feature: runtime-configurable tunnel limits (#84)

2021-04-23 10:46:09 -04:00 · 2021-04-23 10:46:09 -04:00 · 3ddb7a0bb2
parent 261644b1e5
commit 3ddb7a0bb2
7 changed files with 114 additions and 6 deletions
--- a/files/etc/init.d/vtund
+++ b/files/etc/init.d/vtund
@ -7,8 +7,8 @@ STOP=85
 CLIENT_CONF=/tmp/vtun/vtund.conf

 # Starting tun interface is tun50
-TUNNUM=60
-MAXTUNNUM=69
+TUNNUM=$((50 + `uci get aredn.@tunnel[0].maxclients`))
+MAXTUNNUM=$(($TUNNUM + `uci get aredn.@tunnel[0].maxservers` - 1))

 ######### UTILITY FUNCTIONS ###########
 # return the number of "type" sections
--- a/files/etc/init.d/vtundsrv
+++ b/files/etc/init.d/vtundsrv
@ -7,7 +7,7 @@ STOP=83
 SERVER_CONF=/tmp/vtun/vtundsrv.conf
 # Starting tun interface is tun50
 TUNNUM=50
-MAXTUNNUM=59
+MAXTUNNUM=$(($TUNNUM + `uci get aredn.@tunnel[0].maxclients` - 1))

 network_config() {
 	local cfg="$1"
--- a/files/usr/local/bin/olsrd-config
+++ b/files/usr/local/bin/olsrd-config
@ -42,6 +42,7 @@

 use perlfunc;
 use ucifunc;
+use tunfunc;

 #Check what config file we are building for
 if ( !$ARGV[0] ) {
@ -118,7 +119,7 @@ if (-e "/etc/local/mesh-firewall/02-vtund")
    }
  }

-  $tunnum=60;
+  $tunnum=50 + &get_tunnel_maxclients();
  @tunnelnames=&uci_get_names_by_sectiontype("vtun","server");
  foreach (@tunnelnames)
  {
--- a/files/www/cgi-bin/advancedconfig
+++ b/files/www/cgi-bin/advancedconfig
@ -38,6 +38,8 @@

 BEGIN {push @INC, '/www/cgi-bin'};
 use perlfunc;
+use ucifunc;
+use tunfunc;

 $debug = 0;
 $| = 1;
@ -134,6 +136,25 @@ push @setting, {
  postcallback => "setUSBOutput()",
  condition => "hasUSB()"
 };
+my $tunnelLimitsUpperBound = 100; # maxclients/maxservers cannot exceed this value
+push @setting, {
+  key => "aredn.\@tunnel[0].maxclients", 
+  type => "string", 
+  desc => "Specifies the maximum number of tunnel clients this node can serve; must be an integer in the range [0,$tunnelLimitsUpperBound].  (Only applies if tunnel software is installed)", 
+  default => "10", 
+  condition => "hasTunnelSoftware()",
+  precallback => "restrictTunnelLimitToValidRange",
+  postcallback => "adjustTunnelInterfaceCount()"
+};
+push @setting, {
+  key => "aredn.\@tunnel[0].maxservers", 
+  type => "string", 
+  desc => "Specifies the maximum number of tunnel servers to which this node can connect; must be an integer in the range [0,$tunnelLimitsUpperBound].  (Only applies if tunnel software is installed)", 
+  default => "10", 
+  condition => "hasTunnelSoftware()",
+  precallback => "restrictTunnelLimitToValidRange",
+  postcallback => "adjustTunnelInterfaceCount()"
+};
 push @setting, {
  key => "aredn.olsr.restart",
  type => "none",
@ -177,6 +198,11 @@ sub hasUSB()
  chomp($pin);
  return $pin ? return 1 : return 0;
 }
+
+sub hasTunnelSoftware()
+{
+  return (-e "/usr/sbin/vtund") ? 1 : 0;
+}
 # ----- CONDITIONS ----------


