewall-Services
+# daniel@firewall-services.com
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# 
+#----------------------------------------------------------------------
+
+use esmith::ConfigDB;
+
+my $c = esmith::ConfigDB->open() || die "Error opening the ConfigDB\n";
+my $bridge = $c->get('bridge') || $c->new_record('bridge', {type => 'service'});
+my $status = $bridge->prop('status') || 'enabled';
+my $internal = $bridge->prop('ethernetInterface') || 'eth0';
+
+if ($status eq 'enabled'){
+  $c->set_prop('bridge', 'OldStatus', 'enabled');
+  $c->set_prop('bridge', 'status', 'disabled');
+  $c->set_prop('InternalInterface', 'Name', "$internal");
+}
+
+exit (0);
--- a/root/etc/e-smith/events/actions/bridge-enable
+++ b/root/etc/e-smith/events/actions/bridge-enable
@@ -0,0 +1,38 @@
+#!/usr/bin/perl -w
+#----------------------------------------------------------------------
+# copyright (C) 2011 Firewall-Services
+# daniel@firewall-services.com
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# 
+#----------------------------------------------------------------------
+
+use esmith::ConfigDB;
+
+my $c = esmith::ConfigDB->open() || die "Error opening the ConfigDB\n";
+my $bridge = $c->get('bridge') || $c->new_record('bridge', {type => 'service'});
+my $status = $bridge->prop('status') || 'enabled';
+my $internal = $bridge->prop('bridgeInterface') || 'br0';
+
+if ($status eq 'disabled'){
+  my $oldstatus = $bridge->prop('OldStatus') || 'disabled';
+  if ($oldstatus eq 'enabled'){
+    $c->set_prop('bridge', 'status', 'enabled');
+    $c->set_prop('InternalInterface', 'Name', "$internal");
+    $c->get_prop_and_delete('bridge','OldStatus');
+  }
+}
+
+exit (0);
--- a/root/etc/e-smith/templates/usr/lib/systemd/system/dhcpd.service.d/50koozali.conf/41service
+++ b/root/etc/e-smith/templates/usr/lib/systemd/system/dhcpd.service.d/50koozali.conf/41service
@@ -0,0 +1,20 @@
+{
+$interface=$InternalInterface{'Name'}||"hum";
+$bridgeif=(defined $bridge{bridgeInterface} )? $bridge{bridgeInterface}: "";
+#$bridgedif=(defined $bridge{ethernetInterface} ) ? $bridge{ethernetInterface} : undef;
+#$interface=(defined $bridgedif && $bridgedif eq $interface && defined $bridgeif) ? $bridgeif : $interface;
+# extra code if we want to hide the ethernet interface, howecer with only a little noise in dhcp log, we can keep the two intefaces
+$interface=( "$interface"  ne "$bridgeif" && defined $bridgeif ) ? "$interface $bridgeif" : $interface;
+
+$configfile='/etc/dhcpd.conf';
+$leasefile='/var/lib/dhcpd/dhcpd.leases';
+$OUT .="";
+}
+
+[Service]
+# added for bridge interface
+ExecStart=
+ExecStart=/usr/bin/sh -c 'exec /usr/sbin/dhcpd -f -cf /etc/dhcpd.conf -lf /var/lib/dhcpd/dhcpd.leases -user dhcpd -group dhcpd --no-pid {$bridgeif} >>/var/log/dhcpd/current 2>>/var/log/dhcpd/current'
+Restart=always
+RestartSec=5
+
--- a/root/sbin/e-smith/systemd/bridge-run
+++ b/root/sbin/e-smith/systemd/bridge-run
@@ -0,0 +1,181 @@
+#!/bin/bash
+# Bridge service on SME
+# This service will configure a bridge interface on your server
+# allowing each enslaved interfaces to act as a switch port.
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Bridge Interface
+BRIDGE_IF=$(/sbin/e-smith/db configuration getprop bridge bridgeInterface)
+BRIDGE_PROMISC=$(/sbin/e-smith/db configuration getprop bridge Promiscuous)
+
+# Define list of TAP interfaces to be bridged,
+# for example tap="tap0 tap1 tap2".
+# Defaults is tap0
+TAP_IF=$(/sbin/e-smith/db configuration getprop bridge tapInterface)
+# Replace ; and , with spaces
+TAP_IF=$(echo $TAP_IF | sed -e "s/[,;]/ /g")
+
+# Define physical ethernet interface to be bridged
+# with TAP interface(s) above.
+ETH_IF=$(/sbin/e-smith/db configuration getprop bridge ethernetInterface)
+ETH_MAC=$(/sbin/e-smith/db configuration getprop InternalInterface HWAddress)
+ETH_IP=$(/sbin/e-smith/db configuration get LocalIP)
+ETH_MASK=$(/sbin/e-smith/db configuration getprop InternalInterface Netmask)
+
+# System mode: serveronly, server&gateway ...
