bbf: Added support for UserInterface Object

2026-01-28 01:47:19 +01:00 · 2022-11-15 17:41:25 +00:00 · 2022-11-15 17:41:25 +00:00 · 363fb57b3e
commit 363fb57b3e
parent 99ed84be4d
6 changed files with 271 additions and 1 deletions
--- a/bbf/Makefile
+++ b/bbf/Makefile
@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=libbbfdm
-PKG_VERSION:=6.7.5
+PKG_VERSION:=6.8.0

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/bbf.git
@ -67,6 +67,17 @@ define Package/libbbfdm-wolfssl
  VARIANT:=wolfssl
 endef

+define Package/userinterface
+  SECTION:=utils
+  CATEGORY:=Utilities
+  SUBMENU:=TRx69
+  TITLE:=Package to add Device.UserInterface. datamodel support
+endef
+
+define Package/userinterface/description
+  Package to add Device.UserInterface. datamodel support using libbbf JSON Plugin
+endef
+
 define Package/libbbfdm/config
 	source "$(SOURCE)/Config_bbfdm.in"
 endef
@ -155,6 +166,18 @@ define Package/libbbfdm/default/prerm
 	exit 0
 endef

+define Package/userinterface/install
+	$(INSTALL_DIR) $(1)/etc/bbfdm/json
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DATA) ./files/etc/bbfdm/json/UserInterface.json $(1)/etc/bbfdm/json/
+	$(INSTALL_DATA) ./files/etc/config/userinterface $(1)/etc/config/userinterface
+	$(INSTALL_BIN) ./files/etc/init.d/userinterface $(1)/etc/init.d/userinterface
+	$(INSTALL_BIN) ./files/etc/uci-defaults/93-userinterface-firewall $(1)/etc/uci-defaults/93-userinterface-firewall
+	$(INSTALL_BIN) ./files/etc/firewall.userinterface $(1)/etc/firewall.userinterface
+endef
+
 Package/libbbfdm-openssl/prerm = $(Package/libbbfdm/default/prerm)
 Package/libbbfdm-wolfssl/prerm = $(Package/libbbfdm/default/prerm)
 Package/libbbfdm-mbedtls/prerm = $(Package/libbbfdm/default/prerm)
@ -174,6 +197,7 @@ define Build/InstallDev
 	$(CP) $(PKG_BUILD_DIR)/libbbfdm.so $(1)/usr/lib/
 endef