@ -221,6 +247,53 @@ sub writePackageRepo {
  chomp($disturl);
  system("sed -i 's|$disturl|$uciurl|g' $file");
 }
+
+sub restrictTunnelLimitToValidRange() {
+    $newval =~ s/^\s+|\s+$//g;
+    if ($newval !~ /^\s*-?\d+\s*$/) {
+        push @msg, "$key must be an integer in the range [0,$tunnelLimitsUpperBound]";
+        $newval = 0
+    } elsif ($newval < 0) {
+        push @msg, "Lower limit of $key is 0";
+        $newval = 0
+    } elsif ($newval > $tunnelLimitsUpperBound) {
+        push @msg, "Upper limit of $key is $tunnelLimitsUpperBound";
+        $newval = $tunnelLimitsUpperBound
+    }
+}
+
+sub addTunnelInterface() {
+    my ($configfile, $tunnum) = @_;
+    &uci_add_named_section($configfile,"tun${tunnum}","interface");
+    &uci_set_named_option($configfile,"tun${tunnum}","ifname","tun${tunnum}");
+    &uci_set_named_option($configfile,"tun${tunnum}","proto","none");
+}
+
+sub adjustTunnelInterfaceCount() {
+    my $tunnelIfCount = &get_tunnel_interface_count();
+    my $neededIfCount = &get_tunnel_maxclients() + &get_tunnel_maxservers();
+
+    if ($tunnelIfCount != $neededIfCount) {
+        for (my $i = $tunnelIfCount; $i < $neededIfCount; $i++) {
+            my $tunnum = $i + 50;
+            &addTunnelInterface("network_tun",$tunnum);
+            &addTunnelInterface("network",$tunnum);
+        }
+        for (my $i = $tunnelIfCount - 1; $i >= $neededIfCount; $i--) {
+            my $tunnum = $i + 50;
+            &uci_delete_named_section("network_tun","tun${tunnum}");
+            &uci_delete_named_section("network","tun${tunnum}");
+        }
+        &uci_commit("network_tun");
+        &uci_commit("network");
+        &uci_clone("network_tun");
+        # can't clone network because it contains macros; re-edit it instead:
+        system "sed -i"
+                . " -e '\$r /etc/config.mesh/network_tun'"
+                . " -e '/interface.*tun/,\$d'"
+                . " /etc/config.mesh/network";
+    }
+}
 # ----- CALLBACKS ----------

 read_postdata({acceptfile => false});
--- a/files/www/cgi-bin/tunfunc.pm
+++ b/files/www/cgi-bin/tunfunc.pm
@ -101,6 +101,30 @@ sub is_tunnel_active()
    return $match; # the return value of the do block   
 }

+sub get_tunnel_option()
+{
+    my ($optionname) = @_;
+    return &uci_get_indexed_option("aredn", "tunnel", 0, "$optionname");
+}
+
+sub get_tunnel_maxclients()
+{
+    my ($rc, $maxclients) = &get_tunnel_option("maxclients");
+    return $rc ? 10 : $maxclients;
+}
+
+sub get_tunnel_maxservers()
+{
+    my ($rc, $maxservers) = &get_tunnel_option("maxservers");
+    return $rc ? 10 : $maxservers;
+}
+
+sub get_tunnel_interface_count()
+{
+    my $count = `uci show network_tun | fgrep =interface | wc -l`;
+    return $? ? "0" : $count;
+}
+
 ##########################
 # Add OLSRD interfaces - NOT NEEDED
 ##########################
@ -128,6 +152,10 @@ sub add_olsrd_interfaces() {
 # Add network interfaces tun50 thru tun69 - called on install
 ##########################
 sub add_network_interfaces() {
+    &uci_set_indexed_option("aredn","tunnel",0,"maxclients","10");
+    &uci_set_indexed_option("aredn","tunnel",0,"maxservers","10");
+    &uci_commit("aredn");
+    &uci_clone("aredn");

    for (my $tunnum=50; $tunnum<=69; $tunnum++)
    {
--- a/files/www/cgi-bin/vpn
+++ b/files/www/cgi-bin/vpn
@ -90,6 +90,9 @@ sub save_clients()

        $enabled_count++ if $parms{"client${i}_enabled"};    
    }
+
+    my $maxclients = &get_tunnel_maxclients();
+    push(@cli_err,"Number of clients enabled ($enabled_count) exceeds maxclients ($maxclients); only the first $enabled_count will activate.") if $enabled_count > $maxclients;
 }

 #################################
@ -398,7 +401,7 @@ sub print_vpn_clients()
    
    for($i = 0, @list = (); $i < $parms{client_num}; ++$i) { push @list, $i };

-    push @list, "_add" unless($parms{client_num} > 9);
+    push @list, "_add" unless($parms{client_num} >= &get_tunnel_maxclients());

    $cnum=0;
    foreach $val (@list)
--- a/files/www/cgi-bin/vpnc
+++ b/files/www/cgi-bin/vpnc
@ -84,6 +84,9 @@ sub save_connections()
        }
        $enabled_count++ if $parms{"conn${i}_enabled"}; 
    }
+
+    my $maxservers = &get_tunnel_maxservers();
+    push(@conn_err,"Number of servers enabled ($enabled_count) exceeds maxservers ($maxservers); only the first $maxservers will activate.") if $enabled_count > $maxservers;
 }

 #################
@ -358,7 +361,7 @@ sub print_vpn_connections()

    for($i = 0, @list = (); $i < $parms{conn_num}; $i++) { push @list, $i };

-    push @list, "_add" unless($parms{conn_num} > 9);
+    push @list, "_add" unless($parms{conn_num} >= &get_tunnel_maxservers());

    $cnum=0;
    foreach $val (@list)