+MODE=$(/sbin/e-smith/db configuration get SystemMode)
+
+# Path of openvpn binary
+openvpn=""
+openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn"
+for location in $openvpn_locations
+do
+  if [ -f "$location" ]
+  then
+    openvpn=$location
+  fi
+done
+
+# Check that binary exists
+if ! [ -f  $openvpn ]
+then
+  echo "openvpn binary not found"
+  exit 0
+fi
+
+
+
+# Sub to reconfigure the firewall
+firewall(){
+	/sbin/e-smith/expand-template /etc/rc.d/init.d/masq >/dev/null 2>&1
+	#/sbin/service masq restart >/dev/null 2>&1
+	/usr/bin/systemctl try-restart masq.service >/dev/null 2>&1
+        
+}
+
+# Sub to restart dhcpd
+dhcpd(){
+	#/usr/bin/sv t dhcpd
+	/usr/bin/systemctl try-restart dhcpd.service >/dev/null 2>&1
+}
+
+# Sub to reconfigures routes and defaults gateway
+routes(){
+	# We need to push all the routes of local networks as the interface has changed
+	for NET in $(/sbin/e-smith/db networks keys); do
+		SYSTEM=$(/sbin/e-smith/db networks getprop $NET SystemLocalNetwork)
+		if (! test $SYSTEM); then
+			NETMASK=$(/sbin/e-smith/db networks getprop $NET Mask)
+			ROUTER=$(/sbin/e-smith/db networks getprop $NET Router)
+			/sbin/route add -net $NET netmask $NETMASK gw $ROUTER >/dev/null 2>&1
+		fi
+	done
+
+	# If the server runs in serveronly, we need to reconfigure the default gateway:
+	if [ $MODE == 'serveronly' ]; then
+		GW=$(/sbin/e-smith/db configuration get GatewayIP)
+		/sbin/route add default gw $GW >/dev/null 2>&1
+	fi
+}
+
+start(){
+	# prep : filtering module
+	/usr/sbin/modprobe br_netfilter
+
+	# First, create the bridge interface
+	/usr/sbin/brctl addbr $BRIDGE_IF
+
+	# Then, create the tap interface(s) and enslave it in the bridge one
+	for t in $TAP_IF; do
+	    $openvpn --mktun --dev $t >/dev/null 2>&1
+	    /sbin/ifconfig $t 0.0.0.0 promisc up >/dev/null 2>&1
+	    /usr/sbin/brctl addif $BRIDGE_IF $t >/dev/null 2>&1
+	done
+
+	# Now make the real ethernet interface promiscuous
+	/sbin/ifconfig $ETH_IF 0.0.0.0 promisc up >/dev/null 2>&1
+	sleep 1
+
+	# And add it to the bridge
+	/usr/sbin/brctl addif $BRIDGE_IF $ETH_IF >/dev/null 2>&1
+
+	[ -n "$ETH_MAC" ] && /sbin/ifconfig $BRIDGE_IF hw ether $ETH_MAC
+
+	[ "$BRIDGE_PROMISC" == "yes" ] && /sbin/ifconfig $BRIDGE_IF promisc
+
+	# Now configure the LocalIP on the bridge interface
+	/sbin/e-smith/db configuration setprop InternalInterface Name $BRIDGE_IF
+	/sbin/ifconfig $BRIDGE_IF $ETH_IP netmask $ETH_MASK >/dev/null 2>&1
+
+	# Push the routes for the new interface
+	routes
+
+	# Now we have to reconfigure the firewall
+	firewall
+
+	# And dhcpd (the configuration file is expanded each time the service starts
+	# so no need to do it manually
+	dhcpd
+}
+
+stop(){
+	# Shutdown the bridge and remove it
+	/sbin/ifconfig $BRIDGE_IF down >/dev/null 2>&1
+	/usr/sbin/brctl delbr $BRIDGE_IF >/dev/null 2>&1
+	
+	# Then delete each tap interfaces
+	for t in $TAP_IF; do
+            $openvpn --rmtun --dev $t >/dev/null 2>&1
+	done
+	
+	# Reconfigure the ethernet interface
+	/sbin/e-smith/db configuration setprop InternalInterface Name $ETH_IF
+	/sbin/ifconfig $ETH_IF $ETH_IP netmask $ETH_MASK up -promisc >/dev/null 2>&1
+	
+	# Push the routes
+	routes
+	
+	# restart the firewall
+	firewall
+	
+	# and dhcp
+	dhcpd
+}
+
+case "$1" in
+  start)
+	echo -n $"Starting Bridge Service: "
+  	start
+	RETVAL=$?
+  	;;
+  stop)
+	echo -n $"Stoping Bridge Service: "
+  	stop
+	RETVAL=$?
+  	;;
+  restart)
+	echo -n $"Restarting Bridge Service: "
+  	stop && start
+	RETVAL=$?
+  	;;
+  adjust)
+	echo -n $"Restarting Bridge Service: "
+	stop && start
+	RETVAL=$?
+  	;;
+  *)
+  	echo "Usage: $0 start|stop|restart"
+  ;;
+esac
+
+if [ $RETVAL -eq 0 ]; then
+        echo_success
+else 
+        echo_failure
+fi
+echo
+
+exit $RETVAL
+
--- a/root/usr/lib/systemd/system/bridge.service
+++ b/root/usr/lib/systemd/system/bridge.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Bridge Interface for VPN use.
+#After=network.target
+After=network.service
+After=wan.service
+Requires=network.service
+PartOf=network.service
+Before=network-online.target
+
+[Service]
+Type=forking
+ExecStart=/sbin/e-smith/systemd/bridge-run start
+ExecStop=/sbin/e-smith/systemd/bridge-run stop
+RemainAfterExit=true
+Type=oneshot
+
+[Install]
+WantedBy=sme-server.target
+