diff --git a/bbf/Makefile b/bbf/Makefile index f3549152f6..abc9ab11a 100644 --- a/bbf/Makefile +++ b/bbf/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=libbbfdm -PKG_VERSION:=6.7.5 +PKG_VERSION:=6.8.0 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/bbf.git @@ -67,6 +67,17 @@ define Package/libbbfdm-wolfssl VARIANT:=wolfssl endef +define Package/userinterface + SECTION:=utils + CATEGORY:=Utilities + SUBMENU:=TRx69 + TITLE:=Package to add Device.UserInterface. datamodel support +endef + +define Package/userinterface/description + Package to add Device.UserInterface. datamodel support using libbbf JSON Plugin +endef + define Package/libbbfdm/config source "$(SOURCE)/Config_bbfdm.in" endef @@ -155,6 +166,18 @@ define Package/libbbfdm/default/prerm exit 0 endef +define Package/userinterface/install + $(INSTALL_DIR) $(1)/etc/bbfdm/json + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DATA) ./files/etc/bbfdm/json/UserInterface.json $(1)/etc/bbfdm/json/ + $(INSTALL_DATA) ./files/etc/config/userinterface $(1)/etc/config/userinterface + $(INSTALL_BIN) ./files/etc/init.d/userinterface $(1)/etc/init.d/userinterface + $(INSTALL_BIN) ./files/etc/uci-defaults/93-userinterface-firewall $(1)/etc/uci-defaults/93-userinterface-firewall + $(INSTALL_BIN) ./files/etc/firewall.userinterface $(1)/etc/firewall.userinterface +endef + Package/libbbfdm-openssl/prerm = $(Package/libbbfdm/default/prerm) Package/libbbfdm-wolfssl/prerm = $(Package/libbbfdm/default/prerm) Package/libbbfdm-mbedtls/prerm = $(Package/libbbfdm/default/prerm) @@ -174,6 +197,7 @@ define Build/InstallDev $(CP) $(PKG_BUILD_DIR)/libbbfdm.so $(1)/usr/lib/ endef +$(eval $(call BuildPackage,userinterface)) $(eval $(call BuildPackage,libbbf_api)) $(eval $(call BuildPackage,libbbfdm)) $(eval $(call BuildPackage,libbbfdm-openssl)) diff --git a/bbf/files/etc/bbfdm/json/UserInterface.json b/bbf/files/etc/bbfdm/json/UserInterface.json new file mode 100644 index 000000000..31deab0f6 --- /dev/null +++ b/bbf/files/etc/bbfdm/json/UserInterface.json @@ -0,0 +1,112 @@ +{ + "Device.UserInterface.": { + "type": "object", + "version": "2.0", + "protocols": [ + "cwmp", + "usp" + ], + "access": false, + "array": false, + "Device.UserInterface.RemoteAccess.": { + "type": "object", + "version": "2.0", + "protocols": [ + "cwmp", + "usp" + ], + "access": false, + "array": false, + "Enable": { + "type": "boolean", + "read": true, + "write": true, + "version": "2.0", + "protocols": [ + "cwmp", + "usp" + ], + "mapping": [ + { + "type": "uci", + "uci": { + "file": "userinterface", + "section": { + "name": "remote_access" + }, + "option": { + "name": "enable" + } + } + } + ] + }, + "Port": { + "type": "string", + "read": true, + "write": true, + "version": "2.0", + "protocols": [ + "cwmp", + "usp" + ], + "mapping": [ + { + "type": "uci", + "uci": { + "file": "userinterface", + "section": { + "name": "remote_access" + }, + "option": { + "name": "port" + } + } + } + ] + }, + "SupportedProtocols": { + "type": "string", + "read": true, + "write": false, + "version": "2.0", + "protocols": [ + "cwmp", + "usp" + ], + "list": { + "datatype": "string", + "enumerations": [ + "HTTP", + "HTTPS" + ] + }, + "default": "HTTP" + }, + "Protocol": { + "type": "string", + "read": true, + "write": true, + "version": "2.0", + "protocols": [ + "cwmp", + "usp" + ], + "mapping": [ + { + "type": "uci", + "uci": { + "file": "userinterface", + "section": { + "name": "remote_access" + }, + "option": { + "name": "protocol" + } + } + } + ] + } + } + } +} diff --git a/bbf/files/etc/config/userinterface b/bbf/files/etc/config/userinterface new file mode 100644 index 000000000..a2b26d0af --- /dev/null +++ b/bbf/files/etc/config/userinterface @@ -0,0 +1,6 @@ +config userinterface 'remote_access' + option enable '0' + option interface 'wan' + option port '8080,9001' + option protocol 'HTTP' + diff --git a/bbf/files/etc/firewall.userinterface b/bbf/files/etc/firewall.userinterface new file mode 100755 index 000000000..16c3d04be --- /dev/null +++ b/bbf/files/etc/firewall.userinterface @@ -0,0 +1,88 @@ +#!