+$(eval $(call BuildPackage,userinterface))
 $(eval $(call BuildPackage,libbbf_api))
 $(eval $(call BuildPackage,libbbfdm))
 $(eval $(call BuildPackage,libbbfdm-openssl))
--- a/bbf/files/etc/bbfdm/json/UserInterface.json
+++ b/bbf/files/etc/bbfdm/json/UserInterface.json
@ -0,0 +1,112 @@
+{
+	"Device.UserInterface.": {
+		"type": "object",
+		"version": "2.0",
+		"protocols": [
+			"cwmp",
+			"usp"
+		],
+		"access": false,
+		"array": false,
+		"Device.UserInterface.RemoteAccess.": {
+			"type": "object",
+			"version": "2.0",
+			"protocols": [
+				"cwmp",
+				"usp"
+			],
+			"access": false,
+			"array": false,
+			"Enable": {
+				"type": "boolean",
+				"read": true,
+				"write": true,
+				"version": "2.0",
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"mapping": [
+					{
+						"type": "uci", 
+						"uci": {
+							"file": "userinterface", 
+							"section": {
+								"name": "remote_access"
+							}, 
+							"option": {
+								"name": "enable"
+							}
+						}
+					}
+				]
+			},
+			"Port": {
+				"type": "string",
+				"read": true,
+				"write": true,
+				"version": "2.0",
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"mapping": [
+					{
+						"type": "uci", 
+						"uci": {
+							"file": "userinterface", 
+							"section": {
+								"name": "remote_access"
+							}, 
+							"option": {
+								"name": "port"
+							}
+						}
+					}
+				]
+			},
+			"SupportedProtocols": {
+				"type": "string",
+				"read": true,
+				"write": false,
+				"version": "2.0",
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"list": {
+					"datatype": "string",
+					"enumerations": [
+						"HTTP",
+						"HTTPS"
+					]
+				},
+				"default": "HTTP"
+			},
+			"Protocol": {
+				"type": "string",
+				"read": true,
+				"write": true,
+				"version": "2.0",
+				"protocols": [
+					"cwmp",
+					"usp"
+				],
+				"mapping": [
+					{
+						"type": "uci", 
+						"uci": {
+							"file": "userinterface", 
+							"section": {
+								"name": "remote_access"
+							}, 
+							"option": {
+								"name": "protocol"
+							}
+						}
+					}
+				]
+			}
+		}
+	}
+}
--- a/bbf/files/etc/config/userinterface
+++ b/bbf/files/etc/config/userinterface
@ -0,0 +1,6 @@
+config userinterface 'remote_access'
+	option enable '0'
+	option interface 'wan'
+	option port '8080,9001'
+	option protocol 'HTTP'
+
--- a/bbf/files/etc/firewall.userinterface
+++ b/bbf/files/etc/firewall.userinterface
@ -0,0 +1,88 @@
+#!/bin/sh
+
+
+#!/bin/sh
+
+. /lib/functions.sh
+
+IDENTIFIER="REMOTE-ACCESS-WAN"
+
+log() {
+	echo "${@}"|logger -t firewall.userinterface -p info
+}
+
+if [ ! -f "/etc/config/userinterface" ]; then
+	exit 0;
+fi
+
+function exec_cmd()
+{
+	if ! $@; then
+		log "Failed to run [$@]"
+	fi
+}
+
+function configure_firewall_rule()
+{
+	local enable port protocol gui_port
+	local zone interface
+
+	config_load userinterface
+	config_get_bool enable remote_access enable 1
+	config_get port remote_access port
+	config_get interface remote_access interface
+
+	if [ "${enable}" -eq "0" -o -z "${port}" -o -z "${interface}" ]; then
+		return 0;
+	fi
+
+	zone="zone_${interface}_input"
+	iptables -w 1 -t filter -nL ${zone} 2>/dev/null 1>&2
+	if [ "$?" -eq 0 ]; then
+		iptables -w 1 -I ${zone} -p tcp -m multiport --dports ${port} -m conntrack --ctstate NEW,ESTABLISHED -m comment --comment "${IDENTIFIER}" -j ACCEPT
+	fi
+
+	zone="zone_${interface}_output"
+	iptables -w 1 -t filter -nL ${zone} 2>/dev/null 1>&2
+	if [ "$?" -eq 0 ]; then
+		iptables -w 1 -I ${zone} -p tcp -m multiport --dports ${port} -m conntrack --ctstate ESTABLISHED -m comment --comment "${IDENTIFIER}" -j ACCEPT
+	fi
+}
+
+function delete_firewall_rule()
+{
+	local zone interface
+	local CMD
+
+	config_load userinterface
+	config_get interface remote_access interface
+
+	# Clean remote interface rules
+	if [ -z "${interface}" ]; then
+		return 0
+	fi
+
+	zone="zone_${interface}_input"
+	CMD="iptables -w 1 -t filter -L ${zone} --line-numbers"
+	while ${CMD} 2>/dev/null | grep "${IDENTIFIER}"; do
+		rule_num="$(${CMD} | grep "${IDENTIFIER}" | head -1|awk '{print $1}')"
+		if [ -n "${rule_num}" ]; then
+			exec_cmd iptables -w 1 -t filter -D ${zone} ${rule_num};
+		fi
+	done
+
+	zone="zone_${interface}_output"
+	CMD="iptables -w 1 -t filter -L ${zone} --line-numbers"
+	while ${CMD} 2>/dev/null | grep "${IDENTIFIER}"; do
+		rule_num="$(${CMD} | grep "${IDENTIFIER}" | head -1|awk '{print $1}')"
+		if [ -n "${rule_num}" ]; then
+			exec_cmd iptables -w 1 -t filter -D ${zone} ${rule_num};
+		fi
+	done
+}
+
+# Delete existing remote access rules
+delete_firewall_rule
+
+# Configure the User Interface rule
+configure_firewall_rule
--- a/bbf/files/etc/init.d/userinterface
+++ b/bbf/files/etc/init.d/userinterface
@ -0,0 +1,28 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=01
+
+USE_PROCD=1
+
+start_service() {
+	local enable
+
+	procd_open_instance usp
+
+	config_load userinterface
+	config_get_bool enable global enable 1
+
+	# Inject firewall rules
+	if [ "${enable}" -eq "1" ]; then
+		echo "## Running userinterface hook ##" >/dev/console
+		/etc/firewall.userinterface
+	fi
+
+	procd_close_instance
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "userinterface"
+}
--- a/bbf/files/etc/uci-defaults/93-userinterface-firewall
+++ b/bbf/files/etc/uci-defaults/93-userinterface-firewall
@ -0,0 +1,12 @@
+#!/bin/sh
+
+uci -q batch <<-EOT
+        delete firewall.userinterface
+        set firewall.userinterface=include
+        set firewall.userinterface.path=/etc/firewall.userinterface
+        set firewall.userinterface.reload=1
+        commit firewall
+EOT
+
+exit 0
+