mirror of
https://dev.iopsys.eu/feed/iopsys.git
synced 2025-12-10 07:44:50 +01:00
202 lines
4.6 KiB
Bash
Executable file
202 lines
4.6 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
. /lib/functions.sh
|
|
|
|
AL_BRIDGE=${AL_BRIDGE-"br-lan"}
|
|
PRIMARY_VID=${PRIMARY_VID-1}
|
|
|
|
### Traffic Separation ###
|
|
|
|
dbg() {
|
|
logger -t traffic_separation $@
|
|
}
|
|
|
|
ts_sub() {
|
|
ts_usage() {
|
|
cat <<EOF
|
|
Usage: $0 [create|reload]
|
|
Traffic Separation related functions.
|
|
create vid - create vlan configuration with vlan_id
|
|
reload - reload network with new configuration
|
|
EOF
|
|
exit 1
|
|
}
|
|
|
|
ts_create() {
|
|
_net_setup() {
|
|
local name=$1
|
|
local vid=$2
|
|
local proto=$3
|
|
local dev=$4
|
|
local port_dev=$5
|
|
|
|
[ -z "$(uci -q get network.${name})" ] || return
|
|
|
|
local ip_addr="192.168.${vid}.1"
|
|
local br_dev="${AL_BRIDGE/-/_}"
|
|
local tag=":t"
|
|
|
|
[ "${vid}" = "${PRIMARY_VID}" ] && {
|
|
tag=""
|
|
|
|
# Global options
|
|
[ -z "$(uci -q get network.${br_dev}.vlan_filtering)" ] && {
|
|
uci -q set network.${br_dev}.vlan_filtering=1;
|
|
}
|
|
|
|
uci -q delete network.lan.proto
|
|
uci -q delete network.lan.ipaddr
|
|
uci -q delete network.lan.netmask
|
|
uci -q delete network.lan.ip6assign
|
|
}
|
|
|
|
uci -q set network.${name}="interface"
|
|
uci -q set network.${name}.device="$dev"
|
|
uci -q set network.${name}.is_lan="1"
|
|
|
|
if [ "$proto" = "static" ] ; then
|
|
uci -q set network.${name}.proto="static"
|
|
# TODO vid > 255
|
|
uci -q set network.${name}.ipaddr="${ip_addr}"
|
|
uci -q set network.${name}.netmask="255.255.255.0"
|
|
uci -q set network.${name}.ip6assign '60'
|
|
else
|
|
uci -q set network.${name}.proto="dhcp"
|
|
fi
|
|
|
|
uci -q add network bridge-vlan
|
|
uci -q set network.@bridge-vlan[-1].device="$AL_BRIDGE"
|
|
uci -q set network.@bridge-vlan[-1].vlan="$vid"
|
|
|
|
for port in $(uci -q get network.${br_dev}.ports) ; do
|
|
echo $port | grep -q eth || continue
|
|
uci -q add_list network.@bridge-vlan[-1].ports="${port}${tag}"
|
|
done
|
|
|
|
uci -q add_list network.${br_dev}.ports="$port_dev"
|
|
uci -q add_list network.@bridge-vlan[-1].ports="$port_dev"
|
|
|
|
uci -q commit network
|
|
}
|
|
|
|
_dhcp_setup() {
|
|
local name=$1
|
|
|
|
[ -n "$(uci -q get dhcp.${name})" ] && return
|
|
|
|
uci -q set dhcp.${name}=dhcp
|
|
uci -q set dhcp.${name}.interface="${name}"
|
|
uci -q set dhcp.${name}.start="100"
|
|
uci -q set dhcp.${name}.limit="150"
|
|
uci -q set dhcp.${name}.leasetime="1h"
|
|
uci -q set dhcp.${name}.dhcpv4="server"
|
|
uci -q set dhcp.${name}.dhcpv6="server"
|
|
