123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271 |
- #!/bin/bash
- #
- # .---. . .
- # | | |
- # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
- # | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
- # ' ' --' --' -' - -' ' ' -' -' -' ' - --'
- #
- # Freedom in the Cloud
- #
- # batman adv mesh functions
- #
- # License
- # =======
- #
- # Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
- #
- # This program is free software: you can redistribute it and/or modify
- # it under the terms of the GNU Affero General Public License as published by
- # the Free Software Foundation, either version 3 of the License, or
- # (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU Affero General Public License for more details.
- #
- # You should have received a copy of the GNU Affero General Public License
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
-
- VARIANTS=''
-
- IN_DEFAULT_INSTALL=0
- SHOW_ON_ABOUT=0
-
- ENABLE_BATMAN="no"
- BATMAN_CELLID='any'
-
- batman_variables=(MY_USERNAME
- BATMAN_CELLID)
-
- function logging_on_batman {
- echo -n ''
- }
-
- function logging_off_batman {
- echo -n ''
- }
-
- function install_interactive_batman {
- echo -n ''
- APP_INSTALLED=1
- }
-
- function configure_firewall_for_batman {
- if [[ $(is_completed $FUNCNAME) == "1" ]]; then
- return
- fi
- if [[ $ENABLE_BATMAN != "yes" ]]; then
- return
- fi
-
- function_check save_firewall_settings
- save_firewall_settings
- mark_completed $FUNCNAME
- }
-
- function reconfigure_batman {
- echo -n ''
- }
-
- function upgrade_batman {
- echo -n ''
- }
-
- function backup_local_batman {
- echo -n ''
- }
-
- function restore_local_batman {
- echo -n ''
- }
-
- function backup_remote_batman {
- echo -n ''
- }
-
- function restore_remote_batman {
- echo -n ''
- }
-
- function remove_batman {
- ${PROJECT_NAME}-mesh-install -f batman --remove yes
- if [ ! "$?" = "0" ]; then
- echo $'Failed to remove batman'
- exit 79353
- fi
- remove_completion_param install_batman
- remove_completion_param configure_firewall_for_batman
- }
-
- function mesh_install_batman {
- chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 batctl
- chroot "$rootdir" apt-get -yq install python-dev libevent-dev ebtables python-pip git
- chroot "$rootdir" apt-get -yq install wireless-tools rfkill
-
- if ! grep -q "batman_adv" $rootdir/etc/modules; then
- echo 'batman_adv' >> $rootdir/etc/modules
- fi
-
- BATMAN_SCRIPT=$rootdir/var/lib/batman
-
- if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
- cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
- else
- cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
- fi
-
- BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
- echo '[Unit]' > $BATMAN_DAEMON
- echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
- echo 'After=network.target' >> $BATMAN_DAEMON
- echo '' >> $BATMAN_DAEMON
- echo '[Service]' >> $BATMAN_DAEMON
- echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
- echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
- echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
- echo 'Restart=on-failure' >> $BATMAN_DAEMON
- echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
- echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
- echo '' >> $BATMAN_DAEMON
- echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
- echo 'TimeoutSec=300' >> $BATMAN_DAEMON
- echo '' >> $BATMAN_DAEMON
- echo '[Install]' >> $BATMAN_DAEMON
- echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
- chroot "$rootdir" systemctl enable batman
- }
-
- function install_mesh_tunnel {
- # https://sudoroom.org/wiki/Mesh/Relay_setup
- chroot "$rootdir" apt-get -yq install xl2tpd l2tpns
- chroot "$rootdir" apt-get -yq install iproute bridge-utils libnetfilter-conntrack3 python-dev libevent-dev ebtables python-pip git
-
- git clone https://github.com/wlanslovenija/tunneldigger $rootdir/opt/tunneldigger
- cd $rootdir/opt/tunneldigger/client
- chroot "$rootdir" make
- if [ ! -f $rootdir/opt/tunneldigger/client/l2tp_client ]; then
- echo $'tunneldigger failed to build client'
- exit 823563
- fi
- cd $rootdir/opt/tunneldigger/broker
- chroot "$rootdir" pip install -r requirements.txt
- echo 'l2tp_core' >> $rootdir/etc/modules
- echo 'l2tp_eth' >> $rootdir/etc/modules
- echo 'l2tp_netlink' >> $rootdir/etc/modules
-
- echo '#!/bin/sh' > $rootdir/opt/tunneldigger/broker/scripts/up_hook.sh
- echo 'INTERFACE="$3"' >> $rootdir/opt/tunneldigger/broker/scripts/up_hook.sh
- echo 'ifconfig $INTERFACE up' >> $rootdir/opt/tunneldigger/broker/scripts/up_hook.sh
- echo 'batctl if add $INTERFACE' >> $rootdir/opt/tunneldigger/broker/scripts/up_hook.sh
- echo 'if [ `cat /sys/class/net/bat0/operstate` != "up" ]; then' >> $rootdir/opt/tunneldigger/broker/scripts/up_hook.sh
- echo " ipv4addr=\$(ip -o -f inet addr show dev \"eth0\" | awk '{print \$4}' | awk 'END {print}' | awk -F '/' '{print \$1}')" >> $rootdir/opt/tunneldigger/broker/scripts/up_hook.sh
- echo ' ifconfig bat0 $ipv4addr netmask 255.0.0.0 up' >> $rootdir/opt/tunneldigger/broker/scripts/up_hook.sh
- echo 'fi' >> $rootdir/opt/tunneldigger/broker/scripts/up_hook.sh
- chmod +x $rootdir/opt/tunneldigger/broker/scripts/up_hook.sh
-