/bin/sh + + +#!/bin/sh + +. /lib/functions.sh + +IDENTIFIER="REMOTE-ACCESS-WAN" + +log() { + echo "${@}"|logger -t firewall.userinterface -p info +} + +if [ ! -f "/etc/config/userinterface" ]; then + exit 0; +fi + +function exec_cmd() +{ + if ! $@; then + log "Failed to run [$@]" + fi +} + +function configure_firewall_rule() +{ + local enable port protocol gui_port + local zone interface + + config_load userinterface + config_get_bool enable remote_access enable 1 + config_get port remote_access port + config_get interface remote_access interface + + if [ "${enable}" -eq "0" -o -z "${port}" -o -z "${interface}" ]; then + return 0; + fi + + zone="zone_${interface}_input" + iptables -w 1 -t filter -nL ${zone} 2>/dev/null 1>&2 + if [ "$?" -eq 0 ]; then + iptables -w 1 -I ${zone} -p tcp -m multiport --dports ${port} -m conntrack --ctstate NEW,ESTABLISHED -m comment --comment "${IDENTIFIER}" -j ACCEPT + fi + + zone="zone_${interface}_output" + iptables -w 1 -t filter -nL ${zone} 2>/dev/null 1>&2 + if [ "$?" -eq 0 ]; then + iptables -w 1 -I ${zone} -p tcp -m multiport --dports ${port} -m conntrack --ctstate ESTABLISHED -m comment --comment "${IDENTIFIER}" -j ACCEPT + fi +} + +function delete_firewall_rule() +{ + local zone interface + local CMD + + config_load userinterface + config_get interface remote_access interface + + # Clean remote interface rules + if [ -z "${interface}" ]; then + return 0 + fi + + zone="zone_${interface}_input" + CMD="iptables -w 1 -t filter -L ${zone} --line-numbers" + while ${CMD} 2>/dev/null | grep "${IDENTIFIER}"; do + rule_num="$(${CMD} | grep "${IDENTIFIER}" | head -1|awk '{print $1}')" + if [ -n "${rule_num}" ]; then + exec_cmd iptables -w 1 -t filter -D ${zone} ${rule_num}; + fi + done + + zone="zone_${interface}_output" + CMD="iptables -w 1 -t filter -L ${zone} --line-numbers" + while ${CMD} 2>/dev/null | grep "${IDENTIFIER}"; do + rule_num="$(${CMD} | grep "${IDENTIFIER}" | head -1|awk '{print $1}')" + if [ -n "${rule_num}" ]; then + exec_cmd iptables -w 1 -t filter -D ${zone} ${rule_num}; + fi + done +} + +# Delete existing remote access rules +delete_firewall_rule + +# Configure the User Interface rule +configure_firewall_rule diff --git a/bbf/files/etc/init.d/userinterface b/bbf/files/etc/init.d/userinterface new file mode 100644 index 000000000..c9cb489ad --- /dev/null +++ b/bbf/files/etc/init.d/userinterface @@ -0,0 +1,28 @@ +#!/bin/sh /etc/rc.common + +START=99 +STOP=01 + +USE_PROCD=1 + +start_service() { + local enable + + procd_open_instance usp + + config_load userinterface + config_get_bool enable global enable 1 + + # Inject firewall rules + if [ "${enable}" -eq "1" ]; then + echo "## Running userinterface hook ##" >/dev/console + /etc/firewall.userinterface + fi + + procd_close_instance +} + +service_triggers() +{ + procd_add_reload_trigger "userinterface" +} diff --git a/bbf/files/etc/uci-defaults/93-userinterface-firewall b/bbf/files/etc/uci-defaults/93-userinterface-firewall new file mode 100755 index 000000000..b2790c3cf --- /dev/null +++ b/bbf/files/etc/uci-defaults/93-userinterface-firewall @@ -0,0 +1,12 @@ +#!/bin/sh + +uci -q batch <<-EOT + delete firewall.userinterface + set firewall.userinterface=include + set firewall.userinterface.path=/etc/firewall.userinterface + set firewall.userinterface.reload=1 + commit firewall +EOT + +exit 0 +