omcproxy: fix installation of interface triggers (FS#1972)

omcproxy will not start up if either the downlink or uplink interface is not up at boottime as the interface triggers are not correctly installed. Further rework omcproxy init to make use of network functions defined in network.sh; set proper family and proto options in procd firewall rules. Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2025-02-20 09:26:28 +00:00 · 2018-12-11 20:50:21 +01:00 · 2018-12-11 20:50:21 +01:00 · df8f8bad08
commit df8f8bad08
parent 5580a9dd31
2 changed files with 51 additions and 39 deletions
--- a/package/network/services/omcproxy/Makefile
+++ b/package/network/services/omcproxy/Makefile
@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=omcproxy
-PKG_RELEASE:=6
+PKG_RELEASE:=7

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/omcproxy.git
--- a/package/network/services/omcproxy/files/omcproxy.init
+++ b/package/network/services/omcproxy/files/omcproxy.init
@ -1,55 +1,65 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2010-2014 OpenWrt.org
+# Copyright (C) 2018 OpenWrt.org

 START=99
 USE_PROCD=1
 PROG=/usr/sbin/omcproxy

-# Uncomment to enable verbosity 
-#OPTIONS="-v" 
+# Uncomment to enable verbosity
+#OPTIONS="-v"
 PROXIES=""

-
 omcproxy_add_proxy() {
-	local uplink downlink scope proxy
+	local proxy scope uplink updevice downlinks
+
 	config_get uplink $1 uplink
-	config_get downlink $1 downlink
-	config_get scope $1 scope
+	[ -n "$uplink" ] || return

-	proxy=""
+	network_get_device updevice "$uplink" || {
+		procd_append_param error "$uplink is not up"
+		return;
+	}

-	network_get_device updev $uplink
-	[ -n "$updev" ] || return 0
+	config_get downlinks $1 downlink
+	for downlink in $downlinks; do
+		local device

-	for network in $downlink; do
-		network_get_device downdev $network
-		[ -n "$downdev" ] && proxy="$proxy,$downdev"
+		network_get_device device "$downlink" || {
+			procd_append_param error "$downlink is not up"
+			continue;
+		}

-		# Disable in-kernel querier while ours is active
-		[ -f /sys/class/net/$downdev/bridge/multicast_querier ] && \
-			echo 0 > /sys/class/net/$downdev/bridge/multicast_querier
+		proxy="$proxy,$device"
+
+		# Disable in-kernel querier while ours is active, default is 1.
+		[ -f /sys/class/net/$device/bridge/multicast_querier ] && \
+			echo 0 > /sys/class/net/$device/bridge/multicast_querier
 	done

 	[ -n "$proxy" ] || return 0
+
+	config_get scope $1 scope
 	[ -n "$scope" ] && proxy="$proxy,scope=$scope"

-	PROXIES="$PROXIES $updev$proxy"
-
+	PROXIES="$PROXIES $updevice$proxy"
 }

-omcproxy_add_trigger() {
-	local uplink downlink
-	config_get uplink $1 uplink
-	config_get downlink $1 downlink
+omcproxy_add_network_triggers() {
+	local uplink downlinks

-	for network in $uplink $downlink; do
-		procd_add_interface_trigger "interface.*" $network /etc/init.d/omcproxy restart
+	config_get uplink $1 uplink
+	config_get downlinks $1 downlink
+
+	for link in $uplink $downlinks; do
+		procd_add_interface_trigger "interface.*" $link /etc/init.d/omcproxy restart
 	done
 }

-omcproxy_add_firewall() {
+omcproxy_add_firewall_rules() {
+	local uplink downlinks
+
 	config_get uplink $1 uplink
-	config_get downlink $1 downlink
+	config_get downlinks $1 downlink

 	upzone=$(fw3 -q network $uplink 2>/dev/null)
 	[ -n "$upzone" ] || return 0
@ -57,6 +67,7 @@ omcproxy_add_firewall() {
 	json_add_object ""
 	json_add_string type rule
 	json_add_string src "$upzone"
+	json_add_string family ipv4
 	json_add_string proto igmp
 	json_add_string target ACCEPT
 	json_close_object
@ -76,8 +87,8 @@ omcproxy_add_firewall() {
 	json_add_string target ACCEPT
 	json_close_object

-	for network in $downlink; do
-		downzone=$(fw3 -q network $network 2>/dev/null)
+	for downlink in $downlinks; do
+		downzone=$(fw3 -q network $downlink 2>/dev/null)
 		[ -n "$downzone" ] || continue

 		json_add_object ""
@ -85,7 +96,7 @@ omcproxy_add_firewall() {
 		json_add_string src "$upzone"
 		json_add_string dest "$downzone"
 		json_add_string family ipv4
-		json_add_string proto any
+		json_add_string proto udp
 		json_add_string dest_ip "224.0.0.0/4"
 		json_add_string target ACCEPT
 		json_close_object
@ -95,7 +106,7 @@ omcproxy_add_firewall() {
 		json_add_string src "$upzone"
 		json_add_string dest "$downzone"
 		json_add_string family ipv6
-		json_add_string proto any
+		json_add_string proto udp
 		json_add_string dest_ip "ff00::/8"
 		json_add_string target ACCEPT
 		json_close_object
@ -104,14 +115,15 @@ omcproxy_add_firewall() {

 service_triggers() {
 	procd_add_reload_trigger "omcproxy"
+	config_foreach omcproxy_add_network_triggers proxy
 }

 start_service() {
-	include /lib/functions
+	. /lib/functions/network.sh

 	config_load omcproxy
-	config_foreach omcproxy_add_proxy proxy

+	config_foreach omcproxy_add_proxy proxy
 	[ -n "$PROXIES" ] || return 0

 	procd_open_instance
@ -120,24 +132,24 @@ start_service() {
 	procd_append_param command $PROXIES
 	procd_set_param respawn

-	procd_open_trigger
-	config_foreach omcproxy_add_trigger proxy
-	procd_close_trigger
-
 	procd_open_data

 	json_add_array firewall
-	config_foreach omcproxy_add_firewall proxy
+	config_foreach omcproxy_add_firewall_rules proxy
 	json_close_array

 	procd_close_data

 	procd_close_instance

-	# Increase maximum IPv4 group memberships per socket
+	# Increase maximum IPv4 group memberships per socket, default is 100.
 	echo 128 > /proc/sys/net/ipv4/igmp_max_memberships
 }

 service_started() {
 	procd_set_config_changed firewall
 }
+
+stop_service() {
+	procd_set_config_changed firewall
+}