- echo '[broker]' > $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; IP address the broker will listen and accept tunnels on' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'address=127.0.0.1' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Ports where the broker will listen on' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'port=53,8942' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Interface with that IP address' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'interface=lo' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Maximum number of tunnels that will be allowed by the broker' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'max_tunnels=1024' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Tunnel port base' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'port_base=20000' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Tunnel id base' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'tunnel_id_base=100' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Namespace (for running multiple brokers); note that you must also' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; configure disjunct ports, and tunnel identifiers in order for' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; namespacing to work' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'namespace=default' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; check if all kernel module are loaded. Do not check for built-ins.' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'check_modules=true' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '[log]' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Log filename' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'filename=tunneldigger-broker.log' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Verbosity' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'verbosity=DEBUG' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Should IP addresses be logged or not' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'log_ip_addresses=false' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '[hooks]' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Arguments to the session.{up,pre-down,down} hooks are as follows:' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo ';' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; <tunnel_id> <session_id> <interface> <mtu> <endpoint_ip> <endpoint_port> <local_port>' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo ';' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Arguments to the session.mtu-changed hook are as follows:' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo ';' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; <tunnel_id> <session_id> <interface> <old_mtu> <new_mtu>' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo ';' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Called after the tunnel interface goes up' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'session.up=/opt/tunneldigger/broker/scripts/up_hook.sh' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Called just before the tunnel interface goes down' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'session.pre-down=' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Called after the tunnel interface goes down' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'session.down=' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo '; Called after the tunnel MTU gets changed because of PMTU discovery' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
- echo 'session.mtu-changed=' >> $rootdir/opt/tunneldigger/broker/l2tp_broker.cfg
-
- echo '[Unit]' > $rootdir/etc/systemd/system/tunneldigger.service
- echo 'Description=TunnelDigger Broker' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo 'After=syslog.target' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo 'After=network.target' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo '' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo '[Service]' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo 'Type=simple' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo 'User=root' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo 'Group=root' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo 'WorkingDirectory=/opt/tunneldigger/broker' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo 'ExecStart=/opt/tunneldigger/broker/l2tp_broker.py l2tp_broker.cfg' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo 'Restart=always' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo 'RestartSec=60' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo '' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo '[Install]' >> $rootdir/etc/systemd/system/tunneldigger.service
- echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/tunneldigger.service
-
- echo '#!/bin/bash' > $rootdir/usr/bin/meshtunnel
- echo 'if [ ! $1 ]; then' >> $rootdir/usr/bin/meshtunnel
- echo ' echo "Syntax: meshtunnel [from external IP] [to external IP]"' >> $rootdir/usr/bin/meshtunnel
- echo ' exit 1' >> $rootdir/usr/bin/meshtunnel
- echo 'fi' >> $rootdir/usr/bin/meshtunnel
- echo 'if [ ! $2 ]; then' >> $rootdir/usr/bin/meshtunnel
- echo ' echo "Syntax: meshtunnel [from external IP] [to external IP]"' >> $rootdir/usr/bin/meshtunnel
- echo ' exit 2' >> $rootdir/usr/bin/meshtunnel
- echo 'fi' >> $rootdir/usr/bin/meshtunnel
- echo '' >> $rootdir/usr/bin/meshtunnel
- echo 'sed -i "s|address=.*|address=$1|g" /opt/tunneldigger/broker/l2tp_broker.cfg' >> $rootdir/usr/bin/meshtunnel
- echo 'systemctl restart tunneldigger' >> $rootdir/usr/bin/meshtunnel
- echo 'sleep 3' >> $rootdir/usr/bin/meshtunnel
- echo 'cd /opt/tunneldigger/client' >> $rootdir/usr/bin/meshtunnel
- echo './l2tp_client -f -u foo -l ${2}:53 -i l2tp' >> $rootdir/usr/bin/meshtunnel
- echo 'exit 0' >> $rootdir/usr/bin/meshtunnel
- chmod +x $rootdir/usr/bin/meshtunnel
- }
-
- function install_batman {
- if [ $INSTALLING_MESH ]; then
- mesh_install_batman
- return
- fi
- if [[ $ENABLE_BATMAN != "yes" ]]; then
- return
- fi
-
- ${PROJECT_NAME}-mesh-install -f batman
- if [ ! "$?" = "0" ]; then
- echo $'Failed to install batman'
- exit 72524
- fi
-
- function_check configure_firewall_for_batman
- configure_firewall_for_batman
- APP_INSTALLED=1
- }
-
- # NOTE: deliberately no exit 0
|