uci -q set dhcp.${name}.ra="server"
|
|
uci -q set dhcp.${name}.ra_slaac="1"
|
|
uci -q add_list dhcp.${name}.ra_flags="managed-config"
|
|
uci -q add_list dhcp.${name}.ra_flags="other-config"
|
|
|
|
uci -q commit dhcp
|
|
}
|
|
|
|
_firewall_setup() {
|
|
local name=$1
|
|
local network=$2
|
|
local zone_exist=0
|
|
|
|
config_load firewall
|
|
|
|
_process_zone() {
|
|
local section=$1
|
|
local new_name=$2
|
|
local name
|
|
|
|
config_get name $section name
|
|
|
|
[ "$name" == "$new_name" ] && zone_exist=1
|
|
}
|
|
|
|
config_foreach _process_zone zone $name
|
|
|
|
[ "$zone_exist" != "0" ] && return
|
|
|
|
uci -q add firewall zone
|
|
uci -q set firewall.@zone[-1].name="$name"
|
|
uci -q add_list firewall.@zone[-1].network="$network"
|
|
uci -q set firewall.@zone[-1].input='ACCEPT'
|
|
uci -q set firewall.@zone[-1].output='ACCEPT'
|
|
uci -q set firewall.@zone[-1].forward='ACCEPT'
|
|
|
|
uci -q add firewall forwarding
|
|
uci -q set firewall.@forwarding[-1].src="$name"
|
|
uci -q set firewall.@forwarding[-1].dest="wan"
|
|
|
|
uci -q commit firewall
|
|
}
|
|
|
|
vid=$1 # primary vid
|
|
|
|
[ -n "$vid" ] || {
|
|
cat <<EOF
|
|
VID required to configure.
|
|
EOF
|
|
exit 1
|
|
}
|
|
|
|
ip link show sink${vid} 2> /dev/null || {
|
|
ip link add sink${vid} type veth peer name sink_peer${vid}
|
|
}
|
|
|
|
ip link set sink${vid} up
|
|
ip link set sink_peer${vid} up
|
|
|
|
proto="dhcp"
|
|
[ -x "/usr/sbin/mapcontroller" ] && proto="static" ;
|
|
_net_setup "vlan${vid}" ${vid} ${proto} "sink${vid}" "sink_peer${vid}"
|
|
|
|
[ -x "/usr/sbin/mapcontroller" ] && _dhcp_setup vlan${vid}
|
|
#_firewall_setup vlan${vid} sink${vid}
|
|
}
|
|
|
|
ts_reload() {
|
|
local dhcp_reload=$1
|
|
|
|
# workaround for missing backhaul wifi.ap.* ubus obj's:
|
|
# iterate in config and setup bh
|
|
# config_load wireless
|
|
|
|
# _setup_bh_iface() {
|
|
# local sec=$1
|
|
# local iface=$2
|
|
# local bridge=$3
|
|
|
|
# config_get ifname $sec ifname
|
|
|
|
# config_get mode $sec mode
|
|
# config_get multi_ap $sec multi_ap "0"
|
|
# [ "$mode" = "ap" -a "$multi_ap" = "1" ] && {
|
|
# ts_create bh $ifname 1 2 br-map
|
|
# }
|
|
#}
|
|
|
|
# config_foreach _setup_bh_iface wifi-iface
|
|
|
|
[ -n "dhcp_reload" ] && /etc/init.d/dnsmasq reload
|
|
/etc/init.d/network reload
|
|
|
|
|
|
#for sink in $(ubus list network.interface.sink*) ; do
|
|
# local sink_vlan=${sink/network.interface./}_vlan
|
|
#done
|
|
}
|
|
|
|
local func=$1
|
|
shift
|
|
|
|
case "$func" in
|
|
create) dbg "create $@"; ts_create $@;;
|
|
reload) dbg "reload $@"; ts_reload $@;;
|
|
--help|help) ts_usage;;
|
|
*) ts_usage; exit 1;;
|
|
esac
|
|
}
|